openstack/python-openstackclient
Code Issues Proposed changes

Merge "Enable specifying domain for group and role commands"

Browse Source
This commit is contained in:
Jenkins 2015-06-09 18:20:34 +00:00 committed by Gerrit Code Review
commit bc53b05f8f
5 changed files with 315 additions and 250 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
doc/source/command-objects/group.rst
View File

@ -13,9 +13,25 @@ Add user to group
.. code:: bash
os group add user
[--group-domain <group-domain>]
[--user-domain <user-domain>]
<group>
<user>
.. option:: --group-domain <group-domain>
Domain the group belongs to (name or ID). This can be
used in case collisions between group names exist.
.. versionadded:: 3
.. option:: --user-domain <user-domain>
Domain the user belongs to (name or ID). This can be
used in case collisions between user names exist.
.. versionadded:: 3
.. describe:: <group>
Group to contain <user> (name or ID)
@ -33,9 +49,25 @@ Check user membership in group
.. code:: bash
os group contains user
[--group-domain <group-domain>]
[--user-domain <user-domain>]
<group>
<user>
.. option:: --group-domain <group-domain>
Domain the group belongs to (name or ID). This can be
used in case collisions between group names exist.
.. versionadded:: 3
.. option:: --user-domain <user-domain>
Domain the user belongs to (name or ID). This can be
used in case collisions between user names exist.
.. versionadded:: 3
.. describe:: <group>
Group to check (name or ID)
@ -106,7 +138,7 @@ List groups
os group list
[--domain <domain>]
[--user <user>]
[--user <user> [--user-domain <user-domain>]]
[--long]
.. option:: --domain <domain>
@ -117,6 +149,13 @@ List groups
Filter group list by <user> (name or ID)
.. option:: --user-domain <user-domain>
Domain the user belongs to (name or ID). This can be
used in case collisions between user names exist.
.. versionadded:: 3
.. option:: --long
List additional fields in output
@ -130,9 +169,25 @@ Remove user from group
.. code:: bash
os group remove user
[--group-domain <group-domain>]
[--user-domain <user-domain>]
<group>
<user>
.. option:: --group-domain <group-domain>
Domain the group belongs to (name or ID). This can be
used in case collisions between group names exist.
.. versionadded:: 3
.. option:: --user-domain <user-domain>
Domain the user belongs to (name or ID). This can be
used in case collisions between user names exist.
.. versionadded:: 3
.. describe:: <group>
Group containing <user> (name or ID)
@ -150,10 +205,15 @@ Set group properties
.. code:: bash
os group set
[--domain <domain>]
[--name <name>]
[--description <description>]
<group>
.. option:: --domain <domain>
Domain containing <group> (name or ID)
.. option:: --name <name>
New group name

50
doc/source/command-objects/role.rst
View File

@ -101,8 +101,8 @@ List roles
.. code:: bash
os role list
[--domain <domain> | --project <project]
[--user <user> | --group <group>]
--domain <domain> | --project <project> [--project-domain <project-domain>]
--user <user> [--user-domain <user-domain>] | --group <group> [--group-domain <group-domain>]
.. option:: --domain <domain>
@ -128,6 +128,27 @@ List roles
.. versionadded:: 3
.. option:: --user-domain <user-domain>
Domain the user belongs to (name or ID).
This can be used in case collisions between user names exist.
.. versionadded:: 3
.. option:: --group-domain <group-domain>
Domain the group belongs to (name or ID).
This can be used in case collisions between group names exist.
.. versionadded:: 3
.. option:: --project-domain <project-domain>
Domain the project belongs to (name or ID).
This can be used in case collisions between project names exist.
.. versionadded:: 3
role remove
-----------
@ -137,8 +158,8 @@ Remove role from domain/project : user/group
.. code:: bash
os role remove
[--domain <domain> | --project <project]
[--user <user> | --group <group>]
--domain <domain> | --project <project> [--project-domain <project-domain>]
--user <user> [--user-domain <user-domain>] | --group <group> [--group-domain <group-domain>]
<role>
.. option:: --domain <domain>
@ -161,6 +182,27 @@ Remove role from domain/project : user/group
.. versionadded:: 3
.. option:: --user-domain <user-domain>
Domain the user belongs to (name or ID).
This can be used in case collisions between user names exist.
.. versionadded:: 3
.. option:: --group-domain <group-domain>
Domain the group belongs to (name or ID).
This can be used in case collisions between group names exist.
.. versionadded:: 3
.. option:: --project-domain <project-domain>
Domain the project belongs to (name or ID).
This can be used in case collisions between project names exist.
.. versionadded:: 3
.. describe:: <role>
Role to remove (name or ID)

16
openstackclient/identity/common.py
View File

@ -43,22 +43,32 @@ def find_service(identity_client, name_type_or_id):
raise exceptions.CommandError(msg)
def _get_domain_id_if_requested(identity_client, domain_name_or_id):
if not domain_name_or_id:
return None
domain = find_domain(identity_client, domain_name_or_id)
return domain.id
def find_domain(identity_client, name_or_id):
return _find_identity_resource(identity_client.domains, name_or_id,
domains.Domain)
def find_group(identity_client, name_or_id, domain_id=None):
def find_group(identity_client, name_or_id, domain_name_or_id=None):
domain_id = _get_domain_id_if_requested(identity_client, domain_name_or_id)
return _find_identity_resource(identity_client.groups, name_or_id,
groups.Group, domain_id=domain_id)
def find_project(identity_client, name_or_id, domain_id=None):
def find_project(identity_client, name_or_id, domain_name_or_id=None):
domain_id = _get_domain_id_if_requested(identity_client, domain_name_or_id)
return _find_identity_resource(identity_client.projects, name_or_id,
projects.Project, domain_id=domain_id)
def find_user(identity_client, name_or_id, domain_id=None):
def find_user(identity_client, name_or_id, domain_name_or_id=None):
domain_id = _get_domain_id_if_requested(identity_client, domain_name_or_id)
return _find_identity_resource(identity_client.users, name_or_id,
users.User, domain_id=domain_id)

116
openstackclient/identity/v3/group.py
View File

@ -46,16 +46,32 @@ class AddUserToGroup(command.Command):
metavar='<user>',
help='User to add to <group> (name or ID)',
)
parser.add_argument(
'--group-domain',
metavar='<group-domain>',
help=('Domain the group belongs to (name or ID). '
'This can be used in case collisions between group names '
'exist.')
)
parser.add_argument(
'--user-domain',
metavar='<user-domain>',
help=('Domain the user belongs to (name or ID). '
'This can be used in case collisions between user names '
'exist.')
)
return parser
def take_action(self, parsed_args):
self.log.debug('take_action(%s)', parsed_args)
identity_client = self.app.client_manager.identity
user_id = utils.find_resource(identity_client.users,
parsed_args.user).id
group_id = utils.find_resource(identity_client.groups,
parsed_args.group).id
user_id = common.find_user(identity_client,
parsed_args.user,
parsed_args.user_domain).id
group_id = common.find_group(identity_client,
parsed_args.group,
parsed_args.group_domain).id
try:
identity_client.users.add_to_group(user_id, group_id)
@ -84,16 +100,32 @@ class CheckUserInGroup(command.Command):
metavar='<user>',
help='User to check (name or ID)',
)
parser.add_argument(
'--group-domain',
metavar='<group-domain>',
help=('Domain the group belongs to (name or ID). '
'This can be used in case collisions between group names '
'exist.')
)
parser.add_argument(
'--user-domain',
metavar='<user-domain>',
help=('Domain the user belongs to (name or ID). '
'This can be used in case collisions between user names '
'exist.')
)
return parser
def take_action(self, parsed_args):
self.log.debug('take_action(%s)', parsed_args)
identity_client = self.app.client_manager.identity
user_id = utils.find_resource(identity_client.users,
parsed_args.user).id
group_id = utils.find_resource(identity_client.groups,
parsed_args.group).id
user_id = common.find_user(identity_client,
parsed_args.user,
parsed_args.user_domain).id
group_id = common.find_group(identity_client,
parsed_args.group,
parsed_args.group_domain).id
try:
identity_client.users.check_in_group(user_id, group_id)
@ -184,17 +216,10 @@ class DeleteGroup(command.Command):
self.log.debug('take_action(%s)', parsed_args)
identity_client = self.app.client_manager.identity
domain = None
if parsed_args.domain:
domain = common.find_domain(identity_client, parsed_args.domain)
for group in parsed_args.groups:
if domain is not None:
group_obj = utils.find_resource(identity_client.groups,
group,
domain_id=domain.id)
else:
group_obj = utils.find_resource(identity_client.groups,
group)
group_obj = common.find_group(identity_client,
group,
parsed_args.domain)
identity_client.groups.delete(group_obj.id)
return
@ -216,6 +241,13 @@ class ListGroup(lister.Lister):
metavar='<user>',
help='Filter group list by <user> (name or ID)',
)
parser.add_argument(
'--user-domain',
metavar='<user-domain>',
help=('Domain the user belongs to (name or ID). '
'This can be used in case collisions between user names '
'exist.')
)
parser.add_argument(
'--long',
action='store_true',
@ -234,9 +266,10 @@ class ListGroup(lister.Lister):
parsed_args.domain).id
if parsed_args.user:
user = utils.find_resource(
identity_client.users,
user = common.find_user(
identity_client,
parsed_args.user,
parsed_args.user_domain,
).id
else:
user = None
@ -277,16 +310,32 @@ class RemoveUserFromGroup(command.Command):
metavar='<user>',
help='User to remove from <group> (name or ID)',
)
parser.add_argument(
'--group-domain',
metavar='<group-domain>',
help=('Domain the group belongs to (name or ID). '
'This can be used in case collisions between group names '
'exist.')
)
parser.add_argument(
'--user-domain',
metavar='<user-domain>',
help=('Domain the user belongs to (name or ID). '
'This can be used in case collisions between user names '
'exist.')
)
return parser
def take_action(self, parsed_args):
self.log.debug('take_action(%s)', parsed_args)
identity_client = self.app.client_manager.identity
user_id = utils.find_resource(identity_client.users,
parsed_args.user).id
group_id = utils.find_resource(identity_client.groups,
parsed_args.group).id
user_id = common.find_user(identity_client,
parsed_args.user,
parsed_args.user_domain).id
group_id = common.find_group(identity_client,
parsed_args.group,
parsed_args.group_domain).id
try:
identity_client.users.remove_from_group(user_id, group_id)
@ -309,6 +358,11 @@ class SetGroup(command.Command):
'group',
metavar='<group>',
help='Group to modify (name or ID)')
parser.add_argument(
'--domain',
metavar='<domain>',
help='Domain containing <group> (name or ID)',
)
parser.add_argument(
'--name',
metavar='<name>',
@ -322,7 +376,8 @@ class SetGroup(command.Command):
def take_action(self, parsed_args):
self.log.debug('take_action(%s)', parsed_args)
identity_client = self.app.client_manager.identity
group = utils.find_resource(identity_client.groups, parsed_args.group)
group = common.find_group(identity_client, parsed_args.group,
parsed_args.domain)
kwargs = {}
if parsed_args.name:
kwargs['name'] = parsed_args.name
@ -359,14 +414,9 @@ class ShowGroup(show.ShowOne):
self.log.debug('take_action(%s)', parsed_args)
identity_client = self.app.client_manager.identity
if parsed_args.domain:
domain = common.find_domain(identity_client, parsed_args.domain)
group = utils.find_resource(identity_client.groups,
parsed_args.group,
domain_id=domain.id)
else:
group = utils.find_resource(identity_client.groups,
parsed_args.group)
group = common.find_group(identity_client,
parsed_args.group,
domain_name_or_id=parsed_args.domain)
group._info.pop('links')
return zip(*sorted(six.iteritems(group._info)))

321
openstackclient/identity/v3/role.py
View File

@ -29,6 +29,100 @@ from openstackclient.i18n import _ # noqa
from openstackclient.identity import common
def _add_identity_and_resource_options_to_parser(parser):
domain_or_project = parser.add_mutually_exclusive_group()
domain_or_project.add_argument(
'--domain',
metavar='<domain>',
help='Include <domain> (name or ID)',
)
domain_or_project.add_argument(
'--project',
metavar='<project>',
help='Include `<project>` (name or ID)',
)
user_or_group = parser.add_mutually_exclusive_group()
user_or_group.add_argument(
'--user',
metavar='<user>',
help='Include <user> (name or ID)',
)
user_or_group.add_argument(
'--group',
metavar='<group>',
help='Include <group> (name or ID)',
)
parser.add_argument(
'--user-domain',
metavar='<user-domain>',
help=('Domain the user belongs to (name or ID). '
'This can be used in case collisions between user names '
'exist.')
)
parser.add_argument(
'--group-domain',
metavar='<group-domain>',
help=('Domain the group belongs to (name or ID). '
'This can be used in case collisions between group names '
'exist.')
)
parser.add_argument(
'--project-domain',
metavar='<project-domain>',
help=('Domain the project belongs to (name or ID). '
'This can be used in case collisions between project names '
'exist.')
)
def _process_identity_and_resource_options(parsed_args,
identity_client_manager):
kwargs = {}
if parsed_args.user and parsed_args.domain:
kwargs['user'] = common.find_user(
identity_client_manager,
parsed_args.user,
parsed_args.user_domain,
).id
kwargs['domain'] = common.find_domain(
identity_client_manager,
parsed_args.domain,
).id
elif parsed_args.user and parsed_args.project:
kwargs['user'] = common.find_user(
identity_client_manager,
parsed_args.user,
parsed_args.user_domain,
).id
kwargs['project'] = common.find_project(
identity_client_manager,
parsed_args.project,
parsed_args.project_domain,
).id
elif parsed_args.group and parsed_args.domain:
kwargs['group'] = common.find_group(
identity_client_manager,
parsed_args.group,
parsed_args.group_domain,
).id
kwargs['domain'] = common.find_domain(
identity_client_manager,
parsed_args.domain,
).id
elif parsed_args.group and parsed_args.project:
kwargs['group'] = common.find_group(
identity_client_manager,
parsed_args.group,
parsed_args.group_domain,
).id
kwargs['project'] = common.find_project(
identity_client_manager,
parsed_args.project,
parsed_args.group_domain,
).id
return kwargs
class AddRole(command.Command):
"""Adds a role to a user or group on a domain or project"""
@ -41,49 +135,7 @@ class AddRole(command.Command):
metavar='<role>',
help='Role to add to <user> (name or ID)',
)
domain_or_project = parser.add_mutually_exclusive_group()
domain_or_project.add_argument(
'--domain',
metavar='<domain>',
help='Include <domain> (name or ID)',
)
domain_or_project.add_argument(
'--project',
metavar='<project>',
help='Include `<project>` (name or ID)',
)
user_or_group = parser.add_mutually_exclusive_group()
user_or_group.add_argument(
'--user',
metavar='<user>',
help='Include <user> (name or ID)',
)
user_or_group.add_argument(
'--group',
metavar='<group>',
help='Include <group> (name or ID)',
)
parser.add_argument(
'--user-domain',
metavar='<user-domain>',
help=('Domain the user belongs to (name or ID). '
'This can be used in case collisions between user names '
'exist.')
)
parser.add_argument(
'--group-domain',
metavar='<group-domain>',
help=('Domain the group belongs to (name or ID). '
'This can be used in case collisions between group names '
'exist.')
)
parser.add_argument(
'--project-domain',
metavar='<project-domain>',
help=('Domain the project belongs to (name or ID). '
'This can be used in case collisions between project names '
'exist.')
)
_add_identity_and_resource_options_to_parser(parser)
return parser
def take_action(self, parsed_args):
@ -99,76 +151,17 @@ class AddRole(command.Command):
parsed_args.role,
)
kwargs = {}
if parsed_args.user and parsed_args.domain:
user_domain_id = self._get_domain_id_if_requested(
parsed_args.user_domain)
kwargs['user'] = common.find_user(
identity_client,
parsed_args.user,
user_domain_id,
).id
kwargs['domain'] = common.find_domain(
identity_client,
parsed_args.domain,
).id
elif parsed_args.user and parsed_args.project:
user_domain_id = self._get_domain_id_if_requested(
parsed_args.user_domain)
kwargs['user'] = common.find_user(
identity_client,
parsed_args.user,
user_domain_id,
).id
project_domain_id = self._get_domain_id_if_requested(
parsed_args.project_domain)
kwargs['project'] = common.find_project(
identity_client,
parsed_args.project,
project_domain_id,
).id
elif parsed_args.group and parsed_args.domain:
group_domain_id = self._get_domain_id_if_requested(
parsed_args.group_domain)
kwargs['group'] = common.find_group(
identity_client,
parsed_args.group,
group_domain_id,
).id
kwargs['domain'] = common.find_domain(
identity_client,
parsed_args.domain,
).id
elif parsed_args.group and parsed_args.project:
group_domain_id = self._get_domain_id_if_requested(
parsed_args.group_domain)
kwargs['group'] = common.find_group(
identity_client,
parsed_args.group,
group_domain_id,
).id
project_domain_id = self._get_domain_id_if_requested(
parsed_args.project_domain)
kwargs['project'] = common.find_project(
identity_client,
parsed_args.project,
project_domain_id,
).id
else:
sys.stderr.write("Role not added, incorrect set of arguments \
provided. See openstack --help for more details\n")
kwargs = _process_identity_and_resource_options(
parsed_args, self.app.client_manager.identity)
if not kwargs:
sys.stderr.write("Role not added, incorrect set of arguments "
"provided. See openstack --help for more "
"details\n")
return
identity_client.roles.grant(role.id, **kwargs)
return
def _get_domain_id_if_requested(self, domain_name_or_id):
if domain_name_or_id is None:
return None
domain = common.find_domain(self.app.client_manager.identity,
domain_name_or_id)
return domain.id
class CreateRole(show.ShowOne):
"""Create new role"""
@ -242,28 +235,7 @@ class ListRole(lister.Lister):
def get_parser(self, prog_name):
parser = super(ListRole, self).get_parser(prog_name)
domain_or_project = parser.add_mutually_exclusive_group()
domain_or_project.add_argument(
'--domain',
metavar='<domain>',
help='Filter roles by <domain> (name or ID)',
)
domain_or_project.add_argument(
'--project',
metavar='<project>',
help='Filter roles by <project> (name or ID)',
)
user_or_group = parser.add_mutually_exclusive_group()
user_or_group.add_argument(
'--user',
metavar='<user>',
help='Filter roles by <user> (name or ID)',
)
user_or_group.add_argument(
'--group',
metavar='<group>',
help='Filter roles by <group> (name or ID)',
)
_add_identity_and_resource_options_to_parser(parser)
return parser
def take_action(self, parsed_args):
@ -274,11 +246,13 @@ class ListRole(lister.Lister):
user = common.find_user(
identity_client,
parsed_args.user,
parsed_args.user_domain,
)
elif parsed_args.group:
group = common.find_group(
identity_client,
parsed_args.group,
parsed_args.group_domain,
)
if parsed_args.domain:
@ -290,6 +264,7 @@ class ListRole(lister.Lister):
project = common.find_project(
identity_client,
parsed_args.project,
parsed_args.project_domain,
)
# no user or group specified, list all roles in the system
@ -363,28 +338,7 @@ class RemoveRole(command.Command):
metavar='<role>',
help='Role to remove (name or ID)',
)
domain_or_project = parser.add_mutually_exclusive_group()
domain_or_project.add_argument(
'--domain',
metavar='<domain>',
help='Include <domain> (name or ID)',
)
domain_or_project.add_argument(
'--project',
metavar='<project>',
help='Include <project> (name or ID)',
)
user_or_group = parser.add_mutually_exclusive_group()
user_or_group.add_argument(
'--user',
metavar='<user>',
help='Include <user> (name or ID)',
)
user_or_group.add_argument(
'--group',
metavar='<group>',
help='Include <group> (name or ID)',
)
_add_identity_and_resource_options_to_parser(parser)
return parser
def take_action(self, parsed_args):
@ -400,65 +354,14 @@ class RemoveRole(command.Command):
parsed_args.role,
)
if parsed_args.user and parsed_args.domain:
user = common.find_user(
identity_client,
parsed_args.user,
)
domain = common.find_domain(
identity_client,
parsed_args.domain,
)
identity_client.roles.revoke(
role.id,
user=user.id,
domain=domain.id,
)
elif parsed_args.user and parsed_args.project:
user = common.find_user(
identity_client,
parsed_args.user,
)
project = common.find_project(
identity_client,
parsed_args.project,
)
identity_client.roles.revoke(
role.id,
user=user.id,
project=project.id,
)
elif parsed_args.group and parsed_args.domain:
group = common.find_group(
identity_client,
parsed_args.group,
)
domain = common.find_domain(
identity_client,
parsed_args.domain,
)
identity_client.roles.revoke(
role.id,
group=group.id,
domain=domain.id,
)
elif parsed_args.group and parsed_args.project:
group = common.find_group(
identity_client,
parsed_args.group,
)
project = common.find_project(
identity_client,
parsed_args.project,
)
identity_client.roles.revoke(
role.id,
group=group.id,
project=project.id,
)
else:
kwargs = _process_identity_and_resource_options(
parsed_args, self.app.client_manager.identity)
if not kwargs:
sys.stderr.write("Role not removed, incorrect set of arguments \
provided. See openstack --help for more details\n")
return
identity_client.roles.revoke(role.id, **kwargs)
return