1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
"""Identity v2 Assignment action implementations """
from osc_lib.command import command
from osc_lib import exceptions
from osc_lib import utils
from openstackclient.i18n import _ # noqa
class ListRoleAssignment(command.Lister):
_description = _("List role assignments")
def get_parser(self, prog_name):
parser = super(ListRoleAssignment, self).get_parser(prog_name)
parser.add_argument(
'--user',
metavar='<user>',
help='User to filter (name or ID)',
)
parser.add_argument(
'--project',
metavar='<project>',
help='Project to filter (name or ID)',
)
parser.add_argument(
'--names',
action="store_true",
help='Display names instead of IDs',
)
parser.add_argument(
'--auth-user',
action="store_true",
dest='authuser',
help='Only list assignments for the authenticated user',
)
parser.add_argument(
'--auth-project',
action="store_true",
dest='authproject',
help='Only list assignments for the project to which the '
'authenticated user\'s token is scoped',
)
return parser
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
auth_ref = self.app.client_manager.auth_ref
include_names = True if parsed_args.names else False
user = None
if parsed_args.user:
user = utils.find_resource(
identity_client.users,
parsed_args.user,
)
elif parsed_args.authuser:
if auth_ref:
user = utils.find_resource(
identity_client.users, auth_ref.user_id
)
project = None
if parsed_args.project:
project = utils.find_resource(
identity_client.projects,
parsed_args.project,
)
elif parsed_args.authproject:
if auth_ref:
project = utils.find_resource(
identity_client.projects, auth_ref.project_id
)
# If user or project is not specified, we would ideally list all
# relevant assignments in the system (to be compatible with v3).
# However, there is no easy way of doing that in v2.
if not user or not project:
msg = _("Project and User must be specified")
raise exceptions.CommandError(msg)
else:
data = identity_client.roles.roles_for_user(user.id, project.id)
columns = ('Role', 'User', 'Project')
for user_role in data:
if include_names:
setattr(user_role, 'role', user_role.name)
user_role.user = user.name
user_role.project = project.name
else:
setattr(user_role, 'role', user_role.id)
user_role.user = user.id
user_role.project = project.id
return (
columns,
(
utils.get_item_properties(
s,
columns,
formatters={},
)
for s in data
),
)
|
