openstack/python-openstackclient
Code Issues Proposed changes
648d8df578
python-openstackclient/openstackclient/identity/v3/access_rule.py
Douglas Mendizábal bc60e3bb90 Fix "access rule" commands to only use ID 
This patch modifies the access rule commands to use only the resource
ID.  The previous logic incorrectly assumed that access rules have a
"name" property, which resulted in unexpected behaviors.

For example, "access rule delete {non-existent-id}" now results in a
"not found" error instead of sometimes deleting an unrelated rule.

Story: 2010775
Task: 48163
Change-Id: Ib5c3b7f86acf1dfe7cc76dfa99fa4c118388bd71
2023-06-05 12:03:15 -04:00

130 lines
3.9 KiB
Python
Raw Blame History

# Copyright 2019 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
"""Identity v3 Access Rule action implementations"""
import logging
from osc_lib.command import command
from osc_lib import exceptions
from osc_lib import utils
from openstackclient.i18n import _
from openstackclient.identity import common
LOG = logging.getLogger(__name__)
class DeleteAccessRule(command.Command):
_description = _("Delete access rule(s)")
def get_parser(self, prog_name):
parser = super(DeleteAccessRule, self).get_parser(prog_name)
parser.add_argument(
'access_rule',
metavar='<access-rule>',
nargs="+",
help=_('Access rule ID(s) to delete'),
)
return parser
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
errors = 0
for ac in parsed_args.access_rule:
try:
access_rule = common.get_resource_by_id(
identity_client.access_rules, ac
)
identity_client.access_rules.delete(access_rule.id)
except Exception as e:
errors += 1
LOG.error(
_(
"Failed to delete access rule with "
"ID '%(ac)s': %(e)s"
),
{'ac': ac, 'e': e},
)
if errors > 0:
total = len(parsed_args.access_rule)
msg = _(
"%(errors)s of %(total)s access rules failed " "to delete."
) % {'errors': errors, 'total': total}
raise exceptions.CommandError(msg)
class ListAccessRule(command.Lister):
_description = _("List access rules")
def get_parser(self, prog_name):
parser = super(ListAccessRule, self).get_parser(prog_name)
parser.add_argument(
'--user',
metavar='<user>',
help=_('User whose access rules to list (name or ID)'),
)
common.add_user_domain_option_to_parser(parser)
return parser
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
if parsed_args.user:
user_id = common.find_user(
identity_client, parsed_args.user, parsed_args.user_domain
).id
else:
user_id = None
columns = ('ID', 'Service', 'Method', 'Path')
data = identity_client.access_rules.list(user=user_id)
return (
columns,
(
utils.get_item_properties(
s,
columns,
formatters={},
)
for s in data
),
)
class ShowAccessRule(command.ShowOne):
_description = _("Display access rule details")
def get_parser(self, prog_name):
parser = super(ShowAccessRule, self).get_parser(prog_name)
parser.add_argument(
'access_rule',
metavar='<access-rule>',
help=_('Access rule ID to display'),
)
return parser
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
access_rule = common.get_resource_by_id(
identity_client.access_rules, parsed_args.access_rule
)
access_rule._info.pop('links', None)
return zip(*sorted(access_rule._info.items()))
View Git Blame Copy Permalink