diff --git a/doc/source/command-objects/group.rst b/doc/source/command-objects/group.rst index 6c385058b0..0f2c5cd10b 100644 --- a/doc/source/command-objects/group.rst +++ b/doc/source/command-objects/group.rst @@ -13,9 +13,25 @@ Add user to group .. code:: bash os group add user + [--group-domain ] + [--user-domain ] +.. option:: --group-domain + + Domain the group belongs to (name or ID). This can be + used in case collisions between group names exist. + + .. versionadded:: 3 + +.. option:: --user-domain + + Domain the user belongs to (name or ID). This can be + used in case collisions between user names exist. + + .. versionadded:: 3 + .. describe:: Group to contain (name or ID) @@ -33,9 +49,25 @@ Check user membership in group .. code:: bash os group contains user + [--group-domain ] + [--user-domain ] +.. option:: --group-domain + + Domain the group belongs to (name or ID). This can be + used in case collisions between group names exist. + + .. versionadded:: 3 + +.. option:: --user-domain + + Domain the user belongs to (name or ID). This can be + used in case collisions between user names exist. + + .. versionadded:: 3 + .. describe:: Group to check (name or ID) @@ -106,7 +138,7 @@ List groups os group list [--domain ] - [--user ] + [--user [--user-domain ]] [--long] .. option:: --domain @@ -117,6 +149,13 @@ List groups Filter group list by (name or ID) +.. option:: --user-domain + + Domain the user belongs to (name or ID). This can be + used in case collisions between user names exist. + + .. versionadded:: 3 + .. option:: --long List additional fields in output @@ -130,9 +169,25 @@ Remove user from group .. code:: bash os group remove user + [--group-domain ] + [--user-domain ] +.. option:: --group-domain + + Domain the group belongs to (name or ID). This can be + used in case collisions between group names exist. + + .. versionadded:: 3 + +.. option:: --user-domain + + Domain the user belongs to (name or ID). This can be + used in case collisions between user names exist. + + .. versionadded:: 3 + .. describe:: Group containing (name or ID) @@ -150,10 +205,15 @@ Set group properties .. code:: bash os group set + [--domain ] [--name ] [--description ] +.. option:: --domain + + Domain containing (name or ID) + .. option:: --name New group name diff --git a/doc/source/command-objects/role.rst b/doc/source/command-objects/role.rst index 3672cfa1fd..dad5642dc0 100644 --- a/doc/source/command-objects/role.rst +++ b/doc/source/command-objects/role.rst @@ -101,8 +101,8 @@ List roles .. code:: bash os role list - [--domain | --project | --group ] + --domain | --project [--project-domain ] + --user [--user-domain ] | --group [--group-domain ] .. option:: --domain @@ -128,6 +128,27 @@ List roles .. versionadded:: 3 +.. option:: --user-domain + + Domain the user belongs to (name or ID). + This can be used in case collisions between user names exist. + + .. versionadded:: 3 + +.. option:: --group-domain + + Domain the group belongs to (name or ID). + This can be used in case collisions between group names exist. + + .. versionadded:: 3 + +.. option:: --project-domain + + Domain the project belongs to (name or ID). + This can be used in case collisions between project names exist. + + .. versionadded:: 3 + role remove ----------- @@ -137,8 +158,8 @@ Remove role from domain/project : user/group .. code:: bash os role remove - [--domain | --project | --group ] + --domain | --project [--project-domain ] + --user [--user-domain ] | --group [--group-domain ] .. option:: --domain @@ -161,6 +182,27 @@ Remove role from domain/project : user/group .. versionadded:: 3 +.. option:: --user-domain + + Domain the user belongs to (name or ID). + This can be used in case collisions between user names exist. + + .. versionadded:: 3 + +.. option:: --group-domain + + Domain the group belongs to (name or ID). + This can be used in case collisions between group names exist. + + .. versionadded:: 3 + +.. option:: --project-domain + + Domain the project belongs to (name or ID). + This can be used in case collisions between project names exist. + + .. versionadded:: 3 + .. describe:: Role to remove (name or ID) diff --git a/openstackclient/identity/common.py b/openstackclient/identity/common.py index a6e674c030..b97a17788a 100644 --- a/openstackclient/identity/common.py +++ b/openstackclient/identity/common.py @@ -43,22 +43,32 @@ def find_service(identity_client, name_type_or_id): raise exceptions.CommandError(msg) +def _get_domain_id_if_requested(identity_client, domain_name_or_id): + if not domain_name_or_id: + return None + domain = find_domain(identity_client, domain_name_or_id) + return domain.id + + def find_domain(identity_client, name_or_id): return _find_identity_resource(identity_client.domains, name_or_id, domains.Domain) -def find_group(identity_client, name_or_id, domain_id=None): +def find_group(identity_client, name_or_id, domain_name_or_id=None): + domain_id = _get_domain_id_if_requested(identity_client, domain_name_or_id) return _find_identity_resource(identity_client.groups, name_or_id, groups.Group, domain_id=domain_id) -def find_project(identity_client, name_or_id, domain_id=None): +def find_project(identity_client, name_or_id, domain_name_or_id=None): + domain_id = _get_domain_id_if_requested(identity_client, domain_name_or_id) return _find_identity_resource(identity_client.projects, name_or_id, projects.Project, domain_id=domain_id) -def find_user(identity_client, name_or_id, domain_id=None): +def find_user(identity_client, name_or_id, domain_name_or_id=None): + domain_id = _get_domain_id_if_requested(identity_client, domain_name_or_id) return _find_identity_resource(identity_client.users, name_or_id, users.User, domain_id=domain_id) diff --git a/openstackclient/identity/v3/group.py b/openstackclient/identity/v3/group.py index 91acf3e545..b064eb777c 100644 --- a/openstackclient/identity/v3/group.py +++ b/openstackclient/identity/v3/group.py @@ -46,16 +46,32 @@ class AddUserToGroup(command.Command): metavar='', help='User to add to (name or ID)', ) + parser.add_argument( + '--group-domain', + metavar='', + help=('Domain the group belongs to (name or ID). ' + 'This can be used in case collisions between group names ' + 'exist.') + ) + parser.add_argument( + '--user-domain', + metavar='', + help=('Domain the user belongs to (name or ID). ' + 'This can be used in case collisions between user names ' + 'exist.') + ) return parser def take_action(self, parsed_args): self.log.debug('take_action(%s)', parsed_args) identity_client = self.app.client_manager.identity - user_id = utils.find_resource(identity_client.users, - parsed_args.user).id - group_id = utils.find_resource(identity_client.groups, - parsed_args.group).id + user_id = common.find_user(identity_client, + parsed_args.user, + parsed_args.user_domain).id + group_id = common.find_group(identity_client, + parsed_args.group, + parsed_args.group_domain).id try: identity_client.users.add_to_group(user_id, group_id) @@ -84,16 +100,32 @@ class CheckUserInGroup(command.Command): metavar='', help='User to check (name or ID)', ) + parser.add_argument( + '--group-domain', + metavar='', + help=('Domain the group belongs to (name or ID). ' + 'This can be used in case collisions between group names ' + 'exist.') + ) + parser.add_argument( + '--user-domain', + metavar='', + help=('Domain the user belongs to (name or ID). ' + 'This can be used in case collisions between user names ' + 'exist.') + ) return parser def take_action(self, parsed_args): self.log.debug('take_action(%s)', parsed_args) identity_client = self.app.client_manager.identity - user_id = utils.find_resource(identity_client.users, - parsed_args.user).id - group_id = utils.find_resource(identity_client.groups, - parsed_args.group).id + user_id = common.find_user(identity_client, + parsed_args.user, + parsed_args.user_domain).id + group_id = common.find_group(identity_client, + parsed_args.group, + parsed_args.group_domain).id try: identity_client.users.check_in_group(user_id, group_id) @@ -184,17 +216,10 @@ class DeleteGroup(command.Command): self.log.debug('take_action(%s)', parsed_args) identity_client = self.app.client_manager.identity - domain = None - if parsed_args.domain: - domain = common.find_domain(identity_client, parsed_args.domain) for group in parsed_args.groups: - if domain is not None: - group_obj = utils.find_resource(identity_client.groups, - group, - domain_id=domain.id) - else: - group_obj = utils.find_resource(identity_client.groups, - group) + group_obj = common.find_group(identity_client, + group, + parsed_args.domain) identity_client.groups.delete(group_obj.id) return @@ -216,6 +241,13 @@ class ListGroup(lister.Lister): metavar='', help='Filter group list by (name or ID)', ) + parser.add_argument( + '--user-domain', + metavar='', + help=('Domain the user belongs to (name or ID). ' + 'This can be used in case collisions between user names ' + 'exist.') + ) parser.add_argument( '--long', action='store_true', @@ -234,9 +266,10 @@ class ListGroup(lister.Lister): parsed_args.domain).id if parsed_args.user: - user = utils.find_resource( - identity_client.users, + user = common.find_user( + identity_client, parsed_args.user, + parsed_args.user_domain, ).id else: user = None @@ -277,16 +310,32 @@ class RemoveUserFromGroup(command.Command): metavar='', help='User to remove from (name or ID)', ) + parser.add_argument( + '--group-domain', + metavar='', + help=('Domain the group belongs to (name or ID). ' + 'This can be used in case collisions between group names ' + 'exist.') + ) + parser.add_argument( + '--user-domain', + metavar='', + help=('Domain the user belongs to (name or ID). ' + 'This can be used in case collisions between user names ' + 'exist.') + ) return parser def take_action(self, parsed_args): self.log.debug('take_action(%s)', parsed_args) identity_client = self.app.client_manager.identity - user_id = utils.find_resource(identity_client.users, - parsed_args.user).id - group_id = utils.find_resource(identity_client.groups, - parsed_args.group).id + user_id = common.find_user(identity_client, + parsed_args.user, + parsed_args.user_domain).id + group_id = common.find_group(identity_client, + parsed_args.group, + parsed_args.group_domain).id try: identity_client.users.remove_from_group(user_id, group_id) @@ -309,6 +358,11 @@ class SetGroup(command.Command): 'group', metavar='', help='Group to modify (name or ID)') + parser.add_argument( + '--domain', + metavar='', + help='Domain containing (name or ID)', + ) parser.add_argument( '--name', metavar='', @@ -322,7 +376,8 @@ class SetGroup(command.Command): def take_action(self, parsed_args): self.log.debug('take_action(%s)', parsed_args) identity_client = self.app.client_manager.identity - group = utils.find_resource(identity_client.groups, parsed_args.group) + group = common.find_group(identity_client, parsed_args.group, + parsed_args.domain) kwargs = {} if parsed_args.name: kwargs['name'] = parsed_args.name @@ -359,14 +414,9 @@ class ShowGroup(show.ShowOne): self.log.debug('take_action(%s)', parsed_args) identity_client = self.app.client_manager.identity - if parsed_args.domain: - domain = common.find_domain(identity_client, parsed_args.domain) - group = utils.find_resource(identity_client.groups, - parsed_args.group, - domain_id=domain.id) - else: - group = utils.find_resource(identity_client.groups, - parsed_args.group) + group = common.find_group(identity_client, + parsed_args.group, + domain_name_or_id=parsed_args.domain) group._info.pop('links') return zip(*sorted(six.iteritems(group._info))) diff --git a/openstackclient/identity/v3/role.py b/openstackclient/identity/v3/role.py index bc64f7f8b0..4f1c04d5f0 100644 --- a/openstackclient/identity/v3/role.py +++ b/openstackclient/identity/v3/role.py @@ -29,6 +29,100 @@ from openstackclient.i18n import _ # noqa from openstackclient.identity import common +def _add_identity_and_resource_options_to_parser(parser): + domain_or_project = parser.add_mutually_exclusive_group() + domain_or_project.add_argument( + '--domain', + metavar='', + help='Include (name or ID)', + ) + domain_or_project.add_argument( + '--project', + metavar='', + help='Include `` (name or ID)', + ) + user_or_group = parser.add_mutually_exclusive_group() + user_or_group.add_argument( + '--user', + metavar='', + help='Include (name or ID)', + ) + user_or_group.add_argument( + '--group', + metavar='', + help='Include (name or ID)', + ) + parser.add_argument( + '--user-domain', + metavar='', + help=('Domain the user belongs to (name or ID). ' + 'This can be used in case collisions between user names ' + 'exist.') + ) + parser.add_argument( + '--group-domain', + metavar='', + help=('Domain the group belongs to (name or ID). ' + 'This can be used in case collisions between group names ' + 'exist.') + ) + parser.add_argument( + '--project-domain', + metavar='', + help=('Domain the project belongs to (name or ID). ' + 'This can be used in case collisions between project names ' + 'exist.') + ) + + +def _process_identity_and_resource_options(parsed_args, + identity_client_manager): + kwargs = {} + if parsed_args.user and parsed_args.domain: + kwargs['user'] = common.find_user( + identity_client_manager, + parsed_args.user, + parsed_args.user_domain, + ).id + kwargs['domain'] = common.find_domain( + identity_client_manager, + parsed_args.domain, + ).id + elif parsed_args.user and parsed_args.project: + kwargs['user'] = common.find_user( + identity_client_manager, + parsed_args.user, + parsed_args.user_domain, + ).id + kwargs['project'] = common.find_project( + identity_client_manager, + parsed_args.project, + parsed_args.project_domain, + ).id + elif parsed_args.group and parsed_args.domain: + kwargs['group'] = common.find_group( + identity_client_manager, + parsed_args.group, + parsed_args.group_domain, + ).id + kwargs['domain'] = common.find_domain( + identity_client_manager, + parsed_args.domain, + ).id + elif parsed_args.group and parsed_args.project: + kwargs['group'] = common.find_group( + identity_client_manager, + parsed_args.group, + parsed_args.group_domain, + ).id + kwargs['project'] = common.find_project( + identity_client_manager, + parsed_args.project, + parsed_args.group_domain, + ).id + return kwargs + + class AddRole(command.Command): """Adds a role to a user or group on a domain or project""" @@ -41,49 +135,7 @@ class AddRole(command.Command): metavar='', help='Role to add to (name or ID)', ) - domain_or_project = parser.add_mutually_exclusive_group() - domain_or_project.add_argument( - '--domain', - metavar='', - help='Include (name or ID)', - ) - domain_or_project.add_argument( - '--project', - metavar='', - help='Include `` (name or ID)', - ) - user_or_group = parser.add_mutually_exclusive_group() - user_or_group.add_argument( - '--user', - metavar='', - help='Include (name or ID)', - ) - user_or_group.add_argument( - '--group', - metavar='', - help='Include (name or ID)', - ) - parser.add_argument( - '--user-domain', - metavar='', - help=('Domain the user belongs to (name or ID). ' - 'This can be used in case collisions between user names ' - 'exist.') - ) - parser.add_argument( - '--group-domain', - metavar='', - help=('Domain the group belongs to (name or ID). ' - 'This can be used in case collisions between group names ' - 'exist.') - ) - parser.add_argument( - '--project-domain', - metavar='', - help=('Domain the project belongs to (name or ID). ' - 'This can be used in case collisions between project names ' - 'exist.') - ) + _add_identity_and_resource_options_to_parser(parser) return parser def take_action(self, parsed_args): @@ -99,76 +151,17 @@ class AddRole(command.Command): parsed_args.role, ) - kwargs = {} - if parsed_args.user and parsed_args.domain: - user_domain_id = self._get_domain_id_if_requested( - parsed_args.user_domain) - kwargs['user'] = common.find_user( - identity_client, - parsed_args.user, - user_domain_id, - ).id - kwargs['domain'] = common.find_domain( - identity_client, - parsed_args.domain, - ).id - elif parsed_args.user and parsed_args.project: - user_domain_id = self._get_domain_id_if_requested( - parsed_args.user_domain) - kwargs['user'] = common.find_user( - identity_client, - parsed_args.user, - user_domain_id, - ).id - project_domain_id = self._get_domain_id_if_requested( - parsed_args.project_domain) - kwargs['project'] = common.find_project( - identity_client, - parsed_args.project, - project_domain_id, - ).id - elif parsed_args.group and parsed_args.domain: - group_domain_id = self._get_domain_id_if_requested( - parsed_args.group_domain) - kwargs['group'] = common.find_group( - identity_client, - parsed_args.group, - group_domain_id, - ).id - kwargs['domain'] = common.find_domain( - identity_client, - parsed_args.domain, - ).id - elif parsed_args.group and parsed_args.project: - group_domain_id = self._get_domain_id_if_requested( - parsed_args.group_domain) - kwargs['group'] = common.find_group( - identity_client, - parsed_args.group, - group_domain_id, - ).id - project_domain_id = self._get_domain_id_if_requested( - parsed_args.project_domain) - kwargs['project'] = common.find_project( - identity_client, - parsed_args.project, - project_domain_id, - ).id - else: - sys.stderr.write("Role not added, incorrect set of arguments \ - provided. See openstack --help for more details\n") + kwargs = _process_identity_and_resource_options( + parsed_args, self.app.client_manager.identity) + if not kwargs: + sys.stderr.write("Role not added, incorrect set of arguments " + "provided. See openstack --help for more " + "details\n") return identity_client.roles.grant(role.id, **kwargs) return - def _get_domain_id_if_requested(self, domain_name_or_id): - if domain_name_or_id is None: - return None - domain = common.find_domain(self.app.client_manager.identity, - domain_name_or_id) - return domain.id - class CreateRole(show.ShowOne): """Create new role""" @@ -242,28 +235,7 @@ class ListRole(lister.Lister): def get_parser(self, prog_name): parser = super(ListRole, self).get_parser(prog_name) - domain_or_project = parser.add_mutually_exclusive_group() - domain_or_project.add_argument( - '--domain', - metavar='', - help='Filter roles by (name or ID)', - ) - domain_or_project.add_argument( - '--project', - metavar='', - help='Filter roles by (name or ID)', - ) - user_or_group = parser.add_mutually_exclusive_group() - user_or_group.add_argument( - '--user', - metavar='', - help='Filter roles by (name or ID)', - ) - user_or_group.add_argument( - '--group', - metavar='', - help='Filter roles by (name or ID)', - ) + _add_identity_and_resource_options_to_parser(parser) return parser def take_action(self, parsed_args): @@ -274,11 +246,13 @@ class ListRole(lister.Lister): user = common.find_user( identity_client, parsed_args.user, + parsed_args.user_domain, ) elif parsed_args.group: group = common.find_group( identity_client, parsed_args.group, + parsed_args.group_domain, ) if parsed_args.domain: @@ -290,6 +264,7 @@ class ListRole(lister.Lister): project = common.find_project( identity_client, parsed_args.project, + parsed_args.project_domain, ) # no user or group specified, list all roles in the system @@ -363,28 +338,7 @@ class RemoveRole(command.Command): metavar='', help='Role to remove (name or ID)', ) - domain_or_project = parser.add_mutually_exclusive_group() - domain_or_project.add_argument( - '--domain', - metavar='', - help='Include (name or ID)', - ) - domain_or_project.add_argument( - '--project', - metavar='', - help='Include (name or ID)', - ) - user_or_group = parser.add_mutually_exclusive_group() - user_or_group.add_argument( - '--user', - metavar='', - help='Include (name or ID)', - ) - user_or_group.add_argument( - '--group', - metavar='', - help='Include (name or ID)', - ) + _add_identity_and_resource_options_to_parser(parser) return parser def take_action(self, parsed_args): @@ -400,65 +354,14 @@ class RemoveRole(command.Command): parsed_args.role, ) - if parsed_args.user and parsed_args.domain: - user = common.find_user( - identity_client, - parsed_args.user, - ) - domain = common.find_domain( - identity_client, - parsed_args.domain, - ) - identity_client.roles.revoke( - role.id, - user=user.id, - domain=domain.id, - ) - elif parsed_args.user and parsed_args.project: - user = common.find_user( - identity_client, - parsed_args.user, - ) - project = common.find_project( - identity_client, - parsed_args.project, - ) - identity_client.roles.revoke( - role.id, - user=user.id, - project=project.id, - ) - elif parsed_args.group and parsed_args.domain: - group = common.find_group( - identity_client, - parsed_args.group, - ) - domain = common.find_domain( - identity_client, - parsed_args.domain, - ) - identity_client.roles.revoke( - role.id, - group=group.id, - domain=domain.id, - ) - elif parsed_args.group and parsed_args.project: - group = common.find_group( - identity_client, - parsed_args.group, - ) - project = common.find_project( - identity_client, - parsed_args.project, - ) - identity_client.roles.revoke( - role.id, - group=group.id, - project=project.id, - ) - else: + kwargs = _process_identity_and_resource_options( + parsed_args, self.app.client_manager.identity) + if not kwargs: sys.stderr.write("Role not removed, incorrect set of arguments \ provided. See openstack --help for more details\n") + return + + identity_client.roles.revoke(role.id, **kwargs) return