def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
domain = None
if parsed_args.domain:
domain = common.find_domain(identity_client, parsed_args.domain).id
if parsed_args.user:
user = common.find_user(
identity_client,
parsed_args.user,
parsed_args.user_domain,
).id
else:
user = None
# List groups
if parsed_args.long:
columns = ('ID', 'Name', 'Domain ID', 'Description')
else:
columns = ('ID', 'Name')
data = identity_client.groups.list(
domain=domain,
user=user,
)
return (columns, (utils.get_item_properties(
s,
columns,
formatters={},
) for s in data))
def _process_identity_and_resource_options(parsed_args,
identity_client_manager):
kwargs = {}
if parsed_args.user and parsed_args.domain:
kwargs['user'] = common.find_user(
identity_client_manager,
parsed_args.user,
parsed_args.user_domain,
).id
kwargs['domain'] = common.find_domain(
identity_client_manager,
parsed_args.domain,
).id
elif parsed_args.user and parsed_args.project:
kwargs['user'] = common.find_user(
identity_client_manager,
parsed_args.user,
parsed_args.user_domain,
).id
kwargs['project'] = common.find_project(
identity_client_manager,
parsed_args.project,
parsed_args.project_domain,
).id
elif parsed_args.group and parsed_args.domain:
kwargs['group'] = common.find_group(
identity_client_manager,
parsed_args.group,
parsed_args.group_domain,
).id
kwargs['domain'] = common.find_domain(
identity_client_manager,
parsed_args.domain,
).id
elif parsed_args.group and parsed_args.project:
kwargs['group'] = common.find_group(
identity_client_manager,
parsed_args.group,
parsed_args.group_domain,
).id
kwargs['project'] = common.find_project(
identity_client_manager,
parsed_args.project,
parsed_args.project_domain,
).id
kwargs['os_inherit_extension_inherited'] = parsed_args.inherited
return kwargs
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
# NOTE(stevemar): Find the two users, project and roles that
# are necessary for making a trust usable, the API dictates that
# trustee, project and role are optional, but that makes the trust
# pointless, and trusts are immutable, so let's enforce it at the
# client level.
trustor_id = common.find_user(identity_client, parsed_args.trustor,
parsed_args.trustor_domain).id
trustee_id = common.find_user(identity_client, parsed_args.trustee,
parsed_args.trustee_domain).id
project_id = common.find_project(identity_client, parsed_args.project,
parsed_args.project_domain).id
role_names = []
for role in parsed_args.role:
role_name = utils.find_resource(
identity_client.roles,
role,
).name
role_names.append(role_name)
expires_at = None
if parsed_args.expiration:
expires_at = datetime.datetime.strptime(parsed_args.expiration,
'%Y-%m-%dT%H:%M:%S')
trust = identity_client.trusts.create(
trustee_id,
trustor_id,
impersonation=parsed_args.impersonate,
project=project_id,
role_names=role_names,
expires_at=expires_at,
)
trust._info.pop('roles_links', None)
trust._info.pop('links', None)
# Format roles into something sensible
roles = trust._info.pop('roles')
msg = ' '.join(r['name'] for r in roles)
trust._info['roles'] = msg
return zip(*sorted(six.iteritems(trust._info)))
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
user_id = common.find_user(identity_client, parsed_args.user,
parsed_args.user_domain).id
group_id = common.find_group(identity_client, parsed_args.group,
parsed_args.group_domain).id
try:
identity_client.users.check_in_group(user_id, group_id)
except Exception:
sys.stderr.write("%s not in group %s\n" %
(parsed_args.user, parsed_args.group))
else:
sys.stdout.write("%s in group %s\n" %
(parsed_args.user, parsed_args.group))
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
role = None
if parsed_args.role:
role = utils.find_resource(
identity_client.roles,
parsed_args.role,
)
user = None
if parsed_args.user:
user = common.find_user(
identity_client,
parsed_args.user,
parsed_args.user_domain,
)
domain = None
if parsed_args.domain:
domain = common.find_domain(
identity_client,
parsed_args.domain,
)
project = None
if parsed_args.project:
project = common.find_project(
identity_client,
parsed_args.project,
parsed_args.project_domain,
)
group = None
if parsed_args.group:
group = common.find_group(
identity_client,
parsed_args.group,
parsed_args.group_domain,
)
include_names = True if parsed_args.names else False
effective = True if parsed_args.effective else False
columns = ('Role', 'User', 'Group', 'Project', 'Domain', 'Inherited')
inherited_to = 'projects' if parsed_args.inherited else None
data = identity_client.role_assignments.list(
domain=domain,
user=user,
group=group,
project=project,
role=role,
effective=effective,
os_inherit_extension_inherited_to=inherited_to,
include_names=include_names)
data_parsed = []
for assignment in data:
# Removing the extra "scope" layer in the assignment json
scope = assignment.scope
if 'project' in scope:
if include_names:
prj = '@'.join([
scope['project']['name'],
scope['project']['domain']['name']
])
setattr(assignment, 'project', prj)
else:
setattr(assignment, 'project', scope['project']['id'])
assignment.domain = ''
elif 'domain' in scope:
if include_names:
setattr(assignment, 'domain', scope['domain']['name'])
else:
setattr(assignment, 'domain', scope['domain']['id'])
assignment.project = ''
else:
assignment.domain = ''
assignment.project = ''
inherited = scope.get('OS-INHERIT:inherited_to') == 'projects'
assignment.inherited = inherited
del assignment.scope
if hasattr(assignment, 'user'):
if include_names:
usr = '******'.join([
assignment.user['name'],
assignment.user['domain']['name']
])
setattr(assignment, 'user', usr)
else:
setattr(assignment, 'user', assignment.user['id'])
assignment.group = ''
elif hasattr(assignment, 'group'):
if include_names:
grp = '@'.join([
assignment.group['name'],
assignment.group['domain']['name']
])
setattr(assignment, 'group', grp)
else:
setattr(assignment, 'group', assignment.group['id'])
assignment.user = ''
else:
assignment.user = ''
assignment.group = ''
if hasattr(assignment, 'role'):
if include_names:
setattr(assignment, 'role', assignment.role['name'])
else:
setattr(assignment, 'role', assignment.role['id'])
else:
assignment.role = ''
# Creating a tuple from data object fields
# (including the blank ones)
data_parsed.append(self._as_tuple(assignment))
return columns, tuple(data_parsed)
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
if parsed_args.user:
user = common.find_user(
identity_client,
parsed_args.user,
parsed_args.user_domain,
)
elif parsed_args.group:
group = common.find_group(
identity_client,
parsed_args.group,
parsed_args.group_domain,
)
if parsed_args.domain:
domain = common.find_domain(
identity_client,
parsed_args.domain,
)
elif parsed_args.project:
project = common.find_project(
identity_client,
parsed_args.project,
parsed_args.project_domain,
)
# no user or group specified, list all roles in the system
if not parsed_args.user and not parsed_args.group:
columns = ('ID', 'Name')
data = identity_client.roles.list()
elif parsed_args.user and parsed_args.domain:
columns = ('ID', 'Name', 'Domain', 'User')
data = identity_client.roles.list(
user=user,
domain=domain,
os_inherit_extension_inherited=parsed_args.inherited)
for user_role in data:
user_role.user = user.name
user_role.domain = domain.name
elif parsed_args.user and parsed_args.project:
columns = ('ID', 'Name', 'Project', 'User')
data = identity_client.roles.list(
user=user,
project=project,
os_inherit_extension_inherited=parsed_args.inherited)
for user_role in data:
user_role.user = user.name
user_role.project = project.name
elif parsed_args.user:
columns = ('ID', 'Name')
data = identity_client.roles.list(
user=user,
domain='default',
os_inherit_extension_inherited=parsed_args.inherited)
elif parsed_args.group and parsed_args.domain:
columns = ('ID', 'Name', 'Domain', 'Group')
data = identity_client.roles.list(
group=group,
domain=domain,
os_inherit_extension_inherited=parsed_args.inherited)
for group_role in data:
group_role.group = group.name
group_role.domain = domain.name
elif parsed_args.group and parsed_args.project:
columns = ('ID', 'Name', 'Project', 'Group')
data = identity_client.roles.list(
group=group,
project=project,
os_inherit_extension_inherited=parsed_args.inherited)
for group_role in data:
group_role.group = group.name
group_role.project = project.name
else:
sys.stderr.write("Error: If a user or group is specified, either "
"--domain or --project must also be specified to "
"list role grants.\n")
return ([], [])
return (columns, (utils.get_item_properties(
s,
columns,
formatters={},
) for s in data))
def take_action(self, parsed_args):
volume_client = self.app.client_manager.volume
compute_client = self.app.client_manager.compute
identity_client = self.app.client_manager.identity
def _format_attach(attachments):
"""Return a formatted string of a volume's attached instances
:param attachments: a volume.attachments field
:rtype: a string of formatted instances
"""
msg = ''
for attachment in attachments:
server = attachment['server_id']
if server in server_cache:
server = server_cache[server].name
device = attachment['device']
msg += 'Attached to %s on %s ' % (server, device)
return msg
if parsed_args.long:
columns = [
'ID',
'Name',
'Status',
'Size',
'Volume Type',
'Bootable',
'Attachments',
'Metadata',
]
column_headers = copy.deepcopy(columns)
column_headers[1] = 'Display Name'
column_headers[4] = 'Type'
column_headers[6] = 'Attached to'
column_headers[7] = 'Properties'
else:
columns = [
'ID',
'Name',
'Status',
'Size',
'Attachments',
]
column_headers = copy.deepcopy(columns)
column_headers[1] = 'Display Name'
column_headers[4] = 'Attached to'
# Cache the server list
server_cache = {}
try:
for s in compute_client.servers.list():
server_cache[s.id] = s
except Exception:
# Just forget it if there's any trouble
pass
project_id = None
if parsed_args.project:
project_id = identity_common.find_project(
identity_client, parsed_args.project,
parsed_args.project_domain)
user_id = None
if parsed_args.user:
user_id = identity_common.find_user(identity_client,
parsed_args.user,
parsed_args.user_domain)
search_opts = {
'all_tenants': parsed_args.all_projects,
'project_id': project_id,
'user_id': user_id,
'display_name': parsed_args.name,
'status': parsed_args.status,
}
data = volume_client.volumes.list(search_opts=search_opts)
return (column_headers, (utils.get_item_properties(
s,
columns,
formatters={
'Metadata': utils.format_dict,
'Attachments': _format_attach
},
) for s in data))
