| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
the docs and code had inconsistencies with how it
references other arguments, lets just remove the
backticks from around them.
Change-Id: I43d17b07364e45387c6b9d86c2aca26eeea8ed93
|
| |\ \
| |/
|/| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Listing users within a group is not presently domain scoped. We
do not use the domain info at all when the group option is present.
A new --group-domain option is not needed since we cannot list
users by --project and --group, they are mutually exclusive (as
per the identity API).
Closes-Bug: 1492916
Change-Id: I50f995ee4a03c2bdb21f2b5722546ab8fe786eb6
|
| |/
|
|
|
|
|
|
|
| |
Instead of duplicating the same log statement throughout
the code, the same logic can be provided by a shared decorator
that abstracts away the logging capability and unifies it behind
a common function instead.
Change-Id: Icc63bced7347c8bbf0299a4c5821425a10892a79
|
| |
|
|
|
|
|
|
|
| |
When adding a role to a group and project OSC is mistakenly using the
group_domain to find the project which will fail if the group_domain !=
project_domain.
Change-Id: I4c1bec9b3b183c755be121b91f40e026d707192b
Closes-Bug: #1483520
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Adds inherited information when listing role
assignments. In addition, it makes possible
to list only inherited ones by adding
--inherited option.
Change-Id: Idf889603d584716da95e2c7b4880142fbd8291c4
Closes-Bug: 1370546
|
| |/
|
|
|
|
|
|
|
|
| |
The paremeter to Keystone Client was passed as
'inherited', when it should be
'os_inherit_extension_inherited'.
Closes-Bug: #1482254
Change-Id: I1cb46add532223ef0b9620763b1047cc80e19ec0
|
| |
|
|
|
|
|
|
| |
Add ability to set which domain the user, group or project
belong to.
Change-Id: Idf6c7f23ab96261a73682226fb10ce5f0133924e
Closes-Bug: #1472909
|
| |
|
|
|
|
|
|
| |
The error message refers to --os-auth-plugin which is not a valid
option. This patch changes that to --os-auth-type.
Change-Id: I02ec0b7855131180bb8c674051930ebb51cb7303
Closes-Bug: #1477083
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In the previous implementation, we were always including the domain
argument, which caused a lookup by name for trustee/trustor and
project. By excluding it when not necessary, we do a search by
ID in find_resources.
Change-Id: Id756aeab522b5dccb2dc6b31d137a28514b0fdf6
Closes-Bug: 1473298
|
| |\ \ |
|
| | |/
| |
| |
| |
| |
| |
| | |
Previously a blank character at the end of the roles value would remain
Change-Id: I0961a5f9fb4b270a6055ee69898eadee315e416a
Closes-Bug: 1474707
|
| |/
|
|
|
|
|
|
|
| |
user v3 create/set only support --project option,
we need --project-domain to prevent collisions between
project names exist.
Change-Id: I2d62e5b9bb6df4c5c5a9542514faf2e4365bb18b
Closes-Bug: #1475357
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Adds the possibility to retrieve a project and list its
parents and subtree in the hierarchy.
Co-Authored-By: Rodrigo Duarte <rodrigods@lsd.ufcg.edu.br>
Co-Authored-By: Samuel de Medeiros Queiroz <samuel@lsd.ufcg.edu.br>
Implements: bp hierarchical-multitenancy
Change-Id: I874f6faffc8a2db9d99f12cbe0a69c0a30c0d9df
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Once inherited project role grant calls are
implemented on python-keystoneclient,
python-openstackclient also should support such
calls.
This patch add such support as well as its
related tests.
Co-Authored-By: Raildo Mascena <raildo@lsd.ufcg.edu.br>
Change-Id: Id72670be8640e5c6e2490a6ef849e9ec3493b1a9
Implements: blueprint hierarchical-multitenancy
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
put the common options in identity.common, this way the help is
consistent
Change-Id: I5b09cfb56fa0f8d16feb95150f216fccbe9f2b22
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
ec2creds.py was referencing a function on self, but wasn't there.
Correctly reference the right function.
Change-Id: I62f09c497be9dbb394341914388d60634e8b80c2
Closes-Bug: 1465561
|
| |/ /
| |
| |
| |
| |
| |
| | |
the oidc plugin should be included in the list of valid federation
protocols that can leverage `federation project list`
Change-Id: I3f5c5ab262c7097273716a81618a2dcbb159dd6f
|
| |\ \
| |/
|/| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Many of the commands for the group and role resources were lacking an
option to specify the specific domain groups, projects or users belong
to. This commit fixes that.
Change-Id: I461d2bcfd01ad2dea970de38ec7ad6f4a631ceb1
Closes-bug: #1446546
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
`project` argument is deprecated in keystoneclient for V3 API,
and use `default_project` instead, should use `default_project`
as the argument name in the openstackclient accordingly.
Change-Id: Ib9d70801c933a184afcdab75204393efa764fa87
Closes-Bug: #1462389
|
| |\ \
| |/
|/| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently argument 'domain' is not supported by command 'os project
set', but it is required by keystone v3 update project API to match
the domain id.
Closes-Bug: #1460122
Change-Id: I1b32f67f78b369f6134a74cdf9a4811b7539d44b
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Re-sync the text in v2 and v3 help and the docs
Depends-On: If4ac5356ade8cff347bb9eb9f88d1ace82bb7275
Change-Id: Iabef2f271fcf46748295c29713fea1811dcab29c
|
| |\ \ \
| |/ / |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
A follow up work item from I52ff2020ef2fcbdc8a98280b73c6fd4a93bc8e0f
to support domain scoped users and projects for ec2creds in the
v3 identity api.
Related-Bug: 1236326
Change-Id: If4ac5356ade8cff347bb9eb9f88d1ace82bb7275
|
| |\ \ \
| |/ / |
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
EC2 support is provided for the v2 identity API and is available in
almost exactly the same format in the v3 API and enabled by default.
Supporting EC2 in the v3 identity API in OSC will make it much easier to
transition devstack to a v3 only state.
Closes-Bug: 1236326
Change-Id: I52ff2020ef2fcbdc8a98280b73c6fd4a93bc8e0f
|
| |/
|
|
|
|
|
|
| |
The payload data of credentials is the unfortunately named blob.
Currently when listing credentials the payload is excluded as OSC is
looking for a column called data which does not exist.
Change-Id: I6fa4579d7ec9ba393ede550191dbd8aa29767bf4
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
If users, projects or groups are provided by name, there is a
possibility of the existence other users/projects/groups with the same
name in other domain. Even though this is not a problem if the actual
ID is given instead of a name; this is mostly a usability enhancement.
So, three options were added, one for specifying the domain where the
user belongs, another one to specify the project's domain, and finally
one to specify the group's domain.
Change-Id: Iab04b0e04fa75ea5aa3723b8ea42a45f58a6cdb2
Closes-Bug: #1421328
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This patch adds service providers to command-objects, and makes
a few changes to the help text, to align it more with the
already established identity provider resource.
Change-Id: Ibf3d2bc04bf5588d1fc9c37b8ca28c007496c021
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Adds CRUD support for service providers as it's now available through
keystoneclient
Closes-Bug: 1435962
Depends-On: If802e8a47e45ae00112de3739334b4b5482d0500
Change-Id: Ic55101e50209070aa49ca2adc91c89ba754c8c68
|
| |\ \ |
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Adding the possibility to create projects hierarchies by adding
the parent field in the create project call.
Co-Authored-By: Victor Silva <victor@lsd.ufcg.edu.br>
Implements: bp hierarchical-multitenancy
Change-Id: I4eac4f5bc067634cc38c305dacc59ab1da63c153
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In several places we had else branches where a reasonable default
would do the job. This makes the code a mean cleaer and easier to
read.
Change-Id: I231e09aab85fd32b8300bc33c48d0899b728b96e
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When using Keystone's policy.v3cloudsample.json policy file, a project admin is
supposed to be able to manage role assignments. Unfortunately, a project admin
isn't allowed to perform these operations using python-openstackclient, as we
attempt to perform list operations for any of the object types specified (users,
groups, projects). This is done in an attempt to lookup the id of the object by
name, but we perform this list operation even when the user specifies everything
by id. This causes 403 errors.
This patch still attempts to look up the object id by name, but we catch the 403
and assume that the user specified an id if the list operation is not allowed.
This is similar to what we do with the --domain option for other commands.
Closes-bug: #1445528
Change-Id: Id95a8520e935c1092d5a22ecd8ea01f572334ac8
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The federation APIs for the identity providers introduce a new parameter
for every identity provider, named remote_ids, which contains a list of
entity ID associated with. This parameter can be provided during the creation
of the identity provider and can be updated at any time. For more information
look at the blueprint:
https://blueprints.launchpad.net/keystone/+spec/idp-id-registration
This patch add the support to this new parameter in the command line by
inserting the option "--remote-id" in the following commands:
- "identity provider create"
- "identity provider set"
Additionally, the values can be read from a file, specified by
"--remote-id-file", containing an entity id per line.
Change-Id: Ie93340ee57e54128daa70d8a7bd0a9975ff7eef4
Depends-On: I12a262c55b5f6b5cc7007865edf30f14269da537
Implements: blueprint idp-id-registration
|
| |
|
|
| |
Change-Id: Ia6b6c25eded43b899b3aa026227ad2859f1c67dd
|
| |
|
|
| |
Change-Id: Id4c1371ca28b9fd884ec75061edca700fd69886c
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Similar to projects, we shouldn't allow users and groups to
change domains. The server side tosses up an error but osc
should restrict that behaviour in the first place.
Related-Bug: #1418384
Change-Id: I860291a5859c576021b18e35d1a12c32abfb6ca5
|
