summaryrefslogtreecommitdiff
path: root/openstackclient/identity
Commit message (Collapse)AuthorAgeFilesLines
* Merge "Add parent field to project creation"Jenkins2015-04-301-2/+13
|\
| * Add parent field to project creationRodrigo Duarte2015-03-231-2/+13
| | | | | | | | | | | | | | | | | | | | Adding the possibility to create projects hierarchies by adding the parent field in the create project call. Co-Authored-By: Victor Silva <victor@lsd.ufcg.edu.br> Implements: bp hierarchical-multitenancy Change-Id: I4eac4f5bc067634cc38c305dacc59ab1da63c153
* | Refactor utility to find identity resourcesSteve Martinelli2015-04-201-56/+41
| | | | | | | | | | | | | | | | | | | | Based on the comments made in this patch: https://review.openstack.org/#/c/174908/2/ We should simplify and refactor the way we handle finding identity resources. Change-Id: I77db2e3564faa90a917082a6c6cb87269e93aebe
* | Merge "remove unnecessary conditionals"Jenkins2015-04-194-18/+10
|\ \
| * | remove unnecessary conditionalsSteve Martinelli2015-04-194-18/+10
| | | | | | | | | | | | | | | | | | | | | | | | In several places we had else branches where a reasonable default would do the job. This makes the code a mean cleaer and easier to read. Change-Id: I231e09aab85fd32b8300bc33c48d0899b728b96e
* | | Role operations should not require list object permissionNathan Kinder2015-04-173-49/+108
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When using Keystone's policy.v3cloudsample.json policy file, a project admin is supposed to be able to manage role assignments. Unfortunately, a project admin isn't allowed to perform these operations using python-openstackclient, as we attempt to perform list operations for any of the object types specified (users, groups, projects). This is done in an attempt to lookup the id of the object by name, but we perform this list operation even when the user specifies everything by id. This causes 403 errors. This patch still attempts to look up the object id by name, but we catch the 403 and assume that the user specified an id if the list operation is not allowed. This is similar to what we do with the --domain option for other commands. Closes-bug: #1445528 Change-Id: Id95a8520e935c1092d5a22ecd8ea01f572334ac8
* | Add support to remote_idMarco Fargetta2015-03-301-7/+61
|/ | | | | | | | | | | | | | | | | | | | | | | The federation APIs for the identity providers introduce a new parameter for every identity provider, named remote_ids, which contains a list of entity ID associated with. This parameter can be provided during the creation of the identity provider and can be updated at any time. For more information look at the blueprint: https://blueprints.launchpad.net/keystone/+spec/idp-id-registration This patch add the support to this new parameter in the command line by inserting the option "--remote-id" in the following commands: - "identity provider create" - "identity provider set" Additionally, the values can be read from a file, specified by "--remote-id-file", containing an entity id per line. Change-Id: Ie93340ee57e54128daa70d8a7bd0a9975ff7eef4 Depends-On: I12a262c55b5f6b5cc7007865edf30f14269da537 Implements: blueprint idp-id-registration
* Merge "Add identity v3 catalog show"Jenkins2015-03-101-0/+44
|\
| * Add identity v3 catalog showTerryHowe2015-03-091-0/+44
| | | | | | | | Change-Id: Ia6b6c25eded43b899b3aa026227ad2859f1c67dd
* | Merge "Add identity v3 catalog list"Jenkins2015-03-101-0/+56
|\ \ | |/
| * Add identity v3 catalog listTerryHowe2015-03-071-0/+56
| | | | | | | | Change-Id: Id4c1371ca28b9fd884ec75061edca700fd69886c
* | Merge "Fix catalog list when region name is absent"Jenkins2015-03-081-1/+2
|\ \
| * | Fix catalog list when region name is absentDean Troyer2015-03-061-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | Some service catalogs in the wild have services without region names defined. Let's be nice and stuff in a default value indicating this state. Closes-Bug: #1429211 Change-Id: I3ebe2534dc6e3438aaeddc7757fb2db4117eae4b
* | | Merge "Fix identity v2 catalog list"Jenkins2015-03-081-1/+2
|\ \ \ | |/ /
| * | Fix identity v2 catalog listTerryHowe2015-03-041-1/+2
| |/ | | | | | | | | | | | | The v2 catalog list was only printing the last endpoint in the catalog. Change-Id: I5401a11eedb3be1513c86261329de50c8ad82720
* | Raise AttributeError for unknown attributesJamie Lennox2015-03-051-1/+0
|/ | | | | | | | | Not returning a value is the same as returning None. In the event that someone asks ClientManager for an attribute that doesn't exist it should raise AttributeError in the same way as other python objects rather than return an empty value. Change-Id: Id0ee825e6527c831c38e3a671958ded362fb96e1
* Merge "Restrict groups and users from changing domains"Jenkins2015-02-102-16/+1
|\
| * Restrict groups and users from changing domainsSteve Martinelli2015-02-092-16/+1
| | | | | | | | | | | | | | | | | | | | Similar to projects, we shouldn't allow users and groups to change domains. The server side tosses up an error but osc should restrict that behaviour in the first place. Related-Bug: #1418384 Change-Id: I860291a5859c576021b18e35d1a12c32abfb6ca5
* | Merge "Do not allow user to change domain of a project"Jenkins2015-02-101-9/+0
|\ \ | |/
| * Do not allow user to change domain of a projectSteve Martinelli2015-02-091-9/+0
| | | | | | | | | | | | | | | | | | Keystone Server already surfaces an error for this operation, but we should restrict the user, and not offer --domain to be changed for a project. Change-Id: I48317e8accfea3c285e6ad213e75b783de8070ac Closes-Bug: #1418384
* | Implement trust in identity v3 apiSteve Martinelli2015-02-081-0/+228
|/ | | | | | | | | | | Added new module in identity v3 api to handle create, read, and delete operations of trust resources. Co-Authored-By: Lance Bragstad <lbragstad@gmail.com> Co-Authored-By: Steve Martinelli <stevemar@ca.ibm.com> Closes-Bug: #1413718 Change-Id: I2b360b141ff70d4f396466abede859a3db6644f4
* Add region name for identity and volume clientsSteve Martinelli2015-01-211-0/+1
| | | | | | | | | We do not take into account region names for identity and volume clients. Change-Id: I4263e9013226b0adc6b9ad7540d6ad3efb42e809 Co-Authored-By: Eric Helgeson <erichelgeson@gmail.com> Related-Bug: #1405416
* Update service clist commands for v2 and v3Dean Troyer2015-01-162-16/+16
| | | | | | | | | | | | Changes to the 'service list' commands for Identity v2 and v3: * Document support for --long * Add Description to v3 output with --long * v3 output is now (ID, Name, Type), with (Description, Enabled) added with --long * Change v2 output to match v3 output, with the absense of Enabled. * Update doc to match Closes-Bug: #1411337 Change-Id: I999e3df22f61350cdeba63bbb7d01145c2ffeeaf
* Merge "Check if service.name available before access"Jenkins2015-01-151-3/+10
|\
| * Check if service.name available before accesszhiyuan_cai2015-01-041-3/+10
| | | | | | | | | | | | | | | | | | | | | | Currently v3 endpoint commands access service.name directly, while name is not a required attribute of service. So if we associate an endpoint to a service without name, we will get an AttributeError executing v3 endpoint commands later. This patch addresses this issue by checking if service.name is available before accessing it. Change-Id: I3dd686ef02a2e21e2049a49cb55634385c2ecfaf Closes-Bug: #1406737
* | Merge "Rework role list v2 for --user and --project"Jenkins2015-01-131-2/+67
|\ \
| * | Rework role list v2 for --user and --projectSteve Martinelli2015-01-101-2/+67
| | | | | | | | | | | | | | | | | | | | | | | | | | | `os user role list` does the same as v3's `os role list`. We should rework v2's `role list` to basically call `os user role list` under the covers. Closes-Bug: #1409179 Change-Id: I9839f6be139d6a6a3f6bbf79957e218dd8e03fe3
* | | Merge "Command doc: policy"Jenkins2015-01-131-29/+34
|\ \ \
| * | | Command doc: policySteve Martinelli2015-01-121-29/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Also tweaked a bunch of the code to not show 'blob', but 'rules' instead. Change-Id: I6db798d272ff416a77f169c0e912d2096fa02504
* | | | Merge "Tweaks to the catalog doc and show command"Jenkins2015-01-131-1/+6
|\ \ \ \
| * | | | Tweaks to the catalog doc and show commandSteve Martinelli2015-01-131-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Looks like providing a service id isn't working, so it the help message was reduced to just type and name. Added a bit more to the docs, too. Change-Id: Id7f8b48bdf99773ad55ca7f204f3c779f84633d5
* | | | | Merge "Fine tune some of the helps commands"Jenkins2015-01-1313-20/+20
|\ \ \ \ \ | |/ / / / | | / / / | |/ / / |/| | |
| * | | Fine tune some of the helps commandsSteve Martinelli2015-01-1315-22/+22
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | try and add some consistency with the show and delete commands. replace 'show x' with 'display x' change 'delete a y' with just 'delete y' Change-Id: I47dfa8ee23ac5c41b355796415eb515155832f65
* | | Merge "fix some small issues in catalog show"Jenkins2015-01-121-12/+7
|\ \ \
| * | | fix some small issues in catalog showwanghong2015-01-121-12/+7
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I think there are three issues we should fix: 1. wrong indentation of 'continue' 2. currently, name is optional for service, but according to the currrent logic, if a service doesn't have name attribute we will select it anyway 3. we always loop all catalogs Change-Id: I9fce66677affa396b6a12afea76e87cab9215a58
* | | Command docs: add serviceDean Troyer2015-01-122-13/+25
|/ / | | | | | | | | | | | | Co-Authored-By: Lin Hua Cheng <os.lcheng@gmail.com> Change-Id: Icd39e6d769fd4c4797fcf4ef9eb97c71ed166b3b Closes-Bug: #1404434
* | Command doc: access tokenSteve Martinelli2015-01-091-9/+7
| | | | | | | | Change-Id: I1b7103e28273f0a63c7d6b6003317b9e69702b05
* | Request token authorizeSteve Martinelli2015-01-091-10/+16
| | | | | | | | | | | | Command doc and tweaks to the code Change-Id: I8f251bf9ca77f16b01a509844e79ddde82048b0d
* | Merge "Request token creation docs + tweaks"Jenkins2015-01-091-11/+32
|\ \
| * | Request token creation docs + tweaksSteve Martinelli2015-01-081-11/+32
| | | | | | | | | | | | | | | | | | | | | Added command docs, and changed request token to take in name or id of a project, and also support a domain option. Change-Id: I87363274e5b7a0c687e234f5a4bcaaf166d28840
* | | Merge "Command doc: consumer"Jenkins2015-01-091-11/+11
|\ \ \ | |/ /
| * | Command doc: consumerSteve Martinelli2015-01-081-11/+11
| | | | | | | | | | | | Change-Id: Ie687e1d7f80810106a64204828299f9d143b8d7c
* | | Merge "Allow user list to filter by project"Jenkins2015-01-081-7/+46
|\ \ \
| * | | Allow user list to filter by projectSteve Martinelli2015-01-081-7/+46
| | |/ | |/| | | | | | | | | | | | | | | | | | | Adds a --project filter to `os user list`, which really calls the role assignment manager behind the scenes. Change-Id: I57a75018f12ed3acdf8f6611b6b58bd974f91da2 Closes-Bug: #1397251
* | | Command doc: federation protocolSteve Martinelli2015-01-081-27/+39
| | | | | | | | | | | | Change-Id: I1289eb0caf31fca21c5c377cf13aebd1434a00ee
* | | Command doc: identity providerSteve Martinelli2015-01-081-18/+13
| | | | | | | | | | | | Change-Id: Ie73accfaa3d45205a2521e6e61efd16142c460b2
* | | Command doc: mappingSteve Martinelli2015-01-081-18/+21
| |/ |/| | | | | | | | | | | Also tweaked the code for `mapping set` as it was previously using cliff Show instead of cliff Command. Change-Id: I0ea1383a9f2dddf4b2f717b2aa16bbd60ab1720c
* | Merge "Add endpoint v3 docs"Jenkins2015-01-042-49/+69
|\ \ | |/ |/|
| * Add endpoint v3 docsDean Troyer2015-01-022-49/+69
| | | | | | | | | | | | (update: change version description formats for API versioning) Change-Id: I499ea1d80ad6ad6392468305f761e695d7261e33
* | Merge "Command docs: group"Jenkins2015-01-031-18/+21
|\ \
View Lorry Controller Status