def _process_identity_and_resource_options(parsed_args,
identity_client_manager):
kwargs = {}
if parsed_args.user and parsed_args.domain:
kwargs['user'] = common.find_user(
identity_client_manager,
parsed_args.user,
parsed_args.user_domain,
).id
kwargs['domain'] = common.find_domain(
identity_client_manager,
parsed_args.domain,
).id
elif parsed_args.user and parsed_args.project:
kwargs['user'] = common.find_user(
identity_client_manager,
parsed_args.user,
parsed_args.user_domain,
).id
kwargs['project'] = common.find_project(
identity_client_manager,
parsed_args.project,
parsed_args.project_domain,
).id
elif parsed_args.group and parsed_args.domain:
kwargs['group'] = common.find_group(
identity_client_manager,
parsed_args.group,
parsed_args.group_domain,
).id
kwargs['domain'] = common.find_domain(
identity_client_manager,
parsed_args.domain,
).id
elif parsed_args.group and parsed_args.project:
kwargs['group'] = common.find_group(
identity_client_manager,
parsed_args.group,
parsed_args.group_domain,
).id
kwargs['project'] = common.find_project(
identity_client_manager,
parsed_args.project,
parsed_args.project_domain,
).id
kwargs['os_inherit_extension_inherited'] = parsed_args.inherited
return kwargs
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
# NOTE(stevemar): Find the two users, project and roles that
# are necessary for making a trust usable, the API dictates that
# trustee, project and role are optional, but that makes the trust
# pointless, and trusts are immutable, so let's enforce it at the
# client level.
trustor_id = common.find_user(identity_client, parsed_args.trustor,
parsed_args.trustor_domain).id
trustee_id = common.find_user(identity_client, parsed_args.trustee,
parsed_args.trustee_domain).id
project_id = common.find_project(identity_client, parsed_args.project,
parsed_args.project_domain).id
role_names = []
for role in parsed_args.role:
role_name = utils.find_resource(
identity_client.roles,
role,
).name
role_names.append(role_name)
expires_at = None
if parsed_args.expiration:
expires_at = datetime.datetime.strptime(parsed_args.expiration,
'%Y-%m-%dT%H:%M:%S')
trust = identity_client.trusts.create(
trustee_id,
trustor_id,
impersonation=parsed_args.impersonate,
project=project_id,
role_names=role_names,
expires_at=expires_at,
)
trust._info.pop('roles_links', None)
trust._info.pop('links', None)
# Format roles into something sensible
roles = trust._info.pop('roles')
msg = ' '.join(r['name'] for r in roles)
trust._info['roles'] = msg
return zip(*sorted(six.iteritems(trust._info)))
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
project_id = None
if parsed_args.project:
project_id = common.find_project(identity_client,
parsed_args.project,
parsed_args.project_domain).id
domain_id = None
if parsed_args.domain:
domain_id = common.find_domain(identity_client,
parsed_args.domain).id
enabled = True
if parsed_args.disable:
enabled = False
if parsed_args.password_prompt:
parsed_args.password = utils.get_password(self.app.stdin)
try:
user = identity_client.users.create(
name=parsed_args.name,
domain=domain_id,
default_project=project_id,
password=parsed_args.password,
email=parsed_args.email,
description=parsed_args.description,
enabled=enabled)
except ks_exc.Conflict as e:
if parsed_args.or_show:
user = utils.find_resource(identity_client.users,
parsed_args.name,
domain_id=domain_id)
self.log.info('Returning existing user %s', user.name)
else:
raise e
user._info.pop('links')
return zip(*sorted(six.iteritems(user._info)))
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
if parsed_args.password_prompt:
parsed_args.password = utils.get_password(self.app.stdin)
if (not parsed_args.name and not parsed_args.name
and not parsed_args.password and not parsed_args.email
and not parsed_args.project and not parsed_args.description
and not parsed_args.enable and not parsed_args.disable):
sys.stderr.write("Incorrect set of arguments "
"provided. See ecl --help for more "
"details\n")
return
user = utils.find_resource(
identity_client.users,
parsed_args.user,
)
kwargs = {}
if parsed_args.name:
kwargs['name'] = parsed_args.name
if parsed_args.email:
kwargs['email'] = parsed_args.email
if parsed_args.password:
kwargs['password'] = parsed_args.password
if parsed_args.description:
kwargs['description'] = parsed_args.description
if parsed_args.project:
project_id = common.find_project(identity_client,
parsed_args.project,
parsed_args.project_domain).id
kwargs['default_project'] = project_id
kwargs['enabled'] = user.enabled
if parsed_args.enable:
kwargs['enabled'] = True
if parsed_args.disable:
kwargs['enabled'] = False
identity_client.users.update(user.id, **kwargs)
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
if (not parsed_args.name and not parsed_args.domain
and not parsed_args.description and not parsed_args.enable
and not parsed_args.property and not parsed_args.disable):
return
project = common.find_project(identity_client, parsed_args.project,
parsed_args.domain)
kwargs = {}
if parsed_args.name:
kwargs['name'] = parsed_args.name
if parsed_args.description:
kwargs['description'] = parsed_args.description
if parsed_args.enable:
kwargs['enabled'] = True
if parsed_args.disable:
kwargs['enabled'] = False
if parsed_args.property:
kwargs.update(parsed_args.property)
identity_client.projects.update(project.id, **kwargs)
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
image_client = self.app.client_manager.image
for deadopt in self.deadopts:
if getattr(parsed_args, deadopt.replace('-', '_'), None):
raise exceptions.CommandError(
"ERROR: --%s was given, which is an Image v1 option"
" that is no longer supported in Image v2" % deadopt)
kwargs = {}
copy_attrs = ('architecture', 'container_format', 'disk_format',
'file', 'instance_id', 'kernel_id', 'locations',
'min_disk', 'min_ram', 'name', 'os_distro', 'os_version',
'prefix', 'progress', 'ramdisk_id', 'tags')
for attr in copy_attrs:
if attr in parsed_args:
val = getattr(parsed_args, attr, None)
if val:
# Only include a value in kwargs for attributes that are
# actually present on the command line
kwargs[attr] = val
# Properties should get flattened into the general kwargs
if getattr(parsed_args, 'properties', None):
for k, v in six.iteritems(parsed_args.properties):
kwargs[k] = str(v)
# Handle exclusive booleans with care
# Avoid including attributes in kwargs if an option is not
# present on the command line. These exclusive booleans are not
# a single value for the pair of options because the default must be
# to do nothing when no options are present as opposed to always
# setting a default.
if parsed_args.protected:
kwargs['protected'] = True
if parsed_args.unprotected:
kwargs['protected'] = False
if parsed_args.public:
kwargs['visibility'] = 'public'
if parsed_args.private:
kwargs['visibility'] = 'private'
# Handle deprecated --owner option
project_arg = parsed_args.project
if parsed_args.owner:
project_arg = parsed_args.owner
self.log.warning(
_('The --owner option is deprecated, '
'please use --project instead.'))
if project_arg:
kwargs['owner'] = common.find_project(
identity_client,
project_arg,
parsed_args.project_domain,
).id
# Checks if anything that requires getting the image
if not (kwargs or parsed_args.deactivate or parsed_args.activate):
self.log.warning("No arguments specified")
return {}, {}
image = utils.find_resource(image_client.images, parsed_args.image)
activation_status = None
if parsed_args.deactivate:
image_client.images.deactivate(image.id)
activation_status = "deactivated"
if parsed_args.activate:
image_client.images.reactivate(image.id)
activation_status = "activated"
# Check if need to do the actual update
if not kwargs:
return {}, {}
if parsed_args.tags:
# Tags should be extended, but duplicates removed
kwargs['tags'] = list(set(image.tags).union(set(parsed_args.tags)))
try:
image = image_client.images.update(image.id, **kwargs)
except Exception as e:
if activation_status is not None:
print("Image %s was %s." % (image.id, activation_status))
raise e
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
image_client = self.app.client_manager.image
for deadopt in self.deadopts:
if getattr(parsed_args, deadopt.replace('-', '_'), None):
raise exceptions.CommandError(
"ERROR: --%s was given, which is an Image v1 option"
" that is no longer supported in Image v2" % deadopt)
# Build an attribute dict from the parsed args, only include
# attributes that were actually set on the command line
kwargs = {}
copy_attrs = ('name', 'id', 'container_format', 'disk_format',
'min_disk', 'min_ram', 'tags')
for attr in copy_attrs:
if attr in parsed_args:
val = getattr(parsed_args, attr, None)
if val:
# Only include a value in kwargs for attributes that
# are actually present on the command line
kwargs[attr] = val
# properties should get flattened into the general kwargs
if getattr(parsed_args, 'properties', None):
for k, v in six.iteritems(parsed_args.properties):
kwargs[k] = str(v)
# Handle exclusive booleans with care
# Avoid including attributes in kwargs if an option is not
# present on the command line. These exclusive booleans are not
# a single value for the pair of options because the default must be
# to do nothing when no options are present as opposed to always
# setting a default.
if parsed_args.protected:
kwargs['protected'] = True
if parsed_args.unprotected:
kwargs['protected'] = False
if parsed_args.public:
kwargs['visibility'] = 'public'
if parsed_args.private:
kwargs['visibility'] = 'private'
# Handle deprecated --owner option
project_arg = parsed_args.project
if parsed_args.owner:
project_arg = parsed_args.owner
self.log.warning(
_('The --owner option is deprecated, '
'please use --project instead.'))
if project_arg:
kwargs['owner'] = common.find_project(
identity_client,
project_arg,
parsed_args.project_domain,
).id
# open the file first to ensure any failures are handled before the
# image is created
fp = gc_utils.get_data_file(parsed_args)
info = {}
if fp is not None and parsed_args.volume:
raise exceptions.CommandError("Uploading data and using container "
"are not allowed at the same time")
if fp is None and parsed_args.file:
self.log.warning("Failed to get an image file.")
return {}, {}
if parsed_args.owner:
kwargs['owner'] = common.find_project(
identity_client,
parsed_args.owner,
parsed_args.project_domain,
).id
# If a volume is specified.
if parsed_args.volume:
volume_client = self.app.client_manager.volume
source_volume = utils.find_resource(
volume_client.volumes,
parsed_args.volume,
)
response, body = volume_client.volumes.upload_to_image(
source_volume.id,
parsed_args.force,
parsed_args.name,
parsed_args.container_format,
parsed_args.disk_format,
)
info = body['os-volume_upload_image']
info['volume_type'] = info['volume_type']['name']
else:
image = image_client.images.create(**kwargs)
if fp is not None:
with fp:
try:
image_client.images.upload(image.id, fp)
except Exception as e:
# If the upload fails for some reason attempt to remove the
# dangling queued image made by the create() call above but
# only if the user did not specify an id which indicates
# the Image already exists and should be left alone.
try:
if 'id' not in kwargs:
image_client.images.delete(image.id)
except Exception:
pass # we don't care about this one
raise e # now, throw the upload exception again
# update the image after the data has been uploaded
image = image_client.images.get(image.id)
if not info:
info = _format_image(image._info)
return zip(*sorted(six.iteritems(info)))
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
role = None
if parsed_args.role:
role = utils.find_resource(
identity_client.roles,
parsed_args.role,
)
user = None
if parsed_args.user:
user = common.find_user(
identity_client,
parsed_args.user,
parsed_args.user_domain,
)
domain = None
if parsed_args.domain:
domain = common.find_domain(
identity_client,
parsed_args.domain,
)
project = None
if parsed_args.project:
project = common.find_project(
identity_client,
parsed_args.project,
parsed_args.project_domain,
)
group = None
if parsed_args.group:
group = common.find_group(
identity_client,
parsed_args.group,
parsed_args.group_domain,
)
include_names = True if parsed_args.names else False
effective = True if parsed_args.effective else False
columns = ('Role', 'User', 'Group', 'Project', 'Domain', 'Inherited')
inherited_to = 'projects' if parsed_args.inherited else None
data = identity_client.role_assignments.list(
domain=domain,
user=user,
group=group,
project=project,
role=role,
effective=effective,
os_inherit_extension_inherited_to=inherited_to,
include_names=include_names)
data_parsed = []
for assignment in data:
# Removing the extra "scope" layer in the assignment json
scope = assignment.scope
if 'project' in scope:
if include_names:
prj = '@'.join([
scope['project']['name'],
scope['project']['domain']['name']
])
setattr(assignment, 'project', prj)
else:
setattr(assignment, 'project', scope['project']['id'])
assignment.domain = ''
elif 'domain' in scope:
if include_names:
setattr(assignment, 'domain', scope['domain']['name'])
else:
setattr(assignment, 'domain', scope['domain']['id'])
assignment.project = ''
else:
assignment.domain = ''
assignment.project = ''
inherited = scope.get('OS-INHERIT:inherited_to') == 'projects'
assignment.inherited = inherited
del assignment.scope
if hasattr(assignment, 'user'):
if include_names:
usr = '******'.join([
assignment.user['name'],
assignment.user['domain']['name']
])
setattr(assignment, 'user', usr)
else:
setattr(assignment, 'user', assignment.user['id'])
assignment.group = ''
elif hasattr(assignment, 'group'):
if include_names:
grp = '@'.join([
assignment.group['name'],
assignment.group['domain']['name']
])
setattr(assignment, 'group', grp)
else:
setattr(assignment, 'group', assignment.group['id'])
assignment.user = ''
else:
assignment.user = ''
assignment.group = ''
if hasattr(assignment, 'role'):
if include_names:
setattr(assignment, 'role', assignment.role['name'])
else:
setattr(assignment, 'role', assignment.role['id'])
else:
assignment.role = ''
# Creating a tuple from data object fields
# (including the blank ones)
data_parsed.append(self._as_tuple(assignment))
return columns, tuple(data_parsed)
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
if parsed_args.user:
user = common.find_user(
identity_client,
parsed_args.user,
parsed_args.user_domain,
)
elif parsed_args.group:
group = common.find_group(
identity_client,
parsed_args.group,
parsed_args.group_domain,
)
if parsed_args.domain:
domain = common.find_domain(
identity_client,
parsed_args.domain,
)
elif parsed_args.project:
project = common.find_project(
identity_client,
parsed_args.project,
parsed_args.project_domain,
)
# no user or group specified, list all roles in the system
if not parsed_args.user and not parsed_args.group:
columns = ('ID', 'Name')
data = identity_client.roles.list()
elif parsed_args.user and parsed_args.domain:
columns = ('ID', 'Name', 'Domain', 'User')
data = identity_client.roles.list(
user=user,
domain=domain,
os_inherit_extension_inherited=parsed_args.inherited)
for user_role in data:
user_role.user = user.name
user_role.domain = domain.name
elif parsed_args.user and parsed_args.project:
columns = ('ID', 'Name', 'Project', 'User')
data = identity_client.roles.list(
user=user,
project=project,
os_inherit_extension_inherited=parsed_args.inherited)
for user_role in data:
user_role.user = user.name
user_role.project = project.name
elif parsed_args.user:
columns = ('ID', 'Name')
data = identity_client.roles.list(
user=user,
domain='default',
os_inherit_extension_inherited=parsed_args.inherited)
elif parsed_args.group and parsed_args.domain:
columns = ('ID', 'Name', 'Domain', 'Group')
data = identity_client.roles.list(
group=group,
domain=domain,
os_inherit_extension_inherited=parsed_args.inherited)
for group_role in data:
group_role.group = group.name
group_role.domain = domain.name
elif parsed_args.group and parsed_args.project:
columns = ('ID', 'Name', 'Project', 'Group')
data = identity_client.roles.list(
group=group,
project=project,
os_inherit_extension_inherited=parsed_args.inherited)
for group_role in data:
group_role.group = group.name
group_role.project = project.name
else:
sys.stderr.write("Error: If a user or group is specified, either "
"--domain or --project must also be specified to "
"list role grants.\n")
return ([], [])
return (columns, (utils.get_item_properties(
s,
columns,
formatters={},
) for s in data))
def take_action(self, parsed_args):
volume_client = self.app.client_manager.volume
compute_client = self.app.client_manager.compute
identity_client = self.app.client_manager.identity
def _format_attach(attachments):
"""Return a formatted string of a volume's attached instances
:param attachments: a volume.attachments field
:rtype: a string of formatted instances
"""
msg = ''
for attachment in attachments:
server = attachment['server_id']
if server in server_cache:
server = server_cache[server].name
device = attachment['device']
msg += 'Attached to %s on %s ' % (server, device)
return msg
if parsed_args.long:
columns = [
'ID',
'Name',
'Status',
'Size',
'Volume Type',
'Bootable',
'Attachments',
'Metadata',
]
column_headers = copy.deepcopy(columns)
column_headers[1] = 'Display Name'
column_headers[4] = 'Type'
column_headers[6] = 'Attached to'
column_headers[7] = 'Properties'
else:
columns = [
'ID',
'Name',
'Status',
'Size',
'Attachments',
]
column_headers = copy.deepcopy(columns)
column_headers[1] = 'Display Name'
column_headers[4] = 'Attached to'
# Cache the server list
server_cache = {}
try:
for s in compute_client.servers.list():
server_cache[s.id] = s
except Exception:
# Just forget it if there's any trouble
pass
project_id = None
if parsed_args.project:
project_id = identity_common.find_project(
identity_client, parsed_args.project,
parsed_args.project_domain)
user_id = None
if parsed_args.user:
user_id = identity_common.find_user(identity_client,
parsed_args.user,
parsed_args.user_domain)
search_opts = {
'all_tenants': parsed_args.all_projects,
'project_id': project_id,
'user_id': user_id,
'display_name': parsed_args.name,
'status': parsed_args.status,
}
data = volume_client.volumes.list(search_opts=search_opts)
return (column_headers, (utils.get_item_properties(
s,
columns,
formatters={
'Metadata': utils.format_dict,
'Attachments': _format_attach
},
) for s in data))