5203cc9707
The auth_with_unscoped_saml decorator existed to make sure the user selected the right auth plugin before trying to call either a 'federation domain' or 'federation project' command. This is outdated, because openstackclient now uses keystoneauth[1] and keystoneauth removed its entrypoints for the federation plugins[2] since its _Rescoped class no longer needs them. This patch removes the decorator since that validation check was the only thing standing in the way of the commands working correctly. Also removed the '*_list_wrong_auth' tests since those only existed to test the decorator, and stopped setting the plugin in the positive tests since the automatically-determined token plugin should now be fine. [1] http://git.openstack.org/cgit/openstack/python-openstackclient/commit/?id=6ae0d2e8a54fd5139e63a990ab4bdce634e73c5e [2] http://git.openstack.org/cgit/openstack/keystoneauth/commit/?id=d9e4d26bb86f8d48e43188b88bab9d7fe778d2c1 Change-Id: Id981739663113447a7bba8ddba81ba9394a19e07 Closes-bug: #1624115
52 lines
1.8 KiB
Python
52 lines
1.8 KiB
Python
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
#
|
|
|
|
"""Identity v3 unscoped SAML auth action implementations.
|
|
|
|
The first step of federated auth is to fetch an unscoped token. From there,
|
|
the user can list domains and projects they are allowed to access, and request
|
|
a scoped token."""
|
|
|
|
from osc_lib.command import command
|
|
from osc_lib import utils
|
|
|
|
from openstackclient.i18n import _
|
|
|
|
|
|
class ListAccessibleDomains(command.Lister):
|
|
_description = _("List accessible domains")
|
|
|
|
def take_action(self, parsed_args):
|
|
columns = ('ID', 'Enabled', 'Name', 'Description')
|
|
identity_client = self.app.client_manager.identity
|
|
data = identity_client.federation.domains.list()
|
|
return (columns,
|
|
(utils.get_item_properties(
|
|
s, columns,
|
|
formatters={},
|
|
) for s in data))
|
|
|
|
|
|
class ListAccessibleProjects(command.Lister):
|
|
_description = _("List accessible projects")
|
|
|
|
def take_action(self, parsed_args):
|
|
columns = ('ID', 'Domain ID', 'Enabled', 'Name')
|
|
identity_client = self.app.client_manager.identity
|
|
data = identity_client.federation.projects.list()
|
|
return (columns,
|
|
(utils.get_item_properties(
|
|
s, columns,
|
|
formatters={},
|
|
) for s in data))
|