| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
assertItemsEqual was removed from Python's unittest.TestCase in
Python 3.3 [1][2]. We have been able to use them since then, because
testtools required unittest2, which still included it. With testtools
removing Python 2.7 support [3][4], we will lose support for
assertItemsEqual, so we should switch to use assertCountEqual.
[1] - https://bugs.python.org/issue17866
[2] - https://hg.python.org/cpython/rev/d9921cb6e3cd
[3] - testing-cabal/testtools#286
[4] - testing-cabal/testtools#277
Change-Id: I0bbffbec8889b8b3067cfe17d258f5cb16624f38
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
when doing openstack domain list --name xyz_id,
and openstack domain list --enabled CLI raising
error unrecognized arguments, whereas in api-ref
document [1], user can pass name and enabled as
optional query param. This addresses the above
issue, by adding param --name and --enabled in
parser of ListDomain.
[1]https://docs.openstack.org/api-ref/identity/v3/?expanded=list-domains-detail#list-domains
Change-Id: I3cdb511d3c7059ddfb802ca025188d8976c9302c
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This requires fixes found in cliff 3.5.0 [1] and osc-lib 2.3.0 [2]. With
these fixes in place, we can remove the icky, still broken
'assertItemEqual' and 'assertListItemEqual' helpers.
[1] https://review.opendev.org/761421
[2] https://review.opendev.org/761394
Change-Id: Id6c26b37c3c7d5ec6761361abca57f9219b76838
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
|
| |\ \ |
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
when doing openstack identity provider list --name xyz_id,
and openstack identity provider list --enabled CLI raising
error unrecognized arguments, whereas in api-ref document [1],
user can pass name and enabled as optional query param. This
addresses the above issue, by adding param --id and --enabled in
parser of ListIdentityProvider.
[1] https://docs.openstack.org/api-ref/identity/v3-ext/?expanded=list-identity-providers-detail#list-identity-providers
Change-Id: I59ce3a5f54700ba5a735f0b3b4b3b73b3a8658fa
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Keystone let's users remove role assignments that reference non-existent
users and groups. This is nice when keystone backs to an identity store
like LDAP and users or groups are removed.
Previously, openstackclient would validate the user and group existed in
keystone before sending the request to delete the role assignment. This
commit updates the code to bypass that validation so that users can use
IDs to forcibly cleanup role assignments.
Change-Id: I102b41677736bbe37a82abaa3c5b3e1faf2475d5
Story: 2006635
Task: 36848
|
| |/
|
|
|
|
|
|
| |
I was writing some additional functionality and noticed these tests were
missing. This commit adds tests for adding and removing system role
assignments for users and groups.
Change-Id: I30fdc6ec55e1eb1cfa55f4cbf92c3f001d89865f
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When we use "--property" parameter, client get lists these the
value is string type, but the type of the value 'is_domain'
should be boolean, so we should judge it and parse it.
The patch parse string to boolean for value 'is_domain'.
Co-Authored-By: Lance Bragstad <lbragstad@gmail.com>
Change-Id: I37c9eb854524bde3a1530bfe2e3a03810fb1a676
Task: 30039
Story: 2005246
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Now that we no longer support py27, we can use the standard library
unittest.mock module instead of the third party mock lib.
Change-Id: Ibd39328c27b68190e2edbf1f52fcea52db3ae791
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
|
| |/
|
|
|
|
|
|
|
| |
This patch adds the --immutable and --no-immutable option to the
role, project and domain CLI.
Related-Patch: https://review.opendev.org/#/c/712182/
Change-Id: I9c3bdd741f28bf558267fb217818d947597ce13e
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
User options [1] can be set by making POST and PATCH
request for /v3/users API calls but cannot by openstack
CLI because of no user options defined in create and update
user CLI [2]. This patch adds the user options [1] in
create user and update user CLI.
[1] https://docs.openstack.org/keystone/latest/admin/resource-options.html#multi-factor-auth-rules
[2] https://docs.openstack.org/api-ref/identity/v3/#create-user
Change-Id: I4e41bae2e8cfbe92d52b14d856991bedcd44164f
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Now user can add the description when user create's the role using OSC
``openstack role create`` command. User can add the description by adding
`--description <Description>` to OSC ``openstack role create`` command.
Co-Authored-By: Deepak Mourya<deepakmoriya7@gmail.com>
Change-Id: I858e004c3b29c687b6a39c8a1ed5fb029eb19c67
Depends-on: I230af9cc833af13064636b5d9a7ce6334c3f6e9a
Closes-Bug: #1669080
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This commit introduces the --access-rules option for 'application
credential create' as well as new 'access rule' commands for listing,
showing, and deleting access rules.
bp whitelist-extension-for-app-creds
Change-Id: I04834b2874ec2a70da456a380b5bef03a392effa
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We had this library capped at a release that is a few years old. Now
that we have dropped py2 testing, we can pick up the latest version.
This uncovered a few things to clean up. Mostly the fact that mock is
now a part of the StdLib unittest since Python 3.3.
Change-Id: I27484dd4c25378413ff16e97a35a1a46062357bc
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch introduces a new option --parent into project list,
to specify a parent project to filter projects which has
the given project as their parent.
Depends-on: https://review.opendev.org/#/c/677101
Change-Id: I6725262cf040e0ec6ceca9cf0462ce59224049c6
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Partial-Bug: #1687955
Partially implement blueprint osc-formattable-columns
Change-Id: Ia13314a012b3a7363ffb24a13c79c6ecdff1ed7b
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The following were deprecated over two years ago and can now be
removed/changed:
* Remove ``service create`` option ``--type``
* Remove ``role list`` options ``--project`` and ``--user``
* Remove ``user role list`` command
These are backwards incompatible changes and will require a major
version bump after they are merged.
Change-Id: I29e2fc9516dffbfd83eef0bc91e834dde99b4105
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
Signed-off-by: Dean Troyer <dtroyer@gmail.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
There is a typo in the endpoint group deletion, due to this you
can't remove endpoint groups once assigned. I am adding also the
unit tests to avoid this kind of issues in the future
Task: 30640
Story: 2005521
Change-Id: Ie938f2c9894bb39b4c0ed1f7aa3a6a751a303058
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
when doing openstack limit list --project xyz_id,
CLI raising error unrecognized arguments, whereas
in api-ref document [1], user can pass project_id
as query param.This addresses the above issue, by
adding param --project in parser of LimitList.
[1] https://developer.openstack.org/api-ref/identity/v3/index.html
Change-Id: If4644cc99a3803f61f4a688b828aeb73977fc0dd
Closes-Bug: #1798744
|
| |/
|
|
|
|
|
|
|
|
|
| |
The --project and --project-domain flags are currently mutually
exclusive for listing endpoints, however the --project-domain argument
is supposed to help with filtering projects with colliding names. They
should be allowed together.
Story: 2004018
Task: 27007
Change-Id: I7340e01f509e3515f07cb46f175fb603f1ce8b67
|
| |
|
|
|
|
|
|
| |
This commit let's users manage limits via the command line.
bp unified-limits
Change-Id: I7c44bbb60557378b66c5c43a7ba917f40dc2b633
|
| |
|
|
|
|
|
|
|
|
| |
This commit adds support for users to manage registered limits via
the command line.
bp unified-limits
Depends-On: https://review.openstack.org/#/c/574391/
Change-Id: Id8377363f7a3248b45aeeba21d2acc02684a0305
|
| |
|
|
|
|
|
|
|
|
| |
The code was calling an unexisting function which never existed.
The module refers now to the correct `InferenceRuleManager`. It
also allows the compatibility with the future python-keystoneclient
in which the compatibility method will be removed from the
RoleManager.
Change-Id: I08f785dc9e840da2e16915683eecfe49189c44b3
|
| |
|
|
|
|
|
|
|
|
| |
This commit adds the necessary bits to expose system role
assignments to openstackclient via python-keystoneclient.
bp system-scope
Depends-On: Iecbcbf020a15f2bec777334c648d4477f89f3b2c
Change-Id: I261e84700b51e8715eaebdc3f8f8bc46b68542c2
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add support for creating, retrieving, and deleting application
credentials. Application credentials do not support updates.
In order to provide a positive user experience for the `--role` option,
this patch also includes an improvement to the
`identity.common._get_token_resource()` function that allows it to
introspect the roles list within a token. This way there is no need to
make a request to keystone to retrieve a role object, which would fail
most of the time anyway due to keystone's default policy prohibiting
unprivileged users from retrieving roles.
bp application-credentials
Change-Id: I29e03b72acd931305cbdac5a9ff666854d05c6d7
|
| |\ \ |
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Implements the commands for endpoint group filter management.
Includes the CRUD management of the endpoint groups and the
association management between them and the projects that are
using this method.
Implements: blueprint keystone-endpoint-filter
Change-Id: I4265f7f8598d028191e90d76781b7b6ece6fef64
|
| |/
|
|
|
|
|
|
|
| |
This change adds tags functionality for projects in keystone. A user
can add a single tag with "--tag", chain "--tag" to add multiple
tags, or clear tags with "--no-tag".
Change-Id: I31cfef3e76dcefe299dacb00c11bb1a10a252628
Partially-Implements: bp project-tags
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Implements the commands that allow to link and endpoint to
a project for endpoint filter management.
Implements: blueprint keystone-endpoint-filter
Change-Id: Iecf61495664fb8413d35ef69f07ea929d190d002
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now, keystone has supported serverl auth method, like 'totp'.
Before we use this method, we should create the credential first.
And we need create it with type 'totp'. But now we cannot create
credential with this method.
Also, I think the type should not have constrains. We can create
any type in keystone project. So, we should do these actions too.
The type would be more which We cannot control.
Change-Id: Ie0482da3133fb515e4bb8e45f8c54f509589cc5e
Closes-bug: #1731848
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently ListEndpoint.take_action method unconditionally iterates
over all endpoints and issue GET /v3/services/<ep.service_id>
request for each endpoint. In case of HTTPS keystone endpoint this
can take significant amout of time, and it only getting worse in
case of multiple regions.
This commit change this logic to making just two GET requests: first
it gets endpoint list, then it gets service list, searching service
in the list instead of issuing GET /v3/services/<id> request.
Change-Id: I22b61c0b45b0205a2f5a4608c2473cb7814fe3cf
Closes-Bug: 1719413
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow the user to create an inference rule between
two roles. The first, called the prior role
is the role explicitly assigned to an individual.
The second, called the implied role, is one that
the user gets implicitly. For example:
Role B implies Role A.
User X is assigned Role B.
Therefore User X also assigned Role A.
The management and maintenance of the rules is
performed in the Keystone server.
Change-Id: If547c2f16e812bc7fffd742ec37e6a26011f3185
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In reviews we usually check import grouping but it is boring.
By using flake8-import-order plugin, we can avoid this.
It enforces loose checking so it sounds good to use it.
This flake8 plugin is already used in tempest.
Note that flake8-import-order version is pinned to avoid unexpected
breakage of pep8 job.
Setup for unit tests of hacking rules is tweaked to disable
flake8-import-order checks. This extension assumes an actual file exists
and causes hacking rule unit tests.
Change-Id: I12b596820727aeeb379bee16c2bc993dee9eb637
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The parents_as_list and subtree_as_list query parameters limit the
result to only parents and subtree where the user making the call has
role assignments in. Since OSC only displays the IDs, the call would be
the same as the similar *_as_ids queries, the difference is that the
later doesn't enforce the role assignments (making it more useful).
Output example by using this patch:
$ openstack project show --children root
+-------------+------------------------------+
| Field | Value |
+-------------+------------------------------+
| description | |
| domain_id | default |
| enabled | True |
| id | 123 |
| is_domain | False |
| name | root |
| parent_id | default |
| subtree | {u'456': None, u'789': None} |
+-------------+------------------------------+
Change-Id: Ib7b37ae8f55190a7efcc375d5be4a2823d02d1a4
|
| | |
| |
| |
| |
| |
| |
| |
| | |
In keystone version 3.5, "type" optional attribute has been added
to list credentials. This patch add "user_id" and "type" optional
parameter in openstack client.
Change-Id: Ia09ee7c39204fdff2dfd7b9b606d888d007caac5
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Identity providers are now associated with domains. This change
allows a user to specify a domain by ID or by name when creating
an identity provider. [0]
This also adds the column for Domain ID in listing.
Updating a domain for an identity provider is not supported, so
that isn't changed.
[0]. Id18b8b2fe853b97631bc990df8188ed64a6e1275
Closes-Bug: 1698390
Change-Id: Icc408e2fe88f257d5863bd3df716a777d52befcc
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
The 'domain' filter not work well in commands 'project show',
'user show' and 'user set'.
Depends-On: I490900d6249f01654d4cba43bddd3e7af7928a84
Closes-Bug: #1704097
Change-Id: Ib4f47cbaba27eb56c4a41d187fee74a995e62dc7
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This changes create a trust to use ids instead of names because of
the possibility of roles sharing a name. Even if the user
uniquely identified a role by inputting the id, the request sent
to the identity service would used the name, therefore the command
would fail in the case that two roles share a name.
This does not change how trusts are displayed during trust list or
trust show, a name will still be shown instead of an id.
Depends-On: I38e0ac35946ee6e53128babac3ea759a380572e0
Change-Id: I5bdf89f1e288954a7f5c2704231f270bc7d196f5
Closes-Bug: 1696111
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- Fix option-describe typos
- Correct option and envvar markup, for commands that are using the
reference form instead of the definition form or are marking up
option arguments as options
- Avoid duplicate commands
- Fix some invalid docstrings
- Fix some invalid indentation
- Disable the murano plugin, which has invalid docs
- Correct issues with- and track the network-topology spec
- Include API modules in docs
Change-Id: I3d5ed5e872540fe13f3e4bd5e9335829dc9a5226
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Similar delete commands in OSC, we can also support add/remove
multi users for one specified group, this review implement it.
Change-Id: I8ccf99d4ee83a18778fa3ff5c0a42bc7c6ff21fb
Implements: bp support-multi-add-remove
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Due to a default Keystone policy until Newtown,
and the use of resource_find, non-admins are unable
to list their own projects.
This patch bypasses this problem while also introducing better
UX for non-admins wishing to get their project list.
'openstack project list' retains the default of 'list all projects'
but on a forbidden error will default instead to 'list my projects'.
This way for non-admins 'list my projects' feels like the default
without breaking the expected admin default.
Adding the '--my-projects' option allows admins to easily list their
own projects or allows non-admins to be explicit and bypass the
forbidden error fallback.
Change-Id: I1021276f69fbbf28e13e17c4e567d932fce7ed8b
Closes-Bug: #1627555
|
| |\ \ |
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When checking whether a given user is in a given group, keystone will
return a 404 Not Found if all went well but the user was not in the
group. It may also return a 403 if the user and the group are in
different backends, which would also mean that the user was not in the
group[1]. Any other 400 response is a client error and any 500 response
is a server error to which the user should be alerted.
Without this patch, openstackclient treats any exception as a valid "not
found" and may end up hiding server errors. This patch reduces the
caught exceptions to 403 and 404 responses and treats everything else as
an error.
[1] https://developer.openstack.org/api-ref/identity/v3/?expanded=check-whether-user-belongs-to-group-detail#check-whether-user-belongs-to-group
Closes-bug: #1672634
Change-Id: Id3f3b2409b7cee480ee3c19b6d6c3070599ffe8f
|
