delta/openstack/python-openstackclient.git/openstackclient/identity/common.py, branch stable/stein opendev.org: openstack/python-openstackclient Updated the take_actions for unified limits 2018-11-09T02:23:55+00:00 Vishakha Agarwal agarwalvishakha18@gmail.com 2018-10-22T08:21:30+00:00 81fd5c995d7cce45f45e37af8a6b0309308a4cba When user passes --region None, the find_resource of osc_lib calls get() of region. The get API of region ignores the name param returning all the regions in result. As the find_resource checks many cases against the result returned by get API. The output comes greater than 1, thus returning "More than one region ID exist" which is incorrect. However in case of region which cannot be filtered by name we do not require to check these many cases. The solution is to directly call the get method of APIs and returning No resource name exist with the xyz" on passing invaid parameter. And returning all in case of None. Thus created a new function get_resource which can be used in future too by these types of API's. Change-Id: Ib3f881d34a82af97199ce51bfbefc6f3f08599f1 Closes-bug: #1799153 
When user passes --region None, the find_resource
of osc_lib calls get() of region. The get API of
region ignores the name param returning all the
regions in result. As the find_resource checks
many cases against the result returned by get API.
The output comes greater than 1, thus returning
"More than one region ID exist" which is incorrect.
However in case of region which cannot be filtered
by name we do not require to check these many cases.

The solution is to directly call the get method of
APIs and returning No resource name exist with the
xyz" on passing invaid parameter. And returning all
in case of None.

Thus created a new function get_resource which can
be used in future too by these types of API's.

Change-Id: Ib3f881d34a82af97199ce51bfbefc6f3f08599f1
Closes-bug: #1799153
Add CRUD support for application credentials 2018-01-30T20:50:01+00:00 Colleen Murphy colleen@gazlene.net 2018-01-21T19:02:02+00:00 375964f270e125b8887e0ca4ee1cbe15d5eddf04 Add support for creating, retrieving, and deleting application credentials. Application credentials do not support updates. In order to provide a positive user experience for the `--role` option, this patch also includes an improvement to the `identity.common._get_token_resource()` function that allows it to introspect the roles list within a token. This way there is no need to make a request to keystone to retrieve a role object, which would fail most of the time anyway due to keystone's default policy prohibiting unprivileged users from retrieving roles. bp application-credentials Change-Id: I29e03b72acd931305cbdac5a9ff666854d05c6d7 
Add support for creating, retrieving, and deleting application
credentials. Application credentials do not support updates.

In order to provide a positive user experience for the `--role` option,
this patch also includes an improvement to the
`identity.common._get_token_resource()` function that allows it to
introspect the roles list within a token. This way there is no need to
make a request to keystone to retrieve a role object, which would fail
most of the time anyway due to keystone's default policy prohibiting
unprivileged users from retrieving roles.

bp application-credentials

Change-Id: I29e03b72acd931305cbdac5a9ff666854d05c6d7
Optimize getting endpoint list 2017-09-26T21:31:07+00:00 Anton Frolov af9740@att.com 2017-09-25T19:31:24+00:00 f6f5ce03c5b8a03180db24a02dda5b30f40b4cee Currently ListEndpoint.take_action method unconditionally iterates over all endpoints and issue GET /v3/services/<ep.service_id> request for each endpoint. In case of HTTPS keystone endpoint this can take significant amout of time, and it only getting worse in case of multiple regions. This commit change this logic to making just two GET requests: first it gets endpoint list, then it gets service list, searching service in the list instead of issuing GET /v3/services/<id> request. Change-Id: I22b61c0b45b0205a2f5a4608c2473cb7814fe3cf Closes-Bug: 1719413 
Currently ListEndpoint.take_action method unconditionally iterates
over all endpoints and issue GET /v3/services/<ep.service_id>
request for each endpoint. In case of HTTPS keystone endpoint this
can take significant amout of time, and it only getting worse in
case of multiple regions.

This commit change this logic to making just two GET requests: first
it gets endpoint list, then it gets service list, searching service
in the list instead of issuing GET /v3/services/<id> request.

Change-Id: I22b61c0b45b0205a2f5a4608c2473cb7814fe3cf
Closes-Bug: 1719413
Fix 'domain' filter not work well in some commands 2017-07-18T23:01:22+00:00 jiangpch jiangpengcheng@navercorp.com 2017-07-13T08:58:00+00:00 a01bf55d2065ec1a98f486109cc8d315def501cd The 'domain' filter not work well in commands 'project show', 'user show' and 'user set'. Depends-On: I490900d6249f01654d4cba43bddd3e7af7928a84 Closes-Bug: #1704097 Change-Id: Ib4f47cbaba27eb56c4a41d187fee74a995e62dc7 
The 'domain' filter not work well in commands 'project show',
'user show' and 'user set'.

Depends-On: I490900d6249f01654d4cba43bddd3e7af7928a84
Closes-Bug: #1704097
Change-Id: Ib4f47cbaba27eb56c4a41d187fee74a995e62dc7
Add support for domain specific roles 2016-08-10T20:32:55+00:00 Henry Nash henryn@linux.vnet.ibm.com 2016-02-23T11:42:40+00:00 5eb7e626b18b033f97f3cf10f2791529f9d75789 A role entity can now be specified as domain specific. Closes-bug: #1606105 Change-Id: I564cf3da1d61f5bfcf85be591480d2f5c8d694a0 
A role entity can now be specified as domain specific.

Closes-bug: #1606105
Change-Id: I564cf3da1d61f5bfcf85be591480d2f5c8d694a0
Fix error for find_service() in identity 2016-07-22T11:40:50+00:00 sunyajing yajing.sun@easystack.cn 2016-06-24T04:40:29+00:00 c45b1d7b230e900d0416a4953607e5d4e1dc9cfd if there are more than one services be found with one name, a NoUniqueMatch exception should be raised but we can see a NotFound Exception raised instead. It is because in "find_service()", we use "find_resource()" first, if "find_resource()" return a exception, we just think it is a NotFound Exception and continue to find by type but ignore a NoUniqueMatch exception of "find_resource()". This patch refactor the "find_service()" method to solve this problem. Change-Id: Id4619092c57f276ae0698c89df0d5503b7423a4e Co-Authored-By: Huanxuan Ao <huanxuan.ao@easystack.cn> Closes-Bug:#1597296 
if there are more than one services be found with one
name, a NoUniqueMatch exception should be raised but
we can see a NotFound Exception raised instead. It is
because in "find_service()", we use "find_resource()"
first, if "find_resource()" return a exception, we just
think it is a NotFound Exception and continue to find
by type but ignore a NoUniqueMatch exception of
"find_resource()". This patch refactor the "find_service()"
method to solve this problem.

Change-Id: Id4619092c57f276ae0698c89df0d5503b7423a4e
Co-Authored-By: Huanxuan Ao <huanxuan.ao@easystack.cn>
Closes-Bug:#1597296
Use resource id when name given for identity show 2016-06-23T04:55:46+00:00 David Rosales darosale@us.ibm.com 2016-04-29T17:12:52+00:00 337d013c94378a4b3f0e8f90e4f5bd745448658f Currently a user is allowed to specify either a resource ID or name when running openstack identity comands. In some cases, when a name is specified instead of an ID, the command will return as not able to find the resource when it in fact does exist. The changes here are to check the client against the token on such requests and to extract the ID of the resource specified if enough information exists between the two. We then use the ID associated with the resource to complete the user requests. Change-Id: I40713b0ded42063b786dc21247e854224b9d2fe2 Closes-Bug: #1561599 
Currently a user is allowed to specify either a resource ID or name
when running openstack identity comands. In some cases, when a name
is specified instead of an ID, the command will return as not able
to find the resource when it in fact does exist.

The changes here are to check the client against the token on such
requests and to extract the ID of the resource specified if enough
information exists between the two. We then use the ID associated
with the resource to complete the user requests.

Change-Id: I40713b0ded42063b786dc21247e854224b9d2fe2
Closes-Bug: #1561599
Fix i18n problems for common files in identity 2016-06-14T01:50:23+00:00 Tang Chen chen.tang@easystack.cn 2016-06-13T08:44:21+00:00 304f565439c5950587f7ad31a2f799076e702036 Some missing parts in identity. Change-Id: I8777b845613d7d7df36ac3c198da552e11aaad1b Partial-bug: #1574965 
Some missing parts in identity.

Change-Id: I8777b845613d7d7df36ac3c198da552e11aaad1b
Partial-bug: #1574965
osc-lib: utils 2016-06-13T15:50:44+00:00 Dean Troyer dtroyer@gmail.com 2016-05-13T21:14:09+00:00 e5e29a8fef7ba2396015918545a49e717fe75d15 Use osc-lib directly for utils. Leave openstackclient.common.utils for deprecation period. Change-Id: I5bd9579abc4e07f45219ccd0565626e6667472f7 
Use osc-lib directly for utils.

Leave openstackclient.common.utils for deprecation period.

Change-Id: I5bd9579abc4e07f45219ccd0565626e6667472f7
osc-lib: exceptions 2016-06-13T15:50:01+00:00 Dean Troyer dtroyer@gmail.com 2016-06-08T19:17:14+00:00 d20c863ebc11cecaaefe043e615b2fb4f5f26063 Use osc-lib directly for exceptions. Leave openstackclient.common.exceptions for deprecation period. Change-Id: Iea3e862302372e1b31ccd27f69db59b4953ca828 
Use osc-lib directly for exceptions.

Leave openstackclient.common.exceptions for deprecation period.

Change-Id: Iea3e862302372e1b31ccd27f69db59b4953ca828