From f29a849ffcc203e7038fd2a026e0f755dcf2c1fc Mon Sep 17 00:00:00 2001 From: Steve Martinelli Date: Thu, 18 Apr 2013 17:49:42 -0500 Subject: Finish up v3 role commands * Add remove role * Add --role to group list * Add --role to user list * Fix groups in AddRole() * Remove the tweaks to utils.find_resource for domains; will address that across domains, projects, users and groups in another patch. I want to nail down the structure of these commands and get that into place Change-Id: I8673dd8221ef88978dada5a2833c187026bdb31a --- openstackclient/identity/v3/role.py | 135 ++++++++++++++++++++++++++++-------- 1 file changed, 108 insertions(+), 27 deletions(-) (limited to 'openstackclient/identity/v3/role.py') diff --git a/openstackclient/identity/v3/role.py b/openstackclient/identity/v3/role.py index faff9062..7387509a 100644 --- a/openstackclient/identity/v3/role.py +++ b/openstackclient/identity/v3/role.py @@ -26,7 +26,7 @@ from openstackclient.common import utils class AddRole(command.Command): - """Add role command""" + """Adds a role to a user or group on a domain or project""" api = 'identity' log = logging.getLogger(__name__ + '.AddRole') @@ -42,23 +42,24 @@ class AddRole(command.Command): user_or_group.add_argument( '--user', metavar='', - help='Name or ID of user to assign a role', + help='Name or ID of user to add a role', ) user_or_group.add_argument( '--group', metavar='', - help='Name or ID of group to assign a role', + help='Name or ID of group to add a role', ) domain_or_project = parser.add_mutually_exclusive_group() domain_or_project.add_argument( '--domain', metavar='', - help='Name or ID of domain where user or group resides', + default='default', + help='Name or ID of domain associated with user or group', ) domain_or_project.add_argument( '--project', metavar='', - help='Name or ID of project where user or group resides', + help='Name or ID of project associated with user or group', ) return parser @@ -68,42 +69,40 @@ class AddRole(command.Command): if (not parsed_args.user and not parsed_args.domain and not parsed_args.group and not parsed_args.project): - sys.stdout.write("Role not updated, no arguments present \n") + sys.stderr.write("Role not added, no arguments present\n") return role_id = utils.find_resource(identity_client.roles, parsed_args.role).id - if (parsed_args.user and parsed_args.domain): + if parsed_args.user and parsed_args.domain: user = utils.find_resource(identity_client.users, parsed_args.user) domain = utils.find_resource(identity_client.domains, parsed_args.domain) identity_client.roles.grant(role_id, user=user, domain=domain) - return - elif (parsed_args.user and parsed_args.project): + elif parsed_args.user and parsed_args.project: user = utils.find_resource(identity_client.users, parsed_args.user) project = utils.find_resource(identity_client.projects, parsed_args.project) identity_client.roles.grant(role_id, user=user, project=project) - return - elif (parsed_args.group and parsed_args.project): + elif parsed_args.group and parsed_args.domain: + group = utils.find_resource(identity_client.groups, + parsed_args.group) + domain = utils.find_resource(identity_client.domains, + parsed_args.domain) + identity_client.roles.grant(role_id, group=group, domain=domain) + elif parsed_args.group and parsed_args.project: group = utils.find_resource(identity_client.group, parsed_args.group) project = utils.find_resource(identity_client.projects, parsed_args.project) identity_client.roles.grant(role_id, group=group, project=project) - return - elif (parsed_args.group and parsed_args.domain): - group = utils.find_resource(identity_client.group, - parsed_args.group) - domain = utils.find_resource(identity_client.domains, - parsed_args.domain) - identity_client.roles.grant(role_id, group=group, domain=domain) - return else: - return + sys.stderr.write("Role not added, incorrect set of arguments \ + provided. See openstack --help for more details\n") + return class CreateRole(show.ShowOne): @@ -115,15 +114,16 @@ class CreateRole(show.ShowOne): def get_parser(self, prog_name): parser = super(CreateRole, self).get_parser(prog_name) parser.add_argument( - 'role-name', + 'name', metavar='', - help='New role name') + help='New role name', + ) return parser def take_action(self, parsed_args): self.log.debug('take_action(%s)' % parsed_args) identity_client = self.app.client_manager.identity - role = identity_client.roles.create(parsed_args.role_name) + role = identity_client.roles.create(parsed_args.name) return zip(*sorted(role._info.iteritems())) @@ -139,7 +139,8 @@ class DeleteRole(command.Command): parser.add_argument( 'role', metavar='', - help='Name or ID of role to delete') + help='Name or ID of role to delete', + ) return parser def take_action(self, parsed_args): @@ -168,6 +169,85 @@ class ListRole(lister.Lister): ) for s in data)) +class RemoveRole(command.Command): + """Remove role command""" + + api = 'identity' + log = logging.getLogger(__name__ + '.RemoveRole') + + def get_parser(self, prog_name): + parser = super(RemoveRole, self).get_parser(prog_name) + parser.add_argument( + 'role', + metavar='', + help='Name or ID of role to remove', + ) + user_or_group = parser.add_mutually_exclusive_group() + user_or_group.add_argument( + '--user', + metavar='', + help='Name or ID of user to remove a role', + ) + user_or_group.add_argument( + '--group', + metavar='', + help='Name or ID of group to remove a role', + ) + domain_or_project = parser.add_mutually_exclusive_group() + domain_or_project.add_argument( + '--domain', + metavar='', + help='Name or ID of domain associated with user or group', + ) + domain_or_project.add_argument( + '--project', + metavar='', + help='Name or ID of project associated with user or group', + ) + return parser + + def take_action(self, parsed_args): + self.log.debug('take_action(%s)' % parsed_args) + identity_client = self.app.client_manager.identity + + if (not parsed_args.user and not parsed_args.domain + and not parsed_args.group and not parsed_args.project): + sys.stdout.write("Role not updated, no arguments present\n") + return + + role_id = utils.find_resource(identity_client.roles, + parsed_args.role).id + + if parsed_args.user and parsed_args.domain: + user = utils.find_resource(identity_client.users, + parsed_args.user) + domain = utils.find_resource(identity_client.domains, + parsed_args.domain) + identity_client.roles.revoke(role_id, user=user, domain=domain) + elif parsed_args.user and parsed_args.project: + user = utils.find_resource(identity_client.users, + parsed_args.user) + project = utils.find_resource(identity_client.projects, + parsed_args.project) + identity_client.roles.revoke(role_id, user=user, project=project) + elif parsed_args.group and parsed_args.project: + group = utils.find_resource(identity_client.group, + parsed_args.group) + project = utils.find_resource(identity_client.projects, + parsed_args.project) + identity_client.roles.revoke(role_id, group=group, project=project) + elif parsed_args.group and parsed_args.domain: + group = utils.find_resource(identity_client.group, + parsed_args.group) + domain = utils.find_resource(identity_client.domains, + parsed_args.domain) + identity_client.roles.revoke(role_id, group=group, domain=domain) + else: + sys.stderr.write("Role not removed, incorrect set of arguments \ + provided. See openstack --help for more details\n") + return + + class SetRole(command.Command): """Set role command""" @@ -179,7 +259,7 @@ class SetRole(command.Command): parser.add_argument( 'role', metavar='', - help='Name or ID of role to change', + help='Name or ID of role to update', ) parser.add_argument( '--name', @@ -195,7 +275,7 @@ class SetRole(command.Command): parsed_args.role) if not parsed_args.name: - sys.stdout.write("Role not updated, no arguments present") + sys.stderr.write("Role not updated, no arguments present") return identity_client.roles.update(role_id, parsed_args.name) @@ -213,7 +293,8 @@ class ShowRole(show.ShowOne): parser.add_argument( 'role', metavar='', - help='Name or ID of role to display') + help='Name or ID of role to display', + ) return parser def take_action(self, parsed_args): -- cgit v1.2.1