summaryrefslogtreecommitdiff
path: root/openstackclient/identity/v3/role.py
diff options
context:
space:
mode:
Diffstat (limited to 'openstackclient/identity/v3/role.py')
-rw-r--r--openstackclient/identity/v3/role.py321
1 files changed, 112 insertions, 209 deletions
diff --git a/openstackclient/identity/v3/role.py b/openstackclient/identity/v3/role.py
index bc64f7f8..4f1c04d5 100644
--- a/openstackclient/identity/v3/role.py
+++ b/openstackclient/identity/v3/role.py
@@ -29,6 +29,100 @@ from openstackclient.i18n import _ # noqa
from openstackclient.identity import common
+def _add_identity_and_resource_options_to_parser(parser):
+ domain_or_project = parser.add_mutually_exclusive_group()
+ domain_or_project.add_argument(
+ '--domain',
+ metavar='<domain>',
+ help='Include <domain> (name or ID)',
+ )
+ domain_or_project.add_argument(
+ '--project',
+ metavar='<project>',
+ help='Include `<project>` (name or ID)',
+ )
+ user_or_group = parser.add_mutually_exclusive_group()
+ user_or_group.add_argument(
+ '--user',
+ metavar='<user>',
+ help='Include <user> (name or ID)',
+ )
+ user_or_group.add_argument(
+ '--group',
+ metavar='<group>',
+ help='Include <group> (name or ID)',
+ )
+ parser.add_argument(
+ '--user-domain',
+ metavar='<user-domain>',
+ help=('Domain the user belongs to (name or ID). '
+ 'This can be used in case collisions between user names '
+ 'exist.')
+ )
+ parser.add_argument(
+ '--group-domain',
+ metavar='<group-domain>',
+ help=('Domain the group belongs to (name or ID). '
+ 'This can be used in case collisions between group names '
+ 'exist.')
+ )
+ parser.add_argument(
+ '--project-domain',
+ metavar='<project-domain>',
+ help=('Domain the project belongs to (name or ID). '
+ 'This can be used in case collisions between project names '
+ 'exist.')
+ )
+
+
+def _process_identity_and_resource_options(parsed_args,
+ identity_client_manager):
+ kwargs = {}
+ if parsed_args.user and parsed_args.domain:
+ kwargs['user'] = common.find_user(
+ identity_client_manager,
+ parsed_args.user,
+ parsed_args.user_domain,
+ ).id
+ kwargs['domain'] = common.find_domain(
+ identity_client_manager,
+ parsed_args.domain,
+ ).id
+ elif parsed_args.user and parsed_args.project:
+ kwargs['user'] = common.find_user(
+ identity_client_manager,
+ parsed_args.user,
+ parsed_args.user_domain,
+ ).id
+ kwargs['project'] = common.find_project(
+ identity_client_manager,
+ parsed_args.project,
+ parsed_args.project_domain,
+ ).id
+ elif parsed_args.group and parsed_args.domain:
+ kwargs['group'] = common.find_group(
+ identity_client_manager,
+ parsed_args.group,
+ parsed_args.group_domain,
+ ).id
+ kwargs['domain'] = common.find_domain(
+ identity_client_manager,
+ parsed_args.domain,
+ ).id
+ elif parsed_args.group and parsed_args.project:
+ kwargs['group'] = common.find_group(
+ identity_client_manager,
+ parsed_args.group,
+ parsed_args.group_domain,
+ ).id
+ kwargs['project'] = common.find_project(
+ identity_client_manager,
+ parsed_args.project,
+ parsed_args.group_domain,
+ ).id
+ return kwargs
+
+
class AddRole(command.Command):
"""Adds a role to a user or group on a domain or project"""
@@ -41,49 +135,7 @@ class AddRole(command.Command):
metavar='<role>',
help='Role to add to <user> (name or ID)',
)
- domain_or_project = parser.add_mutually_exclusive_group()
- domain_or_project.add_argument(
- '--domain',
- metavar='<domain>',
- help='Include <domain> (name or ID)',
- )
- domain_or_project.add_argument(
- '--project',
- metavar='<project>',
- help='Include `<project>` (name or ID)',
- )
- user_or_group = parser.add_mutually_exclusive_group()
- user_or_group.add_argument(
- '--user',
- metavar='<user>',
- help='Include <user> (name or ID)',
- )
- user_or_group.add_argument(
- '--group',
- metavar='<group>',
- help='Include <group> (name or ID)',
- )
- parser.add_argument(
- '--user-domain',
- metavar='<user-domain>',
- help=('Domain the user belongs to (name or ID). '
- 'This can be used in case collisions between user names '
- 'exist.')
- )
- parser.add_argument(
- '--group-domain',
- metavar='<group-domain>',
- help=('Domain the group belongs to (name or ID). '
- 'This can be used in case collisions between group names '
- 'exist.')
- )
- parser.add_argument(
- '--project-domain',
- metavar='<project-domain>',
- help=('Domain the project belongs to (name or ID). '
- 'This can be used in case collisions between project names '
- 'exist.')
- )
+ _add_identity_and_resource_options_to_parser(parser)
return parser
def take_action(self, parsed_args):
@@ -99,76 +151,17 @@ class AddRole(command.Command):
parsed_args.role,
)
- kwargs = {}
- if parsed_args.user and parsed_args.domain:
- user_domain_id = self._get_domain_id_if_requested(
- parsed_args.user_domain)
- kwargs['user'] = common.find_user(
- identity_client,
- parsed_args.user,
- user_domain_id,
- ).id
- kwargs['domain'] = common.find_domain(
- identity_client,
- parsed_args.domain,
- ).id
- elif parsed_args.user and parsed_args.project:
- user_domain_id = self._get_domain_id_if_requested(
- parsed_args.user_domain)
- kwargs['user'] = common.find_user(
- identity_client,
- parsed_args.user,
- user_domain_id,
- ).id
- project_domain_id = self._get_domain_id_if_requested(
- parsed_args.project_domain)
- kwargs['project'] = common.find_project(
- identity_client,
- parsed_args.project,
- project_domain_id,
- ).id
- elif parsed_args.group and parsed_args.domain:
- group_domain_id = self._get_domain_id_if_requested(
- parsed_args.group_domain)
- kwargs['group'] = common.find_group(
- identity_client,
- parsed_args.group,
- group_domain_id,
- ).id
- kwargs['domain'] = common.find_domain(
- identity_client,
- parsed_args.domain,
- ).id
- elif parsed_args.group and parsed_args.project:
- group_domain_id = self._get_domain_id_if_requested(
- parsed_args.group_domain)
- kwargs['group'] = common.find_group(
- identity_client,
- parsed_args.group,
- group_domain_id,
- ).id
- project_domain_id = self._get_domain_id_if_requested(
- parsed_args.project_domain)
- kwargs['project'] = common.find_project(
- identity_client,
- parsed_args.project,
- project_domain_id,
- ).id
- else:
- sys.stderr.write("Role not added, incorrect set of arguments \
- provided. See openstack --help for more details\n")
+ kwargs = _process_identity_and_resource_options(
+ parsed_args, self.app.client_manager.identity)
+ if not kwargs:
+ sys.stderr.write("Role not added, incorrect set of arguments "
+ "provided. See openstack --help for more "
+ "details\n")
return
identity_client.roles.grant(role.id, **kwargs)
return
- def _get_domain_id_if_requested(self, domain_name_or_id):
- if domain_name_or_id is None:
- return None
- domain = common.find_domain(self.app.client_manager.identity,
- domain_name_or_id)
- return domain.id
-
class CreateRole(show.ShowOne):
"""Create new role"""
@@ -242,28 +235,7 @@ class ListRole(lister.Lister):
def get_parser(self, prog_name):
parser = super(ListRole, self).get_parser(prog_name)
- domain_or_project = parser.add_mutually_exclusive_group()
- domain_or_project.add_argument(
- '--domain',
- metavar='<domain>',
- help='Filter roles by <domain> (name or ID)',
- )
- domain_or_project.add_argument(
- '--project',
- metavar='<project>',
- help='Filter roles by <project> (name or ID)',
- )
- user_or_group = parser.add_mutually_exclusive_group()
- user_or_group.add_argument(
- '--user',
- metavar='<user>',
- help='Filter roles by <user> (name or ID)',
- )
- user_or_group.add_argument(
- '--group',
- metavar='<group>',
- help='Filter roles by <group> (name or ID)',
- )
+ _add_identity_and_resource_options_to_parser(parser)
return parser
def take_action(self, parsed_args):
@@ -274,11 +246,13 @@ class ListRole(lister.Lister):
user = common.find_user(
identity_client,
parsed_args.user,
+ parsed_args.user_domain,
)
elif parsed_args.group:
group = common.find_group(
identity_client,
parsed_args.group,
+ parsed_args.group_domain,
)
if parsed_args.domain:
@@ -290,6 +264,7 @@ class ListRole(lister.Lister):
project = common.find_project(
identity_client,
parsed_args.project,
+ parsed_args.project_domain,
)
# no user or group specified, list all roles in the system
@@ -363,28 +338,7 @@ class RemoveRole(command.Command):
metavar='<role>',
help='Role to remove (name or ID)',
)
- domain_or_project = parser.add_mutually_exclusive_group()
- domain_or_project.add_argument(
- '--domain',
- metavar='<domain>',
- help='Include <domain> (name or ID)',
- )
- domain_or_project.add_argument(
- '--project',
- metavar='<project>',
- help='Include <project> (name or ID)',
- )
- user_or_group = parser.add_mutually_exclusive_group()
- user_or_group.add_argument(
- '--user',
- metavar='<user>',
- help='Include <user> (name or ID)',
- )
- user_or_group.add_argument(
- '--group',
- metavar='<group>',
- help='Include <group> (name or ID)',
- )
+ _add_identity_and_resource_options_to_parser(parser)
return parser
def take_action(self, parsed_args):
@@ -400,65 +354,14 @@ class RemoveRole(command.Command):
parsed_args.role,
)
- if parsed_args.user and parsed_args.domain:
- user = common.find_user(
- identity_client,
- parsed_args.user,
- )
- domain = common.find_domain(
- identity_client,
- parsed_args.domain,
- )
- identity_client.roles.revoke(
- role.id,
- user=user.id,
- domain=domain.id,
- )
- elif parsed_args.user and parsed_args.project:
- user = common.find_user(
- identity_client,
- parsed_args.user,
- )
- project = common.find_project(
- identity_client,
- parsed_args.project,
- )
- identity_client.roles.revoke(
- role.id,
- user=user.id,
- project=project.id,
- )
- elif parsed_args.group and parsed_args.domain:
- group = common.find_group(
- identity_client,
- parsed_args.group,
- )
- domain = common.find_domain(
- identity_client,
- parsed_args.domain,
- )
- identity_client.roles.revoke(
- role.id,
- group=group.id,
- domain=domain.id,
- )
- elif parsed_args.group and parsed_args.project:
- group = common.find_group(
- identity_client,
- parsed_args.group,
- )
- project = common.find_project(
- identity_client,
- parsed_args.project,
- )
- identity_client.roles.revoke(
- role.id,
- group=group.id,
- project=project.id,
- )
- else:
+ kwargs = _process_identity_and_resource_options(
+ parsed_args, self.app.client_manager.identity)
+ if not kwargs:
sys.stderr.write("Role not removed, incorrect set of arguments \
provided. See openstack --help for more details\n")
+ return
+
+ identity_client.roles.revoke(role.id, **kwargs)
return
View Lorry Controller Status