summaryrefslogtreecommitdiff
path: root/openstackclient/identity/v3/role.py
Commit message (Collapse)AuthorAgeFilesLines
* Clean up W503 and E402 pep8 errorsSean McGinnis2018-04-201-4/+4
| | | | | | | | | | | | | pycodestyle 2.40 and later enforce these rules that were not previously enforced. Rather than just skipping them, this cleans up the trivial instances of these violations. This does also include some other updates that were not triggering errors in an attempt to keep some of the style consistent. Change-Id: Id7c0a6b8f1f835e69d844b000e3ed751852ada63 Closes-bug: #1762803 (cherry picked from commit d60141525987bc973802b4ec9a3b027e071d1966)
* Modify error handling for role and group commandsHuanxuan Ao2017-02-091-19/+10
| | | | | | | | | | if command failed, we usually raise exception, if command success, sometimes there is not any output (such as set, add commands) So modify the error handling for role and group commands. Change-Id: I1c0f86c04dcedd9c0d725fd73f3436be9da75ee0
* Error handling for delete commands in identityHuanxuan Ao2017-01-031-7/+20
| | | | | | | | | Add missing multi deletion error handling for identity delete commands. All delete commands in identity support error handling now. Change-Id: I05626dcb5e516a423d610906347b02236ba7eeaf
* translate all command help strings3.4.0Steve Martinelli2016-11-171-7/+9
| | | | | | | | | | | | | | Leverage the new cliff command class attribute (_description) to get the help of a command, this allows us to mark strings for translation. We could not do this before since the help was grabbed from the docstring. This also depends on a new release of cliff and a bump to the minimum level in osc's requirements. Closes-Bug: 1636209 Depends-On: Id915f6aa7d95a0ff3dc6e2ceaac5decb3f3bf0da Change-Id: I8673080bb5625e8e3c499feaefd42dfc7121e96f
* Add support for domain specific rolesHenry Nash2016-08-101-14/+89
| | | | | | | A role entity can now be specified as domain specific. Closes-bug: #1606105 Change-Id: I564cf3da1d61f5bfcf85be591480d2f5c8d694a0
* Add assignment list to v2 identity and deprecate alternate listingHenry Nash2016-07-221-0/+20
| | | | | | | | | | | | | | | | | | | | | | | | | The current identity role list command (both v2 and v3) is overloaded with listing roles as well as assignments (if you provide user, group, project or domain options). This is in addition to the v3 assignment list command designed for this purpose. This overloading complicates the fact that roles can now be domain specific (i.e. have a domain attribute), so the command 'role list --domain <domain-name' will soon become ambigious (this is in a follow on patch). This patch: - Adds a v2 assignments list, with support for pulling the user and project from the auth credentials - For comapability, adds the same auth support to the existing v3 assignments list - Deprecates the use of role list and user role list to list assignments Change-Id: I65bafdef4f8c89e863dab101369d0d629fa818b8 Partial-Bug: 1605774
* Remove execute permission on a few filesSongmingYan2016-07-221-0/+0
| | | | | | | Some files have execute permission unnecessarily. Change them from 755 to 644. Change-Id: I471ebd1c3d123ad4a7376f7f5996f53f8c2d9b0b
* Make set/unset commands pass normally when nothing specified in identityv3Huanxuan Ao2016-07-141-4/+0
| | | | | Change-Id: I554b41969f96b62a2c6d37024caa56b1441d5ed1 Partial-bug: #1588588
* Correct reraising of exceptionqinchunhua2016-07-071-2/+2
| | | | | | | | | When an exception was caught and rethrown, it should call 'raise' without any arguments because it shows the place where an exception occured initially instead of place where the exception re-raised. Change-Id: I5fb6dea5da7fb6e1e2b339a713c7d37f8c99e407
* Standardize logger usageTang Chen2016-06-201-1/+5
| | | | | | | | | | | | | | | | | | | Use file logger for all command specific logs. This patch also fixes some usage that doesn't follow rules in: http://docs.openstack.org/developer/oslo.i18n/guidelines.html After this patch, all self.log and self.app.log will be standardized to LOG(). NOTE: In shell.py, we got the log in class OpenStackShell, which is also known as self.app.log in other classes. This logger is used to record non-command-specific logs. So we leave it as-is. Change-Id: I114f73ee6c7e84593d71e724bc1ad00d343c1896 Implements: blueprint log-usage
* osc-lib: commandDean Troyer2016-06-131-1/+1
| | | | | | | Leave command.py and test_command.py as a sanity check during the deprecation period. Change-Id: I24e1b755cbfbcbcaeb5273ec0c9706b82384fc85
* osc-lib: utilsDean Troyer2016-06-131-2/+2
| | | | | | | | Use osc-lib directly for utils. Leave openstackclient.common.utils for deprecation period. Change-Id: I5bd9579abc4e07f45219ccd0565626e6667472f7
* Fix i18n support problems in identityTang Chen2016-06-071-26/+25
| | | | | Change-Id: I3b48d17850343051239b5b69e8b890dba32d3ac8 Partial-bug: #1574965
* remove #noqa from i18n importsSteve Martinelli2016-05-131-1/+1
| | | | | | hacking checks no longer fail on `import _` Change-Id: Idd60f0a0e71e5081691eacb39e5091ab08fcce6d
* take_action() method from command.Command shouldn't returnMohan Muppidi2016-02-291-8/+6
| | | | | | | | | | | | command.Command and command.Showone are base classes implemented in cliff framework. Showone extends Command to allow take_action() to return data to be formatted using a user-selectable formatter. Most of the classes which are extended from Command in openstackclient/identity/v3/ in some cases return data or return nothing where it is not necessary, this commit fixes most of them. Change-Id: I84c72ea4d6680f8bdbef5449316dd9a8af8c8286 Closes-Bug: 1550892
* log take_action parameters in a single placeAkihiro Motoki2016-02-021-28/+4
| | | | | | | | | | | | Previously each command logs take_action parameters explicitly by using @utils.log_method decorator or log.debug(). Some commands have no logging. This commit calls a logger in the base class and drops all logging definition from individual commands. Closes-Bug: #1532294 Change-Id: I43cd0290a4353c68c075bade9571c940733da1be
* Switch to ksa SessionDean Troyer2015-12-021-2/+2
| | | | | | | | * Change session imports to keystoneauth1 * Change keystoneclient.exception imports to keystoneauth1 * Change exceptions raised from internal API from keystoneclient to openstack.common Change-Id: I046d89f561d6fe04baae53726f9749d2e7fe2056
* Evaluate --inherited in role listRudolf Vriend2015-10-061-0/+5
| | | | | | | | the --inherited option was not being passed into keystoneclient Closes-Bug: #1502822 Change-Id: I48170dc67b23cc9b0665b1e0f38118eea952f131
* Remove backticks from help in role commandsHidekazu Nakamura2015-09-191-1/+1
| | | | | | | | the docs and code had inconsistencies with how it references other arguments, lets just remove the backticks from around them. Change-Id: I43d17b07364e45387c6b9d86c2aca26eeea8ed93
* Use a common decorator to log 'take_action' activationJoshua Harlow2015-09-011-6/+6
| | | | | | | | | Instead of duplicating the same log statement throughout the code, the same logic can be provided by a shared decorator that abstracts away the logging capability and unifies it behind a common function instead. Change-Id: Icc63bced7347c8bbf0299a4c5821425a10892a79
* Use correct domain to find project1.6.0Jamie Lennox2015-08-111-1/+1
| | | | | | | | | When adding a role to a group and project OSC is mistakenly using the group_domain to find the project which will fail if the group_domain != project_domain. Change-Id: I4c1bec9b3b183c755be121b91f40e026d707192b Closes-Bug: #1483520
* Fixes inherited role assignments CRUD callsSamuel de Medeiros Queiroz2015-08-061-1/+1
| | | | | | | | | | The paremeter to Keystone Client was passed as 'inherited', when it should be 'os_inherit_extension_inherited'. Closes-Bug: #1482254 Change-Id: I1cb46add532223ef0b9620763b1047cc80e19ec0
* Add support to inherited project role grant callsSamuel de Medeiros Queiroz2015-06-221-0/+2
| | | | | | | | | | | | | | Once inherited project role grant calls are implemented on python-keystoneclient, python-openstackclient also should support such calls. This patch add such support as well as its related tests. Co-Authored-By: Raildo Mascena <raildo@lsd.ufcg.edu.br> Change-Id: Id72670be8640e5c6e2490a6ef849e9ec3493b1a9 Implements: blueprint hierarchical-multitenancy
* Refactor option handling for user|group|project domain scopingSteve Martinelli2015-06-171-21/+3
| | | | | | | put the common options in identity.common, this way the help is consistent Change-Id: I5b09cfb56fa0f8d16feb95150f216fccbe9f2b22
* Enable specifying domain for group and role commandsJuan Antonio Osorio Robles2015-06-081-209/+112
| | | | | | | | | Many of the commands for the group and role resources were lacking an option to specify the specific domain groups, projects or users belong to. This commit fixes that. Change-Id: I461d2bcfd01ad2dea970de38ec7ad6f4a631ceb1 Closes-bug: #1446546
* Enable specifing domains in "role add"Juan Antonio Osorio Robles2015-05-121-36/+66
| | | | | | | | | | | | | | If users, projects or groups are provided by name, there is a possibility of the existence other users/projects/groups with the same name in other domain. Even though this is not a problem if the actual ID is given instead of a name; this is mostly a usability enhancement. So, three options were added, one for specifying the domain where the user belongs, another one to specify the project's domain, and finally one to specify the group's domain. Change-Id: Iab04b0e04fa75ea5aa3723b8ea42a45f58a6cdb2 Closes-Bug: #1421328
* Role operations should not require list object permissionNathan Kinder2015-04-171-40/+41
| | | | | | | | | | | | | | | | | When using Keystone's policy.v3cloudsample.json policy file, a project admin is supposed to be able to manage role assignments. Unfortunately, a project admin isn't allowed to perform these operations using python-openstackclient, as we attempt to perform list operations for any of the object types specified (users, groups, projects). This is done in an attempt to lookup the id of the object by name, but we perform this list operation even when the user specifies everything by id. This causes 403 errors. This patch still attempts to look up the object id by name, but we catch the 403 and assume that the user specified an id if the list operation is not allowed. This is similar to what we do with the --domain option for other commands. Closes-bug: #1445528 Change-Id: Id95a8520e935c1092d5a22ecd8ea01f572334ac8
* Fine tune some of the helps commandsSteve Martinelli2015-01-131-2/+2
| | | | | | | | | try and add some consistency with the show and delete commands. replace 'show x' with 'display x' change 'delete a y' with just 'delete y' Change-Id: I47dfa8ee23ac5c41b355796415eb515155832f65
* add multi-delete support for identitywanghong2014-12-231-9/+10
| | | | | | | | | | | | | | This is part2. Add support for these objects: identity.project(v2.0) identity.role(v2.0) identity.user(v2.0) identity.project(v3) identity.role(v3) identity.user(v3) identity.group(v3) Closes-Bug: #1400597 Change-Id: I270434d657cf4ddc23c3aba2c704d6ef184b0dbc
* Don't import form keystoneclient.openstack.commonJamie Lennox2014-12-171-1/+1
| | | | | | | | The keystoneclient.openstack.common directory is where we sync files from oslo incubator. It is not a public directory and should not be being consumed by openstackclient. Change-Id: I011bb95c2c824e2dbc4b822ca922ae77b8d9b955
* Command object docs: project, role, userDean Troyer2014-12-011-40/+40
| | | | | | | | | project role user user role Change-Id: I445e09a3ffb69114912ae562a9285963a636bfd1
* Add --or-show support for v3 identity resourcesSteve Martinelli2014-11-181-1/+16
| | | | | | | | | | | | Add --or-show for the following: * v3 roles * v3 projects * v3 domains * v3 users * v3 groups Closes-Bug: #1390389 Change-Id: Id4ef043e5fda6be49a515eb3fe138c813c393ec9
* Remove 'links' section from several v3 Identity objectsSteve Martinelli2014-10-111-0/+2
| | | | | | | | | | | | | | | The links field in the returned objects from the v3 Identity API aren't really useful, so let's remove them. Managed to remove most of them from the core API. I'll likely remove the extension/contribution (oauth/federation) related ones in another patch. Also in this patch the code for setting services and projects was changed. Though not incorrect, it was not needed to copy the entire returned object, we should just need to pass in the fields we want to update. Change-Id: I164ca9ad8b28fa10b291e9115ef40753e387c547
* Fixed typos in the identity clientAlex Gaynor2014-06-261-2/+2
| | | | Change-Id: I76042110f5a008d4c097862a572448448f92a504
* Refactor role list subcommand for identity v3 apiQiu Yu2014-06-131-3/+103
| | | | | | | | | | | | | | | Currently parts of user list and group list command are actually functioning as role listing, which is quite counter intuitive and misleading. This refactor change move role related logic to a single place of role list command. It now allows role grants listing for user/group + domain/project combinations. If no user or group specified, it will list all roles in the system, which is the default behaviour. Change-Id: I4ced6df4b76f018d01000d28b4281ad9f252ffcc
* replace string format arguments with function parametersChristian Berendt2014-05-201-7/+7
| | | | | | | | There are files containing string format arguments inside logging messages. Using logging function parameters should be preferred. Change-Id: Ic749ac9eb55564ed631d57055a5a4dfc3aebd169
* Pass arguments to v3 keystoneclient by kwargJamie Lennox2014-04-041-1/+1
| | | | | | | | | Keystoneclient has added the positional decorator which emits a warning if arguments aren't passed by keyword. This means we are getting warnings in certain places in openstackclient. Change-Id: Ic5446cd6f122cbb56fce543011386d53bc31fe18 Closes-Bug: #1302199
* Identity v3 testsDean Troyer2013-09-091-57/+132
| | | | | | | | | * Add project, user, role and service v3 tests * Fix issues in commands with enable/disable * Make commands and tests more consistent between versions * Make formatting and comments more consistent Change-Id: Id21e7a5abd7e421a7742f937861ec46b53095fc7
* Begin Python 3 compatabilityDean Troyer2013-07-291-3/+4
| | | | | | | | | | | * use six.iteritems() * replace basestring with six.string_types * convert print statements to functions (they're all debugging and should be removed eventually anyway) * clean up OpenStack copyright: LLC -> Foundation Change-Id: Icb14212bcb408e63816bfec3922a697bc1a6c946
* Remove api = apiName calls from each methodSteve Martinelli2013-07-121-7/+0
| | | | | | | | | | | As discussed in https://review.openstack.org/#/c/36352/ for each command, we were setting api = identity or volume... etc, this was for an old way of calling commands that are is no longer used. Also removed openstackclient/common/command.py Change-Id: I2705f35d343f2ae729dc22d6aed0b852b2f8ca19
* Finish up v3 role commandsSteve Martinelli2013-07-031-27/+108
| | | | | | | | | | | | * Add remove role * Add --role to group list * Add --role to user list * Fix groups in AddRole() * Remove the tweaks to utils.find_resource for domains; will address that across domains, projects, users and groups in another patch. I want to nail down the structure of these commands and get that into place Change-Id: I8673dd8221ef88978dada5a2833c187026bdb31a
* Add functionality for add-role commandsSteve Martinelli2013-03-151-0/+81
| | | | | | | | | keep the functions sorted Please review carefully as I intend to mimic this logic with list and remove, I'm open to suggestions about handling thigs differently Change-Id: Ia6359134c44447f3b758870c4dc306ec1f970852
* Add role v3 support to identity in openstack clientSteve Martinelli2013-03-121-0/+144
Added create/delete/set/list/show support for roles Broken up to make reviewing easier. Will add more functionality (add/remove) later Change-Id: I95bddd27d8d9d251ad2fd60c3e3ee1e2cbcd7d4b
View Lorry Controller Status