def take_action(self, parsed_args): identity_client = self.app.client_manager.identity user_id = common.find_user(identity_client, parsed_args.user, parsed_args.user_domain).id group_id = common.find_group(identity_client, parsed_args.group, parsed_args.group_domain).id try: identity_client.users.check_in_group(user_id, group_id) except ks_exc.http.HTTPClientError as e: if e.http_status == 403 or e.http_status == 404: msg = _("%(user)s not in group %(group)s\n") % { 'user': parsed_args.user, 'group': parsed_args.group, } sys.stderr.write(msg) else: raise e else: msg = _("%(user)s in group %(group)s\n") % { 'user': parsed_args.user, 'group': parsed_args.group, } sys.stdout.write(msg)
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity for group in parsed_args.groups: group_obj = common.find_group(identity_client, group, parsed_args.domain) identity_client.groups.delete(group_obj.id)
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity errors = 0 for group in parsed_args.groups: try: group_obj = common.find_group(identity_client, group, parsed_args.domain) identity_client.groups.delete(group_obj.id) except Exception as e: errors += 1 LOG.error( _("Failed to delete group with " "name or ID '%(group)s': %(e)s"), { 'group': group, 'e': e }) if errors > 0: total = len(parsed_args.groups) msg = (_("%(errors)s of %(total)s groups failed " "to delete.") % { 'errors': errors, 'total': total }) raise exceptions.CommandError(msg)
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity group_id = common.find_group(identity_client, parsed_args.group, parsed_args.group_domain).id result = 0 for i in parsed_args.user: try: user_id = common.find_user(identity_client, i, parsed_args.user_domain).id identity_client.users.add_to_group(user_id, group_id) except Exception as e: result += 1 msg = _("%(user)s not added to group %(group)s: %(e)s") % { 'user': i, 'group': parsed_args.group, 'e': e, } LOG.error(msg) if result > 0: total = len(parsed_args.user) msg = (_("%(result)s of %(total)s users not added to group " "%(group)s.")) % { 'result': result, 'total': total, 'group': parsed_args.group, } raise exceptions.CommandError(msg)
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity user_id = common.find_user(identity_client, parsed_args.user, parsed_args.user_domain).id group_id = common.find_group(identity_client, parsed_args.group, parsed_args.group_domain).id try: identity_client.users.check_in_group(user_id, group_id) except ks_exc.http.HTTPClientError as e: if e.http_status == 403 or e.http_status == 404: msg = _("%(user)s not in group %(group)s\n") % { 'user': parsed_args.user, 'group': parsed_args.group, } self.app.stderr.write(msg) else: raise e else: msg = _("%(user)s in group %(group)s\n") % { 'user': parsed_args.user, 'group': parsed_args.group, } self.app.stdout.write(msg)
def _process_identity_and_resource_options(parsed_args, identity_client_manager): kwargs = {} if parsed_args.user and parsed_args.domain: kwargs['user'] = common.find_user( identity_client_manager, parsed_args.user, parsed_args.user_domain, ).id kwargs['domain'] = common.find_domain( identity_client_manager, parsed_args.domain, ).id elif parsed_args.user and parsed_args.project: kwargs['user'] = common.find_user( identity_client_manager, parsed_args.user, parsed_args.user_domain, ).id kwargs['project'] = common.find_project( identity_client_manager, parsed_args.project, parsed_args.project_domain, ).id elif parsed_args.group and parsed_args.domain: kwargs['group'] = common.find_group( identity_client_manager, parsed_args.group, parsed_args.group_domain, ).id kwargs['domain'] = common.find_domain( identity_client_manager, parsed_args.domain, ).id elif parsed_args.group and parsed_args.project: kwargs['group'] = common.find_group( identity_client_manager, parsed_args.group, parsed_args.group_domain, ).id kwargs['project'] = common.find_project( identity_client_manager, parsed_args.project, parsed_args.project_domain, ).id kwargs['os_inherit_extension_inherited'] = parsed_args.inherited return kwargs
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity group = common.find_group(identity_client, parsed_args.group, domain_name_or_id=parsed_args.domain) group._info.pop('links') return zip(*sorted(six.iteritems(group._info)))
def _find_group(): try: return common.find_group( identity_client_manager, parsed_args.group, parsed_args.group_domain ).id except exceptions.CommandError: if not validate_actor_existence: return parsed_args.group raise
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity group = common.find_group(identity_client, parsed_args.group, parsed_args.domain) kwargs = {} if parsed_args.name: kwargs['name'] = parsed_args.name if parsed_args.description: kwargs['description'] = parsed_args.description identity_client.groups.update(group.id, **kwargs)
def _process_identity_and_resource_options(parsed_args, identity_client_manager): kwargs = {} if parsed_args.user and parsed_args.domain: kwargs["user"] = common.find_user(identity_client_manager, parsed_args.user, parsed_args.user_domain).id kwargs["domain"] = common.find_domain(identity_client_manager, parsed_args.domain).id elif parsed_args.user and parsed_args.project: kwargs["user"] = common.find_user(identity_client_manager, parsed_args.user, parsed_args.user_domain).id kwargs["project"] = common.find_project( identity_client_manager, parsed_args.project, parsed_args.project_domain ).id elif parsed_args.group and parsed_args.domain: kwargs["group"] = common.find_group(identity_client_manager, parsed_args.group, parsed_args.group_domain).id kwargs["domain"] = common.find_domain(identity_client_manager, parsed_args.domain).id elif parsed_args.group and parsed_args.project: kwargs["group"] = common.find_group(identity_client_manager, parsed_args.group, parsed_args.group_domain).id kwargs["project"] = common.find_project( identity_client_manager, parsed_args.project, parsed_args.project_domain ).id kwargs["os_inherit_extension_inherited"] = parsed_args.inherited return kwargs
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity group = common.find_group(identity_client, parsed_args.group, parsed_args.domain) kwargs = {} if parsed_args.name: kwargs['name'] = parsed_args.name if parsed_args.description: kwargs['description'] = parsed_args.description if not len(kwargs): sys.stderr.write("Group not updated, no arguments present") return identity_client.groups.update(group.id, **kwargs)
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity user_id = common.find_user(identity_client, parsed_args.user, parsed_args.user_domain).id group_id = common.find_group(identity_client, parsed_args.group, parsed_args.group_domain).id try: identity_client.users.check_in_group(user_id, group_id) except Exception: sys.stderr.write("%s not in group %s\n" % (parsed_args.user, parsed_args.group)) else: sys.stdout.write("%s in group %s\n" % (parsed_args.user, parsed_args.group))
def take_action(self, parsed_args): self.log.debug('take_action(%s)', parsed_args) identity_client = self.app.client_manager.identity user_id = common.find_user(identity_client, parsed_args.user, parsed_args.user_domain).id group_id = common.find_group(identity_client, parsed_args.group, parsed_args.group_domain).id try: identity_client.users.add_to_group(user_id, group_id) except Exception: sys.stderr.write("%s not added to group %s\n" % (parsed_args.user, parsed_args.group)) else: sys.stdout.write("%s added to group %s\n" % (parsed_args.user, parsed_args.group))
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity user_id = common.find_user(identity_client, parsed_args.user, parsed_args.user_domain).id group_id = common.find_group(identity_client, parsed_args.group, parsed_args.group_domain).id try: identity_client.users.add_to_group(user_id, group_id) except Exception as e: msg = _("%(user)s not added to group %(group)s: %(e)s") % { 'user': parsed_args.user, 'group': parsed_args.group, 'e': e, } raise exceptions.CommandError(msg)
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity errors = 0 for group in parsed_args.groups: try: group_obj = common.find_group(identity_client, group, parsed_args.domain) identity_client.groups.delete(group_obj.id) except Exception as e: errors += 1 LOG.error(_("Failed to delete group with " "name or ID '%(group)s': %(e)s"), {'group': group, 'e': e}) if errors > 0: total = len(parsed_args.groups) msg = (_("%(errors)s of %(total)s groups failed " "to delete.") % {'errors': errors, 'total': total}) raise exceptions.CommandError(msg)
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity user_id = common.find_user(identity_client, parsed_args.user, parsed_args.user_domain).id group_id = common.find_group(identity_client, parsed_args.group, parsed_args.group_domain).id try: identity_client.users.check_in_group(user_id, group_id) except Exception: msg = _("%(user)s not in group %(group)s\n") % { 'user': parsed_args.user, 'group': parsed_args.group, } sys.stderr.write(msg) else: msg = _("%(user)s in group %(group)s\n") % { 'user': parsed_args.user, 'group': parsed_args.group, } sys.stdout.write(msg)
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity auth_ref = self.app.client_manager.auth_ref role = None if parsed_args.role: role = utils.find_resource( identity_client.roles, parsed_args.role, ) user = None if parsed_args.user: user = common.find_user( identity_client, parsed_args.user, parsed_args.user_domain, ) elif parsed_args.authuser: if auth_ref: user = common.find_user( identity_client, auth_ref.user_id ) domain = None if parsed_args.domain: domain = common.find_domain( identity_client, parsed_args.domain, ) project = None if parsed_args.project: project = common.find_project( identity_client, parsed_args.project, parsed_args.project_domain, ) elif parsed_args.authproject: if auth_ref: project = common.find_project( identity_client, auth_ref.project_id ) group = None if parsed_args.group: group = common.find_group( identity_client, parsed_args.group, parsed_args.group_domain, ) include_names = True if parsed_args.names else False effective = True if parsed_args.effective else False columns = ('Role', 'User', 'Group', 'Project', 'Domain', 'Inherited') inherited_to = 'projects' if parsed_args.inherited else None data = identity_client.role_assignments.list( domain=domain, user=user, group=group, project=project, role=role, effective=effective, os_inherit_extension_inherited_to=inherited_to, include_names=include_names) data_parsed = [] for assignment in data: # Removing the extra "scope" layer in the assignment json scope = assignment.scope if 'project' in scope: if include_names: prj = '@'.join([scope['project']['name'], scope['project']['domain']['name']]) setattr(assignment, 'project', prj) else: setattr(assignment, 'project', scope['project']['id']) assignment.domain = '' elif 'domain' in scope: if include_names: setattr(assignment, 'domain', scope['domain']['name']) else: setattr(assignment, 'domain', scope['domain']['id']) assignment.project = '' else: assignment.domain = '' assignment.project = '' inherited = scope.get('OS-INHERIT:inherited_to') == 'projects' assignment.inherited = inherited del assignment.scope if hasattr(assignment, 'user'): if include_names: usr = '******'.join([assignment.user['name'], assignment.user['domain']['name']]) setattr(assignment, 'user', usr) else: setattr(assignment, 'user', assignment.user['id']) assignment.group = '' elif hasattr(assignment, 'group'): if include_names: grp = '@'.join([assignment.group['name'], assignment.group['domain']['name']]) setattr(assignment, 'group', grp) else: setattr(assignment, 'group', assignment.group['id']) assignment.user = '' else: assignment.user = '' assignment.group = '' if hasattr(assignment, 'role'): if include_names: setattr(assignment, 'role', assignment.role['name']) else: setattr(assignment, 'role', assignment.role['id']) else: assignment.role = '' # Creating a tuple from data object fields # (including the blank ones) data_parsed.append(self._as_tuple(assignment)) return columns, tuple(data_parsed)
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity if parsed_args.user: user = common.find_user(identity_client, parsed_args.user, parsed_args.user_domain) elif parsed_args.group: group = common.find_group(identity_client, parsed_args.group, parsed_args.group_domain) if parsed_args.domain: domain = common.find_domain(identity_client, parsed_args.domain) elif parsed_args.project: project = common.find_project(identity_client, parsed_args.project, parsed_args.project_domain) # no user or group specified, list all roles in the system if not parsed_args.user and not parsed_args.group: columns = ("ID", "Name") data = identity_client.roles.list() elif parsed_args.user and parsed_args.domain: columns = ("ID", "Name", "Domain", "User") data = identity_client.roles.list( user=user, domain=domain, os_inherit_extension_inherited=parsed_args.inherited ) for user_role in data: user_role.user = user.name user_role.domain = domain.name elif parsed_args.user and parsed_args.project: columns = ("ID", "Name", "Project", "User") data = identity_client.roles.list( user=user, project=project, os_inherit_extension_inherited=parsed_args.inherited ) for user_role in data: user_role.user = user.name user_role.project = project.name elif parsed_args.user: columns = ("ID", "Name") data = identity_client.roles.list( user=user, domain="default", os_inherit_extension_inherited=parsed_args.inherited ) elif parsed_args.group and parsed_args.domain: columns = ("ID", "Name", "Domain", "Group") data = identity_client.roles.list( group=group, domain=domain, os_inherit_extension_inherited=parsed_args.inherited ) for group_role in data: group_role.group = group.name group_role.domain = domain.name elif parsed_args.group and parsed_args.project: columns = ("ID", "Name", "Project", "Group") data = identity_client.roles.list( group=group, project=project, os_inherit_extension_inherited=parsed_args.inherited ) for group_role in data: group_role.group = group.name group_role.project = project.name else: sys.stderr.write( "Error: If a user or group is specified, either " "--domain or --project must also be specified to " "list role grants.\n" ) return ([], []) return (columns, (utils.get_item_properties(s, columns, formatters={}) for s in data))
def take_action(self, parsed_args): self.log.debug('take_action(%s)', parsed_args) identity_client = self.app.client_manager.identity if (not parsed_args.user and not parsed_args.domain and not parsed_args.group and not parsed_args.project): return role = utils.find_resource( identity_client.roles, parsed_args.role, ) if parsed_args.user and parsed_args.domain: user = common.find_user( identity_client, parsed_args.user, ) domain = common.find_domain( identity_client, parsed_args.domain, ) identity_client.roles.grant( role.id, user=user.id, domain=domain.id, ) elif parsed_args.user and parsed_args.project: user = common.find_user( identity_client, parsed_args.user, ) project = common.find_project( identity_client, parsed_args.project, ) identity_client.roles.grant( role.id, user=user.id, project=project.id, ) elif parsed_args.group and parsed_args.domain: group = common.find_group( identity_client, parsed_args.group, ) domain = common.find_domain( identity_client, parsed_args.domain, ) identity_client.roles.grant( role.id, group=group.id, domain=domain.id, ) elif parsed_args.group and parsed_args.project: group = common.find_group( identity_client, parsed_args.group, ) project = common.find_project( identity_client, parsed_args.project, ) identity_client.roles.grant( role.id, group=group.id, project=project.id, ) else: sys.stderr.write("Role not added, incorrect set of arguments \ provided. See openstack --help for more details\n") return
def take_action(self, parsed_args): self.log.debug('take_action(%s)' % parsed_args) identity_client = self.app.client_manager.identity if parsed_args.user: user = common.find_user( identity_client, parsed_args.user, ) elif parsed_args.group: group = common.find_group( identity_client, parsed_args.group, ) if parsed_args.domain: domain = common.find_domain( identity_client, parsed_args.domain, ) elif parsed_args.project: project = common.find_project( identity_client, parsed_args.project, ) # no user or group specified, list all roles in the system if not parsed_args.user and not parsed_args.group: columns = ('ID', 'Name') data = identity_client.roles.list() elif parsed_args.user and parsed_args.domain: columns = ('ID', 'Name', 'Domain', 'User') data = identity_client.roles.list( user=user, domain=domain, ) for user_role in data: user_role.user = user.name user_role.domain = domain.name elif parsed_args.user and parsed_args.project: columns = ('ID', 'Name', 'Project', 'User') data = identity_client.roles.list( user=user, project=project, ) for user_role in data: user_role.user = user.name user_role.project = project.name elif parsed_args.user: columns = ('ID', 'Name') data = identity_client.roles.list( user=user, domain='default', ) elif parsed_args.group and parsed_args.domain: columns = ('ID', 'Name', 'Domain', 'Group') data = identity_client.roles.list( group=group, domain=domain, ) for group_role in data: group_role.group = group.name group_role.domain = domain.name elif parsed_args.group and parsed_args.project: columns = ('ID', 'Name', 'Project', 'Group') data = identity_client.roles.list( group=group, project=project, ) for group_role in data: group_role.group = group.name group_role.project = project.name else: sys.stderr.write("Error: If a user or group is specified, either " "--domain or --project must also be specified to " "list role grants.\n") return ([], []) return (columns, (utils.get_item_properties( s, columns, formatters={}, ) for s in data))
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity role = None if parsed_args.role: role = utils.find_resource( identity_client.roles, parsed_args.role, ) user = None if parsed_args.user: user = common.find_user( identity_client, parsed_args.user, parsed_args.user_domain, ) domain = None if parsed_args.domain: domain = common.find_domain( identity_client, parsed_args.domain, ) project = None if parsed_args.project: project = common.find_project( identity_client, parsed_args.project, parsed_args.project_domain, ) group = None if parsed_args.group: group = common.find_group( identity_client, parsed_args.group, parsed_args.group_domain, ) include_names = True if parsed_args.names else False effective = True if parsed_args.effective else False columns = ('Role', 'User', 'Group', 'Project', 'Domain', 'Inherited') inherited_to = 'projects' if parsed_args.inherited else None data = identity_client.role_assignments.list( domain=domain, user=user, group=group, project=project, role=role, effective=effective, os_inherit_extension_inherited_to=inherited_to, include_names=include_names) data_parsed = [] for assignment in data: # Removing the extra "scope" layer in the assignment json scope = assignment.scope if 'project' in scope: if include_names: prj = '@'.join([ scope['project']['name'], scope['project']['domain']['name'] ]) setattr(assignment, 'project', prj) else: setattr(assignment, 'project', scope['project']['id']) assignment.domain = '' elif 'domain' in scope: if include_names: setattr(assignment, 'domain', scope['domain']['name']) else: setattr(assignment, 'domain', scope['domain']['id']) assignment.project = '' else: assignment.domain = '' assignment.project = '' inherited = scope.get('OS-INHERIT:inherited_to') == 'projects' assignment.inherited = inherited del assignment.scope if hasattr(assignment, 'user'): if include_names: usr = '******'.join([ assignment.user['name'], assignment.user['domain']['name'] ]) setattr(assignment, 'user', usr) else: setattr(assignment, 'user', assignment.user['id']) assignment.group = '' elif hasattr(assignment, 'group'): if include_names: grp = '@'.join([ assignment.group['name'], assignment.group['domain']['name'] ]) setattr(assignment, 'group', grp) else: setattr(assignment, 'group', assignment.group['id']) assignment.user = '' else: assignment.user = '' assignment.group = '' if hasattr(assignment, 'role'): if include_names: setattr(assignment, 'role', assignment.role['name']) else: setattr(assignment, 'role', assignment.role['id']) else: assignment.role = '' # Creating a tuple from data object fields # (including the blank ones) data_parsed.append(self._as_tuple(assignment)) return columns, tuple(data_parsed)
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity auth_ref = self.app.client_manager.auth_ref role = None role_domain_id = None if parsed_args.role_domain: role_domain_id = common.find_domain(identity_client, parsed_args.role_domain).id if parsed_args.role: role = utils.find_resource( identity_client.roles, parsed_args.role, domain_id=role_domain_id ) user = None if parsed_args.user: user = common.find_user( identity_client, parsed_args.user, parsed_args.user_domain, ) elif parsed_args.authuser: if auth_ref: user = common.find_user( identity_client, auth_ref.user_id ) system = None if parsed_args.system: system = parsed_args.system domain = None if parsed_args.domain: domain = common.find_domain( identity_client, parsed_args.domain, ) project = None if parsed_args.project: project = common.find_project( identity_client, common._get_token_resource(identity_client, 'project', parsed_args.project), parsed_args.project_domain, ) elif parsed_args.authproject: if auth_ref: project = common.find_project( identity_client, auth_ref.project_id ) group = None if parsed_args.group: group = common.find_group( identity_client, parsed_args.group, parsed_args.group_domain, ) include_names = True if parsed_args.names else False effective = True if parsed_args.effective else False columns = ( 'Role', 'User', 'Group', 'Project', 'Domain', 'System', 'Inherited' ) inherited_to = 'projects' if parsed_args.inherited else None data = identity_client.role_assignments.list( domain=domain, user=user, group=group, project=project, system=system, role=role, effective=effective, os_inherit_extension_inherited_to=inherited_to, include_names=include_names) data_parsed = [] for assignment in data: # Removing the extra "scope" layer in the assignment json scope = assignment.scope if 'project' in scope: if include_names: prj = '@'.join([scope['project']['name'], scope['project']['domain']['name']]) setattr(assignment, 'project', prj) else: setattr(assignment, 'project', scope['project']['id']) assignment.domain = '' assignment.system = '' elif 'domain' in scope: if include_names: setattr(assignment, 'domain', scope['domain']['name']) else: setattr(assignment, 'domain', scope['domain']['id']) assignment.project = '' assignment.system = '' elif 'system' in scope: # NOTE(lbragstad): If, or when, keystone supports role # assignments on subsets of a system, this will have to evolve # to handle that case instead of hardcoding to the entire # system. setattr(assignment, 'system', 'all') assignment.domain = '' assignment.project = '' else: assignment.system = '' assignment.domain = '' assignment.project = '' inherited = scope.get('OS-INHERIT:inherited_to') == 'projects' assignment.inherited = inherited del assignment.scope if hasattr(assignment, 'user'): if include_names: usr = '******'.join([assignment.user['name'], assignment.user['domain']['name']]) setattr(assignment, 'user', usr) else: setattr(assignment, 'user', assignment.user['id']) assignment.group = '' elif hasattr(assignment, 'group'): if include_names: grp = '@'.join([assignment.group['name'], assignment.group['domain']['name']]) setattr(assignment, 'group', grp) else: setattr(assignment, 'group', assignment.group['id']) assignment.user = '' else: assignment.user = '' assignment.group = '' if hasattr(assignment, 'role'): if include_names: # TODO(henry-nash): If this is a domain specific role it # would be good show this as role@domain, although this # domain info is not yet included in the response from the # server. Although we could get it by re-reading the role # from the ID, let's wait until the server does the right # thing. setattr(assignment, 'role', assignment.role['name']) else: setattr(assignment, 'role', assignment.role['id']) else: assignment.role = '' # Creating a tuple from data object fields # (including the blank ones) data_parsed.append(self._as_tuple(assignment)) return columns, tuple(data_parsed)
def take_action(self, parsed_args): self.log.debug('take_action(%s)', parsed_args) identity_client = self.app.client_manager.identity if (not parsed_args.user and not parsed_args.domain and not parsed_args.group and not parsed_args.project): return role = utils.find_resource( identity_client.roles, parsed_args.role, ) kwargs = {} if parsed_args.user and parsed_args.domain: user_domain_id = self._get_domain_id_if_requested( parsed_args.user_domain) kwargs['user'] = common.find_user( identity_client, parsed_args.user, user_domain_id, ).id kwargs['domain'] = common.find_domain( identity_client, parsed_args.domain, ).id elif parsed_args.user and parsed_args.project: user_domain_id = self._get_domain_id_if_requested( parsed_args.user_domain) kwargs['user'] = common.find_user( identity_client, parsed_args.user, user_domain_id, ).id project_domain_id = self._get_domain_id_if_requested( parsed_args.project_domain) kwargs['project'] = common.find_project( identity_client, parsed_args.project, project_domain_id, ).id elif parsed_args.group and parsed_args.domain: group_domain_id = self._get_domain_id_if_requested( parsed_args.group_domain) kwargs['group'] = common.find_group( identity_client, parsed_args.group, group_domain_id, ).id kwargs['domain'] = common.find_domain( identity_client, parsed_args.domain, ).id elif parsed_args.group and parsed_args.project: group_domain_id = self._get_domain_id_if_requested( parsed_args.group_domain) kwargs['group'] = common.find_group( identity_client, parsed_args.group, group_domain_id, ).id project_domain_id = self._get_domain_id_if_requested( parsed_args.project_domain) kwargs['project'] = common.find_project( identity_client, parsed_args.project, project_domain_id, ).id else: sys.stderr.write("Role not added, incorrect set of arguments \ provided. See openstack --help for more details\n") return identity_client.roles.grant(role.id, **kwargs) return
def take_action(self, parsed_args): self.log.debug('take_action(%s)' % parsed_args) identity_client = self.app.client_manager.identity role = None if parsed_args.role: role = utils.find_resource( identity_client.roles, parsed_args.role, ) user = None if parsed_args.user: user = common.find_user( identity_client, parsed_args.user, ) domain = None if parsed_args.domain: domain = common.find_domain( identity_client, parsed_args.domain, ) project = None if parsed_args.project: project = common.find_project( identity_client, parsed_args.project, ) group = None if parsed_args.group: group = common.find_group( identity_client, parsed_args.group, ) effective = True if parsed_args.effective else False self.log.debug('take_action(%s)' % parsed_args) columns = ('Role', 'User', 'Group', 'Project', 'Domain') data = identity_client.role_assignments.list(domain=domain, user=user, group=group, project=project, role=role, effective=effective) data_parsed = [] for assignment in data: # Removing the extra "scope" layer in the assignment json scope = assignment.scope if 'project' in scope: setattr(assignment, 'project', scope['project']['id']) assignment.domain = '' elif 'domain' in scope: setattr(assignment, 'domain', scope['domain']['id']) assignment.project = '' else: assignment.domain = '' assignment.project = '' del assignment.scope if hasattr(assignment, 'user'): setattr(assignment, 'user', assignment.user['id']) assignment.group = '' elif hasattr(assignment, 'group'): setattr(assignment, 'group', assignment.group['id']) assignment.user = '' else: assignment.user = '' assignment.group = '' if hasattr(assignment, 'role'): setattr(assignment, 'role', assignment.role['id']) else: assignment.role = '' # Creating a tuple from data object fields # (including the blank ones) data_parsed.append(self._as_tuple(assignment)) return columns, tuple(data_parsed)
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity domain = None if parsed_args.domain: domain = common.find_domain(identity_client, parsed_args.domain).id group = None if parsed_args.group: group = common.find_group(identity_client, parsed_args.group, parsed_args.domain).id if parsed_args.project: if domain is not None: project = utils.find_resource(identity_client.projects, parsed_args.project, domain_id=domain).id else: project = utils.find_resource( identity_client.projects, parsed_args.project, ).id assignments = identity_client.role_assignments.list( project=project) # NOTE(stevemar): If a user has more than one role on a project # then they will have two entries in the returned data. Since we # are looking for any role, let's just track unique user IDs. user_ids = set() for assignment in assignments: if hasattr(assignment, 'user'): user_ids.add(assignment.user['id']) # NOTE(stevemar): Call find_resource once we have unique IDs, so # it's fewer trips to the Identity API, then collect the data. data = [] for user_id in user_ids: user = utils.find_resource(identity_client.users, user_id) data.append(user) else: data = identity_client.users.list( domain=domain, group=group, ) # Column handling if parsed_args.long: columns = [ 'ID', 'Name', 'Default Project Id', 'Domain Id', 'Description', 'Email', 'Enabled' ] column_headers = copy.deepcopy(columns) column_headers[2] = 'Project' column_headers[3] = 'Domain' else: columns = ['ID', 'Name'] column_headers = columns return (column_headers, (utils.get_item_properties( s, columns, formatters={}, ) for s in data))
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity if parsed_args.user: user = common.find_user( identity_client, parsed_args.user, parsed_args.user_domain, ) elif parsed_args.group: group = common.find_group( identity_client, parsed_args.group, parsed_args.group_domain, ) if parsed_args.domain: domain = common.find_domain( identity_client, parsed_args.domain, ) elif parsed_args.project: project = common.find_project( identity_client, parsed_args.project, parsed_args.project_domain, ) # no user or group specified, list all roles in the system if not parsed_args.user and not parsed_args.group: if not parsed_args.domain: columns = ('ID', 'Name') data = identity_client.roles.list() else: columns = ('ID', 'Name', 'Domain') data = identity_client.roles.list(domain_id=domain.id) for role in data: role.domain = domain.name elif parsed_args.user and parsed_args.domain: columns = ('ID', 'Name', 'Domain', 'User') data = identity_client.roles.list( user=user, domain=domain, os_inherit_extension_inherited=parsed_args.inherited ) for user_role in data: user_role.user = user.name user_role.domain = domain.name self.log.warning(_('Listing assignments using role list is ' 'deprecated. Use role assignment list --user ' '<user-name> --domain <domain-name> --names ' 'instead.')) elif parsed_args.user and parsed_args.project: columns = ('ID', 'Name', 'Project', 'User') data = identity_client.roles.list( user=user, project=project, os_inherit_extension_inherited=parsed_args.inherited ) for user_role in data: user_role.user = user.name user_role.project = project.name self.log.warning(_('Listing assignments using role list is ' 'deprecated. Use role assignment list --user ' '<user-name> --project <project-name> --names ' 'instead.')) elif parsed_args.user: columns = ('ID', 'Name') data = identity_client.roles.list( user=user, domain='default', os_inherit_extension_inherited=parsed_args.inherited ) self.log.warning(_('Listing assignments using role list is ' 'deprecated. Use role assignment list --user ' '<user-name> --domain default --names ' 'instead.')) elif parsed_args.group and parsed_args.domain: columns = ('ID', 'Name', 'Domain', 'Group') data = identity_client.roles.list( group=group, domain=domain, os_inherit_extension_inherited=parsed_args.inherited ) for group_role in data: group_role.group = group.name group_role.domain = domain.name self.log.warning(_('Listing assignments using role list is ' 'deprecated. Use role assignment list --group ' '<group-name> --domain <domain-name> --names ' 'instead.')) elif parsed_args.group and parsed_args.project: columns = ('ID', 'Name', 'Project', 'Group') data = identity_client.roles.list( group=group, project=project, os_inherit_extension_inherited=parsed_args.inherited ) for group_role in data: group_role.group = group.name group_role.project = project.name self.log.warning(_('Listing assignments using role list is ' 'deprecated. Use role assignment list --group ' '<group-name> --project <project-name> --names ' 'instead.')) else: sys.stderr.write(_("Error: If a user or group is specified, " "either --domain or --project must also be " "specified to list role grants.\n")) return ([], []) return (columns, (utils.get_item_properties( s, columns, formatters={}, ) for s in data))
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity if parsed_args.user: user = common.find_user( identity_client, parsed_args.user, parsed_args.user_domain, ) elif parsed_args.group: group = common.find_group( identity_client, parsed_args.group, parsed_args.group_domain, ) if parsed_args.domain: domain = common.find_domain( identity_client, parsed_args.domain, ) elif parsed_args.project: project = common.find_project( identity_client, parsed_args.project, parsed_args.project_domain, ) # no user or group specified, list all roles in the system if not parsed_args.user and not parsed_args.group: columns = ('ID', 'Name') data = identity_client.roles.list() elif parsed_args.user and parsed_args.domain: columns = ('ID', 'Name', 'Domain', 'User') data = identity_client.roles.list( user=user, domain=domain, os_inherit_extension_inherited=parsed_args.inherited) for user_role in data: user_role.user = user.name user_role.domain = domain.name elif parsed_args.user and parsed_args.project: columns = ('ID', 'Name', 'Project', 'User') data = identity_client.roles.list( user=user, project=project, os_inherit_extension_inherited=parsed_args.inherited) for user_role in data: user_role.user = user.name user_role.project = project.name elif parsed_args.user: columns = ('ID', 'Name') data = identity_client.roles.list( user=user, domain='default', os_inherit_extension_inherited=parsed_args.inherited) elif parsed_args.group and parsed_args.domain: columns = ('ID', 'Name', 'Domain', 'Group') data = identity_client.roles.list( group=group, domain=domain, os_inherit_extension_inherited=parsed_args.inherited) for group_role in data: group_role.group = group.name group_role.domain = domain.name elif parsed_args.group and parsed_args.project: columns = ('ID', 'Name', 'Project', 'Group') data = identity_client.roles.list( group=group, project=project, os_inherit_extension_inherited=parsed_args.inherited) for group_role in data: group_role.group = group.name group_role.project = project.name else: sys.stderr.write("Error: If a user or group is specified, either " "--domain or --project must also be specified to " "list role grants.\n") return ([], []) return (columns, (utils.get_item_properties( s, columns, formatters={}, ) for s in data))
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity if parsed_args.user: user = common.find_user( identity_client, parsed_args.user, parsed_args.user_domain, ) elif parsed_args.group: group = common.find_group( identity_client, parsed_args.group, parsed_args.group_domain, ) if parsed_args.domain: domain = common.find_domain( identity_client, parsed_args.domain, ) elif parsed_args.project: project = common.find_project( identity_client, parsed_args.project, parsed_args.project_domain, ) # no user or group specified, list all roles in the system if not parsed_args.user and not parsed_args.group: if not parsed_args.domain: columns = ('ID', 'Name') data = identity_client.roles.list() else: columns = ('ID', 'Name', 'Domain') data = identity_client.roles.list(domain_id=domain.id) for role in data: role.domain = domain.name elif parsed_args.user and parsed_args.domain: columns = ('ID', 'Name', 'Domain', 'User') data = identity_client.roles.list( user=user, domain=domain, os_inherit_extension_inherited=parsed_args.inherited) for user_role in data: user_role.user = user.name user_role.domain = domain.name self.log.warning( _('Listing assignments using role list is ' 'deprecated. Use role assignment list --user ' '<user-name> --domain <domain-name> --names ' 'instead.')) elif parsed_args.user and parsed_args.project: columns = ('ID', 'Name', 'Project', 'User') data = identity_client.roles.list( user=user, project=project, os_inherit_extension_inherited=parsed_args.inherited) for user_role in data: user_role.user = user.name user_role.project = project.name self.log.warning( _('Listing assignments using role list is ' 'deprecated. Use role assignment list --user ' '<user-name> --project <project-name> --names ' 'instead.')) elif parsed_args.user: columns = ('ID', 'Name') data = identity_client.roles.list( user=user, domain='default', os_inherit_extension_inherited=parsed_args.inherited) self.log.warning( _('Listing assignments using role list is ' 'deprecated. Use role assignment list --user ' '<user-name> --domain default --names ' 'instead.')) elif parsed_args.group and parsed_args.domain: columns = ('ID', 'Name', 'Domain', 'Group') data = identity_client.roles.list( group=group, domain=domain, os_inherit_extension_inherited=parsed_args.inherited) for group_role in data: group_role.group = group.name group_role.domain = domain.name self.log.warning( _('Listing assignments using role list is ' 'deprecated. Use role assignment list --group ' '<group-name> --domain <domain-name> --names ' 'instead.')) elif parsed_args.group and parsed_args.project: columns = ('ID', 'Name', 'Project', 'Group') data = identity_client.roles.list( group=group, project=project, os_inherit_extension_inherited=parsed_args.inherited) for group_role in data: group_role.group = group.name group_role.project = project.name self.log.warning( _('Listing assignments using role list is ' 'deprecated. Use role assignment list --group ' '<group-name> --project <project-name> --names ' 'instead.')) else: msg = _("Error: If a user or group is specified, " "either --domain or --project must also be " "specified to list role grants.") raise exceptions.CommandError(msg) return (columns, (utils.get_item_properties( s, columns, formatters={}, ) for s in data))
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity domain = None if parsed_args.domain: domain = common.find_domain(identity_client, parsed_args.domain).id group = None if parsed_args.group: group = common.find_group(identity_client, parsed_args.group, parsed_args.domain).id if parsed_args.project: if domain is not None: project = utils.find_resource( identity_client.projects, parsed_args.project, domain_id=domain ).id else: project = utils.find_resource( identity_client.projects, parsed_args.project, ).id assignments = identity_client.role_assignments.list( project=project) # NOTE(stevemar): If a user has more than one role on a project # then they will have two entries in the returned data. Since we # are looking for any role, let's just track unique user IDs. user_ids = set() for assignment in assignments: if hasattr(assignment, 'user'): user_ids.add(assignment.user['id']) # NOTE(stevemar): Call find_resource once we have unique IDs, so # it's fewer trips to the Identity API, then collect the data. data = [] for user_id in user_ids: user = utils.find_resource(identity_client.users, user_id) data.append(user) else: data = identity_client.users.list( domain=domain, group=group, ) # Column handling if parsed_args.long: columns = ['ID', 'Name', 'Default Project Id', 'Domain Id', 'Description', 'Email', 'Enabled'] column_headers = copy.deepcopy(columns) column_headers[2] = 'Project' column_headers[3] = 'Domain' else: columns = ['ID', 'Name'] column_headers = columns return ( column_headers, (utils.get_item_properties( s, columns, formatters={}, ) for s in data) )
def take_action(self, parsed_args): self.log.debug('take_action(%s)' % parsed_args) identity_client = self.app.client_manager.identity role = None if parsed_args.role: role = utils.find_resource( identity_client.roles, parsed_args.role, ) user = None if parsed_args.user: user = common.find_user( identity_client, parsed_args.user, ) domain = None if parsed_args.domain: domain = common.find_domain( identity_client, parsed_args.domain, ) project = None if parsed_args.project: project = common.find_project( identity_client, parsed_args.project, ) group = None if parsed_args.group: group = common.find_group( identity_client, parsed_args.group, ) effective = True if parsed_args.effective else False self.log.debug('take_action(%s)' % parsed_args) columns = ('Role', 'User', 'Group', 'Project', 'Domain') data = identity_client.role_assignments.list( domain=domain, user=user, group=group, project=project, role=role, effective=effective) data_parsed = [] for assignment in data: # Removing the extra "scope" layer in the assignment json scope = assignment.scope if 'project' in scope: setattr(assignment, 'project', scope['project']['id']) assignment.domain = '' elif 'domain' in scope: setattr(assignment, 'domain', scope['domain']['id']) assignment.project = '' else: assignment.domain = '' assignment.project = '' del assignment.scope if hasattr(assignment, 'user'): setattr(assignment, 'user', assignment.user['id']) assignment.group = '' elif hasattr(assignment, 'group'): setattr(assignment, 'group', assignment.group['id']) assignment.user = '' else: assignment.user = '' assignment.group = '' if hasattr(assignment, 'role'): setattr(assignment, 'role', assignment.role['id']) else: assignment.role = '' # Creating a tuple from data object fields # (including the blank ones) data_parsed.append(self._as_tuple(assignment)) return columns, tuple(data_parsed)