openstack/python-openstackclient
Code Issues Proposed changes
b8d6ceef86
python-openstackclient/openstackclient/identity/v2_0/role_assignment.py
Henry Nash 713d92df4e Add assignment list to v2 identity and deprecate alternate listing 
The current identity role list command (both v2 and v3) is
overloaded with listing roles as well as assignments (if you
provide user, group, project or domain options). This is in
addition to the v3 assignment list command designed for this
purpose.

This overloading complicates the fact that roles can now be
domain specific (i.e. have a domain attribute), so the
command 'role list --domain <domain-name' will soon become
ambigious (this is in a follow on patch).

This patch:

- Adds a v2 assignments list, with support for pulling the
user and project from the auth credentials
- For comapability, adds the same auth support to the
existing v3 assignments list
- Deprecates the use of role list and user role list to list
assignments

Change-Id: I65bafdef4f8c89e863dab101369d0d629fa818b8
Partial-Bug: 1605774
2016-07-22 21:46:29 +00:00

114 lines
3.8 KiB
Python
Raw Blame History

# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
"""Identity v2 Assignment action implementations """
from openstackclient.common import command
from openstackclient.common import exceptions
from openstackclient.common import utils
from openstackclient.i18n import _ # noqa
class ListRoleAssignment(command.Lister):
"""List role assignments"""
def get_parser(self, prog_name):
parser = super(ListRoleAssignment, self).get_parser(prog_name)
parser.add_argument(
'--user',
metavar='<user>',
help='User to filter (name or ID)',
)
parser.add_argument(
'--project',
metavar='<project>',
help='Project to filter (name or ID)',
)
parser.add_argument(
'--names',
action="store_true",
help='Display names instead of IDs',
)
parser.add_argument(
'--auth-user',
action="store_true",
dest='authuser',
help='Only list assignments for the authenticated user',
)
parser.add_argument(
'--auth-project',
action="store_true",
dest='authproject',
help='Only list assignments for the project to which the '
'authenticated user\'s token is scoped',
)
return parser
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
auth_ref = self.app.client_manager.auth_ref
include_names = True if parsed_args.names else False
user = None
if parsed_args.user:
user = utils.find_resource(
identity_client.users,
parsed_args.user,
)
elif parsed_args.authuser:
if auth_ref:
user = utils.find_resource(
identity_client.users,
auth_ref.user_id
)
project = None
if parsed_args.project:
project = utils.find_resource(
identity_client.projects,
parsed_args.project,
)
elif parsed_args.authproject:
if auth_ref:
project = utils.find_resource(
identity_client.projects,
auth_ref.project_id
)
# If user or project is not specified, we would ideally list all
# relevant assignments in the system (to be compatible with v3).
# However, there is no easy way of doing that in v2.
if not user or not project:
msg = _("Project and User must be specified")
raise exceptions.CommandError(msg)
else:
data = identity_client.roles.roles_for_user(user.id, project.id)
columns = ('Role', 'User', 'Project')
for user_role in data:
if include_names:
setattr(user_role, 'role', user_role.name)
user_role.user = user.name
user_role.project = project.name
else:
setattr(user_role, 'role', user_role.id)
user_role.user = user.id
user_role.project = project.id
return (columns,
(utils.get_item_properties(
s, columns,
formatters={},
) for s in data))
View Git Blame Copy Permalink