From 64e4520b2a79b9046a791f5e3729f5cbfc2d3fa5 Mon Sep 17 00:00:00 2001 From: Nicolas Belouin Date: Fri, 14 Jan 2022 15:44:11 +0100 Subject: Add trustor and trustee filtering to trusts list The keystone API supports filtering trusts by trustor and/or trustee. Also adds a shortcut parameter to get trusts with current user as trustee or trustor. Signed-off-by: Nicolas Belouin Change-Id: I00ed2b68cf8ada214a59f640f4f0a5c9dbc37063 --- openstackclient/identity/v3/trust.py | 87 +++++++++++++++++++++++++++++++++++- 1 file changed, 86 insertions(+), 1 deletion(-) (limited to 'openstackclient/identity') diff --git a/openstackclient/identity/v3/trust.py b/openstackclient/identity/v3/trust.py index cd3a65d0..61273f41 100644 --- a/openstackclient/identity/v3/trust.py +++ b/openstackclient/identity/v3/trust.py @@ -176,10 +176,95 @@ class DeleteTrust(command.Command): class ListTrust(command.Lister): _description = _("List trusts") + def get_parser(self, prog_name): + parser = super().get_parser(prog_name) + parser.add_argument( + '--trustor', + metavar='', + help=_('Trustor user to filter (name or ID)'), + ) + parser.add_argument( + '--trustee', + metavar='', + help=_('Trustee user to filter (name or ID)'), + ) + parser.add_argument( + '--trustor-domain', + metavar='', + help=_('Domain that contains (name or ID)'), + ) + parser.add_argument( + '--trustee-domain', + metavar='', + help=_('Domain that contains (name or ID)'), + ) + parser.add_argument( + '--auth-user', + action="store_true", + dest='authuser', + help=_('Only list trusts related to the authenticated user'), + ) + return parser + def take_action(self, parsed_args): + identity_client = self.app.client_manager.identity + auth_ref = self.app.client_manager.auth_ref + + if parsed_args.authuser and any([ + parsed_args.trustor, + parsed_args.trustor_domain, + parsed_args.trustee, + parsed_args.trustee_domain, + ]): + msg = _("--authuser cannot be used with --trustee or --trustor") + raise exceptions.CommandError(msg) + + if parsed_args.trustee_domain and not parsed_args.trustee: + msg = _("Using --trustee-domain mandates the use of --trustee") + raise exceptions.CommandError(msg) + + if parsed_args.trustor_domain and not parsed_args.trustor: + msg = _("Using --trustor-domain mandates the use of --trustor") + raise exceptions.CommandError(msg) + + if parsed_args.authuser: + if auth_ref: + user = common.find_user( + identity_client, + auth_ref.user_id + ) + # We need two calls here as we want trusts with + # either the trustor or the trustee set to current user + # using a single call would give us trusts with both + # trustee and trustor set to current user + data1 = identity_client.trusts.list(trustor_user=user) + data2 = identity_client.trusts.list(trustee_user=user) + data = set(data1 + data2) + else: + trustor = None + if parsed_args.trustor: + trustor = common.find_user( + identity_client, + parsed_args.trustor, + parsed_args.trustor_domain, + ) + + trustee = None + if parsed_args.trustee: + trustee = common.find_user( + identity_client, + parsed_args.trustor, + parsed_args.trustor_domain, + ) + + data = self.app.client_manager.identity.trusts.list( + trustor_user=trustor, + trustee_user=trustee, + ) + columns = ('ID', 'Expires At', 'Impersonation', 'Project ID', 'Trustee User ID', 'Trustor User ID') - data = self.app.client_manager.identity.trusts.list() + return (columns, (utils.get_item_properties( s, columns, -- cgit v1.2.1