summaryrefslogtreecommitdiff
path: root/openstackclient/identity/v3/role.py
diff options
context:
space:
mode:
authorSteve Martinelli <stevemar@ca.ibm.com>2013-04-18 17:49:42 -0500
committerDean Troyer <dtroyer@gmail.com>2013-07-03 11:51:23 -0500
commitf29a849ffcc203e7038fd2a026e0f755dcf2c1fc (patch)
tree75ff2e2a5d529d7b81236bbf1100393a0e173f5a /openstackclient/identity/v3/role.py
parentd50b5750640ace3a77e6e0637d6cd24f91db8080 (diff)
downloadpython-openstackclient-f29a849ffcc203e7038fd2a026e0f755dcf2c1fc.tar.gz
Finish up v3 role commands
* Add remove role * Add --role to group list * Add --role to user list * Fix groups in AddRole() * Remove the tweaks to utils.find_resource for domains; will address that across domains, projects, users and groups in another patch. I want to nail down the structure of these commands and get that into place Change-Id: I8673dd8221ef88978dada5a2833c187026bdb31a
Diffstat (limited to 'openstackclient/identity/v3/role.py')
-rw-r--r--openstackclient/identity/v3/role.py135
1 files changed, 108 insertions, 27 deletions
diff --git a/openstackclient/identity/v3/role.py b/openstackclient/identity/v3/role.py
index faff9062..7387509a 100644
--- a/openstackclient/identity/v3/role.py
+++ b/openstackclient/identity/v3/role.py
@@ -26,7 +26,7 @@ from openstackclient.common import utils
class AddRole(command.Command):
- """Add role command"""
+ """Adds a role to a user or group on a domain or project"""
api = 'identity'
log = logging.getLogger(__name__ + '.AddRole')
@@ -42,23 +42,24 @@ class AddRole(command.Command):
user_or_group.add_argument(
'--user',
metavar='<user>',
- help='Name or ID of user to assign a role',
+ help='Name or ID of user to add a role',
)
user_or_group.add_argument(
'--group',
metavar='<group>',
- help='Name or ID of group to assign a role',
+ help='Name or ID of group to add a role',
)
domain_or_project = parser.add_mutually_exclusive_group()
domain_or_project.add_argument(
'--domain',
metavar='<domain>',
- help='Name or ID of domain where user or group resides',
+ default='default',
+ help='Name or ID of domain associated with user or group',
)
domain_or_project.add_argument(
'--project',
metavar='<project>',
- help='Name or ID of project where user or group resides',
+ help='Name or ID of project associated with user or group',
)
return parser
@@ -68,42 +69,40 @@ class AddRole(command.Command):
if (not parsed_args.user and not parsed_args.domain
and not parsed_args.group and not parsed_args.project):
- sys.stdout.write("Role not updated, no arguments present \n")
+ sys.stderr.write("Role not added, no arguments present\n")
return
role_id = utils.find_resource(identity_client.roles,
parsed_args.role).id
- if (parsed_args.user and parsed_args.domain):
+ if parsed_args.user and parsed_args.domain:
user = utils.find_resource(identity_client.users,
parsed_args.user)
domain = utils.find_resource(identity_client.domains,
parsed_args.domain)
identity_client.roles.grant(role_id, user=user, domain=domain)
- return
- elif (parsed_args.user and parsed_args.project):
+ elif parsed_args.user and parsed_args.project:
user = utils.find_resource(identity_client.users,
parsed_args.user)
project = utils.find_resource(identity_client.projects,
parsed_args.project)
identity_client.roles.grant(role_id, user=user, project=project)
- return
- elif (parsed_args.group and parsed_args.project):
+ elif parsed_args.group and parsed_args.domain:
+ group = utils.find_resource(identity_client.groups,
+ parsed_args.group)
+ domain = utils.find_resource(identity_client.domains,
+ parsed_args.domain)
+ identity_client.roles.grant(role_id, group=group, domain=domain)
+ elif parsed_args.group and parsed_args.project:
group = utils.find_resource(identity_client.group,
parsed_args.group)
project = utils.find_resource(identity_client.projects,
parsed_args.project)
identity_client.roles.grant(role_id, group=group, project=project)
- return
- elif (parsed_args.group and parsed_args.domain):
- group = utils.find_resource(identity_client.group,
- parsed_args.group)
- domain = utils.find_resource(identity_client.domains,
- parsed_args.domain)
- identity_client.roles.grant(role_id, group=group, domain=domain)
- return
else:
- return
+ sys.stderr.write("Role not added, incorrect set of arguments \
+ provided. See openstack --help for more details\n")
+ return
class CreateRole(show.ShowOne):
@@ -115,15 +114,16 @@ class CreateRole(show.ShowOne):
def get_parser(self, prog_name):
parser = super(CreateRole, self).get_parser(prog_name)
parser.add_argument(
- 'role-name',
+ 'name',
metavar='<role-name>',
- help='New role name')
+ help='New role name',
+ )
return parser
def take_action(self, parsed_args):
self.log.debug('take_action(%s)' % parsed_args)
identity_client = self.app.client_manager.identity
- role = identity_client.roles.create(parsed_args.role_name)
+ role = identity_client.roles.create(parsed_args.name)
return zip(*sorted(role._info.iteritems()))
@@ -139,7 +139,8 @@ class DeleteRole(command.Command):
parser.add_argument(
'role',
metavar='<role>',
- help='Name or ID of role to delete')
+ help='Name or ID of role to delete',
+ )
return parser
def take_action(self, parsed_args):
@@ -168,6 +169,85 @@ class ListRole(lister.Lister):
) for s in data))
+class RemoveRole(command.Command):
+ """Remove role command"""
+
+ api = 'identity'
+ log = logging.getLogger(__name__ + '.RemoveRole')
+
+ def get_parser(self, prog_name):
+ parser = super(RemoveRole, self).get_parser(prog_name)
+ parser.add_argument(
+ 'role',
+ metavar='<role>',
+ help='Name or ID of role to remove',
+ )
+ user_or_group = parser.add_mutually_exclusive_group()
+ user_or_group.add_argument(
+ '--user',
+ metavar='<user>',
+ help='Name or ID of user to remove a role',
+ )
+ user_or_group.add_argument(
+ '--group',
+ metavar='<group>',
+ help='Name or ID of group to remove a role',
+ )
+ domain_or_project = parser.add_mutually_exclusive_group()
+ domain_or_project.add_argument(
+ '--domain',
+ metavar='<domain>',
+ help='Name or ID of domain associated with user or group',
+ )
+ domain_or_project.add_argument(
+ '--project',
+ metavar='<project>',
+ help='Name or ID of project associated with user or group',
+ )
+ return parser
+
+ def take_action(self, parsed_args):
+ self.log.debug('take_action(%s)' % parsed_args)
+ identity_client = self.app.client_manager.identity
+
+ if (not parsed_args.user and not parsed_args.domain
+ and not parsed_args.group and not parsed_args.project):
+ sys.stdout.write("Role not updated, no arguments present\n")
+ return
+
+ role_id = utils.find_resource(identity_client.roles,
+ parsed_args.role).id
+
+ if parsed_args.user and parsed_args.domain:
+ user = utils.find_resource(identity_client.users,
+ parsed_args.user)
+ domain = utils.find_resource(identity_client.domains,
+ parsed_args.domain)
+ identity_client.roles.revoke(role_id, user=user, domain=domain)
+ elif parsed_args.user and parsed_args.project:
+ user = utils.find_resource(identity_client.users,
+ parsed_args.user)
+ project = utils.find_resource(identity_client.projects,
+ parsed_args.project)
+ identity_client.roles.revoke(role_id, user=user, project=project)
+ elif parsed_args.group and parsed_args.project:
+ group = utils.find_resource(identity_client.group,
+ parsed_args.group)
+ project = utils.find_resource(identity_client.projects,
+ parsed_args.project)
+ identity_client.roles.revoke(role_id, group=group, project=project)
+ elif parsed_args.group and parsed_args.domain:
+ group = utils.find_resource(identity_client.group,
+ parsed_args.group)
+ domain = utils.find_resource(identity_client.domains,
+ parsed_args.domain)
+ identity_client.roles.revoke(role_id, group=group, domain=domain)
+ else:
+ sys.stderr.write("Role not removed, incorrect set of arguments \
+ provided. See openstack --help for more details\n")
+ return
+
+
class SetRole(command.Command):
"""Set role command"""
@@ -179,7 +259,7 @@ class SetRole(command.Command):
parser.add_argument(
'role',
metavar='<role>',
- help='Name or ID of role to change',
+ help='Name or ID of role to update',
)
parser.add_argument(
'--name',
@@ -195,7 +275,7 @@ class SetRole(command.Command):
parsed_args.role)
if not parsed_args.name:
- sys.stdout.write("Role not updated, no arguments present")
+ sys.stderr.write("Role not updated, no arguments present")
return
identity_client.roles.update(role_id, parsed_args.name)
@@ -213,7 +293,8 @@ class ShowRole(show.ShowOne):
parser.add_argument(
'role',
metavar='<role>',
- help='Name or ID of role to display')
+ help='Name or ID of role to display',
+ )
return parser
def take_action(self, parsed_args):
View Lorry Controller Status