Esempio n. 1
0
    def take_action(self, parsed_args):
        identity_client = self.app.client_manager.identity

        user_id = common.find_user(identity_client, parsed_args.user,
                                   parsed_args.user_domain).id
        group_id = common.find_group(identity_client, parsed_args.group,
                                     parsed_args.group_domain).id

        try:
            identity_client.users.check_in_group(user_id, group_id)
        except ks_exc.http.HTTPClientError as e:
            if e.http_status == 403 or e.http_status == 404:
                msg = _("%(user)s not in group %(group)s\n") % {
                    'user': parsed_args.user,
                    'group': parsed_args.group,
                }
                sys.stderr.write(msg)
            else:
                raise e
        else:
            msg = _("%(user)s in group %(group)s\n") % {
                'user': parsed_args.user,
                'group': parsed_args.group,
            }
            sys.stdout.write(msg)
Esempio n. 2
0
    def take_action(self, parsed_args):
        identity_client = self.app.client_manager.identity

        for group in parsed_args.groups:
            group_obj = common.find_group(identity_client, group,
                                          parsed_args.domain)
            identity_client.groups.delete(group_obj.id)
Esempio n. 3
0
    def take_action(self, parsed_args):
        identity_client = self.app.client_manager.identity

        errors = 0
        for group in parsed_args.groups:
            try:
                group_obj = common.find_group(identity_client, group,
                                              parsed_args.domain)
                identity_client.groups.delete(group_obj.id)
            except Exception as e:
                errors += 1
                LOG.error(
                    _("Failed to delete group with "
                      "name or ID '%(group)s': %(e)s"), {
                          'group': group,
                          'e': e
                      })

        if errors > 0:
            total = len(parsed_args.groups)
            msg = (_("%(errors)s of %(total)s groups failed "
                     "to delete.") % {
                         'errors': errors,
                         'total': total
                     })
            raise exceptions.CommandError(msg)
Esempio n. 4
0
    def take_action(self, parsed_args):
        identity_client = self.app.client_manager.identity

        group_id = common.find_group(identity_client, parsed_args.group,
                                     parsed_args.group_domain).id

        result = 0
        for i in parsed_args.user:
            try:
                user_id = common.find_user(identity_client, i,
                                           parsed_args.user_domain).id
                identity_client.users.add_to_group(user_id, group_id)
            except Exception as e:
                result += 1
                msg = _("%(user)s not added to group %(group)s: %(e)s") % {
                    'user': i,
                    'group': parsed_args.group,
                    'e': e,
                }
                LOG.error(msg)
        if result > 0:
            total = len(parsed_args.user)
            msg = (_("%(result)s of %(total)s users not added to group "
                     "%(group)s.")) % {
                         'result': result,
                         'total': total,
                         'group': parsed_args.group,
                     }
            raise exceptions.CommandError(msg)
Esempio n. 5
0
    def take_action(self, parsed_args):
        identity_client = self.app.client_manager.identity

        group_id = common.find_group(identity_client,
                                     parsed_args.group,
                                     parsed_args.group_domain).id

        result = 0
        for i in parsed_args.user:
            try:
                user_id = common.find_user(identity_client,
                                           i,
                                           parsed_args.user_domain).id
                identity_client.users.add_to_group(user_id, group_id)
            except Exception as e:
                result += 1
                msg = _("%(user)s not added to group %(group)s: %(e)s") % {
                    'user': i,
                    'group': parsed_args.group,
                    'e': e,
                }
                LOG.error(msg)
        if result > 0:
            total = len(parsed_args.user)
            msg = (_("%(result)s of %(total)s users not added to group "
                   "%(group)s.")) % {
                'result': result,
                'total': total,
                'group': parsed_args.group,
            }
            raise exceptions.CommandError(msg)
Esempio n. 6
0
    def take_action(self, parsed_args):
        identity_client = self.app.client_manager.identity

        user_id = common.find_user(identity_client,
                                   parsed_args.user,
                                   parsed_args.user_domain).id
        group_id = common.find_group(identity_client,
                                     parsed_args.group,
                                     parsed_args.group_domain).id

        try:
            identity_client.users.check_in_group(user_id, group_id)
        except ks_exc.http.HTTPClientError as e:
            if e.http_status == 403 or e.http_status == 404:
                msg = _("%(user)s not in group %(group)s\n") % {
                    'user': parsed_args.user,
                    'group': parsed_args.group,
                }
                self.app.stderr.write(msg)
            else:
                raise e
        else:
            msg = _("%(user)s in group %(group)s\n") % {
                'user': parsed_args.user,
                'group': parsed_args.group,
            }
            self.app.stdout.write(msg)
Esempio n. 7
0
def _process_identity_and_resource_options(parsed_args,
                                           identity_client_manager):
    kwargs = {}
    if parsed_args.user and parsed_args.domain:
        kwargs['user'] = common.find_user(
            identity_client_manager,
            parsed_args.user,
            parsed_args.user_domain,
        ).id
        kwargs['domain'] = common.find_domain(
            identity_client_manager,
            parsed_args.domain,
        ).id
    elif parsed_args.user and parsed_args.project:
        kwargs['user'] = common.find_user(
            identity_client_manager,
            parsed_args.user,
            parsed_args.user_domain,
        ).id
        kwargs['project'] = common.find_project(
            identity_client_manager,
            parsed_args.project,
            parsed_args.project_domain,
        ).id
    elif parsed_args.group and parsed_args.domain:
        kwargs['group'] = common.find_group(
            identity_client_manager,
            parsed_args.group,
            parsed_args.group_domain,
        ).id
        kwargs['domain'] = common.find_domain(
            identity_client_manager,
            parsed_args.domain,
        ).id
    elif parsed_args.group and parsed_args.project:
        kwargs['group'] = common.find_group(
            identity_client_manager,
            parsed_args.group,
            parsed_args.group_domain,
        ).id
        kwargs['project'] = common.find_project(
            identity_client_manager,
            parsed_args.project,
            parsed_args.project_domain,
        ).id
    kwargs['os_inherit_extension_inherited'] = parsed_args.inherited
    return kwargs
Esempio n. 8
0
def _process_identity_and_resource_options(parsed_args,
                                           identity_client_manager):
    kwargs = {}
    if parsed_args.user and parsed_args.domain:
        kwargs['user'] = common.find_user(
            identity_client_manager,
            parsed_args.user,
            parsed_args.user_domain,
        ).id
        kwargs['domain'] = common.find_domain(
            identity_client_manager,
            parsed_args.domain,
        ).id
    elif parsed_args.user and parsed_args.project:
        kwargs['user'] = common.find_user(
            identity_client_manager,
            parsed_args.user,
            parsed_args.user_domain,
        ).id
        kwargs['project'] = common.find_project(
            identity_client_manager,
            parsed_args.project,
            parsed_args.project_domain,
        ).id
    elif parsed_args.group and parsed_args.domain:
        kwargs['group'] = common.find_group(
            identity_client_manager,
            parsed_args.group,
            parsed_args.group_domain,
        ).id
        kwargs['domain'] = common.find_domain(
            identity_client_manager,
            parsed_args.domain,
        ).id
    elif parsed_args.group and parsed_args.project:
        kwargs['group'] = common.find_group(
            identity_client_manager,
            parsed_args.group,
            parsed_args.group_domain,
        ).id
        kwargs['project'] = common.find_project(
            identity_client_manager,
            parsed_args.project,
            parsed_args.project_domain,
        ).id
    kwargs['os_inherit_extension_inherited'] = parsed_args.inherited
    return kwargs
    def take_action(self, parsed_args):
        identity_client = self.app.client_manager.identity

        for group in parsed_args.groups:
            group_obj = common.find_group(identity_client,
                                          group,
                                          parsed_args.domain)
            identity_client.groups.delete(group_obj.id)
Esempio n. 10
0
    def take_action(self, parsed_args):
        identity_client = self.app.client_manager.identity

        group = common.find_group(identity_client,
                                  parsed_args.group,
                                  domain_name_or_id=parsed_args.domain)

        group._info.pop('links')
        return zip(*sorted(six.iteritems(group._info)))
Esempio n. 11
0
 def _find_group():
     try:
         return common.find_group(
             identity_client_manager,
             parsed_args.group,
             parsed_args.group_domain
         ).id
     except exceptions.CommandError:
         if not validate_actor_existence:
             return parsed_args.group
         raise
Esempio n. 12
0
    def take_action(self, parsed_args):
        identity_client = self.app.client_manager.identity
        group = common.find_group(identity_client, parsed_args.group,
                                  parsed_args.domain)
        kwargs = {}
        if parsed_args.name:
            kwargs['name'] = parsed_args.name
        if parsed_args.description:
            kwargs['description'] = parsed_args.description

        identity_client.groups.update(group.id, **kwargs)
Esempio n. 13
0
    def take_action(self, parsed_args):
        identity_client = self.app.client_manager.identity
        group = common.find_group(identity_client, parsed_args.group,
                                  parsed_args.domain)
        kwargs = {}
        if parsed_args.name:
            kwargs['name'] = parsed_args.name
        if parsed_args.description:
            kwargs['description'] = parsed_args.description

        identity_client.groups.update(group.id, **kwargs)
Esempio n. 14
0
def _process_identity_and_resource_options(parsed_args, identity_client_manager):
    kwargs = {}
    if parsed_args.user and parsed_args.domain:
        kwargs["user"] = common.find_user(identity_client_manager, parsed_args.user, parsed_args.user_domain).id
        kwargs["domain"] = common.find_domain(identity_client_manager, parsed_args.domain).id
    elif parsed_args.user and parsed_args.project:
        kwargs["user"] = common.find_user(identity_client_manager, parsed_args.user, parsed_args.user_domain).id
        kwargs["project"] = common.find_project(
            identity_client_manager, parsed_args.project, parsed_args.project_domain
        ).id
    elif parsed_args.group and parsed_args.domain:
        kwargs["group"] = common.find_group(identity_client_manager, parsed_args.group, parsed_args.group_domain).id
        kwargs["domain"] = common.find_domain(identity_client_manager, parsed_args.domain).id
    elif parsed_args.group and parsed_args.project:
        kwargs["group"] = common.find_group(identity_client_manager, parsed_args.group, parsed_args.group_domain).id
        kwargs["project"] = common.find_project(
            identity_client_manager, parsed_args.project, parsed_args.project_domain
        ).id
    kwargs["os_inherit_extension_inherited"] = parsed_args.inherited
    return kwargs
Esempio n. 15
0
    def take_action(self, parsed_args):
        identity_client = self.app.client_manager.identity
        group = common.find_group(identity_client, parsed_args.group,
                                  parsed_args.domain)
        kwargs = {}
        if parsed_args.name:
            kwargs['name'] = parsed_args.name
        if parsed_args.description:
            kwargs['description'] = parsed_args.description

        if not len(kwargs):
            sys.stderr.write("Group not updated, no arguments present")
            return
        identity_client.groups.update(group.id, **kwargs)
    def take_action(self, parsed_args):
        identity_client = self.app.client_manager.identity

        user_id = common.find_user(identity_client, parsed_args.user,
                                   parsed_args.user_domain).id
        group_id = common.find_group(identity_client, parsed_args.group,
                                     parsed_args.group_domain).id

        try:
            identity_client.users.check_in_group(user_id, group_id)
        except Exception:
            sys.stderr.write("%s not in group %s\n" %
                             (parsed_args.user, parsed_args.group))
        else:
            sys.stdout.write("%s in group %s\n" %
                             (parsed_args.user, parsed_args.group))
Esempio n. 17
0
    def take_action(self, parsed_args):
        self.log.debug('take_action(%s)', parsed_args)
        identity_client = self.app.client_manager.identity

        user_id = common.find_user(identity_client, parsed_args.user,
                                   parsed_args.user_domain).id
        group_id = common.find_group(identity_client, parsed_args.group,
                                     parsed_args.group_domain).id

        try:
            identity_client.users.add_to_group(user_id, group_id)
        except Exception:
            sys.stderr.write("%s not added to group %s\n" %
                             (parsed_args.user, parsed_args.group))
        else:
            sys.stdout.write("%s added to group %s\n" %
                             (parsed_args.user, parsed_args.group))
Esempio n. 18
0
    def take_action(self, parsed_args):
        identity_client = self.app.client_manager.identity

        user_id = common.find_user(identity_client, parsed_args.user,
                                   parsed_args.user_domain).id
        group_id = common.find_group(identity_client, parsed_args.group,
                                     parsed_args.group_domain).id

        try:
            identity_client.users.add_to_group(user_id, group_id)
        except Exception as e:
            msg = _("%(user)s not added to group %(group)s: %(e)s") % {
                'user': parsed_args.user,
                'group': parsed_args.group,
                'e': e,
            }
            raise exceptions.CommandError(msg)
Esempio n. 19
0
    def take_action(self, parsed_args):
        identity_client = self.app.client_manager.identity

        user_id = common.find_user(identity_client,
                                   parsed_args.user,
                                   parsed_args.user_domain).id
        group_id = common.find_group(identity_client,
                                     parsed_args.group,
                                     parsed_args.group_domain).id

        try:
            identity_client.users.check_in_group(user_id, group_id)
        except Exception:
            sys.stderr.write("%s not in group %s\n" %
                             (parsed_args.user, parsed_args.group))
        else:
            sys.stdout.write("%s in group %s\n" %
                             (parsed_args.user, parsed_args.group))
Esempio n. 20
0
    def take_action(self, parsed_args):
        self.log.debug('take_action(%s)', parsed_args)
        identity_client = self.app.client_manager.identity

        user_id = common.find_user(identity_client,
                                   parsed_args.user,
                                   parsed_args.user_domain).id
        group_id = common.find_group(identity_client,
                                     parsed_args.group,
                                     parsed_args.group_domain).id

        try:
            identity_client.users.add_to_group(user_id, group_id)
        except Exception:
            sys.stderr.write("%s not added to group %s\n" %
                             (parsed_args.user, parsed_args.group))
        else:
            sys.stdout.write("%s added to group %s\n" %
                             (parsed_args.user, parsed_args.group))
Esempio n. 21
0
    def take_action(self, parsed_args):
        identity_client = self.app.client_manager.identity

        errors = 0
        for group in parsed_args.groups:
            try:
                group_obj = common.find_group(identity_client,
                                              group,
                                              parsed_args.domain)
                identity_client.groups.delete(group_obj.id)
            except Exception as e:
                errors += 1
                LOG.error(_("Failed to delete group with "
                          "name or ID '%(group)s': %(e)s"),
                          {'group': group, 'e': e})

        if errors > 0:
            total = len(parsed_args.groups)
            msg = (_("%(errors)s of %(total)s groups failed "
                   "to delete.") % {'errors': errors, 'total': total})
            raise exceptions.CommandError(msg)
Esempio n. 22
0
    def take_action(self, parsed_args):
        identity_client = self.app.client_manager.identity

        user_id = common.find_user(identity_client, parsed_args.user,
                                   parsed_args.user_domain).id
        group_id = common.find_group(identity_client, parsed_args.group,
                                     parsed_args.group_domain).id

        try:
            identity_client.users.check_in_group(user_id, group_id)
        except Exception:
            msg = _("%(user)s not in group %(group)s\n") % {
                'user': parsed_args.user,
                'group': parsed_args.group,
            }
            sys.stderr.write(msg)
        else:
            msg = _("%(user)s in group %(group)s\n") % {
                'user': parsed_args.user,
                'group': parsed_args.group,
            }
            sys.stdout.write(msg)
Esempio n. 23
0
    def take_action(self, parsed_args):
        identity_client = self.app.client_manager.identity

        user_id = common.find_user(identity_client,
                                   parsed_args.user,
                                   parsed_args.user_domain).id
        group_id = common.find_group(identity_client,
                                     parsed_args.group,
                                     parsed_args.group_domain).id

        try:
            identity_client.users.check_in_group(user_id, group_id)
        except Exception:
            msg = _("%(user)s not in group %(group)s\n") % {
                'user': parsed_args.user,
                'group': parsed_args.group,
            }
            sys.stderr.write(msg)
        else:
            msg = _("%(user)s in group %(group)s\n") % {
                'user': parsed_args.user,
                'group': parsed_args.group,
            }
            sys.stdout.write(msg)
    def take_action(self, parsed_args):
        identity_client = self.app.client_manager.identity
        auth_ref = self.app.client_manager.auth_ref

        role = None
        if parsed_args.role:
            role = utils.find_resource(
                identity_client.roles,
                parsed_args.role,
            )

        user = None
        if parsed_args.user:
            user = common.find_user(
                identity_client,
                parsed_args.user,
                parsed_args.user_domain,
            )
        elif parsed_args.authuser:
            if auth_ref:
                user = common.find_user(
                    identity_client,
                    auth_ref.user_id
                )

        domain = None
        if parsed_args.domain:
            domain = common.find_domain(
                identity_client,
                parsed_args.domain,
            )

        project = None
        if parsed_args.project:
            project = common.find_project(
                identity_client,
                parsed_args.project,
                parsed_args.project_domain,
            )
        elif parsed_args.authproject:
            if auth_ref:
                project = common.find_project(
                    identity_client,
                    auth_ref.project_id
                )

        group = None
        if parsed_args.group:
            group = common.find_group(
                identity_client,
                parsed_args.group,
                parsed_args.group_domain,
            )

        include_names = True if parsed_args.names else False
        effective = True if parsed_args.effective else False
        columns = ('Role', 'User', 'Group', 'Project', 'Domain', 'Inherited')

        inherited_to = 'projects' if parsed_args.inherited else None
        data = identity_client.role_assignments.list(
            domain=domain,
            user=user,
            group=group,
            project=project,
            role=role,
            effective=effective,
            os_inherit_extension_inherited_to=inherited_to,
            include_names=include_names)

        data_parsed = []
        for assignment in data:
            # Removing the extra "scope" layer in the assignment json
            scope = assignment.scope
            if 'project' in scope:
                if include_names:
                    prj = '@'.join([scope['project']['name'],
                                    scope['project']['domain']['name']])
                    setattr(assignment, 'project', prj)
                else:
                    setattr(assignment, 'project', scope['project']['id'])
                assignment.domain = ''
            elif 'domain' in scope:
                if include_names:
                    setattr(assignment, 'domain', scope['domain']['name'])
                else:
                    setattr(assignment, 'domain', scope['domain']['id'])
                assignment.project = ''

            else:
                assignment.domain = ''
                assignment.project = ''

            inherited = scope.get('OS-INHERIT:inherited_to') == 'projects'
            assignment.inherited = inherited

            del assignment.scope

            if hasattr(assignment, 'user'):
                if include_names:
                    usr = '******'.join([assignment.user['name'],
                                    assignment.user['domain']['name']])
                    setattr(assignment, 'user', usr)
                else:
                    setattr(assignment, 'user', assignment.user['id'])
                assignment.group = ''
            elif hasattr(assignment, 'group'):
                if include_names:
                    grp = '@'.join([assignment.group['name'],
                                    assignment.group['domain']['name']])
                    setattr(assignment, 'group', grp)
                else:
                    setattr(assignment, 'group', assignment.group['id'])
                assignment.user = ''
            else:
                assignment.user = ''
                assignment.group = ''

            if hasattr(assignment, 'role'):
                if include_names:
                    setattr(assignment, 'role', assignment.role['name'])
                else:
                    setattr(assignment, 'role', assignment.role['id'])
            else:
                assignment.role = ''

            # Creating a tuple from data object fields
            # (including the blank ones)
            data_parsed.append(self._as_tuple(assignment))

        return columns, tuple(data_parsed)
Esempio n. 25
0
    def take_action(self, parsed_args):
        identity_client = self.app.client_manager.identity

        if parsed_args.user:
            user = common.find_user(identity_client, parsed_args.user, parsed_args.user_domain)
        elif parsed_args.group:
            group = common.find_group(identity_client, parsed_args.group, parsed_args.group_domain)

        if parsed_args.domain:
            domain = common.find_domain(identity_client, parsed_args.domain)
        elif parsed_args.project:
            project = common.find_project(identity_client, parsed_args.project, parsed_args.project_domain)

        # no user or group specified, list all roles in the system
        if not parsed_args.user and not parsed_args.group:
            columns = ("ID", "Name")
            data = identity_client.roles.list()
        elif parsed_args.user and parsed_args.domain:
            columns = ("ID", "Name", "Domain", "User")
            data = identity_client.roles.list(
                user=user, domain=domain, os_inherit_extension_inherited=parsed_args.inherited
            )
            for user_role in data:
                user_role.user = user.name
                user_role.domain = domain.name
        elif parsed_args.user and parsed_args.project:
            columns = ("ID", "Name", "Project", "User")
            data = identity_client.roles.list(
                user=user, project=project, os_inherit_extension_inherited=parsed_args.inherited
            )
            for user_role in data:
                user_role.user = user.name
                user_role.project = project.name
        elif parsed_args.user:
            columns = ("ID", "Name")
            data = identity_client.roles.list(
                user=user, domain="default", os_inherit_extension_inherited=parsed_args.inherited
            )
        elif parsed_args.group and parsed_args.domain:
            columns = ("ID", "Name", "Domain", "Group")
            data = identity_client.roles.list(
                group=group, domain=domain, os_inherit_extension_inherited=parsed_args.inherited
            )
            for group_role in data:
                group_role.group = group.name
                group_role.domain = domain.name
        elif parsed_args.group and parsed_args.project:
            columns = ("ID", "Name", "Project", "Group")
            data = identity_client.roles.list(
                group=group, project=project, os_inherit_extension_inherited=parsed_args.inherited
            )
            for group_role in data:
                group_role.group = group.name
                group_role.project = project.name
        else:
            sys.stderr.write(
                "Error: If a user or group is specified, either "
                "--domain or --project must also be specified to "
                "list role grants.\n"
            )
            return ([], [])

        return (columns, (utils.get_item_properties(s, columns, formatters={}) for s in data))
Esempio n. 26
0
    def take_action(self, parsed_args):
        self.log.debug('take_action(%s)', parsed_args)
        identity_client = self.app.client_manager.identity

        if (not parsed_args.user and not parsed_args.domain
                and not parsed_args.group and not parsed_args.project):
            return

        role = utils.find_resource(
            identity_client.roles,
            parsed_args.role,
        )

        if parsed_args.user and parsed_args.domain:
            user = common.find_user(
                identity_client,
                parsed_args.user,
            )
            domain = common.find_domain(
                identity_client,
                parsed_args.domain,
            )
            identity_client.roles.grant(
                role.id,
                user=user.id,
                domain=domain.id,
            )
        elif parsed_args.user and parsed_args.project:
            user = common.find_user(
                identity_client,
                parsed_args.user,
            )
            project = common.find_project(
                identity_client,
                parsed_args.project,
            )
            identity_client.roles.grant(
                role.id,
                user=user.id,
                project=project.id,
            )
        elif parsed_args.group and parsed_args.domain:
            group = common.find_group(
                identity_client,
                parsed_args.group,
            )
            domain = common.find_domain(
                identity_client,
                parsed_args.domain,
            )
            identity_client.roles.grant(
                role.id,
                group=group.id,
                domain=domain.id,
            )
        elif parsed_args.group and parsed_args.project:
            group = common.find_group(
                identity_client,
                parsed_args.group,
            )
            project = common.find_project(
                identity_client,
                parsed_args.project,
            )
            identity_client.roles.grant(
                role.id,
                group=group.id,
                project=project.id,
            )
        else:
            sys.stderr.write("Role not added, incorrect set of arguments \
            provided. See openstack --help for more details\n")
        return
Esempio n. 27
0
    def take_action(self, parsed_args):
        self.log.debug('take_action(%s)' % parsed_args)
        identity_client = self.app.client_manager.identity

        if parsed_args.user:
            user = common.find_user(
                identity_client,
                parsed_args.user,
            )
        elif parsed_args.group:
            group = common.find_group(
                identity_client,
                parsed_args.group,
            )

        if parsed_args.domain:
            domain = common.find_domain(
                identity_client,
                parsed_args.domain,
            )
        elif parsed_args.project:
            project = common.find_project(
                identity_client,
                parsed_args.project,
            )

        # no user or group specified, list all roles in the system
        if not parsed_args.user and not parsed_args.group:
            columns = ('ID', 'Name')
            data = identity_client.roles.list()
        elif parsed_args.user and parsed_args.domain:
            columns = ('ID', 'Name', 'Domain', 'User')
            data = identity_client.roles.list(
                user=user,
                domain=domain,
            )
            for user_role in data:
                user_role.user = user.name
                user_role.domain = domain.name
        elif parsed_args.user and parsed_args.project:
            columns = ('ID', 'Name', 'Project', 'User')
            data = identity_client.roles.list(
                user=user,
                project=project,
            )
            for user_role in data:
                user_role.user = user.name
                user_role.project = project.name
        elif parsed_args.user:
            columns = ('ID', 'Name')
            data = identity_client.roles.list(
                user=user,
                domain='default',
            )
        elif parsed_args.group and parsed_args.domain:
            columns = ('ID', 'Name', 'Domain', 'Group')
            data = identity_client.roles.list(
                group=group,
                domain=domain,
            )
            for group_role in data:
                group_role.group = group.name
                group_role.domain = domain.name
        elif parsed_args.group and parsed_args.project:
            columns = ('ID', 'Name', 'Project', 'Group')
            data = identity_client.roles.list(
                group=group,
                project=project,
            )
            for group_role in data:
                group_role.group = group.name
                group_role.project = project.name
        else:
            sys.stderr.write("Error: If a user or group is specified, either "
                             "--domain or --project must also be specified to "
                             "list role grants.\n")
            return ([], [])

        return (columns,
                (utils.get_item_properties(
                    s, columns,
                    formatters={},
                ) for s in data))
Esempio n. 28
0
    def take_action(self, parsed_args):
        identity_client = self.app.client_manager.identity

        role = None
        if parsed_args.role:
            role = utils.find_resource(
                identity_client.roles,
                parsed_args.role,
            )

        user = None
        if parsed_args.user:
            user = common.find_user(
                identity_client,
                parsed_args.user,
                parsed_args.user_domain,
            )

        domain = None
        if parsed_args.domain:
            domain = common.find_domain(
                identity_client,
                parsed_args.domain,
            )

        project = None
        if parsed_args.project:
            project = common.find_project(
                identity_client,
                parsed_args.project,
                parsed_args.project_domain,
            )

        group = None
        if parsed_args.group:
            group = common.find_group(
                identity_client,
                parsed_args.group,
                parsed_args.group_domain,
            )

        include_names = True if parsed_args.names else False
        effective = True if parsed_args.effective else False
        columns = ('Role', 'User', 'Group', 'Project', 'Domain', 'Inherited')

        inherited_to = 'projects' if parsed_args.inherited else None
        data = identity_client.role_assignments.list(
            domain=domain,
            user=user,
            group=group,
            project=project,
            role=role,
            effective=effective,
            os_inherit_extension_inherited_to=inherited_to,
            include_names=include_names)

        data_parsed = []
        for assignment in data:
            # Removing the extra "scope" layer in the assignment json
            scope = assignment.scope
            if 'project' in scope:
                if include_names:
                    prj = '@'.join([
                        scope['project']['name'],
                        scope['project']['domain']['name']
                    ])
                    setattr(assignment, 'project', prj)
                else:
                    setattr(assignment, 'project', scope['project']['id'])
                assignment.domain = ''
            elif 'domain' in scope:
                if include_names:
                    setattr(assignment, 'domain', scope['domain']['name'])
                else:
                    setattr(assignment, 'domain', scope['domain']['id'])
                assignment.project = ''

            else:
                assignment.domain = ''
                assignment.project = ''

            inherited = scope.get('OS-INHERIT:inherited_to') == 'projects'
            assignment.inherited = inherited

            del assignment.scope

            if hasattr(assignment, 'user'):
                if include_names:
                    usr = '******'.join([
                        assignment.user['name'],
                        assignment.user['domain']['name']
                    ])
                    setattr(assignment, 'user', usr)
                else:
                    setattr(assignment, 'user', assignment.user['id'])
                assignment.group = ''
            elif hasattr(assignment, 'group'):
                if include_names:
                    grp = '@'.join([
                        assignment.group['name'],
                        assignment.group['domain']['name']
                    ])
                    setattr(assignment, 'group', grp)
                else:
                    setattr(assignment, 'group', assignment.group['id'])
                assignment.user = ''
            else:
                assignment.user = ''
                assignment.group = ''

            if hasattr(assignment, 'role'):
                if include_names:
                    setattr(assignment, 'role', assignment.role['name'])
                else:
                    setattr(assignment, 'role', assignment.role['id'])
            else:
                assignment.role = ''

            # Creating a tuple from data object fields
            # (including the blank ones)
            data_parsed.append(self._as_tuple(assignment))

        return columns, tuple(data_parsed)
Esempio n. 29
0
    def take_action(self, parsed_args):
        identity_client = self.app.client_manager.identity
        auth_ref = self.app.client_manager.auth_ref

        role = None
        role_domain_id = None
        if parsed_args.role_domain:
            role_domain_id = common.find_domain(identity_client,
                                                parsed_args.role_domain).id
        if parsed_args.role:
            role = utils.find_resource(
                identity_client.roles,
                parsed_args.role,
                domain_id=role_domain_id
            )

        user = None
        if parsed_args.user:
            user = common.find_user(
                identity_client,
                parsed_args.user,
                parsed_args.user_domain,
            )
        elif parsed_args.authuser:
            if auth_ref:
                user = common.find_user(
                    identity_client,
                    auth_ref.user_id
                )

        system = None
        if parsed_args.system:
            system = parsed_args.system

        domain = None
        if parsed_args.domain:
            domain = common.find_domain(
                identity_client,
                parsed_args.domain,
            )

        project = None
        if parsed_args.project:
            project = common.find_project(
                identity_client,
                common._get_token_resource(identity_client, 'project',
                                           parsed_args.project),
                parsed_args.project_domain,
            )
        elif parsed_args.authproject:
            if auth_ref:
                project = common.find_project(
                    identity_client,
                    auth_ref.project_id
                )

        group = None
        if parsed_args.group:
            group = common.find_group(
                identity_client,
                parsed_args.group,
                parsed_args.group_domain,
            )

        include_names = True if parsed_args.names else False
        effective = True if parsed_args.effective else False
        columns = (
            'Role', 'User', 'Group', 'Project', 'Domain', 'System', 'Inherited'
        )

        inherited_to = 'projects' if parsed_args.inherited else None
        data = identity_client.role_assignments.list(
            domain=domain,
            user=user,
            group=group,
            project=project,
            system=system,
            role=role,
            effective=effective,
            os_inherit_extension_inherited_to=inherited_to,
            include_names=include_names)

        data_parsed = []
        for assignment in data:
            # Removing the extra "scope" layer in the assignment json
            scope = assignment.scope
            if 'project' in scope:
                if include_names:
                    prj = '@'.join([scope['project']['name'],
                                    scope['project']['domain']['name']])
                    setattr(assignment, 'project', prj)
                else:
                    setattr(assignment, 'project', scope['project']['id'])
                assignment.domain = ''
                assignment.system = ''
            elif 'domain' in scope:
                if include_names:
                    setattr(assignment, 'domain', scope['domain']['name'])
                else:
                    setattr(assignment, 'domain', scope['domain']['id'])
                assignment.project = ''
                assignment.system = ''
            elif 'system' in scope:
                # NOTE(lbragstad): If, or when, keystone supports role
                # assignments on subsets of a system, this will have to evolve
                # to handle that case instead of hardcoding to the entire
                # system.
                setattr(assignment, 'system', 'all')
                assignment.domain = ''
                assignment.project = ''
            else:
                assignment.system = ''
                assignment.domain = ''
                assignment.project = ''

            inherited = scope.get('OS-INHERIT:inherited_to') == 'projects'
            assignment.inherited = inherited

            del assignment.scope

            if hasattr(assignment, 'user'):
                if include_names:
                    usr = '******'.join([assignment.user['name'],
                                    assignment.user['domain']['name']])
                    setattr(assignment, 'user', usr)
                else:
                    setattr(assignment, 'user', assignment.user['id'])
                assignment.group = ''
            elif hasattr(assignment, 'group'):
                if include_names:
                    grp = '@'.join([assignment.group['name'],
                                    assignment.group['domain']['name']])
                    setattr(assignment, 'group', grp)
                else:
                    setattr(assignment, 'group', assignment.group['id'])
                assignment.user = ''
            else:
                assignment.user = ''
                assignment.group = ''

            if hasattr(assignment, 'role'):
                if include_names:
                    # TODO(henry-nash): If this is a domain specific role it
                    # would be good show this as role@domain, although this
                    # domain info is not yet included in the response from the
                    # server. Although we could get it by re-reading the role
                    # from the ID, let's wait until the server does the right
                    # thing.
                    setattr(assignment, 'role', assignment.role['name'])
                else:
                    setattr(assignment, 'role', assignment.role['id'])
            else:
                assignment.role = ''

            # Creating a tuple from data object fields
            # (including the blank ones)
            data_parsed.append(self._as_tuple(assignment))

        return columns, tuple(data_parsed)
Esempio n. 30
0
    def take_action(self, parsed_args):
        self.log.debug('take_action(%s)', parsed_args)
        identity_client = self.app.client_manager.identity

        if (not parsed_args.user and not parsed_args.domain
                and not parsed_args.group and not parsed_args.project):
            return

        role = utils.find_resource(
            identity_client.roles,
            parsed_args.role,
        )

        kwargs = {}
        if parsed_args.user and parsed_args.domain:
            user_domain_id = self._get_domain_id_if_requested(
                parsed_args.user_domain)
            kwargs['user'] = common.find_user(
                identity_client,
                parsed_args.user,
                user_domain_id,
            ).id
            kwargs['domain'] = common.find_domain(
                identity_client,
                parsed_args.domain,
            ).id
        elif parsed_args.user and parsed_args.project:
            user_domain_id = self._get_domain_id_if_requested(
                parsed_args.user_domain)
            kwargs['user'] = common.find_user(
                identity_client,
                parsed_args.user,
                user_domain_id,
            ).id
            project_domain_id = self._get_domain_id_if_requested(
                parsed_args.project_domain)
            kwargs['project'] = common.find_project(
                identity_client,
                parsed_args.project,
                project_domain_id,
            ).id
        elif parsed_args.group and parsed_args.domain:
            group_domain_id = self._get_domain_id_if_requested(
                parsed_args.group_domain)
            kwargs['group'] = common.find_group(
                identity_client,
                parsed_args.group,
                group_domain_id,
            ).id
            kwargs['domain'] = common.find_domain(
                identity_client,
                parsed_args.domain,
            ).id
        elif parsed_args.group and parsed_args.project:
            group_domain_id = self._get_domain_id_if_requested(
                parsed_args.group_domain)
            kwargs['group'] = common.find_group(
                identity_client,
                parsed_args.group,
                group_domain_id,
            ).id
            project_domain_id = self._get_domain_id_if_requested(
                parsed_args.project_domain)
            kwargs['project'] = common.find_project(
                identity_client,
                parsed_args.project,
                project_domain_id,
            ).id
        else:
            sys.stderr.write("Role not added, incorrect set of arguments \
            provided. See openstack --help for more details\n")
            return

        identity_client.roles.grant(role.id, **kwargs)
        return
Esempio n. 31
0
    def take_action(self, parsed_args):
        self.log.debug('take_action(%s)' % parsed_args)
        identity_client = self.app.client_manager.identity

        role = None
        if parsed_args.role:
            role = utils.find_resource(
                identity_client.roles,
                parsed_args.role,
            )

        user = None
        if parsed_args.user:
            user = common.find_user(
                identity_client,
                parsed_args.user,
            )

        domain = None
        if parsed_args.domain:
            domain = common.find_domain(
                identity_client,
                parsed_args.domain,
            )

        project = None
        if parsed_args.project:
            project = common.find_project(
                identity_client,
                parsed_args.project,
            )

        group = None
        if parsed_args.group:
            group = common.find_group(
                identity_client,
                parsed_args.group,
            )

        effective = True if parsed_args.effective else False
        self.log.debug('take_action(%s)' % parsed_args)
        columns = ('Role', 'User', 'Group', 'Project', 'Domain')
        data = identity_client.role_assignments.list(domain=domain,
                                                     user=user,
                                                     group=group,
                                                     project=project,
                                                     role=role,
                                                     effective=effective)

        data_parsed = []
        for assignment in data:
            # Removing the extra "scope" layer in the assignment json
            scope = assignment.scope
            if 'project' in scope:
                setattr(assignment, 'project', scope['project']['id'])
                assignment.domain = ''
            elif 'domain' in scope:
                setattr(assignment, 'domain', scope['domain']['id'])
                assignment.project = ''

            else:
                assignment.domain = ''
                assignment.project = ''

            del assignment.scope

            if hasattr(assignment, 'user'):
                setattr(assignment, 'user', assignment.user['id'])
                assignment.group = ''
            elif hasattr(assignment, 'group'):
                setattr(assignment, 'group', assignment.group['id'])
                assignment.user = ''
            else:
                assignment.user = ''
                assignment.group = ''

            if hasattr(assignment, 'role'):
                setattr(assignment, 'role', assignment.role['id'])
            else:
                assignment.role = ''

            # Creating a tuple from data object fields
            # (including the blank ones)
            data_parsed.append(self._as_tuple(assignment))

        return columns, tuple(data_parsed)
Esempio n. 32
0
    def take_action(self, parsed_args):
        identity_client = self.app.client_manager.identity

        domain = None
        if parsed_args.domain:
            domain = common.find_domain(identity_client, parsed_args.domain).id

        group = None
        if parsed_args.group:
            group = common.find_group(identity_client, parsed_args.group,
                                      parsed_args.domain).id

        if parsed_args.project:
            if domain is not None:
                project = utils.find_resource(identity_client.projects,
                                              parsed_args.project,
                                              domain_id=domain).id
            else:
                project = utils.find_resource(
                    identity_client.projects,
                    parsed_args.project,
                ).id

            assignments = identity_client.role_assignments.list(
                project=project)

            # NOTE(stevemar): If a user has more than one role on a project
            # then they will have two entries in the returned data. Since we
            # are looking for any role, let's just track unique user IDs.
            user_ids = set()
            for assignment in assignments:
                if hasattr(assignment, 'user'):
                    user_ids.add(assignment.user['id'])

            # NOTE(stevemar): Call find_resource once we have unique IDs, so
            # it's fewer trips to the Identity API, then collect the data.
            data = []
            for user_id in user_ids:
                user = utils.find_resource(identity_client.users, user_id)
                data.append(user)

        else:
            data = identity_client.users.list(
                domain=domain,
                group=group,
            )

        # Column handling
        if parsed_args.long:
            columns = [
                'ID', 'Name', 'Default Project Id', 'Domain Id', 'Description',
                'Email', 'Enabled'
            ]
            column_headers = copy.deepcopy(columns)
            column_headers[2] = 'Project'
            column_headers[3] = 'Domain'
        else:
            columns = ['ID', 'Name']
            column_headers = columns

        return (column_headers, (utils.get_item_properties(
            s,
            columns,
            formatters={},
        ) for s in data))
Esempio n. 33
0
    def take_action(self, parsed_args):
        identity_client = self.app.client_manager.identity

        if parsed_args.user:
            user = common.find_user(
                identity_client,
                parsed_args.user,
                parsed_args.user_domain,
            )
        elif parsed_args.group:
            group = common.find_group(
                identity_client,
                parsed_args.group,
                parsed_args.group_domain,
            )

        if parsed_args.domain:
            domain = common.find_domain(
                identity_client,
                parsed_args.domain,
            )
        elif parsed_args.project:
            project = common.find_project(
                identity_client,
                parsed_args.project,
                parsed_args.project_domain,
            )

        # no user or group specified, list all roles in the system
        if not parsed_args.user and not parsed_args.group:
            if not parsed_args.domain:
                columns = ('ID', 'Name')
                data = identity_client.roles.list()
            else:
                columns = ('ID', 'Name', 'Domain')
                data = identity_client.roles.list(domain_id=domain.id)
                for role in data:
                    role.domain = domain.name
        elif parsed_args.user and parsed_args.domain:
            columns = ('ID', 'Name', 'Domain', 'User')
            data = identity_client.roles.list(
                user=user,
                domain=domain,
                os_inherit_extension_inherited=parsed_args.inherited
            )
            for user_role in data:
                user_role.user = user.name
                user_role.domain = domain.name
            self.log.warning(_('Listing assignments using role list is '
                               'deprecated. Use role assignment list --user '
                               '<user-name> --domain <domain-name> --names '
                               'instead.'))
        elif parsed_args.user and parsed_args.project:
            columns = ('ID', 'Name', 'Project', 'User')
            data = identity_client.roles.list(
                user=user,
                project=project,
                os_inherit_extension_inherited=parsed_args.inherited
            )
            for user_role in data:
                user_role.user = user.name
                user_role.project = project.name
            self.log.warning(_('Listing assignments using role list is '
                               'deprecated. Use role assignment list --user '
                               '<user-name> --project <project-name> --names '
                               'instead.'))
        elif parsed_args.user:
            columns = ('ID', 'Name')
            data = identity_client.roles.list(
                user=user,
                domain='default',
                os_inherit_extension_inherited=parsed_args.inherited
            )
            self.log.warning(_('Listing assignments using role list is '
                               'deprecated. Use role assignment list --user '
                               '<user-name> --domain default --names '
                               'instead.'))
        elif parsed_args.group and parsed_args.domain:
            columns = ('ID', 'Name', 'Domain', 'Group')
            data = identity_client.roles.list(
                group=group,
                domain=domain,
                os_inherit_extension_inherited=parsed_args.inherited
            )
            for group_role in data:
                group_role.group = group.name
                group_role.domain = domain.name
            self.log.warning(_('Listing assignments using role list is '
                               'deprecated. Use role assignment list --group '
                               '<group-name> --domain <domain-name> --names '
                               'instead.'))
        elif parsed_args.group and parsed_args.project:
            columns = ('ID', 'Name', 'Project', 'Group')
            data = identity_client.roles.list(
                group=group,
                project=project,
                os_inherit_extension_inherited=parsed_args.inherited
            )
            for group_role in data:
                group_role.group = group.name
                group_role.project = project.name
            self.log.warning(_('Listing assignments using role list is '
                               'deprecated. Use role assignment list --group '
                               '<group-name> --project <project-name> --names '
                               'instead.'))
        else:
            sys.stderr.write(_("Error: If a user or group is specified, "
                               "either --domain or --project must also be "
                               "specified to list role grants.\n"))
            return ([], [])

        return (columns,
                (utils.get_item_properties(
                    s, columns,
                    formatters={},
                ) for s in data))
Esempio n. 34
0
    def take_action(self, parsed_args):
        identity_client = self.app.client_manager.identity

        if parsed_args.user:
            user = common.find_user(
                identity_client,
                parsed_args.user,
                parsed_args.user_domain,
            )
        elif parsed_args.group:
            group = common.find_group(
                identity_client,
                parsed_args.group,
                parsed_args.group_domain,
            )

        if parsed_args.domain:
            domain = common.find_domain(
                identity_client,
                parsed_args.domain,
            )
        elif parsed_args.project:
            project = common.find_project(
                identity_client,
                parsed_args.project,
                parsed_args.project_domain,
            )

        # no user or group specified, list all roles in the system
        if not parsed_args.user and not parsed_args.group:
            columns = ('ID', 'Name')
            data = identity_client.roles.list()
        elif parsed_args.user and parsed_args.domain:
            columns = ('ID', 'Name', 'Domain', 'User')
            data = identity_client.roles.list(
                user=user,
                domain=domain,
                os_inherit_extension_inherited=parsed_args.inherited)
            for user_role in data:
                user_role.user = user.name
                user_role.domain = domain.name
        elif parsed_args.user and parsed_args.project:
            columns = ('ID', 'Name', 'Project', 'User')
            data = identity_client.roles.list(
                user=user,
                project=project,
                os_inherit_extension_inherited=parsed_args.inherited)
            for user_role in data:
                user_role.user = user.name
                user_role.project = project.name
        elif parsed_args.user:
            columns = ('ID', 'Name')
            data = identity_client.roles.list(
                user=user,
                domain='default',
                os_inherit_extension_inherited=parsed_args.inherited)
        elif parsed_args.group and parsed_args.domain:
            columns = ('ID', 'Name', 'Domain', 'Group')
            data = identity_client.roles.list(
                group=group,
                domain=domain,
                os_inherit_extension_inherited=parsed_args.inherited)
            for group_role in data:
                group_role.group = group.name
                group_role.domain = domain.name
        elif parsed_args.group and parsed_args.project:
            columns = ('ID', 'Name', 'Project', 'Group')
            data = identity_client.roles.list(
                group=group,
                project=project,
                os_inherit_extension_inherited=parsed_args.inherited)
            for group_role in data:
                group_role.group = group.name
                group_role.project = project.name
        else:
            sys.stderr.write("Error: If a user or group is specified, either "
                             "--domain or --project must also be specified to "
                             "list role grants.\n")
            return ([], [])

        return (columns, (utils.get_item_properties(
            s,
            columns,
            formatters={},
        ) for s in data))
Esempio n. 35
0
    def take_action(self, parsed_args):
        identity_client = self.app.client_manager.identity

        if parsed_args.user:
            user = common.find_user(
                identity_client,
                parsed_args.user,
                parsed_args.user_domain,
            )
        elif parsed_args.group:
            group = common.find_group(
                identity_client,
                parsed_args.group,
                parsed_args.group_domain,
            )

        if parsed_args.domain:
            domain = common.find_domain(
                identity_client,
                parsed_args.domain,
            )
        elif parsed_args.project:
            project = common.find_project(
                identity_client,
                parsed_args.project,
                parsed_args.project_domain,
            )

        # no user or group specified, list all roles in the system
        if not parsed_args.user and not parsed_args.group:
            if not parsed_args.domain:
                columns = ('ID', 'Name')
                data = identity_client.roles.list()
            else:
                columns = ('ID', 'Name', 'Domain')
                data = identity_client.roles.list(domain_id=domain.id)
                for role in data:
                    role.domain = domain.name
        elif parsed_args.user and parsed_args.domain:
            columns = ('ID', 'Name', 'Domain', 'User')
            data = identity_client.roles.list(
                user=user,
                domain=domain,
                os_inherit_extension_inherited=parsed_args.inherited)
            for user_role in data:
                user_role.user = user.name
                user_role.domain = domain.name
            self.log.warning(
                _('Listing assignments using role list is '
                  'deprecated. Use role assignment list --user '
                  '<user-name> --domain <domain-name> --names '
                  'instead.'))
        elif parsed_args.user and parsed_args.project:
            columns = ('ID', 'Name', 'Project', 'User')
            data = identity_client.roles.list(
                user=user,
                project=project,
                os_inherit_extension_inherited=parsed_args.inherited)
            for user_role in data:
                user_role.user = user.name
                user_role.project = project.name
            self.log.warning(
                _('Listing assignments using role list is '
                  'deprecated. Use role assignment list --user '
                  '<user-name> --project <project-name> --names '
                  'instead.'))
        elif parsed_args.user:
            columns = ('ID', 'Name')
            data = identity_client.roles.list(
                user=user,
                domain='default',
                os_inherit_extension_inherited=parsed_args.inherited)
            self.log.warning(
                _('Listing assignments using role list is '
                  'deprecated. Use role assignment list --user '
                  '<user-name> --domain default --names '
                  'instead.'))
        elif parsed_args.group and parsed_args.domain:
            columns = ('ID', 'Name', 'Domain', 'Group')
            data = identity_client.roles.list(
                group=group,
                domain=domain,
                os_inherit_extension_inherited=parsed_args.inherited)
            for group_role in data:
                group_role.group = group.name
                group_role.domain = domain.name
            self.log.warning(
                _('Listing assignments using role list is '
                  'deprecated. Use role assignment list --group '
                  '<group-name> --domain <domain-name> --names '
                  'instead.'))
        elif parsed_args.group and parsed_args.project:
            columns = ('ID', 'Name', 'Project', 'Group')
            data = identity_client.roles.list(
                group=group,
                project=project,
                os_inherit_extension_inherited=parsed_args.inherited)
            for group_role in data:
                group_role.group = group.name
                group_role.project = project.name
            self.log.warning(
                _('Listing assignments using role list is '
                  'deprecated. Use role assignment list --group '
                  '<group-name> --project <project-name> --names '
                  'instead.'))
        else:
            msg = _("Error: If a user or group is specified, "
                    "either --domain or --project must also be "
                    "specified to list role grants.")
            raise exceptions.CommandError(msg)

        return (columns, (utils.get_item_properties(
            s,
            columns,
            formatters={},
        ) for s in data))
Esempio n. 36
0
    def take_action(self, parsed_args):
        identity_client = self.app.client_manager.identity

        domain = None
        if parsed_args.domain:
            domain = common.find_domain(identity_client,
                                        parsed_args.domain).id

        group = None
        if parsed_args.group:
            group = common.find_group(identity_client,
                                      parsed_args.group,
                                      parsed_args.domain).id

        if parsed_args.project:
            if domain is not None:
                project = utils.find_resource(
                    identity_client.projects,
                    parsed_args.project,
                    domain_id=domain
                ).id
            else:
                project = utils.find_resource(
                    identity_client.projects,
                    parsed_args.project,
                ).id

            assignments = identity_client.role_assignments.list(
                project=project)

            # NOTE(stevemar): If a user has more than one role on a project
            # then they will have two entries in the returned data. Since we
            # are looking for any role, let's just track unique user IDs.
            user_ids = set()
            for assignment in assignments:
                if hasattr(assignment, 'user'):
                    user_ids.add(assignment.user['id'])

            # NOTE(stevemar): Call find_resource once we have unique IDs, so
            # it's fewer trips to the Identity API, then collect the data.
            data = []
            for user_id in user_ids:
                user = utils.find_resource(identity_client.users, user_id)
                data.append(user)

        else:
            data = identity_client.users.list(
                domain=domain,
                group=group,
            )

        # Column handling
        if parsed_args.long:
            columns = ['ID', 'Name', 'Default Project Id', 'Domain Id',
                       'Description', 'Email', 'Enabled']
            column_headers = copy.deepcopy(columns)
            column_headers[2] = 'Project'
            column_headers[3] = 'Domain'
        else:
            columns = ['ID', 'Name']
            column_headers = columns

        return (
            column_headers,
            (utils.get_item_properties(
                s, columns,
                formatters={},
            ) for s in data)
        )
    def take_action(self, parsed_args):
        self.log.debug('take_action(%s)' % parsed_args)
        identity_client = self.app.client_manager.identity

        role = None
        if parsed_args.role:
            role = utils.find_resource(
                identity_client.roles,
                parsed_args.role,
            )

        user = None
        if parsed_args.user:
            user = common.find_user(
                identity_client,
                parsed_args.user,
            )

        domain = None
        if parsed_args.domain:
            domain = common.find_domain(
                identity_client,
                parsed_args.domain,
            )

        project = None
        if parsed_args.project:
            project = common.find_project(
                identity_client,
                parsed_args.project,
            )

        group = None
        if parsed_args.group:
            group = common.find_group(
                identity_client,
                parsed_args.group,
            )

        effective = True if parsed_args.effective else False
        self.log.debug('take_action(%s)' % parsed_args)
        columns = ('Role', 'User', 'Group', 'Project', 'Domain')
        data = identity_client.role_assignments.list(
            domain=domain,
            user=user,
            group=group,
            project=project,
            role=role,
            effective=effective)

        data_parsed = []
        for assignment in data:
            # Removing the extra "scope" layer in the assignment json
            scope = assignment.scope
            if 'project' in scope:
                setattr(assignment, 'project', scope['project']['id'])
                assignment.domain = ''
            elif 'domain' in scope:
                setattr(assignment, 'domain', scope['domain']['id'])
                assignment.project = ''

            else:
                assignment.domain = ''
                assignment.project = ''

            del assignment.scope

            if hasattr(assignment, 'user'):
                setattr(assignment, 'user', assignment.user['id'])
                assignment.group = ''
            elif hasattr(assignment, 'group'):
                setattr(assignment, 'group', assignment.group['id'])
                assignment.user = ''
            else:
                assignment.user = ''
                assignment.group = ''

            if hasattr(assignment, 'role'):
                setattr(assignment, 'role', assignment.role['id'])
            else:
                assignment.role = ''

            # Creating a tuple from data object fields
            # (including the blank ones)
            data_parsed.append(self._as_tuple(assignment))

        return columns, tuple(data_parsed)