def take_action(self, parsed_args): identity_client = self.app.client_manager.identity # NOTE(stevemar): Find the two users, project and roles that # are necessary for making a trust usable, the API dictates that # trustee, project and role are optional, but that makes the trust # pointless, and trusts are immutable, so let's enforce it at the # client level. trustor_id = common.find_user(identity_client, parsed_args.trustor, parsed_args.trustor_domain).id trustee_id = common.find_user(identity_client, parsed_args.trustee, parsed_args.trustee_domain).id project_id = common.find_project(identity_client, parsed_args.project, parsed_args.project_domain).id role_ids = [] for role in parsed_args.role: try: role_id = utils.find_resource( identity_client.roles, role, ).id except identity_exc.Forbidden: role_id = role role_ids.append(role_id) expires_at = None if parsed_args.expiration: expires_at = datetime.datetime.strptime(parsed_args.expiration, '%Y-%m-%dT%H:%M:%S') trust = identity_client.trusts.create( trustee_id, trustor_id, impersonation=parsed_args.impersonate, project=project_id, role_ids=role_ids, expires_at=expires_at, ) trust._info.pop('roles_links', None) trust._info.pop('links', None) # Format roles into something sensible roles = trust._info.pop('roles') msg = ' '.join(r['name'] for r in roles) trust._info['roles'] = msg return zip(*sorted(trust._info.items()))
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity # NOTE(stevemar): Find the two users, project and roles that # are necessary for making a trust usable, the API dictates that # trustee, project and role are optional, but that makes the trust # pointless, and trusts are immutable, so let's enforce it at the # client level. trustor_id = common.find_user(identity_client, parsed_args.trustor, parsed_args.trustor_domain).id trustee_id = common.find_user(identity_client, parsed_args.trustee, parsed_args.trustee_domain).id project_id = common.find_project(identity_client, parsed_args.project, parsed_args.project_domain).id role_ids = [] for role in parsed_args.role: try: role_id = utils.find_resource( identity_client.roles, role, ).id except identity_exc.Forbidden: role_id = role role_ids.append(role_id) expires_at = None if parsed_args.expiration: expires_at = datetime.datetime.strptime(parsed_args.expiration, '%Y-%m-%dT%H:%M:%S') trust = identity_client.trusts.create( trustee_id, trustor_id, impersonation=parsed_args.impersonate, project=project_id, role_ids=role_ids, expires_at=expires_at, ) trust._info.pop('roles_links', None) trust._info.pop('links', None) # Format roles into something sensible roles = trust._info.pop('roles') msg = ' '.join(r['name'] for r in roles) trust._info['roles'] = msg return zip(*sorted(six.iteritems(trust._info)))
def take_action(self, parsed_args): compute_client = self.app.client_manager.sdk_connection.compute identity_client = self.app.client_manager.identity kwargs = {} if parsed_args.user: if not sdk_utils.supports_microversion(compute_client, '2.10'): msg = _( '--os-compute-api-version 2.10 or greater is required to ' 'support the --user option') raise exceptions.CommandError(msg) kwargs['user_id'] = identity_common.find_user( identity_client, parsed_args.user, parsed_args.user_domain, ).id keypair = compute_client.find_keypair(parsed_args.name, **kwargs, ignore_missing=False) if not parsed_args.public_key: display_columns, columns = _get_keypair_columns(keypair, hide_pub_key=True) data = utils.get_item_properties(keypair, columns) return (display_columns, data) else: sys.stdout.write(keypair.public_key) return ({}, {})
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity group_id = common.find_group(identity_client, parsed_args.group, parsed_args.group_domain).id result = 0 for i in parsed_args.user: try: user_id = common.find_user(identity_client, i, parsed_args.user_domain).id identity_client.users.add_to_group(user_id, group_id) except Exception as e: result += 1 msg = _("%(user)s not added to group %(group)s: %(e)s") % { 'user': i, 'group': parsed_args.group, 'e': e, } LOG.error(msg) if result > 0: total = len(parsed_args.user) msg = (_("%(result)s of %(total)s users not added to group " "%(group)s.")) % { 'result': result, 'total': total, 'group': parsed_args.group, } raise exceptions.CommandError(msg)
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity user_id = common.find_user(identity_client, parsed_args.user, parsed_args.user_domain).id group_id = common.find_group(identity_client, parsed_args.group, parsed_args.group_domain).id try: identity_client.users.check_in_group(user_id, group_id) except ks_exc.http.HTTPClientError as e: if e.http_status == 403 or e.http_status == 404: msg = _("%(user)s not in group %(group)s\n") % { 'user': parsed_args.user, 'group': parsed_args.group, } sys.stderr.write(msg) else: raise e else: msg = _("%(user)s in group %(group)s\n") % { 'user': parsed_args.user, 'group': parsed_args.group, } sys.stdout.write(msg)
def _delete_user(self, user): """Delete a user and associated default resources""" mgr = self.app.client_manager # Identify user if isinstance(user, str): # pylint: disable=broad-except try: user = find_user(mgr.identity, user) except Exception: user = None # Identify project if user is not None and hasattr(user, 'default_project_id'): project = find_project(mgr.identity, user.default_project_id) else: project = None # Delete user, if applicable if user is not None: mgr.identity.users.delete(user.id) # Delete project, if applicable if project is not None: self._delete_project(project) return { 'user': user, 'project': project, }
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity user_id = common.find_user(identity_client, parsed_args.user, parsed_args.user_domain).id group_id = common.find_group(identity_client, parsed_args.group, parsed_args.group_domain).id try: identity_client.users.check_in_group(user_id, group_id) except ks_exc.http.HTTPClientError as e: if e.http_status == 403 or e.http_status == 404: msg = _("%(user)s not in group %(group)s\n") % { 'user': parsed_args.user, 'group': parsed_args.group, } self.app.stderr.write(msg) else: raise e else: msg = _("%(user)s in group %(group)s\n") % { 'user': parsed_args.user, 'group': parsed_args.group, } self.app.stdout.write(msg)
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity domain = None if parsed_args.domain: domain = common.find_domain(identity_client, parsed_args.domain).id if parsed_args.user: user = common.find_user( identity_client, parsed_args.user, parsed_args.user_domain, ).id else: user = None # List groups if parsed_args.long: columns = ('ID', 'Name', 'Domain ID', 'Description') else: columns = ('ID', 'Name') data = identity_client.groups.list( domain=domain, user=user, ) return ( columns, (utils.get_item_properties( s, columns, formatters={}, ) for s in data) )
def _process_identity_and_resource_options(parsed_args, identity_client_manager): kwargs = {} if parsed_args.user and parsed_args.domain: kwargs['user'] = common.find_user( identity_client_manager, parsed_args.user, parsed_args.user_domain, ).id kwargs['domain'] = common.find_domain( identity_client_manager, parsed_args.domain, ).id elif parsed_args.user and parsed_args.project: kwargs['user'] = common.find_user( identity_client_manager, parsed_args.user, parsed_args.user_domain, ).id kwargs['project'] = common.find_project( identity_client_manager, parsed_args.project, parsed_args.project_domain, ).id elif parsed_args.group and parsed_args.domain: kwargs['group'] = common.find_group( identity_client_manager, parsed_args.group, parsed_args.group_domain, ).id kwargs['domain'] = common.find_domain( identity_client_manager, parsed_args.domain, ).id elif parsed_args.group and parsed_args.project: kwargs['group'] = common.find_group( identity_client_manager, parsed_args.group, parsed_args.group_domain, ).id kwargs['project'] = common.find_project( identity_client_manager, parsed_args.project, parsed_args.project_domain, ).id kwargs['os_inherit_extension_inherited'] = parsed_args.inherited return kwargs
def _process_identity_and_resource_options(parsed_args, identity_client_manager): kwargs = {} if parsed_args.user and parsed_args.domain: kwargs["user"] = common.find_user(identity_client_manager, parsed_args.user, parsed_args.user_domain).id kwargs["domain"] = common.find_domain(identity_client_manager, parsed_args.domain).id elif parsed_args.user and parsed_args.project: kwargs["user"] = common.find_user(identity_client_manager, parsed_args.user, parsed_args.user_domain).id kwargs["project"] = common.find_project( identity_client_manager, parsed_args.project, parsed_args.project_domain ).id elif parsed_args.group and parsed_args.domain: kwargs["group"] = common.find_group(identity_client_manager, parsed_args.group, parsed_args.group_domain).id kwargs["domain"] = common.find_domain(identity_client_manager, parsed_args.domain).id elif parsed_args.group and parsed_args.project: kwargs["group"] = common.find_group(identity_client_manager, parsed_args.group, parsed_args.group_domain).id kwargs["project"] = common.find_project( identity_client_manager, parsed_args.project, parsed_args.project_domain ).id kwargs["os_inherit_extension_inherited"] = parsed_args.inherited return kwargs
def _find_user(): try: return common.find_user( identity_client_manager, parsed_args.user, parsed_args.user_domain ).id except exceptions.CommandError: if not validate_actor_existence: return parsed_args.user raise
def take_action(self, parsed_args): compute_client = self.app.client_manager.sdk_connection.compute identity_client = self.app.client_manager.identity if parsed_args.project: if not sdk_utils.supports_microversion(compute_client, '2.10'): msg = _( '--os-compute-api-version 2.10 or greater is required to ' 'support the --project option') raise exceptions.CommandError(msg) # NOTE(stephenfin): This is done client side because nova doesn't # currently support doing so server-side. If this is slow, we can # think about spinning up a threadpool or similar. project = identity_common.find_project( identity_client, parsed_args.project, parsed_args.project_domain, ).id users = identity_client.users.list(tenant_id=project) data = [] for user in users: data.extend(compute_client.keypairs(user_id=user.id)) elif parsed_args.user: if not sdk_utils.supports_microversion(compute_client, '2.10'): msg = _( '--os-compute-api-version 2.10 or greater is required to ' 'support the --user option') raise exceptions.CommandError(msg) user = identity_common.find_user( identity_client, parsed_args.user, parsed_args.user_domain, ) data = compute_client.keypairs(user_id=user.id) else: data = compute_client.keypairs() columns = ("Name", "Fingerprint") if sdk_utils.supports_microversion(compute_client, '2.2'): columns += ("Type", ) return ( columns, (utils.get_item_properties(s, columns) for s in data), )
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity if parsed_args.user: user_id = common.find_user(identity_client, parsed_args.user, parsed_args.user_domain).id else: user_id = None columns = ('ID', 'Service', 'Method', 'Path') data = identity_client.access_rules.list(user=user_id) return (columns, (utils.get_item_properties( s, columns, formatters={}, ) for s in data))
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity if parsed_args.user: user_id = common.find_user(identity_client, parsed_args.user, parsed_args.user_domain).id else: user_id = None columns = ('ID', 'Name', 'Project ID', 'Description', 'Expires At') data = identity_client.application_credentials.list(user=user_id) return (columns, (utils.get_item_properties( s, columns, formatters={}, ) for s in data))
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity user_id = common.find_user(identity_client, parsed_args.user, parsed_args.user_domain).id group_id = common.find_group(identity_client, parsed_args.group, parsed_args.group_domain).id try: identity_client.users.check_in_group(user_id, group_id) except Exception: sys.stderr.write("%s not in group %s\n" % (parsed_args.user, parsed_args.group)) else: sys.stdout.write("%s in group %s\n" % (parsed_args.user, parsed_args.group))
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity user_id = common.find_user(identity_client, parsed_args.user, parsed_args.user_domain).id group_id = common.find_group(identity_client, parsed_args.group, parsed_args.group_domain).id try: identity_client.users.add_to_group(user_id, group_id) except Exception as e: msg = _("%(user)s not added to group %(group)s: %(e)s") % { 'user': parsed_args.user, 'group': parsed_args.group, 'e': e, } raise exceptions.CommandError(msg)
def take_action(self, parsed_args): self.log.debug('take_action(%s)', parsed_args) identity_client = self.app.client_manager.identity user_id = common.find_user(identity_client, parsed_args.user, parsed_args.user_domain).id group_id = common.find_group(identity_client, parsed_args.group, parsed_args.group_domain).id try: identity_client.users.add_to_group(user_id, group_id) except Exception: sys.stderr.write("%s not added to group %s\n" % (parsed_args.user, parsed_args.group)) else: sys.stdout.write("%s added to group %s\n" % (parsed_args.user, parsed_args.group))
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity if parsed_args.user: user_id = common.find_user(identity_client, parsed_args.user, parsed_args.user_domain).id else: user_id = None columns = ('ID', 'Name', 'Project ID', 'Description', 'Expires At') data = identity_client.application_credentials.list( user=user_id) return (columns, (utils.get_item_properties( s, columns, formatters={}, ) for s in data))
def take_action(self, parsed_args): compute_client = self.app.client_manager.sdk_connection.compute identity_client = self.app.client_manager.identity kwargs = {} result = 0 if parsed_args.user: if not sdk_utils.supports_microversion(compute_client, '2.10'): msg = _( '--os-compute-api-version 2.10 or greater is required to ' 'support the --user option') raise exceptions.CommandError(msg) kwargs['user_id'] = identity_common.find_user( identity_client, parsed_args.user, parsed_args.user_domain, ).id for n in parsed_args.name: try: compute_client.delete_keypair(n, **kwargs, ignore_missing=False) except Exception as e: result += 1 LOG.error( _("Failed to delete key with name " "'%(name)s': %(e)s"), { 'name': n, 'e': e }) if result > 0: total = len(parsed_args.name) msg = (_("%(result)s of %(total)s keys failed " "to delete.") % { 'result': result, 'total': total }) raise exceptions.CommandError(msg)
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity user_id = common.find_user(identity_client, parsed_args.user, parsed_args.user_domain).id group_id = common.find_group(identity_client, parsed_args.group, parsed_args.group_domain).id try: identity_client.users.check_in_group(user_id, group_id) except Exception: msg = _("%(user)s not in group %(group)s\n") % { 'user': parsed_args.user, 'group': parsed_args.group, } sys.stderr.write(msg) else: msg = _("%(user)s in group %(group)s\n") % { 'user': parsed_args.user, 'group': parsed_args.group, } sys.stdout.write(msg)
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity kwargs = {} if parsed_args.user: user_id = common.find_user( identity_client, parsed_args.user, parsed_args.user_domain, ).id kwargs["user_id"] = user_id if parsed_args.type: kwargs["type"] = parsed_args.type columns = ('ID', 'Type', 'User ID', 'Blob', 'Project ID') column_headers = ('ID', 'Type', 'User ID', 'Data', 'Project ID') data = self.app.client_manager.identity.credentials.list(**kwargs) return (column_headers, (utils.get_item_properties( s, columns, formatters={}, ) for s in data))
def take_action(self, parsed_args): compute_client = self.app.client_manager.sdk_connection.compute identity_client = self.app.client_manager.identity kwargs = {'name': parsed_args.name} public_key = parsed_args.public_key if public_key: try: with io.open(os.path.expanduser(parsed_args.public_key)) as p: public_key = p.read() except IOError as e: msg = _("Key file %(public_key)s not found: %(exception)s") raise exceptions.CommandError(msg % { "public_key": parsed_args.public_key, "exception": e }) kwargs['public_key'] = public_key if parsed_args.type: if not sdk_utils.supports_microversion(compute_client, '2.2'): msg = _( '--os-compute-api-version 2.2 or greater is required to ' 'support the --type option') raise exceptions.CommandError(msg) kwargs['key_type'] = parsed_args.type if parsed_args.user: if not sdk_utils.supports_microversion(compute_client, '2.10'): msg = _( '--os-compute-api-version 2.10 or greater is required to ' 'support the --user option') raise exceptions.CommandError(msg) kwargs['user_id'] = identity_common.find_user( identity_client, parsed_args.user, parsed_args.user_domain, ).id keypair = compute_client.create_keypair(**kwargs) private_key = parsed_args.private_key # Save private key into specified file if private_key: try: with io.open(os.path.expanduser(parsed_args.private_key), 'w+') as p: p.write(keypair.private_key) except IOError as e: msg = _("Key file %(private_key)s can not be saved: " "%(exception)s") raise exceptions.CommandError(msg % { "private_key": parsed_args.private_key, "exception": e }) # NOTE(dtroyer): how do we want to handle the display of the private # key when it needs to be communicated back to the user # For now, duplicate nova keypair-add command output if public_key or private_key: display_columns, columns = _get_keypair_columns(keypair, hide_pub_key=True, hide_priv_key=True) data = utils.get_item_properties(keypair, columns) return (display_columns, data) else: sys.stdout.write(keypair.private_key) return ({}, {})
def take_action(self, parsed_args): volume_client = self.app.client_manager.volume compute_client = self.app.client_manager.compute identity_client = self.app.client_manager.identity def _format_attach(attachments): """Return a formatted string of a volume's attached instances :param attachments: a volume.attachments field :rtype: a string of formatted instances """ msg = '' for attachment in attachments: server = attachment['server_id'] if server in server_cache: server = server_cache[server].name device = attachment['device'] msg += 'Attached to %s on %s ' % (server, device) return msg if parsed_args.long: columns = [ 'ID', 'Name', 'Status', 'Size', 'Volume Type', 'Bootable', 'Attachments', 'Metadata', ] column_headers = copy.deepcopy(columns) column_headers[1] = 'Display Name' column_headers[4] = 'Type' column_headers[6] = 'Attached to' column_headers[7] = 'Properties' else: columns = [ 'ID', 'Name', 'Status', 'Size', 'Attachments', ] column_headers = copy.deepcopy(columns) column_headers[1] = 'Display Name' column_headers[4] = 'Attached to' # Cache the server list server_cache = {} try: for s in compute_client.servers.list(): server_cache[s.id] = s except Exception: # Just forget it if there's any trouble pass project_id = None if parsed_args.project: project_id = identity_common.find_project( identity_client, parsed_args.project, parsed_args.project_domain) user_id = None if parsed_args.user: user_id = identity_common.find_user(identity_client, parsed_args.user, parsed_args.user_domain) search_opts = { 'all_tenants': parsed_args.all_projects, 'project_id': project_id, 'user_id': user_id, 'display_name': parsed_args.name, 'status': parsed_args.status, } data = volume_client.volumes.list(search_opts=search_opts) return (column_headers, (utils.get_item_properties( s, columns, formatters={ 'Metadata': utils.format_dict, 'Attachments': _format_attach }, ) for s in data))
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity if parsed_args.user: user = common.find_user(identity_client, parsed_args.user, parsed_args.user_domain) elif parsed_args.group: group = common.find_group(identity_client, parsed_args.group, parsed_args.group_domain) if parsed_args.domain: domain = common.find_domain(identity_client, parsed_args.domain) elif parsed_args.project: project = common.find_project(identity_client, parsed_args.project, parsed_args.project_domain) # no user or group specified, list all roles in the system if not parsed_args.user and not parsed_args.group: columns = ("ID", "Name") data = identity_client.roles.list() elif parsed_args.user and parsed_args.domain: columns = ("ID", "Name", "Domain", "User") data = identity_client.roles.list( user=user, domain=domain, os_inherit_extension_inherited=parsed_args.inherited ) for user_role in data: user_role.user = user.name user_role.domain = domain.name elif parsed_args.user and parsed_args.project: columns = ("ID", "Name", "Project", "User") data = identity_client.roles.list( user=user, project=project, os_inherit_extension_inherited=parsed_args.inherited ) for user_role in data: user_role.user = user.name user_role.project = project.name elif parsed_args.user: columns = ("ID", "Name") data = identity_client.roles.list( user=user, domain="default", os_inherit_extension_inherited=parsed_args.inherited ) elif parsed_args.group and parsed_args.domain: columns = ("ID", "Name", "Domain", "Group") data = identity_client.roles.list( group=group, domain=domain, os_inherit_extension_inherited=parsed_args.inherited ) for group_role in data: group_role.group = group.name group_role.domain = domain.name elif parsed_args.group and parsed_args.project: columns = ("ID", "Name", "Project", "Group") data = identity_client.roles.list( group=group, project=project, os_inherit_extension_inherited=parsed_args.inherited ) for group_role in data: group_role.group = group.name group_role.project = project.name else: sys.stderr.write( "Error: If a user or group is specified, either " "--domain or --project must also be specified to " "list role grants.\n" ) return ([], []) return (columns, (utils.get_item_properties(s, columns, formatters={}) for s in data))
def take_action(self, parsed_args): self.log.debug('take_action(%s)', parsed_args) identity_client = self.app.client_manager.identity if (not parsed_args.user and not parsed_args.domain and not parsed_args.group and not parsed_args.project): return role = utils.find_resource( identity_client.roles, parsed_args.role, ) if parsed_args.user and parsed_args.domain: user = common.find_user( identity_client, parsed_args.user, ) domain = common.find_domain( identity_client, parsed_args.domain, ) identity_client.roles.grant( role.id, user=user.id, domain=domain.id, ) elif parsed_args.user and parsed_args.project: user = common.find_user( identity_client, parsed_args.user, ) project = common.find_project( identity_client, parsed_args.project, ) identity_client.roles.grant( role.id, user=user.id, project=project.id, ) elif parsed_args.group and parsed_args.domain: group = common.find_group( identity_client, parsed_args.group, ) domain = common.find_domain( identity_client, parsed_args.domain, ) identity_client.roles.grant( role.id, group=group.id, domain=domain.id, ) elif parsed_args.group and parsed_args.project: group = common.find_group( identity_client, parsed_args.group, ) project = common.find_project( identity_client, parsed_args.project, ) identity_client.roles.grant( role.id, group=group.id, project=project.id, ) else: sys.stderr.write("Role not added, incorrect set of arguments \ provided. See openstack --help for more details\n") return
def take_action(self, parsed_args): self.log.debug('take_action(%s)' % parsed_args) identity_client = self.app.client_manager.identity if parsed_args.user: user = common.find_user( identity_client, parsed_args.user, ) elif parsed_args.group: group = common.find_group( identity_client, parsed_args.group, ) if parsed_args.domain: domain = common.find_domain( identity_client, parsed_args.domain, ) elif parsed_args.project: project = common.find_project( identity_client, parsed_args.project, ) # no user or group specified, list all roles in the system if not parsed_args.user and not parsed_args.group: columns = ('ID', 'Name') data = identity_client.roles.list() elif parsed_args.user and parsed_args.domain: columns = ('ID', 'Name', 'Domain', 'User') data = identity_client.roles.list( user=user, domain=domain, ) for user_role in data: user_role.user = user.name user_role.domain = domain.name elif parsed_args.user and parsed_args.project: columns = ('ID', 'Name', 'Project', 'User') data = identity_client.roles.list( user=user, project=project, ) for user_role in data: user_role.user = user.name user_role.project = project.name elif parsed_args.user: columns = ('ID', 'Name') data = identity_client.roles.list( user=user, domain='default', ) elif parsed_args.group and parsed_args.domain: columns = ('ID', 'Name', 'Domain', 'Group') data = identity_client.roles.list( group=group, domain=domain, ) for group_role in data: group_role.group = group.name group_role.domain = domain.name elif parsed_args.group and parsed_args.project: columns = ('ID', 'Name', 'Project', 'Group') data = identity_client.roles.list( group=group, project=project, ) for group_role in data: group_role.group = group.name group_role.project = project.name else: sys.stderr.write("Error: If a user or group is specified, either " "--domain or --project must also be specified to " "list role grants.\n") return ([], []) return (columns, (utils.get_item_properties( s, columns, formatters={}, ) for s in data))
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity auth_ref = self.app.client_manager.auth_ref role = None if parsed_args.role: role = utils.find_resource( identity_client.roles, parsed_args.role, ) user = None if parsed_args.user: user = common.find_user( identity_client, parsed_args.user, parsed_args.user_domain, ) elif parsed_args.authuser: if auth_ref: user = common.find_user( identity_client, auth_ref.user_id ) domain = None if parsed_args.domain: domain = common.find_domain( identity_client, parsed_args.domain, ) project = None if parsed_args.project: project = common.find_project( identity_client, parsed_args.project, parsed_args.project_domain, ) elif parsed_args.authproject: if auth_ref: project = common.find_project( identity_client, auth_ref.project_id ) group = None if parsed_args.group: group = common.find_group( identity_client, parsed_args.group, parsed_args.group_domain, ) include_names = True if parsed_args.names else False effective = True if parsed_args.effective else False columns = ('Role', 'User', 'Group', 'Project', 'Domain', 'Inherited') inherited_to = 'projects' if parsed_args.inherited else None data = identity_client.role_assignments.list( domain=domain, user=user, group=group, project=project, role=role, effective=effective, os_inherit_extension_inherited_to=inherited_to, include_names=include_names) data_parsed = [] for assignment in data: # Removing the extra "scope" layer in the assignment json scope = assignment.scope if 'project' in scope: if include_names: prj = '@'.join([scope['project']['name'], scope['project']['domain']['name']]) setattr(assignment, 'project', prj) else: setattr(assignment, 'project', scope['project']['id']) assignment.domain = '' elif 'domain' in scope: if include_names: setattr(assignment, 'domain', scope['domain']['name']) else: setattr(assignment, 'domain', scope['domain']['id']) assignment.project = '' else: assignment.domain = '' assignment.project = '' inherited = scope.get('OS-INHERIT:inherited_to') == 'projects' assignment.inherited = inherited del assignment.scope if hasattr(assignment, 'user'): if include_names: usr = '******'.join([assignment.user['name'], assignment.user['domain']['name']]) setattr(assignment, 'user', usr) else: setattr(assignment, 'user', assignment.user['id']) assignment.group = '' elif hasattr(assignment, 'group'): if include_names: grp = '@'.join([assignment.group['name'], assignment.group['domain']['name']]) setattr(assignment, 'group', grp) else: setattr(assignment, 'group', assignment.group['id']) assignment.user = '' else: assignment.user = '' assignment.group = '' if hasattr(assignment, 'role'): if include_names: setattr(assignment, 'role', assignment.role['name']) else: setattr(assignment, 'role', assignment.role['id']) else: assignment.role = '' # Creating a tuple from data object fields # (including the blank ones) data_parsed.append(self._as_tuple(assignment)) return columns, tuple(data_parsed)
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity role = None if parsed_args.role: role = utils.find_resource( identity_client.roles, parsed_args.role, ) user = None if parsed_args.user: user = common.find_user( identity_client, parsed_args.user, parsed_args.user_domain, ) domain = None if parsed_args.domain: domain = common.find_domain( identity_client, parsed_args.domain, ) project = None if parsed_args.project: project = common.find_project( identity_client, parsed_args.project, parsed_args.project_domain, ) group = None if parsed_args.group: group = common.find_group( identity_client, parsed_args.group, parsed_args.group_domain, ) include_names = True if parsed_args.names else False effective = True if parsed_args.effective else False columns = ('Role', 'User', 'Group', 'Project', 'Domain', 'Inherited') inherited_to = 'projects' if parsed_args.inherited else None data = identity_client.role_assignments.list( domain=domain, user=user, group=group, project=project, role=role, effective=effective, os_inherit_extension_inherited_to=inherited_to, include_names=include_names) data_parsed = [] for assignment in data: # Removing the extra "scope" layer in the assignment json scope = assignment.scope if 'project' in scope: if include_names: prj = '@'.join([ scope['project']['name'], scope['project']['domain']['name'] ]) setattr(assignment, 'project', prj) else: setattr(assignment, 'project', scope['project']['id']) assignment.domain = '' elif 'domain' in scope: if include_names: setattr(assignment, 'domain', scope['domain']['name']) else: setattr(assignment, 'domain', scope['domain']['id']) assignment.project = '' else: assignment.domain = '' assignment.project = '' inherited = scope.get('OS-INHERIT:inherited_to') == 'projects' assignment.inherited = inherited del assignment.scope if hasattr(assignment, 'user'): if include_names: usr = '******'.join([ assignment.user['name'], assignment.user['domain']['name'] ]) setattr(assignment, 'user', usr) else: setattr(assignment, 'user', assignment.user['id']) assignment.group = '' elif hasattr(assignment, 'group'): if include_names: grp = '@'.join([ assignment.group['name'], assignment.group['domain']['name'] ]) setattr(assignment, 'group', grp) else: setattr(assignment, 'group', assignment.group['id']) assignment.user = '' else: assignment.user = '' assignment.group = '' if hasattr(assignment, 'role'): if include_names: setattr(assignment, 'role', assignment.role['name']) else: setattr(assignment, 'role', assignment.role['id']) else: assignment.role = '' # Creating a tuple from data object fields # (including the blank ones) data_parsed.append(self._as_tuple(assignment)) return columns, tuple(data_parsed)
def take_action(self, parsed_args): compute_client = self.app.client_manager.sdk_connection.compute identity_client = self.app.client_manager.identity kwargs = {} if parsed_args.marker: if not sdk_utils.supports_microversion(compute_client, '2.35'): msg = _('--os-compute-api-version 2.35 or greater is required ' 'to support the --marker option') raise exceptions.CommandError(msg) kwargs['marker'] = parsed_args.marker if parsed_args.limit: if not sdk_utils.supports_microversion(compute_client, '2.35'): msg = _('--os-compute-api-version 2.35 or greater is required ' 'to support the --limit option') raise exceptions.CommandError(msg) kwargs['limit'] = parsed_args.limit if parsed_args.project: if not sdk_utils.supports_microversion(compute_client, '2.10'): msg = _( '--os-compute-api-version 2.10 or greater is required to ' 'support the --project option') raise exceptions.CommandError(msg) if parsed_args.marker: # NOTE(stephenfin): Because we're doing this client-side, we # can't really rely on the marker, because we don't know what # user the marker is associated with msg = _('--project is not compatible with --marker') # NOTE(stephenfin): This is done client side because nova doesn't # currently support doing so server-side. If this is slow, we can # think about spinning up a threadpool or similar. project = identity_common.find_project( identity_client, parsed_args.project, parsed_args.project_domain, ).id users = identity_client.users.list(tenant_id=project) data = [] for user in users: kwargs['user_id'] = user.id data.extend(compute_client.keypairs(**kwargs)) elif parsed_args.user: if not sdk_utils.supports_microversion(compute_client, '2.10'): msg = _( '--os-compute-api-version 2.10 or greater is required to ' 'support the --user option') raise exceptions.CommandError(msg) user = identity_common.find_user( identity_client, parsed_args.user, parsed_args.user_domain, ) kwargs['user_id'] = user.id data = compute_client.keypairs(**kwargs) else: data = compute_client.keypairs(**kwargs) columns = ("Name", "Fingerprint") if sdk_utils.supports_microversion(compute_client, '2.2'): columns += ("Type", ) return ( columns, (utils.get_item_properties(s, columns) for s in data), )
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity auth_ref = self.app.client_manager.auth_ref role = None role_domain_id = None if parsed_args.role_domain: role_domain_id = common.find_domain(identity_client, parsed_args.role_domain).id if parsed_args.role: role = utils.find_resource( identity_client.roles, parsed_args.role, domain_id=role_domain_id ) user = None if parsed_args.user: user = common.find_user( identity_client, parsed_args.user, parsed_args.user_domain, ) elif parsed_args.authuser: if auth_ref: user = common.find_user( identity_client, auth_ref.user_id ) system = None if parsed_args.system: system = parsed_args.system domain = None if parsed_args.domain: domain = common.find_domain( identity_client, parsed_args.domain, ) project = None if parsed_args.project: project = common.find_project( identity_client, common._get_token_resource(identity_client, 'project', parsed_args.project), parsed_args.project_domain, ) elif parsed_args.authproject: if auth_ref: project = common.find_project( identity_client, auth_ref.project_id ) group = None if parsed_args.group: group = common.find_group( identity_client, parsed_args.group, parsed_args.group_domain, ) include_names = True if parsed_args.names else False effective = True if parsed_args.effective else False columns = ( 'Role', 'User', 'Group', 'Project', 'Domain', 'System', 'Inherited' ) inherited_to = 'projects' if parsed_args.inherited else None data = identity_client.role_assignments.list( domain=domain, user=user, group=group, project=project, system=system, role=role, effective=effective, os_inherit_extension_inherited_to=inherited_to, include_names=include_names) data_parsed = [] for assignment in data: # Removing the extra "scope" layer in the assignment json scope = assignment.scope if 'project' in scope: if include_names: prj = '@'.join([scope['project']['name'], scope['project']['domain']['name']]) setattr(assignment, 'project', prj) else: setattr(assignment, 'project', scope['project']['id']) assignment.domain = '' assignment.system = '' elif 'domain' in scope: if include_names: setattr(assignment, 'domain', scope['domain']['name']) else: setattr(assignment, 'domain', scope['domain']['id']) assignment.project = '' assignment.system = '' elif 'system' in scope: # NOTE(lbragstad): If, or when, keystone supports role # assignments on subsets of a system, this will have to evolve # to handle that case instead of hardcoding to the entire # system. setattr(assignment, 'system', 'all') assignment.domain = '' assignment.project = '' else: assignment.system = '' assignment.domain = '' assignment.project = '' inherited = scope.get('OS-INHERIT:inherited_to') == 'projects' assignment.inherited = inherited del assignment.scope if hasattr(assignment, 'user'): if include_names: usr = '******'.join([assignment.user['name'], assignment.user['domain']['name']]) setattr(assignment, 'user', usr) else: setattr(assignment, 'user', assignment.user['id']) assignment.group = '' elif hasattr(assignment, 'group'): if include_names: grp = '@'.join([assignment.group['name'], assignment.group['domain']['name']]) setattr(assignment, 'group', grp) else: setattr(assignment, 'group', assignment.group['id']) assignment.user = '' else: assignment.user = '' assignment.group = '' if hasattr(assignment, 'role'): if include_names: # TODO(henry-nash): If this is a domain specific role it # would be good show this as role@domain, although this # domain info is not yet included in the response from the # server. Although we could get it by re-reading the role # from the ID, let's wait until the server does the right # thing. setattr(assignment, 'role', assignment.role['name']) else: setattr(assignment, 'role', assignment.role['id']) else: assignment.role = '' # Creating a tuple from data object fields # (including the blank ones) data_parsed.append(self._as_tuple(assignment)) return columns, tuple(data_parsed)
def take_action(self, parsed_args): volume_client = self.app.client_manager.volume compute_client = self.app.client_manager.compute identity_client = self.app.client_manager.identity if parsed_args.long: columns = [ 'ID', 'Name', 'Status', 'Size', 'Volume Type', 'Bootable', 'Attachments', 'Metadata', ] column_headers = copy.deepcopy(columns) column_headers[4] = 'Type' column_headers[6] = 'Attached to' column_headers[7] = 'Properties' else: columns = [ 'ID', 'Name', 'Status', 'Size', 'Attachments', ] column_headers = copy.deepcopy(columns) column_headers[4] = 'Attached to' # Cache the server list server_cache = {} try: for s in compute_client.servers.list(): server_cache[s.id] = s except Exception: # Just forget it if there's any trouble pass AttachmentsColumnWithCache = functools.partial( AttachmentsColumn, server_cache=server_cache) project_id = None if parsed_args.project: project_id = identity_common.find_project( identity_client, parsed_args.project, parsed_args.project_domain).id user_id = None if parsed_args.user: user_id = identity_common.find_user(identity_client, parsed_args.user, parsed_args.user_domain).id # set value of 'all_tenants' when using project option all_projects = bool(parsed_args.project) or parsed_args.all_projects search_opts = { 'all_tenants': all_projects, 'project_id': project_id, 'user_id': user_id, 'name': parsed_args.name, 'status': parsed_args.status, } data = volume_client.volumes.list( search_opts=search_opts, marker=parsed_args.marker, limit=parsed_args.limit, ) column_headers = utils.backward_compat_col_lister( column_headers, parsed_args.columns, {'Display Name': 'Name'}) return (column_headers, (utils.get_item_properties( s, columns, formatters={'Metadata': format_columns.DictColumn, 'Attachments': AttachmentsColumnWithCache}, ) for s in data))
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity if parsed_args.user: user = common.find_user( identity_client, parsed_args.user, parsed_args.user_domain, ) elif parsed_args.group: group = common.find_group( identity_client, parsed_args.group, parsed_args.group_domain, ) if parsed_args.domain: domain = common.find_domain( identity_client, parsed_args.domain, ) elif parsed_args.project: project = common.find_project( identity_client, parsed_args.project, parsed_args.project_domain, ) # no user or group specified, list all roles in the system if not parsed_args.user and not parsed_args.group: columns = ('ID', 'Name') data = identity_client.roles.list() elif parsed_args.user and parsed_args.domain: columns = ('ID', 'Name', 'Domain', 'User') data = identity_client.roles.list( user=user, domain=domain, os_inherit_extension_inherited=parsed_args.inherited) for user_role in data: user_role.user = user.name user_role.domain = domain.name elif parsed_args.user and parsed_args.project: columns = ('ID', 'Name', 'Project', 'User') data = identity_client.roles.list( user=user, project=project, os_inherit_extension_inherited=parsed_args.inherited) for user_role in data: user_role.user = user.name user_role.project = project.name elif parsed_args.user: columns = ('ID', 'Name') data = identity_client.roles.list( user=user, domain='default', os_inherit_extension_inherited=parsed_args.inherited) elif parsed_args.group and parsed_args.domain: columns = ('ID', 'Name', 'Domain', 'Group') data = identity_client.roles.list( group=group, domain=domain, os_inherit_extension_inherited=parsed_args.inherited) for group_role in data: group_role.group = group.name group_role.domain = domain.name elif parsed_args.group and parsed_args.project: columns = ('ID', 'Name', 'Project', 'Group') data = identity_client.roles.list( group=group, project=project, os_inherit_extension_inherited=parsed_args.inherited) for group_role in data: group_role.group = group.name group_role.project = project.name else: sys.stderr.write("Error: If a user or group is specified, either " "--domain or --project must also be specified to " "list role grants.\n") return ([], []) return (columns, (utils.get_item_properties( s, columns, formatters={}, ) for s in data))
def take_action(self, parsed_args): compute_client = self.app.client_manager.compute identity_client = self.app.client_manager.identity project_id = None if parsed_args.project: project_id = identity_common.find_project( identity_client, parsed_args.project, parsed_args.project_domain ).id parsed_args.all_projects = True user_id = None if parsed_args.user: user_id = identity_common.find_user(identity_client, parsed_args.user, parsed_args.user_domain).id # Nova only supports list servers searching by flavor ID. So if a # flavor name is given, map it to ID. flavor_id = None if parsed_args.flavor: flavor_id = utils.find_resource(compute_client.flavors, parsed_args.flavor).id # Nova only supports list servers searching by image ID. So if a # image name is given, map it to ID. image_id = None if parsed_args.image: image_id = utils.find_resource(compute_client.images, parsed_args.image).id search_opts = { "reservation_id": parsed_args.reservation_id, "ip": parsed_args.ip, "ip6": parsed_args.ip6, "name": parsed_args.name, "instance_name": parsed_args.instance_name, "status": parsed_args.status, "flavor": flavor_id, "image": image_id, "host": parsed_args.host, "tenant_id": project_id, "all_tenants": parsed_args.all_projects, "user_id": user_id, } self.log.debug("search options: %s", search_opts) if parsed_args.long: columns = ( "ID", "Name", "Status", "OS-EXT-STS:task_state", "OS-EXT-STS:power_state", "Networks", "OS-EXT-AZ:availability_zone", "OS-EXT-SRV-ATTR:host", "Metadata", ) column_headers = ( "ID", "Name", "Status", "Task State", "Power State", "Networks", "Availability Zone", "Host", "Properties", ) mixed_case_fields = [ "OS-EXT-STS:task_state", "OS-EXT-STS:power_state", "OS-EXT-AZ:availability_zone", "OS-EXT-SRV-ATTR:host", ] else: columns = ("ID", "Name", "Status", "Networks") column_headers = ("ID", "Name", "Status", "Networks") mixed_case_fields = [] marker_id = None if parsed_args.marker: marker_id = utils.find_resource(compute_client.servers, parsed_args.marker).id data = compute_client.servers.list(search_opts=search_opts, marker=marker_id, limit=parsed_args.limit) return ( column_headers, ( utils.get_item_properties( s, columns, mixed_case_fields=mixed_case_fields, formatters={ "OS-EXT-STS:power_state": _format_servers_list_power_state, "Networks": _format_servers_list_networks, "Metadata": utils.format_dict, }, ) for s in data ), )
def take_action(self, parsed_args): volume_client = self.app.client_manager.volume compute_client = self.app.client_manager.compute identity_client = self.app.client_manager.identity def _format_attach(attachments): """Return a formatted string of a volume's attached instances :param attachments: a volume.attachments field :rtype: a string of formatted instances """ msg = '' for attachment in attachments: server = attachment['server_id'] if server in server_cache: server = server_cache[server].name device = attachment['device'] msg += 'Attached to %s on %s ' % (server, device) return msg if parsed_args.long: columns = [ 'ID', 'Name', 'Status', 'Size', 'Volume Type', 'Bootable', 'Attachments', 'Metadata', ] column_headers = copy.deepcopy(columns) column_headers[1] = 'Display Name' column_headers[4] = 'Type' column_headers[6] = 'Attached to' column_headers[7] = 'Properties' else: columns = [ 'ID', 'Name', 'Status', 'Size', 'Attachments', ] column_headers = copy.deepcopy(columns) column_headers[1] = 'Display Name' column_headers[4] = 'Attached to' # Cache the server list server_cache = {} try: for s in compute_client.servers.list(): server_cache[s.id] = s except Exception: # Just forget it if there's any trouble pass project_id = None if parsed_args.project: project_id = identity_common.find_project( identity_client, parsed_args.project, parsed_args.project_domain) user_id = None if parsed_args.user: user_id = identity_common.find_user(identity_client, parsed_args.user, parsed_args.user_domain) search_opts = { 'all_tenants': parsed_args.all_projects, 'project_id': project_id, 'user_id': user_id, 'display_name': parsed_args.name, 'status': parsed_args.status, } data = volume_client.volumes.list(search_opts=search_opts) return (column_headers, (utils.get_item_properties( s, columns, formatters={'Metadata': utils.format_dict, 'Attachments': _format_attach}, ) for s in data))
def take_action(self, parsed_args): share_client = self.app.client_manager.share identity_client = self.app.client_manager.identity # TODO(gouthamr): Add support for ~name, ~description # export_location filtering if parsed_args.long: columns = SHARE_ATTRIBUTES column_headers = SHARE_ATTRIBUTES_HEADERS else: columns = [ 'id', 'name', 'size', 'share_proto', 'status', 'is_public', 'share_type_name', 'host', 'availability_zone' ] column_headers = [ 'ID', 'Name', 'Size', 'Share Proto', 'Status', 'Is Public', 'Share Type Name', 'Host', 'Availability Zone' ] project_id = None if parsed_args.project: project_id = identity_common.find_project( identity_client, parsed_args.project, parsed_args.project_domain).id user_id = None if parsed_args.user: user_id = identity_common.find_user(identity_client, parsed_args.user, parsed_args.user_domain).id # set value of 'all_tenants' when using project option all_tenants = bool(parsed_args.project) or parsed_args.all_projects share_type_id = None if parsed_args.share_type: share_type_id = apiutils.find_resource(share_client.share_types, parsed_args.share_type).id snapshot_id = None if parsed_args.snapshot: snapshot_id = apiutils.find_resource(share_client.share_snapshots, parsed_args.snapshot).id share_network_id = None if parsed_args.share_network: share_network_id = apiutils.find_resource( share_client.share_networks, parsed_args.share_network).id share_group_id = None if parsed_args.share_group: share_group_id = apiutils.find_resource(share_client.share_groups, parsed_args.share_group).id share_server_id = None if parsed_args.share_server: share_server_id = apiutils.find_resource( share_client.share_servers, parsed_args.share_server).id search_opts = { 'all_tenants': all_tenants, 'is_public': parsed_args.public, 'metadata': utils.extract_key_value_options(parsed_args.property), 'extra_specs': utils.extract_key_value_options(parsed_args.extra_spec), 'limit': parsed_args.limit, 'name': parsed_args.name, 'status': parsed_args.status, 'host': parsed_args.host, 'share_server_id': share_server_id, 'share_network_id': share_network_id, 'share_type_id': share_type_id, 'snapshot_id': snapshot_id, 'share_group_id': share_group_id, 'project_id': project_id, 'user_id': user_id, 'offset': parsed_args.marker, } # NOTE(vkmc) We implemented sorting and filtering in manilaclient # but we will use the one provided by osc data = share_client.shares.list(search_opts=search_opts) data = oscutils.sort_items(data, parsed_args.sort, str) return (column_headers, (oscutils.get_item_properties( s, columns, formatters={'Metadata': oscutils.format_dict}, ) for s in data))
def take_action(self, parsed_args): self.log.debug('take_action(%s)' % parsed_args) identity_client = self.app.client_manager.identity role = None if parsed_args.role: role = utils.find_resource( identity_client.roles, parsed_args.role, ) user = None if parsed_args.user: user = common.find_user( identity_client, parsed_args.user, ) domain = None if parsed_args.domain: domain = common.find_domain( identity_client, parsed_args.domain, ) project = None if parsed_args.project: project = common.find_project( identity_client, parsed_args.project, ) group = None if parsed_args.group: group = common.find_group( identity_client, parsed_args.group, ) effective = True if parsed_args.effective else False self.log.debug('take_action(%s)' % parsed_args) columns = ('Role', 'User', 'Group', 'Project', 'Domain') data = identity_client.role_assignments.list(domain=domain, user=user, group=group, project=project, role=role, effective=effective) data_parsed = [] for assignment in data: # Removing the extra "scope" layer in the assignment json scope = assignment.scope if 'project' in scope: setattr(assignment, 'project', scope['project']['id']) assignment.domain = '' elif 'domain' in scope: setattr(assignment, 'domain', scope['domain']['id']) assignment.project = '' else: assignment.domain = '' assignment.project = '' del assignment.scope if hasattr(assignment, 'user'): setattr(assignment, 'user', assignment.user['id']) assignment.group = '' elif hasattr(assignment, 'group'): setattr(assignment, 'group', assignment.group['id']) assignment.user = '' else: assignment.user = '' assignment.group = '' if hasattr(assignment, 'role'): setattr(assignment, 'role', assignment.role['id']) else: assignment.role = '' # Creating a tuple from data object fields # (including the blank ones) data_parsed.append(self._as_tuple(assignment)) return columns, tuple(data_parsed)
def take_action(self, parsed_args): self.log.debug('take_action(%s)', parsed_args) identity_client = self.app.client_manager.identity if (not parsed_args.user and not parsed_args.domain and not parsed_args.group and not parsed_args.project): return role = utils.find_resource( identity_client.roles, parsed_args.role, ) kwargs = {} if parsed_args.user and parsed_args.domain: user_domain_id = self._get_domain_id_if_requested( parsed_args.user_domain) kwargs['user'] = common.find_user( identity_client, parsed_args.user, user_domain_id, ).id kwargs['domain'] = common.find_domain( identity_client, parsed_args.domain, ).id elif parsed_args.user and parsed_args.project: user_domain_id = self._get_domain_id_if_requested( parsed_args.user_domain) kwargs['user'] = common.find_user( identity_client, parsed_args.user, user_domain_id, ).id project_domain_id = self._get_domain_id_if_requested( parsed_args.project_domain) kwargs['project'] = common.find_project( identity_client, parsed_args.project, project_domain_id, ).id elif parsed_args.group and parsed_args.domain: group_domain_id = self._get_domain_id_if_requested( parsed_args.group_domain) kwargs['group'] = common.find_group( identity_client, parsed_args.group, group_domain_id, ).id kwargs['domain'] = common.find_domain( identity_client, parsed_args.domain, ).id elif parsed_args.group and parsed_args.project: group_domain_id = self._get_domain_id_if_requested( parsed_args.group_domain) kwargs['group'] = common.find_group( identity_client, parsed_args.group, group_domain_id, ).id project_domain_id = self._get_domain_id_if_requested( parsed_args.project_domain) kwargs['project'] = common.find_project( identity_client, parsed_args.project, project_domain_id, ).id else: sys.stderr.write("Role not added, incorrect set of arguments \ provided. See openstack --help for more details\n") return identity_client.roles.grant(role.id, **kwargs) return
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity if parsed_args.user: user = common.find_user( identity_client, parsed_args.user, parsed_args.user_domain, ) elif parsed_args.group: group = common.find_group( identity_client, parsed_args.group, parsed_args.group_domain, ) if parsed_args.domain: domain = common.find_domain( identity_client, parsed_args.domain, ) elif parsed_args.project: project = common.find_project( identity_client, parsed_args.project, parsed_args.project_domain, ) # no user or group specified, list all roles in the system if not parsed_args.user and not parsed_args.group: if not parsed_args.domain: columns = ('ID', 'Name') data = identity_client.roles.list() else: columns = ('ID', 'Name', 'Domain') data = identity_client.roles.list(domain_id=domain.id) for role in data: role.domain = domain.name elif parsed_args.user and parsed_args.domain: columns = ('ID', 'Name', 'Domain', 'User') data = identity_client.roles.list( user=user, domain=domain, os_inherit_extension_inherited=parsed_args.inherited ) for user_role in data: user_role.user = user.name user_role.domain = domain.name self.log.warning(_('Listing assignments using role list is ' 'deprecated. Use role assignment list --user ' '<user-name> --domain <domain-name> --names ' 'instead.')) elif parsed_args.user and parsed_args.project: columns = ('ID', 'Name', 'Project', 'User') data = identity_client.roles.list( user=user, project=project, os_inherit_extension_inherited=parsed_args.inherited ) for user_role in data: user_role.user = user.name user_role.project = project.name self.log.warning(_('Listing assignments using role list is ' 'deprecated. Use role assignment list --user ' '<user-name> --project <project-name> --names ' 'instead.')) elif parsed_args.user: columns = ('ID', 'Name') data = identity_client.roles.list( user=user, domain='default', os_inherit_extension_inherited=parsed_args.inherited ) self.log.warning(_('Listing assignments using role list is ' 'deprecated. Use role assignment list --user ' '<user-name> --domain default --names ' 'instead.')) elif parsed_args.group and parsed_args.domain: columns = ('ID', 'Name', 'Domain', 'Group') data = identity_client.roles.list( group=group, domain=domain, os_inherit_extension_inherited=parsed_args.inherited ) for group_role in data: group_role.group = group.name group_role.domain = domain.name self.log.warning(_('Listing assignments using role list is ' 'deprecated. Use role assignment list --group ' '<group-name> --domain <domain-name> --names ' 'instead.')) elif parsed_args.group and parsed_args.project: columns = ('ID', 'Name', 'Project', 'Group') data = identity_client.roles.list( group=group, project=project, os_inherit_extension_inherited=parsed_args.inherited ) for group_role in data: group_role.group = group.name group_role.project = project.name self.log.warning(_('Listing assignments using role list is ' 'deprecated. Use role assignment list --group ' '<group-name> --project <project-name> --names ' 'instead.')) else: sys.stderr.write(_("Error: If a user or group is specified, " "either --domain or --project must also be " "specified to list role grants.\n")) return ([], []) return (columns, (utils.get_item_properties( s, columns, formatters={}, ) for s in data))
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity if parsed_args.user: user = common.find_user( identity_client, parsed_args.user, parsed_args.user_domain, ) elif parsed_args.group: group = common.find_group( identity_client, parsed_args.group, parsed_args.group_domain, ) if parsed_args.domain: domain = common.find_domain( identity_client, parsed_args.domain, ) elif parsed_args.project: project = common.find_project( identity_client, parsed_args.project, parsed_args.project_domain, ) # no user or group specified, list all roles in the system if not parsed_args.user and not parsed_args.group: if not parsed_args.domain: columns = ('ID', 'Name') data = identity_client.roles.list() else: columns = ('ID', 'Name', 'Domain') data = identity_client.roles.list(domain_id=domain.id) for role in data: role.domain = domain.name elif parsed_args.user and parsed_args.domain: columns = ('ID', 'Name', 'Domain', 'User') data = identity_client.roles.list( user=user, domain=domain, os_inherit_extension_inherited=parsed_args.inherited) for user_role in data: user_role.user = user.name user_role.domain = domain.name self.log.warning( _('Listing assignments using role list is ' 'deprecated. Use role assignment list --user ' '<user-name> --domain <domain-name> --names ' 'instead.')) elif parsed_args.user and parsed_args.project: columns = ('ID', 'Name', 'Project', 'User') data = identity_client.roles.list( user=user, project=project, os_inherit_extension_inherited=parsed_args.inherited) for user_role in data: user_role.user = user.name user_role.project = project.name self.log.warning( _('Listing assignments using role list is ' 'deprecated. Use role assignment list --user ' '<user-name> --project <project-name> --names ' 'instead.')) elif parsed_args.user: columns = ('ID', 'Name') data = identity_client.roles.list( user=user, domain='default', os_inherit_extension_inherited=parsed_args.inherited) self.log.warning( _('Listing assignments using role list is ' 'deprecated. Use role assignment list --user ' '<user-name> --domain default --names ' 'instead.')) elif parsed_args.group and parsed_args.domain: columns = ('ID', 'Name', 'Domain', 'Group') data = identity_client.roles.list( group=group, domain=domain, os_inherit_extension_inherited=parsed_args.inherited) for group_role in data: group_role.group = group.name group_role.domain = domain.name self.log.warning( _('Listing assignments using role list is ' 'deprecated. Use role assignment list --group ' '<group-name> --domain <domain-name> --names ' 'instead.')) elif parsed_args.group and parsed_args.project: columns = ('ID', 'Name', 'Project', 'Group') data = identity_client.roles.list( group=group, project=project, os_inherit_extension_inherited=parsed_args.inherited) for group_role in data: group_role.group = group.name group_role.project = project.name self.log.warning( _('Listing assignments using role list is ' 'deprecated. Use role assignment list --group ' '<group-name> --project <project-name> --names ' 'instead.')) else: msg = _("Error: If a user or group is specified, " "either --domain or --project must also be " "specified to list role grants.") raise exceptions.CommandError(msg) return (columns, (utils.get_item_properties( s, columns, formatters={}, ) for s in data))
def take_action(self, parsed_args): volume_client = self.app.client_manager.volume compute_client = self.app.client_manager.compute identity_client = self.app.client_manager.identity def _format_attach(attachments): """Return a formatted string of a volume's attached instances :param attachments: a volume.attachments field :rtype: a string of formatted instances """ msg = "" for attachment in attachments: server = attachment["server_id"] if server in server_cache: server = server_cache[server].name device = attachment["device"] msg += "Attached to %s on %s " % (server, device) return msg if parsed_args.long: columns = ["ID", "Name", "Status", "Size", "Volume Type", "Bootable", "Attachments", "Metadata"] column_headers = copy.deepcopy(columns) column_headers[1] = "Display Name" column_headers[4] = "Type" column_headers[6] = "Attached to" column_headers[7] = "Properties" else: columns = ["ID", "Name", "Status", "Size", "Attachments"] column_headers = copy.deepcopy(columns) column_headers[1] = "Display Name" column_headers[4] = "Attached to" # Cache the server list server_cache = {} try: for s in compute_client.servers.list(): server_cache[s.id] = s except Exception: # Just forget it if there's any trouble pass project_id = None if parsed_args.project: project_id = identity_common.find_project(identity_client, parsed_args.project, parsed_args.project_domain) user_id = None if parsed_args.user: user_id = identity_common.find_user(identity_client, parsed_args.user, parsed_args.user_domain) search_opts = { "all_tenants": parsed_args.all_projects, "project_id": project_id, "user_id": user_id, "display_name": parsed_args.name, "status": parsed_args.status, } data = volume_client.volumes.list(search_opts=search_opts) return ( column_headers, ( utils.get_item_properties( s, columns, formatters={"Metadata": utils.format_dict, "Attachments": _format_attach} ) for s in data ), )
def take_action(self, parsed_args): self.log.debug('take_action(%s)' % parsed_args) identity_client = self.app.client_manager.identity role = None if parsed_args.role: role = utils.find_resource( identity_client.roles, parsed_args.role, ) user = None if parsed_args.user: user = common.find_user( identity_client, parsed_args.user, ) domain = None if parsed_args.domain: domain = common.find_domain( identity_client, parsed_args.domain, ) project = None if parsed_args.project: project = common.find_project( identity_client, parsed_args.project, ) group = None if parsed_args.group: group = common.find_group( identity_client, parsed_args.group, ) effective = True if parsed_args.effective else False self.log.debug('take_action(%s)' % parsed_args) columns = ('Role', 'User', 'Group', 'Project', 'Domain') data = identity_client.role_assignments.list( domain=domain, user=user, group=group, project=project, role=role, effective=effective) data_parsed = [] for assignment in data: # Removing the extra "scope" layer in the assignment json scope = assignment.scope if 'project' in scope: setattr(assignment, 'project', scope['project']['id']) assignment.domain = '' elif 'domain' in scope: setattr(assignment, 'domain', scope['domain']['id']) assignment.project = '' else: assignment.domain = '' assignment.project = '' del assignment.scope if hasattr(assignment, 'user'): setattr(assignment, 'user', assignment.user['id']) assignment.group = '' elif hasattr(assignment, 'group'): setattr(assignment, 'group', assignment.group['id']) assignment.user = '' else: assignment.user = '' assignment.group = '' if hasattr(assignment, 'role'): setattr(assignment, 'role', assignment.role['id']) else: assignment.role = '' # Creating a tuple from data object fields # (including the blank ones) data_parsed.append(self._as_tuple(assignment)) return columns, tuple(data_parsed)