diff --git a/doc/source/command-objects/request-token.rst b/doc/source/command-objects/request-token.rst index 501f67a57f..84081cb17b 100644 --- a/doc/source/command-objects/request-token.rst +++ b/doc/source/command-objects/request-token.rst @@ -6,6 +6,26 @@ Identity v3 `Requires: OS-OAUTH1 extension` +request token authorize +----------------------- + +Authorize a request token + +.. program:: request token authorize +.. code:: bash + + os request token authorize + --request-key + --role + +.. option:: --request-key + + Request token to authorize (ID only) (required) + +.. option:: --role + + Roles to authorize (name or ID) (repeat to set multiple values) (required) + request token create -------------------- diff --git a/openstackclient/identity/v3/token.py b/openstackclient/identity/v3/token.py index 86f31a2a4d..bea2ddeb80 100644 --- a/openstackclient/identity/v3/token.py +++ b/openstackclient/identity/v3/token.py @@ -25,7 +25,7 @@ from openstackclient.identity import common class AuthorizeRequestToken(show.ShowOne): - """Authorize request token""" + """Authorize a request token""" log = logging.getLogger(__name__ + '.AuthorizeRequestToken') @@ -34,13 +34,16 @@ class AuthorizeRequestToken(show.ShowOne): parser.add_argument( '--request-key', metavar='', - help='Request token key', + help='Request token to authorize (ID only) (required)', required=True ) parser.add_argument( - '--role-ids', - metavar='', - help='Requested role IDs', + '--role', + metavar='', + action='append', + default=[], + help='Roles to authorize (name or ID) ' + '(repeat to set multiple values) (required)', required=True ) return parser @@ -49,17 +52,20 @@ class AuthorizeRequestToken(show.ShowOne): self.log.debug('take_action(%s)' % parsed_args) identity_client = self.app.client_manager.identity + # NOTE(stevemar): We want a list of role ids roles = [] - for r_id in parsed_args.role_ids.split(): - roles.append(r_id) + for role in parsed_args.role: + role_id = utils.find_resource( + identity_client.roles, + role, + ).id + roles.append(role_id) verifier_pin = identity_client.oauth1.request_tokens.authorize( parsed_args.request_key, roles) - info = {} - info.update(verifier_pin._info) - return zip(*sorted(six.iteritems(info))) + return zip(*sorted(six.iteritems(verifier_pin._info))) class CreateAccessToken(show.ShowOne): diff --git a/openstackclient/tests/identity/v3/test_oauth.py b/openstackclient/tests/identity/v3/test_oauth.py index 36a65e4cf9..435042d1cb 100644 --- a/openstackclient/tests/identity/v3/test_oauth.py +++ b/openstackclient/tests/identity/v3/test_oauth.py @@ -28,6 +28,8 @@ class TestOAuth1(identity_fakes.TestOAuth1): self.request_tokens_mock.reset_mock() self.projects_mock = identity_client.projects self.projects_mock.reset_mock() + self.roles_mock = identity_client.roles + self.roles_mock.reset_mock() class TestRequestTokenCreate(TestOAuth1): @@ -85,6 +87,12 @@ class TestRequestTokenAuthorize(TestOAuth1): def setUp(self): super(TestRequestTokenAuthorize, self).setUp() + self.roles_mock.get.return_value = fakes.FakeResource( + None, + copy.deepcopy(identity_fakes.ROLE), + loaded=True, + ) + copied_verifier = copy.deepcopy(identity_fakes.OAUTH_VERIFIER) resource = fakes.FakeResource(None, copied_verifier, loaded=True) self.request_tokens_mock.authorize.return_value = resource @@ -93,11 +101,11 @@ class TestRequestTokenAuthorize(TestOAuth1): def test_authorize_request_tokens(self): arglist = [ '--request-key', identity_fakes.request_token_id, - '--role-ids', identity_fakes.role_id, + '--role', identity_fakes.role_name, ] verifylist = [ ('request_key', identity_fakes.request_token_id), - ('role_ids', identity_fakes.role_id), + ('role', [identity_fakes.role_name]), ] parsed_args = self.check_parser(self.cmd, arglist, verifylist) columns, data = self.cmd.take_action(parsed_args)