def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
# NOTE(stevemar): Find the two users, project and roles that
# are necessary for making a trust usable, the API dictates that
# trustee, project and role are optional, but that makes the trust
# pointless, and trusts are immutable, so let's enforce it at the
# client level.
trustor_id = common.find_user(identity_client,
parsed_args.trustor,
parsed_args.trustor_domain).id
trustee_id = common.find_user(identity_client,
parsed_args.trustee,
parsed_args.trustee_domain).id
project_id = common.find_project(identity_client,
parsed_args.project,
parsed_args.project_domain).id
role_ids = []
for role in parsed_args.role:
try:
role_id = utils.find_resource(
identity_client.roles,
role,
).id
except identity_exc.Forbidden:
role_id = role
role_ids.append(role_id)
expires_at = None
if parsed_args.expiration:
expires_at = datetime.datetime.strptime(parsed_args.expiration,
'%Y-%m-%dT%H:%M:%S')
trust = identity_client.trusts.create(
trustee_id, trustor_id,
impersonation=parsed_args.impersonate,
project=project_id,
role_ids=role_ids,
expires_at=expires_at,
)
trust._info.pop('roles_links', None)
trust._info.pop('links', None)
# Format roles into something sensible
roles = trust._info.pop('roles')
msg = ' '.join(r['name'] for r in roles)
trust._info['roles'] = msg
return zip(*sorted(trust._info.items()))
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
# NOTE(stevemar): Find the two users, project and roles that
# are necessary for making a trust usable, the API dictates that
# trustee, project and role are optional, but that makes the trust
# pointless, and trusts are immutable, so let's enforce it at the
# client level.
trustor_id = common.find_user(identity_client,
parsed_args.trustor,
parsed_args.trustor_domain).id
trustee_id = common.find_user(identity_client,
parsed_args.trustee,
parsed_args.trustee_domain).id
project_id = common.find_project(identity_client,
parsed_args.project,
parsed_args.project_domain).id
role_ids = []
for role in parsed_args.role:
try:
role_id = utils.find_resource(
identity_client.roles,
role,
).id
except identity_exc.Forbidden:
role_id = role
role_ids.append(role_id)
expires_at = None
if parsed_args.expiration:
expires_at = datetime.datetime.strptime(parsed_args.expiration,
'%Y-%m-%dT%H:%M:%S')
trust = identity_client.trusts.create(
trustee_id, trustor_id,
impersonation=parsed_args.impersonate,
project=project_id,
role_ids=role_ids,
expires_at=expires_at,
)
trust._info.pop('roles_links', None)
trust._info.pop('links', None)
# Format roles into something sensible
roles = trust._info.pop('roles')
msg = ' '.join(r['name'] for r in roles)
trust._info['roles'] = msg
return zip(*sorted(six.iteritems(trust._info)))
def take_action(self, parsed_args):
compute_client = self.app.client_manager.sdk_connection.compute
identity_client = self.app.client_manager.identity
kwargs = {}
if parsed_args.user:
if not sdk_utils.supports_microversion(compute_client, '2.10'):
msg = _(
'--os-compute-api-version 2.10 or greater is required to '
'support the --user option')
raise exceptions.CommandError(msg)
kwargs['user_id'] = identity_common.find_user(
identity_client,
parsed_args.user,
parsed_args.user_domain,
).id
keypair = compute_client.find_keypair(parsed_args.name,
**kwargs,
ignore_missing=False)
if not parsed_args.public_key:
display_columns, columns = _get_keypair_columns(keypair,
hide_pub_key=True)
data = utils.get_item_properties(keypair, columns)
return (display_columns, data)
else:
sys.stdout.write(keypair.public_key)
return ({}, {})
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
group_id = common.find_group(identity_client, parsed_args.group,
parsed_args.group_domain).id
result = 0
for i in parsed_args.user:
try:
user_id = common.find_user(identity_client, i,
parsed_args.user_domain).id
identity_client.users.add_to_group(user_id, group_id)
except Exception as e:
result += 1
msg = _("%(user)s not added to group %(group)s: %(e)s") % {
'user': i,
'group': parsed_args.group,
'e': e,
}
LOG.error(msg)
if result > 0:
total = len(parsed_args.user)
msg = (_("%(result)s of %(total)s users not added to group "
"%(group)s.")) % {
'result': result,
'total': total,
'group': parsed_args.group,
}
raise exceptions.CommandError(msg)
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
user_id = common.find_user(identity_client, parsed_args.user,
parsed_args.user_domain).id
group_id = common.find_group(identity_client, parsed_args.group,
parsed_args.group_domain).id
try:
identity_client.users.check_in_group(user_id, group_id)
except ks_exc.http.HTTPClientError as e:
if e.http_status == 403 or e.http_status == 404:
msg = _("%(user)s not in group %(group)s\n") % {
'user': parsed_args.user,
'group': parsed_args.group,
}
sys.stderr.write(msg)
else:
raise e
else:
msg = _("%(user)s in group %(group)s\n") % {
'user': parsed_args.user,
'group': parsed_args.group,
}
sys.stdout.write(msg)
def _delete_user(self, user):
"""Delete a user and associated default resources"""
mgr = self.app.client_manager
# Identify user
if isinstance(user, str):
# pylint: disable=broad-except
try:
user = find_user(mgr.identity, user)
except Exception:
user = None
# Identify project
if user is not None and hasattr(user, 'default_project_id'):
project = find_project(mgr.identity, user.default_project_id)
else:
project = None
# Delete user, if applicable
if user is not None:
mgr.identity.users.delete(user.id)
# Delete project, if applicable
if project is not None:
self._delete_project(project)
return {
'user': user,
'project': project,
}
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
group_id = common.find_group(identity_client,
parsed_args.group,
parsed_args.group_domain).id
result = 0
for i in parsed_args.user:
try:
user_id = common.find_user(identity_client,
i,
parsed_args.user_domain).id
identity_client.users.add_to_group(user_id, group_id)
except Exception as e:
result += 1
msg = _("%(user)s not added to group %(group)s: %(e)s") % {
'user': i,
'group': parsed_args.group,
'e': e,
}
LOG.error(msg)
if result > 0:
total = len(parsed_args.user)
msg = (_("%(result)s of %(total)s users not added to group "
"%(group)s.")) % {
'result': result,
'total': total,
'group': parsed_args.group,
}
raise exceptions.CommandError(msg)
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
user_id = common.find_user(identity_client,
parsed_args.user,
parsed_args.user_domain).id
group_id = common.find_group(identity_client,
parsed_args.group,
parsed_args.group_domain).id
try:
identity_client.users.check_in_group(user_id, group_id)
except ks_exc.http.HTTPClientError as e:
if e.http_status == 403 or e.http_status == 404:
msg = _("%(user)s not in group %(group)s\n") % {
'user': parsed_args.user,
'group': parsed_args.group,
}
self.app.stderr.write(msg)
else:
raise e
else:
msg = _("%(user)s in group %(group)s\n") % {
'user': parsed_args.user,
'group': parsed_args.group,
}
self.app.stdout.write(msg)
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
domain = None
if parsed_args.domain:
domain = common.find_domain(identity_client,
parsed_args.domain).id
if parsed_args.user:
user = common.find_user(
identity_client,
parsed_args.user,
parsed_args.user_domain,
).id
else:
user = None
# List groups
if parsed_args.long:
columns = ('ID', 'Name', 'Domain ID', 'Description')
else:
columns = ('ID', 'Name')
data = identity_client.groups.list(
domain=domain,
user=user,
)
return (
columns,
(utils.get_item_properties(
s, columns,
formatters={},
) for s in data)
)
def _process_identity_and_resource_options(parsed_args,
identity_client_manager):
kwargs = {}
if parsed_args.user and parsed_args.domain:
kwargs['user'] = common.find_user(
identity_client_manager,
parsed_args.user,
parsed_args.user_domain,
).id
kwargs['domain'] = common.find_domain(
identity_client_manager,
parsed_args.domain,
).id
elif parsed_args.user and parsed_args.project:
kwargs['user'] = common.find_user(
identity_client_manager,
parsed_args.user,
parsed_args.user_domain,
).id
kwargs['project'] = common.find_project(
identity_client_manager,
parsed_args.project,
parsed_args.project_domain,
).id
elif parsed_args.group and parsed_args.domain:
kwargs['group'] = common.find_group(
identity_client_manager,
parsed_args.group,
parsed_args.group_domain,
).id
kwargs['domain'] = common.find_domain(
identity_client_manager,
parsed_args.domain,
).id
elif parsed_args.group and parsed_args.project:
kwargs['group'] = common.find_group(
identity_client_manager,
parsed_args.group,
parsed_args.group_domain,
).id
kwargs['project'] = common.find_project(
identity_client_manager,
parsed_args.project,
parsed_args.project_domain,
).id
kwargs['os_inherit_extension_inherited'] = parsed_args.inherited
return kwargs
def _process_identity_and_resource_options(parsed_args,
identity_client_manager):
kwargs = {}
if parsed_args.user and parsed_args.domain:
kwargs['user'] = common.find_user(
identity_client_manager,
parsed_args.user,
parsed_args.user_domain,
).id
kwargs['domain'] = common.find_domain(
identity_client_manager,
parsed_args.domain,
).id
elif parsed_args.user and parsed_args.project:
kwargs['user'] = common.find_user(
identity_client_manager,
parsed_args.user,
parsed_args.user_domain,
).id
kwargs['project'] = common.find_project(
identity_client_manager,
parsed_args.project,
parsed_args.project_domain,
).id
elif parsed_args.group and parsed_args.domain:
kwargs['group'] = common.find_group(
identity_client_manager,
parsed_args.group,
parsed_args.group_domain,
).id
kwargs['domain'] = common.find_domain(
identity_client_manager,
parsed_args.domain,
).id
elif parsed_args.group and parsed_args.project:
kwargs['group'] = common.find_group(
identity_client_manager,
parsed_args.group,
parsed_args.group_domain,
).id
kwargs['project'] = common.find_project(
identity_client_manager,
parsed_args.project,
parsed_args.project_domain,
).id
kwargs['os_inherit_extension_inherited'] = parsed_args.inherited
return kwargs
def _process_identity_and_resource_options(parsed_args, identity_client_manager):
kwargs = {}
if parsed_args.user and parsed_args.domain:
kwargs["user"] = common.find_user(identity_client_manager, parsed_args.user, parsed_args.user_domain).id
kwargs["domain"] = common.find_domain(identity_client_manager, parsed_args.domain).id
elif parsed_args.user and parsed_args.project:
kwargs["user"] = common.find_user(identity_client_manager, parsed_args.user, parsed_args.user_domain).id
kwargs["project"] = common.find_project(
identity_client_manager, parsed_args.project, parsed_args.project_domain
).id
elif parsed_args.group and parsed_args.domain:
kwargs["group"] = common.find_group(identity_client_manager, parsed_args.group, parsed_args.group_domain).id
kwargs["domain"] = common.find_domain(identity_client_manager, parsed_args.domain).id
elif parsed_args.group and parsed_args.project:
kwargs["group"] = common.find_group(identity_client_manager, parsed_args.group, parsed_args.group_domain).id
kwargs["project"] = common.find_project(
identity_client_manager, parsed_args.project, parsed_args.project_domain
).id
kwargs["os_inherit_extension_inherited"] = parsed_args.inherited
return kwargs
def _find_user():
try:
return common.find_user(
identity_client_manager,
parsed_args.user,
parsed_args.user_domain
).id
except exceptions.CommandError:
if not validate_actor_existence:
return parsed_args.user
raise
def take_action(self, parsed_args):
compute_client = self.app.client_manager.sdk_connection.compute
identity_client = self.app.client_manager.identity
if parsed_args.project:
if not sdk_utils.supports_microversion(compute_client, '2.10'):
msg = _(
'--os-compute-api-version 2.10 or greater is required to '
'support the --project option')
raise exceptions.CommandError(msg)
# NOTE(stephenfin): This is done client side because nova doesn't
# currently support doing so server-side. If this is slow, we can
# think about spinning up a threadpool or similar.
project = identity_common.find_project(
identity_client,
parsed_args.project,
parsed_args.project_domain,
).id
users = identity_client.users.list(tenant_id=project)
data = []
for user in users:
data.extend(compute_client.keypairs(user_id=user.id))
elif parsed_args.user:
if not sdk_utils.supports_microversion(compute_client, '2.10'):
msg = _(
'--os-compute-api-version 2.10 or greater is required to '
'support the --user option')
raise exceptions.CommandError(msg)
user = identity_common.find_user(
identity_client,
parsed_args.user,
parsed_args.user_domain,
)
data = compute_client.keypairs(user_id=user.id)
else:
data = compute_client.keypairs()
columns = ("Name", "Fingerprint")
if sdk_utils.supports_microversion(compute_client, '2.2'):
columns += ("Type", )
return (
columns,
(utils.get_item_properties(s, columns) for s in data),
)
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
if parsed_args.user:
user_id = common.find_user(identity_client, parsed_args.user,
parsed_args.user_domain).id
else:
user_id = None
columns = ('ID', 'Service', 'Method', 'Path')
data = identity_client.access_rules.list(user=user_id)
return (columns, (utils.get_item_properties(
s,
columns,
formatters={},
) for s in data))
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
if parsed_args.user:
user_id = common.find_user(identity_client, parsed_args.user,
parsed_args.user_domain).id
else:
user_id = None
columns = ('ID', 'Name', 'Project ID', 'Description', 'Expires At')
data = identity_client.application_credentials.list(user=user_id)
return (columns, (utils.get_item_properties(
s,
columns,
formatters={},
) for s in data))
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
user_id = common.find_user(identity_client, parsed_args.user,
parsed_args.user_domain).id
group_id = common.find_group(identity_client, parsed_args.group,
parsed_args.group_domain).id
try:
identity_client.users.check_in_group(user_id, group_id)
except Exception:
sys.stderr.write("%s not in group %s\n" %
(parsed_args.user, parsed_args.group))
else:
sys.stdout.write("%s in group %s\n" %
(parsed_args.user, parsed_args.group))
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
user_id = common.find_user(identity_client, parsed_args.user,
parsed_args.user_domain).id
group_id = common.find_group(identity_client, parsed_args.group,
parsed_args.group_domain).id
try:
identity_client.users.add_to_group(user_id, group_id)
except Exception as e:
msg = _("%(user)s not added to group %(group)s: %(e)s") % {
'user': parsed_args.user,
'group': parsed_args.group,
'e': e,
}
raise exceptions.CommandError(msg)
def take_action(self, parsed_args):
self.log.debug('take_action(%s)', parsed_args)
identity_client = self.app.client_manager.identity
user_id = common.find_user(identity_client, parsed_args.user,
parsed_args.user_domain).id
group_id = common.find_group(identity_client, parsed_args.group,
parsed_args.group_domain).id
try:
identity_client.users.add_to_group(user_id, group_id)
except Exception:
sys.stderr.write("%s not added to group %s\n" %
(parsed_args.user, parsed_args.group))
else:
sys.stdout.write("%s added to group %s\n" %
(parsed_args.user, parsed_args.group))
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
if parsed_args.user:
user_id = common.find_user(identity_client,
parsed_args.user,
parsed_args.user_domain).id
else:
user_id = None
columns = ('ID', 'Name', 'Project ID', 'Description', 'Expires At')
data = identity_client.application_credentials.list(
user=user_id)
return (columns,
(utils.get_item_properties(
s, columns,
formatters={},
) for s in data))
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
user_id = common.find_user(identity_client,
parsed_args.user,
parsed_args.user_domain).id
group_id = common.find_group(identity_client,
parsed_args.group,
parsed_args.group_domain).id
try:
identity_client.users.check_in_group(user_id, group_id)
except Exception:
sys.stderr.write("%s not in group %s\n" %
(parsed_args.user, parsed_args.group))
else:
sys.stdout.write("%s in group %s\n" %
(parsed_args.user, parsed_args.group))
def take_action(self, parsed_args):
self.log.debug('take_action(%s)', parsed_args)
identity_client = self.app.client_manager.identity
user_id = common.find_user(identity_client,
parsed_args.user,
parsed_args.user_domain).id
group_id = common.find_group(identity_client,
parsed_args.group,
parsed_args.group_domain).id
try:
identity_client.users.add_to_group(user_id, group_id)
except Exception:
sys.stderr.write("%s not added to group %s\n" %
(parsed_args.user, parsed_args.group))
else:
sys.stdout.write("%s added to group %s\n" %
(parsed_args.user, parsed_args.group))
def take_action(self, parsed_args):
compute_client = self.app.client_manager.sdk_connection.compute
identity_client = self.app.client_manager.identity
kwargs = {}
result = 0
if parsed_args.user:
if not sdk_utils.supports_microversion(compute_client, '2.10'):
msg = _(
'--os-compute-api-version 2.10 or greater is required to '
'support the --user option')
raise exceptions.CommandError(msg)
kwargs['user_id'] = identity_common.find_user(
identity_client,
parsed_args.user,
parsed_args.user_domain,
).id
for n in parsed_args.name:
try:
compute_client.delete_keypair(n,
**kwargs,
ignore_missing=False)
except Exception as e:
result += 1
LOG.error(
_("Failed to delete key with name "
"'%(name)s': %(e)s"), {
'name': n,
'e': e
})
if result > 0:
total = len(parsed_args.name)
msg = (_("%(result)s of %(total)s keys failed "
"to delete.") % {
'result': result,
'total': total
})
raise exceptions.CommandError(msg)
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
user_id = common.find_user(identity_client, parsed_args.user,
parsed_args.user_domain).id
group_id = common.find_group(identity_client, parsed_args.group,
parsed_args.group_domain).id
try:
identity_client.users.check_in_group(user_id, group_id)
except Exception:
msg = _("%(user)s not in group %(group)s\n") % {
'user': parsed_args.user,
'group': parsed_args.group,
}
sys.stderr.write(msg)
else:
msg = _("%(user)s in group %(group)s\n") % {
'user': parsed_args.user,
'group': parsed_args.group,
}
sys.stdout.write(msg)
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
kwargs = {}
if parsed_args.user:
user_id = common.find_user(
identity_client,
parsed_args.user,
parsed_args.user_domain,
).id
kwargs["user_id"] = user_id
if parsed_args.type:
kwargs["type"] = parsed_args.type
columns = ('ID', 'Type', 'User ID', 'Blob', 'Project ID')
column_headers = ('ID', 'Type', 'User ID', 'Data', 'Project ID')
data = self.app.client_manager.identity.credentials.list(**kwargs)
return (column_headers,
(utils.get_item_properties(
s, columns,
formatters={},
) for s in data))
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
kwargs = {}
if parsed_args.user:
user_id = common.find_user(
identity_client,
parsed_args.user,
parsed_args.user_domain,
).id
kwargs["user_id"] = user_id
if parsed_args.type:
kwargs["type"] = parsed_args.type
columns = ('ID', 'Type', 'User ID', 'Blob', 'Project ID')
column_headers = ('ID', 'Type', 'User ID', 'Data', 'Project ID')
data = self.app.client_manager.identity.credentials.list(**kwargs)
return (column_headers, (utils.get_item_properties(
s,
columns,
formatters={},
) for s in data))
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
user_id = common.find_user(identity_client,
parsed_args.user,
parsed_args.user_domain).id
group_id = common.find_group(identity_client,
parsed_args.group,
parsed_args.group_domain).id
try:
identity_client.users.check_in_group(user_id, group_id)
except Exception:
msg = _("%(user)s not in group %(group)s\n") % {
'user': parsed_args.user,
'group': parsed_args.group,
}
sys.stderr.write(msg)
else:
msg = _("%(user)s in group %(group)s\n") % {
'user': parsed_args.user,
'group': parsed_args.group,
}
sys.stdout.write(msg)
def take_action(self, parsed_args):
compute_client = self.app.client_manager.sdk_connection.compute
identity_client = self.app.client_manager.identity
kwargs = {'name': parsed_args.name}
public_key = parsed_args.public_key
if public_key:
try:
with io.open(os.path.expanduser(parsed_args.public_key)) as p:
public_key = p.read()
except IOError as e:
msg = _("Key file %(public_key)s not found: %(exception)s")
raise exceptions.CommandError(msg % {
"public_key": parsed_args.public_key,
"exception": e
})
kwargs['public_key'] = public_key
if parsed_args.type:
if not sdk_utils.supports_microversion(compute_client, '2.2'):
msg = _(
'--os-compute-api-version 2.2 or greater is required to '
'support the --type option')
raise exceptions.CommandError(msg)
kwargs['key_type'] = parsed_args.type
if parsed_args.user:
if not sdk_utils.supports_microversion(compute_client, '2.10'):
msg = _(
'--os-compute-api-version 2.10 or greater is required to '
'support the --user option')
raise exceptions.CommandError(msg)
kwargs['user_id'] = identity_common.find_user(
identity_client,
parsed_args.user,
parsed_args.user_domain,
).id
keypair = compute_client.create_keypair(**kwargs)
private_key = parsed_args.private_key
# Save private key into specified file
if private_key:
try:
with io.open(os.path.expanduser(parsed_args.private_key),
'w+') as p:
p.write(keypair.private_key)
except IOError as e:
msg = _("Key file %(private_key)s can not be saved: "
"%(exception)s")
raise exceptions.CommandError(msg % {
"private_key": parsed_args.private_key,
"exception": e
})
# NOTE(dtroyer): how do we want to handle the display of the private
# key when it needs to be communicated back to the user
# For now, duplicate nova keypair-add command output
if public_key or private_key:
display_columns, columns = _get_keypair_columns(keypair,
hide_pub_key=True,
hide_priv_key=True)
data = utils.get_item_properties(keypair, columns)
return (display_columns, data)
else:
sys.stdout.write(keypair.private_key)
return ({}, {})
def take_action(self, parsed_args):
volume_client = self.app.client_manager.volume
compute_client = self.app.client_manager.compute
identity_client = self.app.client_manager.identity
def _format_attach(attachments):
"""Return a formatted string of a volume's attached instances
:param attachments: a volume.attachments field
:rtype: a string of formatted instances
"""
msg = ''
for attachment in attachments:
server = attachment['server_id']
if server in server_cache:
server = server_cache[server].name
device = attachment['device']
msg += 'Attached to %s on %s ' % (server, device)
return msg
if parsed_args.long:
columns = [
'ID',
'Name',
'Status',
'Size',
'Volume Type',
'Bootable',
'Attachments',
'Metadata',
]
column_headers = copy.deepcopy(columns)
column_headers[1] = 'Display Name'
column_headers[4] = 'Type'
column_headers[6] = 'Attached to'
column_headers[7] = 'Properties'
else:
columns = [
'ID',
'Name',
'Status',
'Size',
'Attachments',
]
column_headers = copy.deepcopy(columns)
column_headers[1] = 'Display Name'
column_headers[4] = 'Attached to'
# Cache the server list
server_cache = {}
try:
for s in compute_client.servers.list():
server_cache[s.id] = s
except Exception:
# Just forget it if there's any trouble
pass
project_id = None
if parsed_args.project:
project_id = identity_common.find_project(
identity_client, parsed_args.project,
parsed_args.project_domain)
user_id = None
if parsed_args.user:
user_id = identity_common.find_user(identity_client,
parsed_args.user,
parsed_args.user_domain)
search_opts = {
'all_tenants': parsed_args.all_projects,
'project_id': project_id,
'user_id': user_id,
'display_name': parsed_args.name,
'status': parsed_args.status,
}
data = volume_client.volumes.list(search_opts=search_opts)
return (column_headers, (utils.get_item_properties(
s,
columns,
formatters={
'Metadata': utils.format_dict,
'Attachments': _format_attach
},
) for s in data))
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
if parsed_args.user:
user = common.find_user(identity_client, parsed_args.user, parsed_args.user_domain)
elif parsed_args.group:
group = common.find_group(identity_client, parsed_args.group, parsed_args.group_domain)
if parsed_args.domain:
domain = common.find_domain(identity_client, parsed_args.domain)
elif parsed_args.project:
project = common.find_project(identity_client, parsed_args.project, parsed_args.project_domain)
# no user or group specified, list all roles in the system
if not parsed_args.user and not parsed_args.group:
columns = ("ID", "Name")
data = identity_client.roles.list()
elif parsed_args.user and parsed_args.domain:
columns = ("ID", "Name", "Domain", "User")
data = identity_client.roles.list(
user=user, domain=domain, os_inherit_extension_inherited=parsed_args.inherited
)
for user_role in data:
user_role.user = user.name
user_role.domain = domain.name
elif parsed_args.user and parsed_args.project:
columns = ("ID", "Name", "Project", "User")
data = identity_client.roles.list(
user=user, project=project, os_inherit_extension_inherited=parsed_args.inherited
)
for user_role in data:
user_role.user = user.name
user_role.project = project.name
elif parsed_args.user:
columns = ("ID", "Name")
data = identity_client.roles.list(
user=user, domain="default", os_inherit_extension_inherited=parsed_args.inherited
)
elif parsed_args.group and parsed_args.domain:
columns = ("ID", "Name", "Domain", "Group")
data = identity_client.roles.list(
group=group, domain=domain, os_inherit_extension_inherited=parsed_args.inherited
)
for group_role in data:
group_role.group = group.name
group_role.domain = domain.name
elif parsed_args.group and parsed_args.project:
columns = ("ID", "Name", "Project", "Group")
data = identity_client.roles.list(
group=group, project=project, os_inherit_extension_inherited=parsed_args.inherited
)
for group_role in data:
group_role.group = group.name
group_role.project = project.name
else:
sys.stderr.write(
"Error: If a user or group is specified, either "
"--domain or --project must also be specified to "
"list role grants.\n"
)
return ([], [])
return (columns, (utils.get_item_properties(s, columns, formatters={}) for s in data))
def take_action(self, parsed_args):
self.log.debug('take_action(%s)', parsed_args)
identity_client = self.app.client_manager.identity
if (not parsed_args.user and not parsed_args.domain
and not parsed_args.group and not parsed_args.project):
return
role = utils.find_resource(
identity_client.roles,
parsed_args.role,
)
if parsed_args.user and parsed_args.domain:
user = common.find_user(
identity_client,
parsed_args.user,
)
domain = common.find_domain(
identity_client,
parsed_args.domain,
)
identity_client.roles.grant(
role.id,
user=user.id,
domain=domain.id,
)
elif parsed_args.user and parsed_args.project:
user = common.find_user(
identity_client,
parsed_args.user,
)
project = common.find_project(
identity_client,
parsed_args.project,
)
identity_client.roles.grant(
role.id,
user=user.id,
project=project.id,
)
elif parsed_args.group and parsed_args.domain:
group = common.find_group(
identity_client,
parsed_args.group,
)
domain = common.find_domain(
identity_client,
parsed_args.domain,
)
identity_client.roles.grant(
role.id,
group=group.id,
domain=domain.id,
)
elif parsed_args.group and parsed_args.project:
group = common.find_group(
identity_client,
parsed_args.group,
)
project = common.find_project(
identity_client,
parsed_args.project,
)
identity_client.roles.grant(
role.id,
group=group.id,
project=project.id,
)
else:
sys.stderr.write("Role not added, incorrect set of arguments \
provided. See openstack --help for more details\n")
return
def take_action(self, parsed_args):
self.log.debug('take_action(%s)' % parsed_args)
identity_client = self.app.client_manager.identity
if parsed_args.user:
user = common.find_user(
identity_client,
parsed_args.user,
)
elif parsed_args.group:
group = common.find_group(
identity_client,
parsed_args.group,
)
if parsed_args.domain:
domain = common.find_domain(
identity_client,
parsed_args.domain,
)
elif parsed_args.project:
project = common.find_project(
identity_client,
parsed_args.project,
)
# no user or group specified, list all roles in the system
if not parsed_args.user and not parsed_args.group:
columns = ('ID', 'Name')
data = identity_client.roles.list()
elif parsed_args.user and parsed_args.domain:
columns = ('ID', 'Name', 'Domain', 'User')
data = identity_client.roles.list(
user=user,
domain=domain,
)
for user_role in data:
user_role.user = user.name
user_role.domain = domain.name
elif parsed_args.user and parsed_args.project:
columns = ('ID', 'Name', 'Project', 'User')
data = identity_client.roles.list(
user=user,
project=project,
)
for user_role in data:
user_role.user = user.name
user_role.project = project.name
elif parsed_args.user:
columns = ('ID', 'Name')
data = identity_client.roles.list(
user=user,
domain='default',
)
elif parsed_args.group and parsed_args.domain:
columns = ('ID', 'Name', 'Domain', 'Group')
data = identity_client.roles.list(
group=group,
domain=domain,
)
for group_role in data:
group_role.group = group.name
group_role.domain = domain.name
elif parsed_args.group and parsed_args.project:
columns = ('ID', 'Name', 'Project', 'Group')
data = identity_client.roles.list(
group=group,
project=project,
)
for group_role in data:
group_role.group = group.name
group_role.project = project.name
else:
sys.stderr.write("Error: If a user or group is specified, either "
"--domain or --project must also be specified to "
"list role grants.\n")
return ([], [])
return (columns,
(utils.get_item_properties(
s, columns,
formatters={},
) for s in data))
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
auth_ref = self.app.client_manager.auth_ref
role = None
if parsed_args.role:
role = utils.find_resource(
identity_client.roles,
parsed_args.role,
)
user = None
if parsed_args.user:
user = common.find_user(
identity_client,
parsed_args.user,
parsed_args.user_domain,
)
elif parsed_args.authuser:
if auth_ref:
user = common.find_user(
identity_client,
auth_ref.user_id
)
domain = None
if parsed_args.domain:
domain = common.find_domain(
identity_client,
parsed_args.domain,
)
project = None
if parsed_args.project:
project = common.find_project(
identity_client,
parsed_args.project,
parsed_args.project_domain,
)
elif parsed_args.authproject:
if auth_ref:
project = common.find_project(
identity_client,
auth_ref.project_id
)
group = None
if parsed_args.group:
group = common.find_group(
identity_client,
parsed_args.group,
parsed_args.group_domain,
)
include_names = True if parsed_args.names else False
effective = True if parsed_args.effective else False
columns = ('Role', 'User', 'Group', 'Project', 'Domain', 'Inherited')
inherited_to = 'projects' if parsed_args.inherited else None
data = identity_client.role_assignments.list(
domain=domain,
user=user,
group=group,
project=project,
role=role,
effective=effective,
os_inherit_extension_inherited_to=inherited_to,
include_names=include_names)
data_parsed = []
for assignment in data:
# Removing the extra "scope" layer in the assignment json
scope = assignment.scope
if 'project' in scope:
if include_names:
prj = '@'.join([scope['project']['name'],
scope['project']['domain']['name']])
setattr(assignment, 'project', prj)
else:
setattr(assignment, 'project', scope['project']['id'])
assignment.domain = ''
elif 'domain' in scope:
if include_names:
setattr(assignment, 'domain', scope['domain']['name'])
else:
setattr(assignment, 'domain', scope['domain']['id'])
assignment.project = ''
else:
assignment.domain = ''
assignment.project = ''
inherited = scope.get('OS-INHERIT:inherited_to') == 'projects'
assignment.inherited = inherited
del assignment.scope
if hasattr(assignment, 'user'):
if include_names:
usr = '******'.join([assignment.user['name'],
assignment.user['domain']['name']])
setattr(assignment, 'user', usr)
else:
setattr(assignment, 'user', assignment.user['id'])
assignment.group = ''
elif hasattr(assignment, 'group'):
if include_names:
grp = '@'.join([assignment.group['name'],
assignment.group['domain']['name']])
setattr(assignment, 'group', grp)
else:
setattr(assignment, 'group', assignment.group['id'])
assignment.user = ''
else:
assignment.user = ''
assignment.group = ''
if hasattr(assignment, 'role'):
if include_names:
setattr(assignment, 'role', assignment.role['name'])
else:
setattr(assignment, 'role', assignment.role['id'])
else:
assignment.role = ''
# Creating a tuple from data object fields
# (including the blank ones)
data_parsed.append(self._as_tuple(assignment))
return columns, tuple(data_parsed)
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
role = None
if parsed_args.role:
role = utils.find_resource(
identity_client.roles,
parsed_args.role,
)
user = None
if parsed_args.user:
user = common.find_user(
identity_client,
parsed_args.user,
parsed_args.user_domain,
)
domain = None
if parsed_args.domain:
domain = common.find_domain(
identity_client,
parsed_args.domain,
)
project = None
if parsed_args.project:
project = common.find_project(
identity_client,
parsed_args.project,
parsed_args.project_domain,
)
group = None
if parsed_args.group:
group = common.find_group(
identity_client,
parsed_args.group,
parsed_args.group_domain,
)
include_names = True if parsed_args.names else False
effective = True if parsed_args.effective else False
columns = ('Role', 'User', 'Group', 'Project', 'Domain', 'Inherited')
inherited_to = 'projects' if parsed_args.inherited else None
data = identity_client.role_assignments.list(
domain=domain,
user=user,
group=group,
project=project,
role=role,
effective=effective,
os_inherit_extension_inherited_to=inherited_to,
include_names=include_names)
data_parsed = []
for assignment in data:
# Removing the extra "scope" layer in the assignment json
scope = assignment.scope
if 'project' in scope:
if include_names:
prj = '@'.join([
scope['project']['name'],
scope['project']['domain']['name']
])
setattr(assignment, 'project', prj)
else:
setattr(assignment, 'project', scope['project']['id'])
assignment.domain = ''
elif 'domain' in scope:
if include_names:
setattr(assignment, 'domain', scope['domain']['name'])
else:
setattr(assignment, 'domain', scope['domain']['id'])
assignment.project = ''
else:
assignment.domain = ''
assignment.project = ''
inherited = scope.get('OS-INHERIT:inherited_to') == 'projects'
assignment.inherited = inherited
del assignment.scope
if hasattr(assignment, 'user'):
if include_names:
usr = '******'.join([
assignment.user['name'],
assignment.user['domain']['name']
])
setattr(assignment, 'user', usr)
else:
setattr(assignment, 'user', assignment.user['id'])
assignment.group = ''
elif hasattr(assignment, 'group'):
if include_names:
grp = '@'.join([
assignment.group['name'],
assignment.group['domain']['name']
])
setattr(assignment, 'group', grp)
else:
setattr(assignment, 'group', assignment.group['id'])
assignment.user = ''
else:
assignment.user = ''
assignment.group = ''
if hasattr(assignment, 'role'):
if include_names:
setattr(assignment, 'role', assignment.role['name'])
else:
setattr(assignment, 'role', assignment.role['id'])
else:
assignment.role = ''
# Creating a tuple from data object fields
# (including the blank ones)
data_parsed.append(self._as_tuple(assignment))
return columns, tuple(data_parsed)
def take_action(self, parsed_args):
compute_client = self.app.client_manager.sdk_connection.compute
identity_client = self.app.client_manager.identity
kwargs = {}
if parsed_args.marker:
if not sdk_utils.supports_microversion(compute_client, '2.35'):
msg = _('--os-compute-api-version 2.35 or greater is required '
'to support the --marker option')
raise exceptions.CommandError(msg)
kwargs['marker'] = parsed_args.marker
if parsed_args.limit:
if not sdk_utils.supports_microversion(compute_client, '2.35'):
msg = _('--os-compute-api-version 2.35 or greater is required '
'to support the --limit option')
raise exceptions.CommandError(msg)
kwargs['limit'] = parsed_args.limit
if parsed_args.project:
if not sdk_utils.supports_microversion(compute_client, '2.10'):
msg = _(
'--os-compute-api-version 2.10 or greater is required to '
'support the --project option')
raise exceptions.CommandError(msg)
if parsed_args.marker:
# NOTE(stephenfin): Because we're doing this client-side, we
# can't really rely on the marker, because we don't know what
# user the marker is associated with
msg = _('--project is not compatible with --marker')
# NOTE(stephenfin): This is done client side because nova doesn't
# currently support doing so server-side. If this is slow, we can
# think about spinning up a threadpool or similar.
project = identity_common.find_project(
identity_client,
parsed_args.project,
parsed_args.project_domain,
).id
users = identity_client.users.list(tenant_id=project)
data = []
for user in users:
kwargs['user_id'] = user.id
data.extend(compute_client.keypairs(**kwargs))
elif parsed_args.user:
if not sdk_utils.supports_microversion(compute_client, '2.10'):
msg = _(
'--os-compute-api-version 2.10 or greater is required to '
'support the --user option')
raise exceptions.CommandError(msg)
user = identity_common.find_user(
identity_client,
parsed_args.user,
parsed_args.user_domain,
)
kwargs['user_id'] = user.id
data = compute_client.keypairs(**kwargs)
else:
data = compute_client.keypairs(**kwargs)
columns = ("Name", "Fingerprint")
if sdk_utils.supports_microversion(compute_client, '2.2'):
columns += ("Type", )
return (
columns,
(utils.get_item_properties(s, columns) for s in data),
)
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
auth_ref = self.app.client_manager.auth_ref
role = None
role_domain_id = None
if parsed_args.role_domain:
role_domain_id = common.find_domain(identity_client,
parsed_args.role_domain).id
if parsed_args.role:
role = utils.find_resource(
identity_client.roles,
parsed_args.role,
domain_id=role_domain_id
)
user = None
if parsed_args.user:
user = common.find_user(
identity_client,
parsed_args.user,
parsed_args.user_domain,
)
elif parsed_args.authuser:
if auth_ref:
user = common.find_user(
identity_client,
auth_ref.user_id
)
system = None
if parsed_args.system:
system = parsed_args.system
domain = None
if parsed_args.domain:
domain = common.find_domain(
identity_client,
parsed_args.domain,
)
project = None
if parsed_args.project:
project = common.find_project(
identity_client,
common._get_token_resource(identity_client, 'project',
parsed_args.project),
parsed_args.project_domain,
)
elif parsed_args.authproject:
if auth_ref:
project = common.find_project(
identity_client,
auth_ref.project_id
)
group = None
if parsed_args.group:
group = common.find_group(
identity_client,
parsed_args.group,
parsed_args.group_domain,
)
include_names = True if parsed_args.names else False
effective = True if parsed_args.effective else False
columns = (
'Role', 'User', 'Group', 'Project', 'Domain', 'System', 'Inherited'
)
inherited_to = 'projects' if parsed_args.inherited else None
data = identity_client.role_assignments.list(
domain=domain,
user=user,
group=group,
project=project,
system=system,
role=role,
effective=effective,
os_inherit_extension_inherited_to=inherited_to,
include_names=include_names)
data_parsed = []
for assignment in data:
# Removing the extra "scope" layer in the assignment json
scope = assignment.scope
if 'project' in scope:
if include_names:
prj = '@'.join([scope['project']['name'],
scope['project']['domain']['name']])
setattr(assignment, 'project', prj)
else:
setattr(assignment, 'project', scope['project']['id'])
assignment.domain = ''
assignment.system = ''
elif 'domain' in scope:
if include_names:
setattr(assignment, 'domain', scope['domain']['name'])
else:
setattr(assignment, 'domain', scope['domain']['id'])
assignment.project = ''
assignment.system = ''
elif 'system' in scope:
# NOTE(lbragstad): If, or when, keystone supports role
# assignments on subsets of a system, this will have to evolve
# to handle that case instead of hardcoding to the entire
# system.
setattr(assignment, 'system', 'all')
assignment.domain = ''
assignment.project = ''
else:
assignment.system = ''
assignment.domain = ''
assignment.project = ''
inherited = scope.get('OS-INHERIT:inherited_to') == 'projects'
assignment.inherited = inherited
del assignment.scope
if hasattr(assignment, 'user'):
if include_names:
usr = '******'.join([assignment.user['name'],
assignment.user['domain']['name']])
setattr(assignment, 'user', usr)
else:
setattr(assignment, 'user', assignment.user['id'])
assignment.group = ''
elif hasattr(assignment, 'group'):
if include_names:
grp = '@'.join([assignment.group['name'],
assignment.group['domain']['name']])
setattr(assignment, 'group', grp)
else:
setattr(assignment, 'group', assignment.group['id'])
assignment.user = ''
else:
assignment.user = ''
assignment.group = ''
if hasattr(assignment, 'role'):
if include_names:
# TODO(henry-nash): If this is a domain specific role it
# would be good show this as role@domain, although this
# domain info is not yet included in the response from the
# server. Although we could get it by re-reading the role
# from the ID, let's wait until the server does the right
# thing.
setattr(assignment, 'role', assignment.role['name'])
else:
setattr(assignment, 'role', assignment.role['id'])
else:
assignment.role = ''
# Creating a tuple from data object fields
# (including the blank ones)
data_parsed.append(self._as_tuple(assignment))
return columns, tuple(data_parsed)
def take_action(self, parsed_args):
volume_client = self.app.client_manager.volume
compute_client = self.app.client_manager.compute
identity_client = self.app.client_manager.identity
if parsed_args.long:
columns = [
'ID',
'Name',
'Status',
'Size',
'Volume Type',
'Bootable',
'Attachments',
'Metadata',
]
column_headers = copy.deepcopy(columns)
column_headers[4] = 'Type'
column_headers[6] = 'Attached to'
column_headers[7] = 'Properties'
else:
columns = [
'ID',
'Name',
'Status',
'Size',
'Attachments',
]
column_headers = copy.deepcopy(columns)
column_headers[4] = 'Attached to'
# Cache the server list
server_cache = {}
try:
for s in compute_client.servers.list():
server_cache[s.id] = s
except Exception:
# Just forget it if there's any trouble
pass
AttachmentsColumnWithCache = functools.partial(
AttachmentsColumn, server_cache=server_cache)
project_id = None
if parsed_args.project:
project_id = identity_common.find_project(
identity_client,
parsed_args.project,
parsed_args.project_domain).id
user_id = None
if parsed_args.user:
user_id = identity_common.find_user(identity_client,
parsed_args.user,
parsed_args.user_domain).id
# set value of 'all_tenants' when using project option
all_projects = bool(parsed_args.project) or parsed_args.all_projects
search_opts = {
'all_tenants': all_projects,
'project_id': project_id,
'user_id': user_id,
'name': parsed_args.name,
'status': parsed_args.status,
}
data = volume_client.volumes.list(
search_opts=search_opts,
marker=parsed_args.marker,
limit=parsed_args.limit,
)
column_headers = utils.backward_compat_col_lister(
column_headers, parsed_args.columns, {'Display Name': 'Name'})
return (column_headers,
(utils.get_item_properties(
s, columns,
formatters={'Metadata': format_columns.DictColumn,
'Attachments': AttachmentsColumnWithCache},
) for s in data))
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
if parsed_args.user:
user = common.find_user(
identity_client,
parsed_args.user,
parsed_args.user_domain,
)
elif parsed_args.group:
group = common.find_group(
identity_client,
parsed_args.group,
parsed_args.group_domain,
)
if parsed_args.domain:
domain = common.find_domain(
identity_client,
parsed_args.domain,
)
elif parsed_args.project:
project = common.find_project(
identity_client,
parsed_args.project,
parsed_args.project_domain,
)
# no user or group specified, list all roles in the system
if not parsed_args.user and not parsed_args.group:
columns = ('ID', 'Name')
data = identity_client.roles.list()
elif parsed_args.user and parsed_args.domain:
columns = ('ID', 'Name', 'Domain', 'User')
data = identity_client.roles.list(
user=user,
domain=domain,
os_inherit_extension_inherited=parsed_args.inherited)
for user_role in data:
user_role.user = user.name
user_role.domain = domain.name
elif parsed_args.user and parsed_args.project:
columns = ('ID', 'Name', 'Project', 'User')
data = identity_client.roles.list(
user=user,
project=project,
os_inherit_extension_inherited=parsed_args.inherited)
for user_role in data:
user_role.user = user.name
user_role.project = project.name
elif parsed_args.user:
columns = ('ID', 'Name')
data = identity_client.roles.list(
user=user,
domain='default',
os_inherit_extension_inherited=parsed_args.inherited)
elif parsed_args.group and parsed_args.domain:
columns = ('ID', 'Name', 'Domain', 'Group')
data = identity_client.roles.list(
group=group,
domain=domain,
os_inherit_extension_inherited=parsed_args.inherited)
for group_role in data:
group_role.group = group.name
group_role.domain = domain.name
elif parsed_args.group and parsed_args.project:
columns = ('ID', 'Name', 'Project', 'Group')
data = identity_client.roles.list(
group=group,
project=project,
os_inherit_extension_inherited=parsed_args.inherited)
for group_role in data:
group_role.group = group.name
group_role.project = project.name
else:
sys.stderr.write("Error: If a user or group is specified, either "
"--domain or --project must also be specified to "
"list role grants.\n")
return ([], [])
return (columns, (utils.get_item_properties(
s,
columns,
formatters={},
) for s in data))
def take_action(self, parsed_args):
compute_client = self.app.client_manager.compute
identity_client = self.app.client_manager.identity
project_id = None
if parsed_args.project:
project_id = identity_common.find_project(
identity_client, parsed_args.project, parsed_args.project_domain
).id
parsed_args.all_projects = True
user_id = None
if parsed_args.user:
user_id = identity_common.find_user(identity_client, parsed_args.user, parsed_args.user_domain).id
# Nova only supports list servers searching by flavor ID. So if a
# flavor name is given, map it to ID.
flavor_id = None
if parsed_args.flavor:
flavor_id = utils.find_resource(compute_client.flavors, parsed_args.flavor).id
# Nova only supports list servers searching by image ID. So if a
# image name is given, map it to ID.
image_id = None
if parsed_args.image:
image_id = utils.find_resource(compute_client.images, parsed_args.image).id
search_opts = {
"reservation_id": parsed_args.reservation_id,
"ip": parsed_args.ip,
"ip6": parsed_args.ip6,
"name": parsed_args.name,
"instance_name": parsed_args.instance_name,
"status": parsed_args.status,
"flavor": flavor_id,
"image": image_id,
"host": parsed_args.host,
"tenant_id": project_id,
"all_tenants": parsed_args.all_projects,
"user_id": user_id,
}
self.log.debug("search options: %s", search_opts)
if parsed_args.long:
columns = (
"ID",
"Name",
"Status",
"OS-EXT-STS:task_state",
"OS-EXT-STS:power_state",
"Networks",
"OS-EXT-AZ:availability_zone",
"OS-EXT-SRV-ATTR:host",
"Metadata",
)
column_headers = (
"ID",
"Name",
"Status",
"Task State",
"Power State",
"Networks",
"Availability Zone",
"Host",
"Properties",
)
mixed_case_fields = [
"OS-EXT-STS:task_state",
"OS-EXT-STS:power_state",
"OS-EXT-AZ:availability_zone",
"OS-EXT-SRV-ATTR:host",
]
else:
columns = ("ID", "Name", "Status", "Networks")
column_headers = ("ID", "Name", "Status", "Networks")
mixed_case_fields = []
marker_id = None
if parsed_args.marker:
marker_id = utils.find_resource(compute_client.servers, parsed_args.marker).id
data = compute_client.servers.list(search_opts=search_opts, marker=marker_id, limit=parsed_args.limit)
return (
column_headers,
(
utils.get_item_properties(
s,
columns,
mixed_case_fields=mixed_case_fields,
formatters={
"OS-EXT-STS:power_state": _format_servers_list_power_state,
"Networks": _format_servers_list_networks,
"Metadata": utils.format_dict,
},
)
for s in data
),
)
def take_action(self, parsed_args):
volume_client = self.app.client_manager.volume
compute_client = self.app.client_manager.compute
identity_client = self.app.client_manager.identity
def _format_attach(attachments):
"""Return a formatted string of a volume's attached instances
:param attachments: a volume.attachments field
:rtype: a string of formatted instances
"""
msg = ''
for attachment in attachments:
server = attachment['server_id']
if server in server_cache:
server = server_cache[server].name
device = attachment['device']
msg += 'Attached to %s on %s ' % (server, device)
return msg
if parsed_args.long:
columns = [
'ID',
'Name',
'Status',
'Size',
'Volume Type',
'Bootable',
'Attachments',
'Metadata',
]
column_headers = copy.deepcopy(columns)
column_headers[1] = 'Display Name'
column_headers[4] = 'Type'
column_headers[6] = 'Attached to'
column_headers[7] = 'Properties'
else:
columns = [
'ID',
'Name',
'Status',
'Size',
'Attachments',
]
column_headers = copy.deepcopy(columns)
column_headers[1] = 'Display Name'
column_headers[4] = 'Attached to'
# Cache the server list
server_cache = {}
try:
for s in compute_client.servers.list():
server_cache[s.id] = s
except Exception:
# Just forget it if there's any trouble
pass
project_id = None
if parsed_args.project:
project_id = identity_common.find_project(
identity_client,
parsed_args.project,
parsed_args.project_domain)
user_id = None
if parsed_args.user:
user_id = identity_common.find_user(identity_client,
parsed_args.user,
parsed_args.user_domain)
search_opts = {
'all_tenants': parsed_args.all_projects,
'project_id': project_id,
'user_id': user_id,
'display_name': parsed_args.name,
'status': parsed_args.status,
}
data = volume_client.volumes.list(search_opts=search_opts)
return (column_headers,
(utils.get_item_properties(
s, columns,
formatters={'Metadata': utils.format_dict,
'Attachments': _format_attach},
) for s in data))
def take_action(self, parsed_args):
share_client = self.app.client_manager.share
identity_client = self.app.client_manager.identity
# TODO(gouthamr): Add support for ~name, ~description
# export_location filtering
if parsed_args.long:
columns = SHARE_ATTRIBUTES
column_headers = SHARE_ATTRIBUTES_HEADERS
else:
columns = [
'id', 'name', 'size', 'share_proto', 'status', 'is_public',
'share_type_name', 'host', 'availability_zone'
]
column_headers = [
'ID', 'Name', 'Size', 'Share Proto', 'Status', 'Is Public',
'Share Type Name', 'Host', 'Availability Zone'
]
project_id = None
if parsed_args.project:
project_id = identity_common.find_project(
identity_client, parsed_args.project,
parsed_args.project_domain).id
user_id = None
if parsed_args.user:
user_id = identity_common.find_user(identity_client,
parsed_args.user,
parsed_args.user_domain).id
# set value of 'all_tenants' when using project option
all_tenants = bool(parsed_args.project) or parsed_args.all_projects
share_type_id = None
if parsed_args.share_type:
share_type_id = apiutils.find_resource(share_client.share_types,
parsed_args.share_type).id
snapshot_id = None
if parsed_args.snapshot:
snapshot_id = apiutils.find_resource(share_client.share_snapshots,
parsed_args.snapshot).id
share_network_id = None
if parsed_args.share_network:
share_network_id = apiutils.find_resource(
share_client.share_networks, parsed_args.share_network).id
share_group_id = None
if parsed_args.share_group:
share_group_id = apiutils.find_resource(share_client.share_groups,
parsed_args.share_group).id
share_server_id = None
if parsed_args.share_server:
share_server_id = apiutils.find_resource(
share_client.share_servers, parsed_args.share_server).id
search_opts = {
'all_tenants': all_tenants,
'is_public': parsed_args.public,
'metadata': utils.extract_key_value_options(parsed_args.property),
'extra_specs':
utils.extract_key_value_options(parsed_args.extra_spec),
'limit': parsed_args.limit,
'name': parsed_args.name,
'status': parsed_args.status,
'host': parsed_args.host,
'share_server_id': share_server_id,
'share_network_id': share_network_id,
'share_type_id': share_type_id,
'snapshot_id': snapshot_id,
'share_group_id': share_group_id,
'project_id': project_id,
'user_id': user_id,
'offset': parsed_args.marker,
}
# NOTE(vkmc) We implemented sorting and filtering in manilaclient
# but we will use the one provided by osc
data = share_client.shares.list(search_opts=search_opts)
data = oscutils.sort_items(data, parsed_args.sort, str)
return (column_headers, (oscutils.get_item_properties(
s,
columns,
formatters={'Metadata': oscutils.format_dict},
) for s in data))
def take_action(self, parsed_args):
self.log.debug('take_action(%s)' % parsed_args)
identity_client = self.app.client_manager.identity
role = None
if parsed_args.role:
role = utils.find_resource(
identity_client.roles,
parsed_args.role,
)
user = None
if parsed_args.user:
user = common.find_user(
identity_client,
parsed_args.user,
)
domain = None
if parsed_args.domain:
domain = common.find_domain(
identity_client,
parsed_args.domain,
)
project = None
if parsed_args.project:
project = common.find_project(
identity_client,
parsed_args.project,
)
group = None
if parsed_args.group:
group = common.find_group(
identity_client,
parsed_args.group,
)
effective = True if parsed_args.effective else False
self.log.debug('take_action(%s)' % parsed_args)
columns = ('Role', 'User', 'Group', 'Project', 'Domain')
data = identity_client.role_assignments.list(domain=domain,
user=user,
group=group,
project=project,
role=role,
effective=effective)
data_parsed = []
for assignment in data:
# Removing the extra "scope" layer in the assignment json
scope = assignment.scope
if 'project' in scope:
setattr(assignment, 'project', scope['project']['id'])
assignment.domain = ''
elif 'domain' in scope:
setattr(assignment, 'domain', scope['domain']['id'])
assignment.project = ''
else:
assignment.domain = ''
assignment.project = ''
del assignment.scope
if hasattr(assignment, 'user'):
setattr(assignment, 'user', assignment.user['id'])
assignment.group = ''
elif hasattr(assignment, 'group'):
setattr(assignment, 'group', assignment.group['id'])
assignment.user = ''
else:
assignment.user = ''
assignment.group = ''
if hasattr(assignment, 'role'):
setattr(assignment, 'role', assignment.role['id'])
else:
assignment.role = ''
# Creating a tuple from data object fields
# (including the blank ones)
data_parsed.append(self._as_tuple(assignment))
return columns, tuple(data_parsed)
def take_action(self, parsed_args):
self.log.debug('take_action(%s)', parsed_args)
identity_client = self.app.client_manager.identity
if (not parsed_args.user and not parsed_args.domain
and not parsed_args.group and not parsed_args.project):
return
role = utils.find_resource(
identity_client.roles,
parsed_args.role,
)
kwargs = {}
if parsed_args.user and parsed_args.domain:
user_domain_id = self._get_domain_id_if_requested(
parsed_args.user_domain)
kwargs['user'] = common.find_user(
identity_client,
parsed_args.user,
user_domain_id,
).id
kwargs['domain'] = common.find_domain(
identity_client,
parsed_args.domain,
).id
elif parsed_args.user and parsed_args.project:
user_domain_id = self._get_domain_id_if_requested(
parsed_args.user_domain)
kwargs['user'] = common.find_user(
identity_client,
parsed_args.user,
user_domain_id,
).id
project_domain_id = self._get_domain_id_if_requested(
parsed_args.project_domain)
kwargs['project'] = common.find_project(
identity_client,
parsed_args.project,
project_domain_id,
).id
elif parsed_args.group and parsed_args.domain:
group_domain_id = self._get_domain_id_if_requested(
parsed_args.group_domain)
kwargs['group'] = common.find_group(
identity_client,
parsed_args.group,
group_domain_id,
).id
kwargs['domain'] = common.find_domain(
identity_client,
parsed_args.domain,
).id
elif parsed_args.group and parsed_args.project:
group_domain_id = self._get_domain_id_if_requested(
parsed_args.group_domain)
kwargs['group'] = common.find_group(
identity_client,
parsed_args.group,
group_domain_id,
).id
project_domain_id = self._get_domain_id_if_requested(
parsed_args.project_domain)
kwargs['project'] = common.find_project(
identity_client,
parsed_args.project,
project_domain_id,
).id
else:
sys.stderr.write("Role not added, incorrect set of arguments \
provided. See openstack --help for more details\n")
return
identity_client.roles.grant(role.id, **kwargs)
return
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
if parsed_args.user:
user = common.find_user(
identity_client,
parsed_args.user,
parsed_args.user_domain,
)
elif parsed_args.group:
group = common.find_group(
identity_client,
parsed_args.group,
parsed_args.group_domain,
)
if parsed_args.domain:
domain = common.find_domain(
identity_client,
parsed_args.domain,
)
elif parsed_args.project:
project = common.find_project(
identity_client,
parsed_args.project,
parsed_args.project_domain,
)
# no user or group specified, list all roles in the system
if not parsed_args.user and not parsed_args.group:
if not parsed_args.domain:
columns = ('ID', 'Name')
data = identity_client.roles.list()
else:
columns = ('ID', 'Name', 'Domain')
data = identity_client.roles.list(domain_id=domain.id)
for role in data:
role.domain = domain.name
elif parsed_args.user and parsed_args.domain:
columns = ('ID', 'Name', 'Domain', 'User')
data = identity_client.roles.list(
user=user,
domain=domain,
os_inherit_extension_inherited=parsed_args.inherited
)
for user_role in data:
user_role.user = user.name
user_role.domain = domain.name
self.log.warning(_('Listing assignments using role list is '
'deprecated. Use role assignment list --user '
'<user-name> --domain <domain-name> --names '
'instead.'))
elif parsed_args.user and parsed_args.project:
columns = ('ID', 'Name', 'Project', 'User')
data = identity_client.roles.list(
user=user,
project=project,
os_inherit_extension_inherited=parsed_args.inherited
)
for user_role in data:
user_role.user = user.name
user_role.project = project.name
self.log.warning(_('Listing assignments using role list is '
'deprecated. Use role assignment list --user '
'<user-name> --project <project-name> --names '
'instead.'))
elif parsed_args.user:
columns = ('ID', 'Name')
data = identity_client.roles.list(
user=user,
domain='default',
os_inherit_extension_inherited=parsed_args.inherited
)
self.log.warning(_('Listing assignments using role list is '
'deprecated. Use role assignment list --user '
'<user-name> --domain default --names '
'instead.'))
elif parsed_args.group and parsed_args.domain:
columns = ('ID', 'Name', 'Domain', 'Group')
data = identity_client.roles.list(
group=group,
domain=domain,
os_inherit_extension_inherited=parsed_args.inherited
)
for group_role in data:
group_role.group = group.name
group_role.domain = domain.name
self.log.warning(_('Listing assignments using role list is '
'deprecated. Use role assignment list --group '
'<group-name> --domain <domain-name> --names '
'instead.'))
elif parsed_args.group and parsed_args.project:
columns = ('ID', 'Name', 'Project', 'Group')
data = identity_client.roles.list(
group=group,
project=project,
os_inherit_extension_inherited=parsed_args.inherited
)
for group_role in data:
group_role.group = group.name
group_role.project = project.name
self.log.warning(_('Listing assignments using role list is '
'deprecated. Use role assignment list --group '
'<group-name> --project <project-name> --names '
'instead.'))
else:
sys.stderr.write(_("Error: If a user or group is specified, "
"either --domain or --project must also be "
"specified to list role grants.\n"))
return ([], [])
return (columns,
(utils.get_item_properties(
s, columns,
formatters={},
) for s in data))
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
if parsed_args.user:
user = common.find_user(
identity_client,
parsed_args.user,
parsed_args.user_domain,
)
elif parsed_args.group:
group = common.find_group(
identity_client,
parsed_args.group,
parsed_args.group_domain,
)
if parsed_args.domain:
domain = common.find_domain(
identity_client,
parsed_args.domain,
)
elif parsed_args.project:
project = common.find_project(
identity_client,
parsed_args.project,
parsed_args.project_domain,
)
# no user or group specified, list all roles in the system
if not parsed_args.user and not parsed_args.group:
if not parsed_args.domain:
columns = ('ID', 'Name')
data = identity_client.roles.list()
else:
columns = ('ID', 'Name', 'Domain')
data = identity_client.roles.list(domain_id=domain.id)
for role in data:
role.domain = domain.name
elif parsed_args.user and parsed_args.domain:
columns = ('ID', 'Name', 'Domain', 'User')
data = identity_client.roles.list(
user=user,
domain=domain,
os_inherit_extension_inherited=parsed_args.inherited)
for user_role in data:
user_role.user = user.name
user_role.domain = domain.name
self.log.warning(
_('Listing assignments using role list is '
'deprecated. Use role assignment list --user '
'<user-name> --domain <domain-name> --names '
'instead.'))
elif parsed_args.user and parsed_args.project:
columns = ('ID', 'Name', 'Project', 'User')
data = identity_client.roles.list(
user=user,
project=project,
os_inherit_extension_inherited=parsed_args.inherited)
for user_role in data:
user_role.user = user.name
user_role.project = project.name
self.log.warning(
_('Listing assignments using role list is '
'deprecated. Use role assignment list --user '
'<user-name> --project <project-name> --names '
'instead.'))
elif parsed_args.user:
columns = ('ID', 'Name')
data = identity_client.roles.list(
user=user,
domain='default',
os_inherit_extension_inherited=parsed_args.inherited)
self.log.warning(
_('Listing assignments using role list is '
'deprecated. Use role assignment list --user '
'<user-name> --domain default --names '
'instead.'))
elif parsed_args.group and parsed_args.domain:
columns = ('ID', 'Name', 'Domain', 'Group')
data = identity_client.roles.list(
group=group,
domain=domain,
os_inherit_extension_inherited=parsed_args.inherited)
for group_role in data:
group_role.group = group.name
group_role.domain = domain.name
self.log.warning(
_('Listing assignments using role list is '
'deprecated. Use role assignment list --group '
'<group-name> --domain <domain-name> --names '
'instead.'))
elif parsed_args.group and parsed_args.project:
columns = ('ID', 'Name', 'Project', 'Group')
data = identity_client.roles.list(
group=group,
project=project,
os_inherit_extension_inherited=parsed_args.inherited)
for group_role in data:
group_role.group = group.name
group_role.project = project.name
self.log.warning(
_('Listing assignments using role list is '
'deprecated. Use role assignment list --group '
'<group-name> --project <project-name> --names '
'instead.'))
else:
msg = _("Error: If a user or group is specified, "
"either --domain or --project must also be "
"specified to list role grants.")
raise exceptions.CommandError(msg)
return (columns, (utils.get_item_properties(
s,
columns,
formatters={},
) for s in data))
def take_action(self, parsed_args):
volume_client = self.app.client_manager.volume
compute_client = self.app.client_manager.compute
identity_client = self.app.client_manager.identity
def _format_attach(attachments):
"""Return a formatted string of a volume's attached instances
:param attachments: a volume.attachments field
:rtype: a string of formatted instances
"""
msg = ""
for attachment in attachments:
server = attachment["server_id"]
if server in server_cache:
server = server_cache[server].name
device = attachment["device"]
msg += "Attached to %s on %s " % (server, device)
return msg
if parsed_args.long:
columns = ["ID", "Name", "Status", "Size", "Volume Type", "Bootable", "Attachments", "Metadata"]
column_headers = copy.deepcopy(columns)
column_headers[1] = "Display Name"
column_headers[4] = "Type"
column_headers[6] = "Attached to"
column_headers[7] = "Properties"
else:
columns = ["ID", "Name", "Status", "Size", "Attachments"]
column_headers = copy.deepcopy(columns)
column_headers[1] = "Display Name"
column_headers[4] = "Attached to"
# Cache the server list
server_cache = {}
try:
for s in compute_client.servers.list():
server_cache[s.id] = s
except Exception:
# Just forget it if there's any trouble
pass
project_id = None
if parsed_args.project:
project_id = identity_common.find_project(identity_client, parsed_args.project, parsed_args.project_domain)
user_id = None
if parsed_args.user:
user_id = identity_common.find_user(identity_client, parsed_args.user, parsed_args.user_domain)
search_opts = {
"all_tenants": parsed_args.all_projects,
"project_id": project_id,
"user_id": user_id,
"display_name": parsed_args.name,
"status": parsed_args.status,
}
data = volume_client.volumes.list(search_opts=search_opts)
return (
column_headers,
(
utils.get_item_properties(
s, columns, formatters={"Metadata": utils.format_dict, "Attachments": _format_attach}
)
for s in data
),
)
def take_action(self, parsed_args):
self.log.debug('take_action(%s)' % parsed_args)
identity_client = self.app.client_manager.identity
role = None
if parsed_args.role:
role = utils.find_resource(
identity_client.roles,
parsed_args.role,
)
user = None
if parsed_args.user:
user = common.find_user(
identity_client,
parsed_args.user,
)
domain = None
if parsed_args.domain:
domain = common.find_domain(
identity_client,
parsed_args.domain,
)
project = None
if parsed_args.project:
project = common.find_project(
identity_client,
parsed_args.project,
)
group = None
if parsed_args.group:
group = common.find_group(
identity_client,
parsed_args.group,
)
effective = True if parsed_args.effective else False
self.log.debug('take_action(%s)' % parsed_args)
columns = ('Role', 'User', 'Group', 'Project', 'Domain')
data = identity_client.role_assignments.list(
domain=domain,
user=user,
group=group,
project=project,
role=role,
effective=effective)
data_parsed = []
for assignment in data:
# Removing the extra "scope" layer in the assignment json
scope = assignment.scope
if 'project' in scope:
setattr(assignment, 'project', scope['project']['id'])
assignment.domain = ''
elif 'domain' in scope:
setattr(assignment, 'domain', scope['domain']['id'])
assignment.project = ''
else:
assignment.domain = ''
assignment.project = ''
del assignment.scope
if hasattr(assignment, 'user'):
setattr(assignment, 'user', assignment.user['id'])
assignment.group = ''
elif hasattr(assignment, 'group'):
setattr(assignment, 'group', assignment.group['id'])
assignment.user = ''
else:
assignment.user = ''
assignment.group = ''
if hasattr(assignment, 'role'):
setattr(assignment, 'role', assignment.role['id'])
else:
assignment.role = ''
# Creating a tuple from data object fields
# (including the blank ones)
data_parsed.append(self._as_tuple(assignment))
return columns, tuple(data_parsed)
