python-openstackclient 7.2.1__py3-none-any.whl → 7.3.1__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- openstackclient/common/limits.py +1 -1
- openstackclient/common/quota.py +7 -2
- openstackclient/compute/v2/server.py +38 -22
- openstackclient/compute/v2/usage.py +2 -2
- openstackclient/identity/common.py +22 -34
- openstackclient/identity/v3/credential.py +45 -28
- openstackclient/identity/v3/limit.py +15 -0
- openstackclient/identity/v3/region.py +23 -22
- openstackclient/identity/v3/registered_limit.py +18 -0
- openstackclient/identity/v3/role.py +287 -117
- openstackclient/identity/v3/role_assignment.py +1 -1
- openstackclient/identity/v3/service_provider.py +95 -45
- openstackclient/identity/v3/trust.py +114 -75
- openstackclient/image/v2/image.py +3 -0
- openstackclient/network/v2/network.py +33 -0
- openstackclient/network/v2/network_flavor_profile.py +1 -17
- openstackclient/network/v2/port.py +75 -20
- openstackclient/tests/functional/compute/v2/test_server.py +87 -1
- openstackclient/tests/functional/identity/v3/common.py +1 -1
- openstackclient/tests/functional/identity/v3/test_application_credential.py +2 -1
- openstackclient/tests/functional/identity/v3/test_role.py +24 -0
- openstackclient/tests/functional/identity/v3/test_role_assignment.py +8 -0
- openstackclient/tests/functional/identity/v3/test_service_provider.py +1 -5
- openstackclient/tests/functional/network/v2/test_port.py +107 -1
- openstackclient/tests/unit/compute/v2/fakes.py +0 -304
- openstackclient/tests/unit/compute/v2/test_aggregate.py +40 -31
- openstackclient/tests/unit/compute/v2/test_console.py +7 -3
- openstackclient/tests/unit/compute/v2/test_hypervisor.py +60 -53
- openstackclient/tests/unit/compute/v2/test_keypair.py +57 -69
- openstackclient/tests/unit/compute/v2/test_server.py +63 -5
- openstackclient/tests/unit/compute/v2/test_server_group.py +99 -105
- openstackclient/tests/unit/compute/v2/test_server_volume.py +12 -5
- openstackclient/tests/unit/compute/v2/test_service.py +83 -37
- openstackclient/tests/unit/compute/v2/test_usage.py +12 -7
- openstackclient/tests/unit/identity/v2_0/test_catalog.py +3 -6
- openstackclient/tests/unit/identity/v2_0/test_role.py +1 -2
- openstackclient/tests/unit/identity/v2_0/test_role_assignment.py +2 -1
- openstackclient/tests/unit/identity/v2_0/test_token.py +6 -20
- openstackclient/tests/unit/identity/v3/test_catalog.py +2 -5
- openstackclient/tests/unit/identity/v3/test_credential.py +74 -63
- openstackclient/tests/unit/identity/v3/test_project.py +1 -3
- openstackclient/tests/unit/identity/v3/test_region.py +74 -96
- openstackclient/tests/unit/identity/v3/test_role.py +679 -603
- openstackclient/tests/unit/identity/v3/test_role_assignment.py +263 -1
- openstackclient/tests/unit/identity/v3/test_service_provider.py +159 -209
- openstackclient/tests/unit/identity/v3/test_token.py +5 -20
- openstackclient/tests/unit/identity/v3/test_trust.py +137 -155
- openstackclient/tests/unit/image/v2/test_image.py +6 -0
- openstackclient/tests/unit/network/v2/fakes.py +3 -0
- openstackclient/tests/unit/network/v2/test_network.py +25 -0
- openstackclient/tests/unit/network/v2/test_network_flavor_profile.py +0 -35
- openstackclient/tests/unit/network/v2/test_port.py +128 -15
- openstackclient/tests/unit/utils.py +8 -2
- openstackclient/tests/unit/volume/v2/test_volume_backup.py +31 -13
- openstackclient/tests/unit/volume/v3/test_volume_backup.py +34 -13
- openstackclient/volume/v2/volume_backup.py +11 -2
- openstackclient/volume/v3/volume_backup.py +13 -2
- {python_openstackclient-7.2.1.dist-info → python_openstackclient-7.3.1.dist-info}/AUTHORS +2 -0
- {python_openstackclient-7.2.1.dist-info → python_openstackclient-7.3.1.dist-info}/METADATA +14 -16
- {python_openstackclient-7.2.1.dist-info → python_openstackclient-7.3.1.dist-info}/RECORD +65 -65
- {python_openstackclient-7.2.1.dist-info → python_openstackclient-7.3.1.dist-info}/WHEEL +1 -1
- {python_openstackclient-7.2.1.dist-info → python_openstackclient-7.3.1.dist-info}/entry_points.txt +0 -1
- python_openstackclient-7.3.1.dist-info/pbr.json +1 -0
- python_openstackclient-7.2.1.dist-info/pbr.json +0 -1
- {python_openstackclient-7.2.1.dist-info → python_openstackclient-7.3.1.dist-info}/LICENSE +0 -0
- {python_openstackclient-7.2.1.dist-info → python_openstackclient-7.3.1.dist-info}/top_level.txt +0 -0
|
@@ -17,7 +17,7 @@
|
|
|
17
17
|
|
|
18
18
|
import logging
|
|
19
19
|
|
|
20
|
-
from
|
|
20
|
+
from openstack import exceptions as sdk_exc
|
|
21
21
|
from osc_lib.command import command
|
|
22
22
|
from osc_lib import exceptions
|
|
23
23
|
from osc_lib import utils
|
|
@@ -29,6 +29,25 @@ from openstackclient.identity import common
|
|
|
29
29
|
LOG = logging.getLogger(__name__)
|
|
30
30
|
|
|
31
31
|
|
|
32
|
+
def _format_role(role):
|
|
33
|
+
columns = (
|
|
34
|
+
"id",
|
|
35
|
+
"name",
|
|
36
|
+
"domain_id",
|
|
37
|
+
"description",
|
|
38
|
+
)
|
|
39
|
+
column_headers = (
|
|
40
|
+
"id",
|
|
41
|
+
"name",
|
|
42
|
+
"domain_id",
|
|
43
|
+
"description",
|
|
44
|
+
)
|
|
45
|
+
return (
|
|
46
|
+
column_headers,
|
|
47
|
+
utils.get_item_properties(role, columns),
|
|
48
|
+
)
|
|
49
|
+
|
|
50
|
+
|
|
32
51
|
def _add_identity_and_resource_options_to_parser(parser):
|
|
33
52
|
system_or_domain_or_project = parser.add_mutually_exclusive_group()
|
|
34
53
|
system_or_domain_or_project.add_argument(
|
|
@@ -63,32 +82,79 @@ def _add_identity_and_resource_options_to_parser(parser):
|
|
|
63
82
|
common.add_inherited_option_to_parser(parser)
|
|
64
83
|
|
|
65
84
|
|
|
85
|
+
def _find_sdk_id(
|
|
86
|
+
find_command, name_or_id, validate_actor_existence=True, **kwargs
|
|
87
|
+
):
|
|
88
|
+
try:
|
|
89
|
+
resource = find_command(
|
|
90
|
+
name_or_id=name_or_id, ignore_missing=False, **kwargs
|
|
91
|
+
)
|
|
92
|
+
|
|
93
|
+
# Mimic the behavior of
|
|
94
|
+
# openstackclient.identity.common._find_identity_resource()
|
|
95
|
+
# and ignore if we don't have permission to find a resource.
|
|
96
|
+
except sdk_exc.ForbiddenException:
|
|
97
|
+
return name_or_id
|
|
98
|
+
except sdk_exc.ResourceNotFound as exc:
|
|
99
|
+
if not validate_actor_existence:
|
|
100
|
+
return name_or_id
|
|
101
|
+
raise exceptions.CommandError from exc
|
|
102
|
+
return resource.id
|
|
103
|
+
|
|
104
|
+
|
|
66
105
|
def _process_identity_and_resource_options(
|
|
67
|
-
parsed_args,
|
|
106
|
+
parsed_args, identity_client, validate_actor_existence=True
|
|
68
107
|
):
|
|
69
108
|
def _find_user():
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
parsed_args.
|
|
74
|
-
|
|
75
|
-
)
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
109
|
+
domain_id = (
|
|
110
|
+
_find_sdk_id(
|
|
111
|
+
identity_client.find_domain,
|
|
112
|
+
name_or_id=parsed_args.user_domain,
|
|
113
|
+
validate_actor_existence=validate_actor_existence,
|
|
114
|
+
)
|
|
115
|
+
if parsed_args.user_domain
|
|
116
|
+
else None
|
|
117
|
+
)
|
|
118
|
+
return _find_sdk_id(
|
|
119
|
+
identity_client.find_user,
|
|
120
|
+
name_or_id=parsed_args.user,
|
|
121
|
+
validate_actor_existence=validate_actor_existence,
|
|
122
|
+
domain_id=domain_id,
|
|
123
|
+
)
|
|
80
124
|
|
|
81
125
|
def _find_group():
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
parsed_args.
|
|
86
|
-
|
|
87
|
-
)
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
126
|
+
domain_id = (
|
|
127
|
+
_find_sdk_id(
|
|
128
|
+
identity_client.find_domain,
|
|
129
|
+
name_or_id=parsed_args.group_domain,
|
|
130
|
+
validate_actor_existence=validate_actor_existence,
|
|
131
|
+
)
|
|
132
|
+
if parsed_args.group_domain
|
|
133
|
+
else None
|
|
134
|
+
)
|
|
135
|
+
return _find_sdk_id(
|
|
136
|
+
identity_client.find_group,
|
|
137
|
+
name_or_id=parsed_args.group,
|
|
138
|
+
validate_actor_existence=validate_actor_existence,
|
|
139
|
+
domain_id=domain_id,
|
|
140
|
+
)
|
|
141
|
+
|
|
142
|
+
def _find_project():
|
|
143
|
+
domain_id = (
|
|
144
|
+
_find_sdk_id(
|
|
145
|
+
identity_client.find_domain,
|
|
146
|
+
name_or_id=parsed_args.project_domain,
|
|
147
|
+
validate_actor_existence=validate_actor_existence,
|
|
148
|
+
)
|
|
149
|
+
if parsed_args.project_domain
|
|
150
|
+
else None
|
|
151
|
+
)
|
|
152
|
+
return _find_sdk_id(
|
|
153
|
+
identity_client.find_project,
|
|
154
|
+
name_or_id=parsed_args.project,
|
|
155
|
+
validate_actor_existence=validate_actor_existence,
|
|
156
|
+
domain_id=domain_id,
|
|
157
|
+
)
|
|
92
158
|
|
|
93
159
|
kwargs = {}
|
|
94
160
|
if parsed_args.user and parsed_args.system:
|
|
@@ -96,34 +162,35 @@ def _process_identity_and_resource_options(
|
|
|
96
162
|
kwargs['system'] = parsed_args.system
|
|
97
163
|
elif parsed_args.user and parsed_args.domain:
|
|
98
164
|
kwargs['user'] = _find_user()
|
|
99
|
-
kwargs['domain'] =
|
|
100
|
-
|
|
101
|
-
parsed_args.domain,
|
|
102
|
-
|
|
165
|
+
kwargs['domain'] = _find_sdk_id(
|
|
166
|
+
identity_client.find_domain,
|
|
167
|
+
name_or_id=parsed_args.domain,
|
|
168
|
+
validate_actor_existence=validate_actor_existence,
|
|
169
|
+
)
|
|
103
170
|
elif parsed_args.user and parsed_args.project:
|
|
104
171
|
kwargs['user'] = _find_user()
|
|
105
|
-
kwargs['project'] =
|
|
106
|
-
identity_client_manager,
|
|
107
|
-
parsed_args.project,
|
|
108
|
-
parsed_args.project_domain,
|
|
109
|
-
).id
|
|
172
|
+
kwargs['project'] = _find_project()
|
|
110
173
|
elif parsed_args.group and parsed_args.system:
|
|
111
174
|
kwargs['group'] = _find_group()
|
|
112
175
|
kwargs['system'] = parsed_args.system
|
|
113
176
|
elif parsed_args.group and parsed_args.domain:
|
|
114
177
|
kwargs['group'] = _find_group()
|
|
115
|
-
kwargs['domain'] =
|
|
116
|
-
|
|
117
|
-
parsed_args.domain,
|
|
118
|
-
|
|
178
|
+
kwargs['domain'] = _find_sdk_id(
|
|
179
|
+
identity_client.find_domain,
|
|
180
|
+
name_or_id=parsed_args.domain,
|
|
181
|
+
validate_actor_existence=validate_actor_existence,
|
|
182
|
+
)
|
|
119
183
|
elif parsed_args.group and parsed_args.project:
|
|
120
184
|
kwargs['group'] = _find_group()
|
|
121
|
-
kwargs['project'] =
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
185
|
+
kwargs['project'] = _find_project()
|
|
186
|
+
else:
|
|
187
|
+
msg = _(
|
|
188
|
+
"Role not added, incorrect set of arguments "
|
|
189
|
+
"provided. See openstack --help for more details"
|
|
190
|
+
)
|
|
191
|
+
raise exceptions.CommandError(msg)
|
|
192
|
+
|
|
193
|
+
kwargs['inherited'] = parsed_args.inherited
|
|
127
194
|
return kwargs
|
|
128
195
|
|
|
129
196
|
|
|
@@ -145,7 +212,7 @@ class AddRole(command.Command):
|
|
|
145
212
|
return parser
|
|
146
213
|
|
|
147
214
|
def take_action(self, parsed_args):
|
|
148
|
-
identity_client = self.app.client_manager.identity
|
|
215
|
+
identity_client = self.app.client_manager.sdk_connection.identity
|
|
149
216
|
|
|
150
217
|
if (
|
|
151
218
|
not parsed_args.user
|
|
@@ -161,18 +228,71 @@ class AddRole(command.Command):
|
|
|
161
228
|
|
|
162
229
|
domain_id = None
|
|
163
230
|
if parsed_args.role_domain:
|
|
164
|
-
domain_id =
|
|
165
|
-
identity_client, parsed_args.role_domain
|
|
166
|
-
)
|
|
167
|
-
role =
|
|
168
|
-
identity_client.
|
|
231
|
+
domain_id = _find_sdk_id(
|
|
232
|
+
identity_client.find_domain, name_or_id=parsed_args.role_domain
|
|
233
|
+
)
|
|
234
|
+
role = _find_sdk_id(
|
|
235
|
+
identity_client.find_role,
|
|
236
|
+
name_or_id=parsed_args.role,
|
|
237
|
+
domain_id=domain_id,
|
|
169
238
|
)
|
|
170
239
|
|
|
171
|
-
|
|
172
|
-
parsed_args,
|
|
240
|
+
add_kwargs = _process_identity_and_resource_options(
|
|
241
|
+
parsed_args, identity_client
|
|
173
242
|
)
|
|
174
243
|
|
|
175
|
-
|
|
244
|
+
if add_kwargs.get("domain"):
|
|
245
|
+
if add_kwargs.get("user"):
|
|
246
|
+
identity_client.assign_domain_role_to_user(
|
|
247
|
+
domain=add_kwargs["domain"],
|
|
248
|
+
user=add_kwargs["user"],
|
|
249
|
+
role=role,
|
|
250
|
+
inherited=add_kwargs["inherited"],
|
|
251
|
+
)
|
|
252
|
+
if add_kwargs.get("group"):
|
|
253
|
+
identity_client.assign_domain_role_to_group(
|
|
254
|
+
domain=add_kwargs["domain"],
|
|
255
|
+
group=add_kwargs["group"],
|
|
256
|
+
role=role,
|
|
257
|
+
inherited=add_kwargs["inherited"],
|
|
258
|
+
)
|
|
259
|
+
elif add_kwargs.get("project"):
|
|
260
|
+
if add_kwargs.get("user"):
|
|
261
|
+
identity_client.assign_project_role_to_user(
|
|
262
|
+
project=add_kwargs["project"],
|
|
263
|
+
user=add_kwargs["user"],
|
|
264
|
+
role=role,
|
|
265
|
+
inherited=add_kwargs["inherited"],
|
|
266
|
+
)
|
|
267
|
+
if add_kwargs.get("group"):
|
|
268
|
+
identity_client.assign_project_role_to_group(
|
|
269
|
+
project=add_kwargs["project"],
|
|
270
|
+
group=add_kwargs["group"],
|
|
271
|
+
role=role,
|
|
272
|
+
inherited=add_kwargs["inherited"],
|
|
273
|
+
)
|
|
274
|
+
elif add_kwargs.get("system"):
|
|
275
|
+
if add_kwargs["inherited"]:
|
|
276
|
+
LOG.warning(
|
|
277
|
+
_(
|
|
278
|
+
"'--inherited' was given, which is not supported "
|
|
279
|
+
"when adding a system role. This will be an error "
|
|
280
|
+
"in a future release."
|
|
281
|
+
)
|
|
282
|
+
)
|
|
283
|
+
# TODO(0weng): This should be an error in a future release
|
|
284
|
+
if add_kwargs.get("user"):
|
|
285
|
+
identity_client.assign_system_role_to_user(
|
|
286
|
+
system=add_kwargs["system"],
|
|
287
|
+
user=add_kwargs["user"],
|
|
288
|
+
role=role,
|
|
289
|
+
)
|
|
290
|
+
if add_kwargs.get("group"):
|
|
291
|
+
identity_client.assign_system_role_to_group(
|
|
292
|
+
system=add_kwargs["system"],
|
|
293
|
+
group=add_kwargs["group"],
|
|
294
|
+
role=role,
|
|
295
|
+
)
|
|
176
296
|
|
|
177
297
|
|
|
178
298
|
class CreateRole(command.ShowOne):
|
|
@@ -204,37 +324,35 @@ class CreateRole(command.ShowOne):
|
|
|
204
324
|
return parser
|
|
205
325
|
|
|
206
326
|
def take_action(self, parsed_args):
|
|
207
|
-
identity_client = self.app.client_manager.identity
|
|
327
|
+
identity_client = self.app.client_manager.sdk_connection.identity
|
|
208
328
|
|
|
209
|
-
|
|
329
|
+
create_kwargs = {}
|
|
210
330
|
if parsed_args.domain:
|
|
211
|
-
domain_id =
|
|
212
|
-
identity_client, parsed_args.domain
|
|
213
|
-
)
|
|
331
|
+
create_kwargs['domain_id'] = _find_sdk_id(
|
|
332
|
+
identity_client.find_domain, name_or_id=parsed_args.domain
|
|
333
|
+
)
|
|
214
334
|
|
|
215
|
-
|
|
335
|
+
if parsed_args.name:
|
|
336
|
+
create_kwargs['name'] = parsed_args.name
|
|
337
|
+
if parsed_args.description:
|
|
338
|
+
create_kwargs['description'] = parsed_args.description
|
|
339
|
+
create_kwargs['options'] = common.get_immutable_options(parsed_args)
|
|
216
340
|
|
|
217
341
|
try:
|
|
218
|
-
role = identity_client.
|
|
219
|
-
name=parsed_args.name,
|
|
220
|
-
domain=domain_id,
|
|
221
|
-
description=parsed_args.description,
|
|
222
|
-
options=options,
|
|
223
|
-
)
|
|
342
|
+
role = identity_client.create_role(**create_kwargs)
|
|
224
343
|
|
|
225
|
-
except
|
|
344
|
+
except sdk_exc.ConflictException:
|
|
226
345
|
if parsed_args.or_show:
|
|
227
|
-
role =
|
|
228
|
-
|
|
229
|
-
parsed_args.
|
|
230
|
-
|
|
346
|
+
role = identity_client.find_role(
|
|
347
|
+
name_or_id=parsed_args.name,
|
|
348
|
+
domain_id=parsed_args.domain,
|
|
349
|
+
ignore_missing=False,
|
|
231
350
|
)
|
|
232
351
|
LOG.info(_('Returning existing role %s'), role.name)
|
|
233
352
|
else:
|
|
234
353
|
raise
|
|
235
354
|
|
|
236
|
-
role
|
|
237
|
-
return zip(*sorted(role._info.items()))
|
|
355
|
+
return _format_role(role)
|
|
238
356
|
|
|
239
357
|
|
|
240
358
|
class DeleteRole(command.Command):
|
|
@@ -245,7 +363,7 @@ class DeleteRole(command.Command):
|
|
|
245
363
|
parser.add_argument(
|
|
246
364
|
'roles',
|
|
247
365
|
metavar='<role>',
|
|
248
|
-
nargs=
|
|
366
|
+
nargs='+',
|
|
249
367
|
help=_('Role(s) to delete (name or ID)'),
|
|
250
368
|
)
|
|
251
369
|
parser.add_argument(
|
|
@@ -256,20 +374,22 @@ class DeleteRole(command.Command):
|
|
|
256
374
|
return parser
|
|
257
375
|
|
|
258
376
|
def take_action(self, parsed_args):
|
|
259
|
-
identity_client = self.app.client_manager.identity
|
|
377
|
+
identity_client = self.app.client_manager.sdk_connection.identity
|
|
260
378
|
|
|
261
379
|
domain_id = None
|
|
262
380
|
if parsed_args.domain:
|
|
263
|
-
domain_id =
|
|
264
|
-
identity_client, parsed_args.domain
|
|
265
|
-
)
|
|
381
|
+
domain_id = _find_sdk_id(
|
|
382
|
+
identity_client.find_domain, parsed_args.domain
|
|
383
|
+
)
|
|
266
384
|
errors = 0
|
|
267
385
|
for role in parsed_args.roles:
|
|
268
386
|
try:
|
|
269
|
-
|
|
270
|
-
identity_client.
|
|
387
|
+
role_id = _find_sdk_id(
|
|
388
|
+
identity_client.find_role,
|
|
389
|
+
name_or_id=role,
|
|
390
|
+
domain_id=domain_id,
|
|
271
391
|
)
|
|
272
|
-
identity_client.
|
|
392
|
+
identity_client.delete_role(role=role_id, ignore_missing=False)
|
|
273
393
|
except Exception as e:
|
|
274
394
|
errors += 1
|
|
275
395
|
LOG.error(
|
|
@@ -302,20 +422,17 @@ class ListRole(command.Lister):
|
|
|
302
422
|
return parser
|
|
303
423
|
|
|
304
424
|
def take_action(self, parsed_args):
|
|
305
|
-
identity_client = self.app.client_manager.identity
|
|
425
|
+
identity_client = self.app.client_manager.sdk_connection.identity
|
|
306
426
|
|
|
307
427
|
if parsed_args.domain:
|
|
308
|
-
domain =
|
|
309
|
-
|
|
310
|
-
parsed_args.domain,
|
|
428
|
+
domain = identity_client.find_domain(
|
|
429
|
+
name_or_id=parsed_args.domain,
|
|
311
430
|
)
|
|
312
431
|
columns = ('ID', 'Name', 'Domain')
|
|
313
|
-
data = identity_client.roles
|
|
314
|
-
for role in data:
|
|
315
|
-
role.domain = domain.name
|
|
432
|
+
data = identity_client.roles(domain_id=domain.id)
|
|
316
433
|
else:
|
|
317
434
|
columns = ('ID', 'Name')
|
|
318
|
-
data = identity_client.roles
|
|
435
|
+
data = identity_client.roles()
|
|
319
436
|
|
|
320
437
|
return (
|
|
321
438
|
columns,
|
|
@@ -323,7 +440,7 @@ class ListRole(command.Lister):
|
|
|
323
440
|
utils.get_item_properties(
|
|
324
441
|
s,
|
|
325
442
|
columns,
|
|
326
|
-
formatters={},
|
|
443
|
+
formatters={'Domain': lambda _: domain.name},
|
|
327
444
|
)
|
|
328
445
|
for s in data
|
|
329
446
|
),
|
|
@@ -348,8 +465,7 @@ class RemoveRole(command.Command):
|
|
|
348
465
|
return parser
|
|
349
466
|
|
|
350
467
|
def take_action(self, parsed_args):
|
|
351
|
-
identity_client = self.app.client_manager.identity
|
|
352
|
-
|
|
468
|
+
identity_client = self.app.client_manager.sdk_connection.identity
|
|
353
469
|
if (
|
|
354
470
|
not parsed_args.user
|
|
355
471
|
and not parsed_args.domain
|
|
@@ -364,19 +480,65 @@ class RemoveRole(command.Command):
|
|
|
364
480
|
|
|
365
481
|
domain_id = None
|
|
366
482
|
if parsed_args.role_domain:
|
|
367
|
-
domain_id =
|
|
368
|
-
identity_client,
|
|
369
|
-
|
|
370
|
-
|
|
371
|
-
|
|
483
|
+
domain_id = _find_sdk_id(
|
|
484
|
+
identity_client.find_domain,
|
|
485
|
+
name_or_id=parsed_args.role_domain,
|
|
486
|
+
)
|
|
487
|
+
role = _find_sdk_id(
|
|
488
|
+
identity_client.find_role,
|
|
489
|
+
name_or_id=parsed_args.role,
|
|
490
|
+
domain_id=domain_id,
|
|
372
491
|
)
|
|
373
492
|
|
|
374
|
-
|
|
493
|
+
remove_kwargs = _process_identity_and_resource_options(
|
|
375
494
|
parsed_args,
|
|
376
|
-
|
|
495
|
+
identity_client,
|
|
377
496
|
validate_actor_existence=False,
|
|
378
497
|
)
|
|
379
|
-
|
|
498
|
+
|
|
499
|
+
if remove_kwargs.get("domain"):
|
|
500
|
+
if remove_kwargs.get("user"):
|
|
501
|
+
identity_client.unassign_domain_role_from_user(
|
|
502
|
+
domain=remove_kwargs["domain"],
|
|
503
|
+
user=remove_kwargs["user"],
|
|
504
|
+
role=role,
|
|
505
|
+
inherited=remove_kwargs["inherited"],
|
|
506
|
+
)
|
|
507
|
+
if remove_kwargs.get("group"):
|
|
508
|
+
identity_client.unassign_domain_role_from_group(
|
|
509
|
+
domain=remove_kwargs["domain"],
|
|
510
|
+
group=remove_kwargs["group"],
|
|
511
|
+
role=role,
|
|
512
|
+
inherited=remove_kwargs["inherited"],
|
|
513
|
+
)
|
|
514
|
+
elif remove_kwargs.get("project"):
|
|
515
|
+
if remove_kwargs.get("user"):
|
|
516
|
+
identity_client.unassign_project_role_from_user(
|
|
517
|
+
project=remove_kwargs["project"],
|
|
518
|
+
user=remove_kwargs["user"],
|
|
519
|
+
role=role,
|
|
520
|
+
inherited=remove_kwargs["inherited"],
|
|
521
|
+
)
|
|
522
|
+
if remove_kwargs.get("group"):
|
|
523
|
+
identity_client.unassign_project_role_from_group(
|
|
524
|
+
project=remove_kwargs["project"],
|
|
525
|
+
group=remove_kwargs["group"],
|
|
526
|
+
role=role,
|
|
527
|
+
inherited=remove_kwargs["inherited"],
|
|
528
|
+
)
|
|
529
|
+
elif remove_kwargs.get("system"):
|
|
530
|
+
if remove_kwargs.get("user"):
|
|
531
|
+
identity_client.unassign_system_role_from_user(
|
|
532
|
+
system=remove_kwargs["system"],
|
|
533
|
+
user=remove_kwargs["user"],
|
|
534
|
+
role=role,
|
|
535
|
+
)
|
|
536
|
+
if remove_kwargs.get("group"):
|
|
537
|
+
identity_client.unassign_system_role_from_group(
|
|
538
|
+
system=remove_kwargs["system"],
|
|
539
|
+
group=remove_kwargs["group"],
|
|
540
|
+
role=role,
|
|
541
|
+
)
|
|
380
542
|
|
|
381
543
|
|
|
382
544
|
class SetRole(command.Command):
|
|
@@ -408,25 +570,31 @@ class SetRole(command.Command):
|
|
|
408
570
|
return parser
|
|
409
571
|
|
|
410
572
|
def take_action(self, parsed_args):
|
|
411
|
-
identity_client = self.app.client_manager.identity
|
|
573
|
+
identity_client = self.app.client_manager.sdk_connection.identity
|
|
574
|
+
|
|
575
|
+
update_kwargs = {}
|
|
576
|
+
if parsed_args.description:
|
|
577
|
+
update_kwargs["description"] = parsed_args.description
|
|
578
|
+
if parsed_args.name:
|
|
579
|
+
update_kwargs["name"] = parsed_args.name
|
|
412
580
|
|
|
413
581
|
domain_id = None
|
|
414
582
|
if parsed_args.domain:
|
|
415
|
-
domain_id =
|
|
416
|
-
identity_client,
|
|
417
|
-
|
|
583
|
+
domain_id = _find_sdk_id(
|
|
584
|
+
identity_client.find_domain,
|
|
585
|
+
name_or_id=parsed_args.domain,
|
|
586
|
+
)
|
|
587
|
+
update_kwargs["domain_id"] = domain_id
|
|
418
588
|
|
|
419
|
-
options = common.get_immutable_options(parsed_args)
|
|
420
|
-
role =
|
|
421
|
-
identity_client.
|
|
589
|
+
update_kwargs["options"] = common.get_immutable_options(parsed_args)
|
|
590
|
+
role = _find_sdk_id(
|
|
591
|
+
identity_client.find_role,
|
|
592
|
+
name_or_id=parsed_args.role,
|
|
593
|
+
domain_id=domain_id,
|
|
422
594
|
)
|
|
595
|
+
update_kwargs["role"] = role
|
|
423
596
|
|
|
424
|
-
identity_client.
|
|
425
|
-
role.id,
|
|
426
|
-
name=parsed_args.name,
|
|
427
|
-
description=parsed_args.description,
|
|
428
|
-
options=options,
|
|
429
|
-
)
|
|
597
|
+
identity_client.update_role(**update_kwargs)
|
|
430
598
|
|
|
431
599
|
|
|
432
600
|
class ShowRole(command.ShowOne):
|
|
@@ -447,17 +615,19 @@ class ShowRole(command.ShowOne):
|
|
|
447
615
|
return parser
|
|
448
616
|
|
|
449
617
|
def take_action(self, parsed_args):
|
|
450
|
-
identity_client = self.app.client_manager.identity
|
|
618
|
+
identity_client = self.app.client_manager.sdk_connection.identity
|
|
451
619
|
|
|
452
620
|
domain_id = None
|
|
453
621
|
if parsed_args.domain:
|
|
454
|
-
domain_id =
|
|
455
|
-
identity_client,
|
|
456
|
-
|
|
622
|
+
domain_id = _find_sdk_id(
|
|
623
|
+
identity_client.find_domain,
|
|
624
|
+
name_or_id=parsed_args.domain,
|
|
625
|
+
)
|
|
457
626
|
|
|
458
|
-
role =
|
|
459
|
-
|
|
627
|
+
role = identity_client.find_role(
|
|
628
|
+
name_or_id=parsed_args.role,
|
|
629
|
+
domain_id=domain_id,
|
|
630
|
+
ignore_missing=False,
|
|
460
631
|
)
|
|
461
632
|
|
|
462
|
-
role
|
|
463
|
-
return zip(*sorted(role._info.items()))
|
|
633
|
+
return _format_role(role)
|
|
@@ -148,7 +148,7 @@ class ListRoleAssignment(command.Lister):
|
|
|
148
148
|
|
|
149
149
|
user_domain_id = None
|
|
150
150
|
if parsed_args.user_domain:
|
|
151
|
-
|
|
151
|
+
user_domain_id = _find_sdk_id(
|
|
152
152
|
identity_client.find_domain,
|
|
153
153
|
name_or_id=parsed_args.user_domain,
|
|
154
154
|
)
|