openstack/python-openstackclient
Code Issues Proposed changes

Merge "Enable specifing domains in "role add""

Browse Source
This commit is contained in:
Jenkins 2015-05-22 20:00:01 +00:00 committed by Gerrit Code Review
commit 61cfebb8aa
3 changed files with 95 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
doc/source/command-objects/role.rst
View File

@ -37,6 +37,27 @@ Add role to a user or group in a project or domain
.. versionadded:: 3 .. versionadded:: 3
.. option:: --user-domain <user-domain>
Domain the user belongs to (name or ID).
This can be used in case collisions between user names exist.
.. versionadded:: 3
.. option:: --group-domain <group-domain>
Domain the group belongs to (name or ID).
This can be used in case collisions between group names exist.
.. versionadded:: 3
.. option:: --project-domain <project-domain>
Domain the project belongs to (name or ID).
This can be used in case collisions between project names exist.
.. versionadded:: 3
.. describe:: <role> .. describe:: <role>
Role to add to `<project>`:`<user>` (name or ID) Role to add to `<project>`:`<user>` (name or ID)

16
openstackclient/identity/common.py
View File

@ -48,23 +48,23 @@ def find_domain(identity_client, name_or_id):
domains.Domain) domains.Domain)
def find_group(identity_client, name_or_id): def find_group(identity_client, name_or_id, domain_id=None):
return _find_identity_resource(identity_client.groups, name_or_id, return _find_identity_resource(identity_client.groups, name_or_id,
groups.Group) groups.Group, domain_id=domain_id)
def find_project(identity_client, name_or_id): def find_project(identity_client, name_or_id, domain_id=None):
return _find_identity_resource(identity_client.projects, name_or_id, return _find_identity_resource(identity_client.projects, name_or_id,
projects.Project) projects.Project, domain_id=domain_id)
def find_user(identity_client, name_or_id): def find_user(identity_client, name_or_id, domain_id=None):
return _find_identity_resource(identity_client.users, name_or_id, return _find_identity_resource(identity_client.users, name_or_id,
users.User) users.User, domain_id=domain_id)
def _find_identity_resource(identity_client_manager, name_or_id, def _find_identity_resource(identity_client_manager, name_or_id,
resource_type): resource_type, **kwargs):
"""Find a specific identity resource. """Find a specific identity resource.
Using keystoneclient's manager, attempt to find a specific resource by its Using keystoneclient's manager, attempt to find a specific resource by its
@ -92,7 +92,7 @@ def _find_identity_resource(identity_client_manager, name_or_id,
try: try:
identity_resource = utils.find_resource(identity_client_manager, identity_resource = utils.find_resource(identity_client_manager,
name_or_id) name_or_id, **kwargs)
if identity_resource is not None: if identity_resource is not None:
return identity_resource return identity_resource
except identity_exc.Forbidden: except identity_exc.Forbidden:

102
openstackclient/identity/v3/role.py
View File

@ -63,6 +63,27 @@ class AddRole(command.Command):
metavar='<group>', metavar='<group>',
help='Include <group> (name or ID)', help='Include <group> (name or ID)',
) )
parser.add_argument(
'--user-domain',
metavar='<user-domain>',
help=('Domain the user belongs to (name or ID). '
'This can be used in case collisions between user names '
'exist.')
)
parser.add_argument(
'--group-domain',
metavar='<group-domain>',
help=('Domain the group belongs to (name or ID). '
'This can be used in case collisions between group names '
'exist.')
)
parser.add_argument(
'--project-domain',
metavar='<project-domain>',
help=('Domain the project belongs to (name or ID). '
'This can be used in case collisions between project names '
'exist.')
)
return parser return parser
def take_action(self, parsed_args): def take_action(self, parsed_args):
@ -78,67 +99,76 @@ class AddRole(command.Command):
parsed_args.role, parsed_args.role,
) )
kwargs = {}
if parsed_args.user and parsed_args.domain: if parsed_args.user and parsed_args.domain:
user = common.find_user( user_domain_id = self._get_domain_id_if_requested(
parsed_args.user_domain)
kwargs['user'] = common.find_user(
identity_client, identity_client,
parsed_args.user, parsed_args.user,
) user_domain_id,
domain = common.find_domain( ).id
kwargs['domain'] = common.find_domain(
identity_client, identity_client,
parsed_args.domain, parsed_args.domain,
) ).id
identity_client.roles.grant(
role.id,
user=user.id,
domain=domain.id,
)
elif parsed_args.user and parsed_args.project: elif parsed_args.user and parsed_args.project:
user = common.find_user( user_domain_id = self._get_domain_id_if_requested(
parsed_args.user_domain)
kwargs['user'] = common.find_user(
identity_client, identity_client,
parsed_args.user, parsed_args.user,
) user_domain_id,
project = common.find_project( ).id
project_domain_id = self._get_domain_id_if_requested(
parsed_args.project_domain)
kwargs['project'] = common.find_project(
identity_client, identity_client,
parsed_args.project, parsed_args.project,
) project_domain_id,
identity_client.roles.grant( ).id
role.id,
user=user.id,
project=project.id,
)
elif parsed_args.group and parsed_args.domain: elif parsed_args.group and parsed_args.domain:
group = common.find_group( group_domain_id = self._get_domain_id_if_requested(
parsed_args.group_domain)
kwargs['group'] = common.find_group(
identity_client, identity_client,
parsed_args.group, parsed_args.group,
) group_domain_id,
domain = common.find_domain( ).id
kwargs['domain'] = common.find_domain(
identity_client, identity_client,
parsed_args.domain, parsed_args.domain,
) ).id
identity_client.roles.grant(
role.id,
group=group.id,
domain=domain.id,
)
elif parsed_args.group and parsed_args.project: elif parsed_args.group and parsed_args.project:
group = common.find_group( group_domain_id = self._get_domain_id_if_requested(
parsed_args.group_domain)
kwargs['group'] = common.find_group(
identity_client, identity_client,
parsed_args.group, parsed_args.group,
) group_domain_id,
project = common.find_project( ).id
project_domain_id = self._get_domain_id_if_requested(
parsed_args.project_domain)
kwargs['project'] = common.find_project(
identity_client, identity_client,
parsed_args.project, parsed_args.project,
) project_domain_id,
identity_client.roles.grant( ).id
role.id,
group=group.id,
project=project.id,
)
else: else:
sys.stderr.write("Role not added, incorrect set of arguments \ sys.stderr.write("Role not added, incorrect set of arguments \
provided. See openstack --help for more details\n") provided. See openstack --help for more details\n")
return return
identity_client.roles.grant(role.id, **kwargs)
return
def _get_domain_id_if_requested(self, domain_name_or_id):
if domain_name_or_id is None:
return None
domain = common.find_domain(self.app.client_manager.identity,
domain_name_or_id)
return domain.id
class CreateRole(show.ShowOne): class CreateRole(show.ShowOne):
"""Create new role""" """Create new role"""