diff --git a/openstackclient/common/utils.py b/openstackclient/common/utils.py index 56f9cd17d5..06542887e2 100644 --- a/openstackclient/common/utils.py +++ b/openstackclient/common/utils.py @@ -24,20 +24,27 @@ from openstackclient.common import exceptions def find_resource(manager, name_or_id): """Helper for the _find_* methods.""" - # first try to get entity as integer id + + # Try to get entity as integer id try: if isinstance(name_or_id, int) or name_or_id.isdigit(): return manager.get(int(name_or_id)) except exceptions.NotFound: pass - # now try to get entity as uuid + # Try to get entity as uuid try: uuid.UUID(str(name_or_id)) return manager.get(name_or_id) except (ValueError, exceptions.NotFound): pass + # Try directly using the passed value + try: + return manager.get(name_or_id) + except Exception: + pass + kwargs = {} if 'NAME_ATTR' in manager.resource_class.__dict__: # novaclient does this for oddball resources diff --git a/openstackclient/identity/v3/group.py b/openstackclient/identity/v3/group.py index de4fe2d276..21d73966aa 100644 --- a/openstackclient/identity/v3/group.py +++ b/openstackclient/identity/v3/group.py @@ -167,27 +167,108 @@ class DeleteGroup(command.Command): class ListGroup(lister.Lister): - """List group command""" + """List groups and optionally roles assigned to groups""" api = 'identity' log = logging.getLogger(__name__ + '.ListGroup') def get_parser(self, prog_name): parser = super(ListGroup, self).get_parser(prog_name) + parser.add_argument( + 'group', + metavar='', + nargs='?', + help='Name or ID of group to list [required with --role]', + ) + parser.add_argument( + '--role', + action='store_true', + default=False, + help='List the roles assigned to ', + ) + domain_or_project = parser.add_mutually_exclusive_group() + domain_or_project.add_argument( + '--domain', + metavar='', + help='Filter list by [Only valid with --role]', + ) + domain_or_project.add_argument( + '--project', + metavar='', + help='Filter list by [Only valid with --role]', + ) parser.add_argument( '--long', action='store_true', default=False, - help='Additional fields are listed in output') + help='Additional fields are listed in output', + ) return parser def take_action(self, parsed_args): self.log.debug('take_action(%s)' % parsed_args) - if parsed_args.long: - columns = ('ID', 'Name', 'Domain ID', 'Description') + identity_client = self.app.client_manager.identity + + if parsed_args.role: + # List roles belonging to group + + # Group is required here, bail if it is not supplied + if not parsed_args.group: + sys.stderr.write('Error: Group must be specified') + # TODO(dtroyer): This lists the commands...I want it to + # show the help for _this_ command. + self.app.DeferredHelpAction( + self.app.parser, + self.app.parser, + None, + None, + ) + return ([], []) + + group = utils.find_resource( + identity_client.groups, + parsed_args.group, + ) + + if parsed_args.domain: + columns = ('ID', 'Name', 'Domain', 'Group') + domain = utils.find_resource( + identity_client.domains, + parsed_args.domain, + ) + data = identity_client.roles.list( + group=group, + domain=domain, + ) + for group_role in data: + group_role.group = group.name + group_role.domain = domain.name + elif parsed_args.project: + columns = ('ID', 'Name', 'Project', 'Group') + project = utils.find_resource( + identity_client.projects, + parsed_args.project, + ) + data = identity_client.roles.list( + group=group, + project=project, + ) + for group_role in data: + group_role.group = group.name + group_role.project = project.name + else: + # TODO(dtroyer): raise exception here, this really is an error + sys.stderr.write("Error: Must specify --domain or --project " + "with --role\n") + return ([], []) else: - columns = ('ID', 'Name') - data = self.app.client_manager.identity.groups.list() + # List groups + if parsed_args.long: + columns = ('ID', 'Name', 'Domain ID', 'Description') + else: + columns = ('ID', 'Name') + data = identity_client.groups.list() + return (columns, (utils.get_item_properties( s, columns, @@ -275,7 +356,7 @@ class SetGroup(command.Command): kwargs['domain'] = domain if not len(kwargs): - sys.stdout.write("Group not updated, no arguments present") + sys.stderr.write("Group not updated, no arguments present") return identity_client.groups.update(group.id, **kwargs) return diff --git a/openstackclient/identity/v3/role.py b/openstackclient/identity/v3/role.py index faff906293..7387509ae2 100644 --- a/openstackclient/identity/v3/role.py +++ b/openstackclient/identity/v3/role.py @@ -26,7 +26,7 @@ from openstackclient.common import utils class AddRole(command.Command): - """Add role command""" + """Adds a role to a user or group on a domain or project""" api = 'identity' log = logging.getLogger(__name__ + '.AddRole') @@ -42,23 +42,24 @@ class AddRole(command.Command): user_or_group.add_argument( '--user', metavar='', - help='Name or ID of user to assign a role', + help='Name or ID of user to add a role', ) user_or_group.add_argument( '--group', metavar='', - help='Name or ID of group to assign a role', + help='Name or ID of group to add a role', ) domain_or_project = parser.add_mutually_exclusive_group() domain_or_project.add_argument( '--domain', metavar='', - help='Name or ID of domain where user or group resides', + default='default', + help='Name or ID of domain associated with user or group', ) domain_or_project.add_argument( '--project', metavar='', - help='Name or ID of project where user or group resides', + help='Name or ID of project associated with user or group', ) return parser @@ -68,42 +69,40 @@ class AddRole(command.Command): if (not parsed_args.user and not parsed_args.domain and not parsed_args.group and not parsed_args.project): - sys.stdout.write("Role not updated, no arguments present \n") + sys.stderr.write("Role not added, no arguments present\n") return role_id = utils.find_resource(identity_client.roles, parsed_args.role).id - if (parsed_args.user and parsed_args.domain): + if parsed_args.user and parsed_args.domain: user = utils.find_resource(identity_client.users, parsed_args.user) domain = utils.find_resource(identity_client.domains, parsed_args.domain) identity_client.roles.grant(role_id, user=user, domain=domain) - return - elif (parsed_args.user and parsed_args.project): + elif parsed_args.user and parsed_args.project: user = utils.find_resource(identity_client.users, parsed_args.user) project = utils.find_resource(identity_client.projects, parsed_args.project) identity_client.roles.grant(role_id, user=user, project=project) - return - elif (parsed_args.group and parsed_args.project): + elif parsed_args.group and parsed_args.domain: + group = utils.find_resource(identity_client.groups, + parsed_args.group) + domain = utils.find_resource(identity_client.domains, + parsed_args.domain) + identity_client.roles.grant(role_id, group=group, domain=domain) + elif parsed_args.group and parsed_args.project: group = utils.find_resource(identity_client.group, parsed_args.group) project = utils.find_resource(identity_client.projects, parsed_args.project) identity_client.roles.grant(role_id, group=group, project=project) - return - elif (parsed_args.group and parsed_args.domain): - group = utils.find_resource(identity_client.group, - parsed_args.group) - domain = utils.find_resource(identity_client.domains, - parsed_args.domain) - identity_client.roles.grant(role_id, group=group, domain=domain) - return else: - return + sys.stderr.write("Role not added, incorrect set of arguments \ + provided. See openstack --help for more details\n") + return class CreateRole(show.ShowOne): @@ -115,15 +114,16 @@ class CreateRole(show.ShowOne): def get_parser(self, prog_name): parser = super(CreateRole, self).get_parser(prog_name) parser.add_argument( - 'role-name', + 'name', metavar='', - help='New role name') + help='New role name', + ) return parser def take_action(self, parsed_args): self.log.debug('take_action(%s)' % parsed_args) identity_client = self.app.client_manager.identity - role = identity_client.roles.create(parsed_args.role_name) + role = identity_client.roles.create(parsed_args.name) return zip(*sorted(role._info.iteritems())) @@ -139,7 +139,8 @@ class DeleteRole(command.Command): parser.add_argument( 'role', metavar='', - help='Name or ID of role to delete') + help='Name or ID of role to delete', + ) return parser def take_action(self, parsed_args): @@ -168,6 +169,85 @@ class ListRole(lister.Lister): ) for s in data)) +class RemoveRole(command.Command): + """Remove role command""" + + api = 'identity' + log = logging.getLogger(__name__ + '.RemoveRole') + + def get_parser(self, prog_name): + parser = super(RemoveRole, self).get_parser(prog_name) + parser.add_argument( + 'role', + metavar='', + help='Name or ID of role to remove', + ) + user_or_group = parser.add_mutually_exclusive_group() + user_or_group.add_argument( + '--user', + metavar='', + help='Name or ID of user to remove a role', + ) + user_or_group.add_argument( + '--group', + metavar='', + help='Name or ID of group to remove a role', + ) + domain_or_project = parser.add_mutually_exclusive_group() + domain_or_project.add_argument( + '--domain', + metavar='', + help='Name or ID of domain associated with user or group', + ) + domain_or_project.add_argument( + '--project', + metavar='', + help='Name or ID of project associated with user or group', + ) + return parser + + def take_action(self, parsed_args): + self.log.debug('take_action(%s)' % parsed_args) + identity_client = self.app.client_manager.identity + + if (not parsed_args.user and not parsed_args.domain + and not parsed_args.group and not parsed_args.project): + sys.stdout.write("Role not updated, no arguments present\n") + return + + role_id = utils.find_resource(identity_client.roles, + parsed_args.role).id + + if parsed_args.user and parsed_args.domain: + user = utils.find_resource(identity_client.users, + parsed_args.user) + domain = utils.find_resource(identity_client.domains, + parsed_args.domain) + identity_client.roles.revoke(role_id, user=user, domain=domain) + elif parsed_args.user and parsed_args.project: + user = utils.find_resource(identity_client.users, + parsed_args.user) + project = utils.find_resource(identity_client.projects, + parsed_args.project) + identity_client.roles.revoke(role_id, user=user, project=project) + elif parsed_args.group and parsed_args.project: + group = utils.find_resource(identity_client.group, + parsed_args.group) + project = utils.find_resource(identity_client.projects, + parsed_args.project) + identity_client.roles.revoke(role_id, group=group, project=project) + elif parsed_args.group and parsed_args.domain: + group = utils.find_resource(identity_client.group, + parsed_args.group) + domain = utils.find_resource(identity_client.domains, + parsed_args.domain) + identity_client.roles.revoke(role_id, group=group, domain=domain) + else: + sys.stderr.write("Role not removed, incorrect set of arguments \ + provided. See openstack --help for more details\n") + return + + class SetRole(command.Command): """Set role command""" @@ -179,7 +259,7 @@ class SetRole(command.Command): parser.add_argument( 'role', metavar='', - help='Name or ID of role to change', + help='Name or ID of role to update', ) parser.add_argument( '--name', @@ -195,7 +275,7 @@ class SetRole(command.Command): parsed_args.role) if not parsed_args.name: - sys.stdout.write("Role not updated, no arguments present") + sys.stderr.write("Role not updated, no arguments present") return identity_client.roles.update(role_id, parsed_args.name) @@ -213,7 +293,8 @@ class ShowRole(show.ShowOne): parser.add_argument( 'role', metavar='', - help='Name or ID of role to display') + help='Name or ID of role to display', + ) return parser def take_action(self, parsed_args): diff --git a/openstackclient/identity/v3/user.py b/openstackclient/identity/v3/user.py index 5e6282eb8c..53550cda56 100644 --- a/openstackclient/identity/v3/user.py +++ b/openstackclient/identity/v3/user.py @@ -135,7 +135,7 @@ class DeleteUser(command.Command): class ListUser(lister.Lister): - """List user command""" + """List users and optionally roles assigned to users""" api = 'identity' log = logging.getLogger(__name__ + '.ListUser') @@ -143,9 +143,27 @@ class ListUser(lister.Lister): def get_parser(self, prog_name): parser = super(ListUser, self).get_parser(prog_name) parser.add_argument( + 'user', + metavar='', + nargs='?', + help='Name or ID of user to list [required with --role]', + ) + parser.add_argument( + '--role', + action='store_true', + default=False, + help='List the roles assigned to ', + ) + domain_or_project = parser.add_mutually_exclusive_group() + domain_or_project.add_argument( + '--domain', + metavar='', + help='Filter list by [Only valid with --role]', + ) + domain_or_project.add_argument( '--project', metavar='', - help='Name or ID of project to filter users', + help='Filter list by [Only valid with --role]', ) parser.add_argument( '--long', @@ -157,12 +175,70 @@ class ListUser(lister.Lister): def take_action(self, parsed_args): self.log.debug('take_action(%s)' % parsed_args) - if parsed_args.long: - columns = ('ID', 'Name', 'Project Id', 'Domain Id', - 'Description', 'Email', 'Enabled') + identity_client = self.app.client_manager.identity + + if parsed_args.role: + # List roles belonging to user + + # User is required here, bail if it is not supplied + if not parsed_args.user: + sys.stderr.write('Error: User must be specified') + return ([], []) + + user = utils.find_resource( + identity_client.users, + parsed_args.user, + ) + + # List a user's roles + if not parsed_args.domain and not parsed_args.project: + columns = ('ID', 'Name') + data = identity_client.roles.list( + user=user, + domain='default', + ) + # List a user's roles on a domain + elif parsed_args.user and parsed_args.domain: + columns = ('ID', 'Name', 'Domain', 'User') + domain = utils.find_resource( + identity_client.domains, + parsed_args.domain, + ) + data = identity_client.roles.list( + user=user, + domain=domain, + ) + for user_role in data: + user_role.user = user.name + user_role.domain = domain.name + # List a user's roles on a project + elif parsed_args.user and parsed_args.project: + columns = ('ID', 'Name', 'Project', 'User') + project = utils.find_resource( + identity_client.projects, + parsed_args.project, + ) + data = identity_client.roles.list( + user=user, + project=project, + ) + for user_role in data: + user_role.user = user.name + user_role.project = project.name + else: + # TODO(dtroyer): raise exception here, this really is an error + sys.stderr.write("Error: Must specify --domain or --project " + "with --role\n") + return ([], []) else: - columns = ('ID', 'Name') - data = self.app.client_manager.identity.users.list() + # List users + if parsed_args.long: + columns = ('ID', 'Name', 'Project Id', 'Domain Id', + 'Description', 'Email', 'Enabled') + else: + columns = ('ID', 'Name') + data = self.app.client_manager.identity.users.list() + return (columns, (utils.get_item_properties( s, columns, @@ -253,7 +329,7 @@ class SetUser(command.Command): kwargs['enabled'] = parsed_args.enabled if not len(kwargs): - sys.stdout.write("User not updated, no arguments present") + sys.stderr.write("User not updated, no arguments present") return identity_client.users.update(user.id, **kwargs) return diff --git a/openstackclient/shell.py b/openstackclient/shell.py index 35d8255ddb..e5353194cd 100644 --- a/openstackclient/shell.py +++ b/openstackclient/shell.py @@ -37,6 +37,7 @@ DEFAULT_COMPUTE_API_VERSION = '2' DEFAULT_IDENTITY_API_VERSION = '2.0' DEFAULT_IMAGE_API_VERSION = '2' DEFAULT_VOLUME_API_VERSION = '1' +DEFAULT_DOMAIN = 'default' def env(*vars, **kwargs): @@ -134,6 +135,15 @@ class OpenStackShell(app.App): metavar='', default=env('OS_REGION_NAME'), help='Authentication region name (Env: OS_REGION_NAME)') + parser.add_argument( + '--os-default-domain', + metavar='', + default=env( + 'OS_DEFAULT_DOMAIN', + default=DEFAULT_DOMAIN), + help='Default domain ID, default=' + + DEFAULT_DOMAIN + + ' (Env: OS_DEFAULT_DOMAIN)') parser.add_argument( '--os-identity-api-version', metavar='', @@ -304,7 +314,10 @@ class OpenStackShell(app.App): else: requests_log.setLevel(logging.WARNING) - # stash selected API versions for later + # Save default domain + self.default_domain = self.options.os_default_domain + + # Stash selected API versions for later self.api_version = { 'compute': self.options.os_compute_api_version, 'identity': self.options.os_identity_api_version, diff --git a/setup.cfg b/setup.cfg index a70306ea0c..f3ba657fc2 100644 --- a/setup.cfg +++ b/setup.cfg @@ -118,6 +118,7 @@ openstack.identity.v3 = role_create = openstackclient.identity.v3.role:CreateRole role_delete = openstackclient.identity.v3.role:DeleteRole role_list = openstackclient.identity.v3.role:ListRole + role_remove = openstackclient.identity.v3.role:RemoveRole role_show = openstackclient.identity.v3.role:ShowRole role_set = openstackclient.identity.v3.role:SetRole