summaryrefslogtreecommitdiff
path: root/openstackclient
diff options
context:
space:
mode:
Diffstat (limited to 'openstackclient')
-rw-r--r--openstackclient/identity/common.py16
-rw-r--r--openstackclient/identity/v3/role.py102
2 files changed, 74 insertions, 44 deletions
diff --git a/openstackclient/identity/common.py b/openstackclient/identity/common.py
index 2cc68c8d..a6e674c0 100644
--- a/openstackclient/identity/common.py
+++ b/openstackclient/identity/common.py
@@ -48,23 +48,23 @@ def find_domain(identity_client, name_or_id):
domains.Domain)
-def find_group(identity_client, name_or_id):
+def find_group(identity_client, name_or_id, domain_id=None):
return _find_identity_resource(identity_client.groups, name_or_id,
- groups.Group)
+ groups.Group, domain_id=domain_id)
-def find_project(identity_client, name_or_id):
+def find_project(identity_client, name_or_id, domain_id=None):
return _find_identity_resource(identity_client.projects, name_or_id,
- projects.Project)
+ projects.Project, domain_id=domain_id)
-def find_user(identity_client, name_or_id):
+def find_user(identity_client, name_or_id, domain_id=None):
return _find_identity_resource(identity_client.users, name_or_id,
- users.User)
+ users.User, domain_id=domain_id)
def _find_identity_resource(identity_client_manager, name_or_id,
- resource_type):
+ resource_type, **kwargs):
"""Find a specific identity resource.
Using keystoneclient's manager, attempt to find a specific resource by its
@@ -92,7 +92,7 @@ def _find_identity_resource(identity_client_manager, name_or_id,
try:
identity_resource = utils.find_resource(identity_client_manager,
- name_or_id)
+ name_or_id, **kwargs)
if identity_resource is not None:
return identity_resource
except identity_exc.Forbidden:
diff --git a/openstackclient/identity/v3/role.py b/openstackclient/identity/v3/role.py
index 3dd998ba..bc64f7f8 100644
--- a/openstackclient/identity/v3/role.py
+++ b/openstackclient/identity/v3/role.py
@@ -63,6 +63,27 @@ class AddRole(command.Command):
metavar='<group>',
help='Include <group> (name or ID)',
)
+ parser.add_argument(
+ '--user-domain',
+ metavar='<user-domain>',
+ help=('Domain the user belongs to (name or ID). '
+ 'This can be used in case collisions between user names '
+ 'exist.')
+ )
+ parser.add_argument(
+ '--group-domain',
+ metavar='<group-domain>',
+ help=('Domain the group belongs to (name or ID). '
+ 'This can be used in case collisions between group names '
+ 'exist.')
+ )
+ parser.add_argument(
+ '--project-domain',
+ metavar='<project-domain>',
+ help=('Domain the project belongs to (name or ID). '
+ 'This can be used in case collisions between project names '
+ 'exist.')
+ )
return parser
def take_action(self, parsed_args):
@@ -78,67 +99,76 @@ class AddRole(command.Command):
parsed_args.role,
)
+ kwargs = {}
if parsed_args.user and parsed_args.domain:
- user = common.find_user(
+ user_domain_id = self._get_domain_id_if_requested(
+ parsed_args.user_domain)
+ kwargs['user'] = common.find_user(
identity_client,
parsed_args.user,
- )
- domain = common.find_domain(
+ user_domain_id,
+ ).id
+ kwargs['domain'] = common.find_domain(
identity_client,
parsed_args.domain,
- )
- identity_client.roles.grant(
- role.id,
- user=user.id,
- domain=domain.id,
- )
+ ).id
elif parsed_args.user and parsed_args.project:
- user = common.find_user(
+ user_domain_id = self._get_domain_id_if_requested(
+ parsed_args.user_domain)
+ kwargs['user'] = common.find_user(
identity_client,
parsed_args.user,
- )
- project = common.find_project(
+ user_domain_id,
+ ).id
+ project_domain_id = self._get_domain_id_if_requested(
+ parsed_args.project_domain)
+ kwargs['project'] = common.find_project(
identity_client,
parsed_args.project,
- )
- identity_client.roles.grant(
- role.id,
- user=user.id,
- project=project.id,
- )
+ project_domain_id,
+ ).id
elif parsed_args.group and parsed_args.domain:
- group = common.find_group(
+ group_domain_id = self._get_domain_id_if_requested(
+ parsed_args.group_domain)
+ kwargs['group'] = common.find_group(
identity_client,
parsed_args.group,
- )
- domain = common.find_domain(
+ group_domain_id,
+ ).id
+ kwargs['domain'] = common.find_domain(
identity_client,
parsed_args.domain,
- )
- identity_client.roles.grant(
- role.id,
- group=group.id,
- domain=domain.id,
- )
+ ).id
elif parsed_args.group and parsed_args.project:
- group = common.find_group(
+ group_domain_id = self._get_domain_id_if_requested(
+ parsed_args.group_domain)
+ kwargs['group'] = common.find_group(
identity_client,
parsed_args.group,
- )
- project = common.find_project(
+ group_domain_id,
+ ).id
+ project_domain_id = self._get_domain_id_if_requested(
+ parsed_args.project_domain)
+ kwargs['project'] = common.find_project(
identity_client,
parsed_args.project,
- )
- identity_client.roles.grant(
- role.id,
- group=group.id,
- project=project.id,
- )
+ project_domain_id,
+ ).id
else:
sys.stderr.write("Role not added, incorrect set of arguments \
provided. See openstack --help for more details\n")
+ return
+
+ identity_client.roles.grant(role.id, **kwargs)
return
+ def _get_domain_id_if_requested(self, domain_name_or_id):
+ if domain_name_or_id is None:
+ return None
+ domain = common.find_domain(self.app.client_manager.identity,
+ domain_name_or_id)
+ return domain.id
+
class CreateRole(show.ShowOne):
"""Create new role"""
View Lorry Controller Status