def test_user_show_with_domain(self): user = identity_fakes.FakeUser.create_one_user( {"name": self.user.name}) identity_client = self.app.client_manager.identity arglist = [ "--domain", self.user.domain_id, user.name, ] verifylist = [ ('domain', self.user.domain_id), ('user', user.name), ] parsed_args = self.check_parser(self.cmd, arglist, verifylist) user_str = common._get_token_resource(identity_client, 'user', parsed_args.user, parsed_args.domain) self.assertEqual(self.user.id, user_str) arglist = [ "--domain", user.domain_id, user.name, ] verifylist = [ ('domain', user.domain_id), ('user', user.name), ] parsed_args = self.check_parser(self.cmd, arglist, verifylist) user_str = common._get_token_resource(identity_client, 'user', parsed_args.user, parsed_args.domain) self.assertEqual(user.name, user_str)
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity project_str = common._get_token_resource(identity_client, 'project', parsed_args.project, parsed_args.domain) if parsed_args.domain: domain = common.find_domain(identity_client, parsed_args.domain) project = utils.find_resource(identity_client.projects, project_str, domain_id=domain.id) else: project = utils.find_resource(identity_client.projects, project_str) if parsed_args.parents or parsed_args.children: # NOTE(RuiChen): utils.find_resource() can't pass kwargs, # if id query hit the result at first, so call # identity manager.get() with kwargs directly. project = identity_client.projects.get( project.id, parents_as_ids=parsed_args.parents, subtree_as_ids=parsed_args.children) project._info.pop('links') return zip(*sorted(project._info.items()))
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity project_str = common._get_token_resource(identity_client, 'project', parsed_args.project) if parsed_args.domain: domain = common.find_domain(identity_client, parsed_args.domain) project = utils.find_resource( identity_client.projects, project_str, domain_id=domain.id, parents_as_list=parsed_args.parents, subtree_as_list=parsed_args.children) else: project = utils.find_resource( identity_client.projects, project_str, parents_as_list=parsed_args.parents, subtree_as_list=parsed_args.children) if project._info.get('parents'): project._info['parents'] = [str(p['project']['id']) for p in project._info['parents']] if project._info.get('subtree'): project._info['subtree'] = [str(p['project']['id']) for p in project._info['subtree']] project._info.pop('links') return zip(*sorted(six.iteritems(project._info)))
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity project_str = common._get_token_resource(identity_client, "project", parsed_args.project) if parsed_args.domain: domain = common.find_domain(identity_client, parsed_args.domain) project = utils.find_resource( identity_client.projects, project_str, domain_id=domain.id, parents_as_list=parsed_args.parents, subtree_as_list=parsed_args.children, ) else: project = utils.find_resource( identity_client.projects, project_str, parents_as_list=parsed_args.parents, subtree_as_list=parsed_args.children, ) if project._info.get("parents"): project._info["parents"] = [str(p["project"]["id"]) for p in project._info["parents"]] if project._info.get("subtree"): project._info["subtree"] = [str(p["project"]["id"]) for p in project._info["subtree"]] project._info.pop("links") return zip(*sorted(six.iteritems(project._info)))
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity project_str = common._get_token_resource(identity_client, 'project', parsed_args.project) if parsed_args.domain: domain = common.find_domain(identity_client, parsed_args.domain) project = utils.find_resource(identity_client.projects, project_str, domain_id=domain.id, parents_as_list=parsed_args.parents, subtree_as_list=parsed_args.children) else: project = utils.find_resource(identity_client.projects, project_str, parents_as_list=parsed_args.parents, subtree_as_list=parsed_args.children) if project._info.get('parents'): project._info['parents'] = [ str(p['project']['id']) for p in project._info['parents'] ] if project._info.get('subtree'): project._info['subtree'] = [ str(p['project']['id']) for p in project._info['subtree'] ] project._info.pop('links') return zip(*sorted(six.iteritems(project._info)))
def test_project_show_with_domain(self): project = identity_fakes.FakeProject.create_one_project( {"name": self.project.name}) self.app.client_manager.identity.tokens.get_token_data.return_value = \ {'token': {'project': {'domain': {"id": self.project.domain_id}, 'name': self.project.name, 'id': self.project.id } } } identity_client = self.app.client_manager.identity arglist = [ "--domain", self.domain.id, project.name, ] verifylist = [ ('domain', self.domain.id), ('project', project.name), ] parsed_args = self.check_parser(self.cmd, arglist, verifylist) project_str = common._get_token_resource(identity_client, 'project', parsed_args.project, parsed_args.domain) self.assertEqual(self.project.id, project_str) arglist = [ "--domain", project.domain_id, project.name, ] verifylist = [ ('domain', project.domain_id), ('project', project.name), ] parsed_args = self.check_parser(self.cmd, arglist, verifylist) project_str = common._get_token_resource(identity_client, 'project', parsed_args.project, parsed_args.domain) self.assertEqual(project.name, project_str)
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity role_ids = [] for role in parsed_args.role: # A user can only create an application credential for themself, # not for another user even as an admin, and only on the project to # which they are currently scoped with a subset of the role # assignments they have on that project. Don't bother trying to # look up roles via keystone, just introspect the token. role_id = common._get_token_resource(identity_client, "roles", role) role_ids.append(role_id) expires_at = None if parsed_args.expiration: expires_at = datetime.datetime.strptime(parsed_args.expiration, '%Y-%m-%dT%H:%M:%S') if parsed_args.restricted: unrestricted = False else: unrestricted = parsed_args.unrestricted if parsed_args.access_rules: try: access_rules = json.loads(parsed_args.access_rules) except ValueError: try: with open(parsed_args.access_rules) as f: access_rules = json.load(f) except IOError: raise exceptions.CommandError( _("Access rules is not valid JSON string or file does" " not exist.")) else: access_rules = None app_cred_manager = identity_client.application_credentials application_credential = app_cred_manager.create( parsed_args.name, roles=role_ids, expires_at=expires_at, description=parsed_args.description, secret=parsed_args.secret, unrestricted=unrestricted, access_rules=access_rules, ) application_credential._info.pop('links', None) # Format roles into something sensible roles = application_credential._info.pop('roles') msg = ' '.join(r['name'] for r in roles) application_credential._info['roles'] = msg return zip(*sorted(application_credential._info.items()))
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity domain_str = common._get_token_resource(identity_client, 'domain', parsed_args.domain) domain = utils.find_resource(identity_client.domains, domain_str) domain._info.pop('links') return zip(*sorted(six.iteritems(domain._info)))
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity if parsed_args.password_prompt: parsed_args.password = utils.get_password(self.app.stdin) if '' == parsed_args.password: LOG.warning(_("No password was supplied, authentication will fail " "when a user does not have a password.")) user_str = common._get_token_resource(identity_client, 'user', parsed_args.user, parsed_args.domain) if parsed_args.domain: domain = common.find_domain(identity_client, parsed_args.domain) user = utils.find_resource(identity_client.users, user_str, domain_id=domain.id) else: user = utils.find_resource( identity_client.users, parsed_args.user, ) kwargs = {} if parsed_args.name: kwargs['name'] = parsed_args.name if parsed_args.email: kwargs['email'] = parsed_args.email if parsed_args.password: kwargs['password'] = parsed_args.password if parsed_args.description: kwargs['description'] = parsed_args.description if parsed_args.project: project_id = common.find_project(identity_client, parsed_args.project, parsed_args.project_domain).id kwargs['default_project'] = project_id kwargs['enabled'] = user.enabled if parsed_args.enable: kwargs['enabled'] = True if parsed_args.disable: kwargs['enabled'] = False options = _get_options_for_user(identity_client, parsed_args) if options: kwargs['options'] = options identity_client.users.update(user.id, **kwargs)
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity if parsed_args.password_prompt: parsed_args.password = utils.get_password(self.app.stdin) if '' == parsed_args.password: LOG.warning(_("No password was supplied, authentication will fail " "when a user does not have a password.")) user_str = common._get_token_resource(identity_client, 'user', parsed_args.user, parsed_args.domain) if parsed_args.domain: domain = common.find_domain(identity_client, parsed_args.domain) user = utils.find_resource(identity_client.users, user_str, domain_id=domain.id) else: user = utils.find_resource( identity_client.users, parsed_args.user, ) kwargs = {} if parsed_args.name: kwargs['name'] = parsed_args.name if parsed_args.email: kwargs['email'] = parsed_args.email if parsed_args.password: kwargs['password'] = parsed_args.password if parsed_args.description: kwargs['description'] = parsed_args.description if parsed_args.project: project_id = common.find_project(identity_client, parsed_args.project, parsed_args.project_domain).id kwargs['default_project'] = project_id kwargs['enabled'] = user.enabled if parsed_args.enable: kwargs['enabled'] = True if parsed_args.disable: kwargs['enabled'] = False identity_client.users.update(user.id, **kwargs) if user.name == 'admin' and 'password' in kwargs : print("Warning: '%s' password changed. Please wait 5 minutes " "before Locking/Unlocking the controllers for the password " "change to come into effect\n" %(user.name))
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity user_str = common._get_token_resource(identity_client, 'user', parsed_args.user) if parsed_args.domain: domain = common.find_domain(identity_client, parsed_args.domain) user = utils.find_resource(identity_client.users, user_str, domain_id=domain.id) else: user = utils.find_resource(identity_client.users, user_str) user._info.pop('links') return zip(*sorted(six.iteritems(user._info)))
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity if parsed_args.password_prompt: parsed_args.password = utils.get_password(self.app.stdin) if '' == parsed_args.password: LOG.warning(_("No password was supplied, authentication will fail " "when a user does not have a password.")) user_str = common._get_token_resource(identity_client, 'user', parsed_args.user, parsed_args.domain) if parsed_args.domain: domain = common.find_domain(identity_client, parsed_args.domain) user = utils.find_resource(identity_client.users, user_str, domain_id=domain.id) else: user = utils.find_resource( identity_client.users, parsed_args.user, ) kwargs = {} if parsed_args.name: kwargs['name'] = parsed_args.name if parsed_args.email: kwargs['email'] = parsed_args.email if parsed_args.password: kwargs['password'] = parsed_args.password if parsed_args.description: kwargs['description'] = parsed_args.description if parsed_args.project: project_id = common.find_project(identity_client, parsed_args.project, parsed_args.project_domain).id kwargs['default_project'] = project_id kwargs['enabled'] = user.enabled if parsed_args.enable: kwargs['enabled'] = True if parsed_args.disable: kwargs['enabled'] = False identity_client.users.update(user.id, **kwargs)
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity role_ids = [] for role in parsed_args.role: # A user can only create an application credential for themself, # not for another user even as an admin, and only on the project to # which they are currently scoped with a subset of the role # assignments they have on that project. Don't bother trying to # look up roles via keystone, just introspect the token. role_id = common._get_token_resource(identity_client, "roles", role) role_ids.append(role_id) expires_at = None if parsed_args.expiration: expires_at = datetime.datetime.strptime(parsed_args.expiration, '%Y-%m-%dT%H:%M:%S') if parsed_args.restricted: unrestricted = False else: unrestricted = parsed_args.unrestricted app_cred_manager = identity_client.application_credentials application_credential = app_cred_manager.create( parsed_args.name, roles=role_ids, expires_at=expires_at, description=parsed_args.description, secret=parsed_args.secret, unrestricted=unrestricted, ) application_credential._info.pop('links', None) # Format roles into something sensible roles = application_credential._info.pop('roles') msg = ' '.join(r['name'] for r in roles) application_credential._info['roles'] = msg return zip(*sorted(six.iteritems(application_credential._info)))
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity auth_ref = self.app.client_manager.auth_ref role = None role_domain_id = None if parsed_args.role_domain: role_domain_id = common.find_domain(identity_client, parsed_args.role_domain).id if parsed_args.role: role = utils.find_resource( identity_client.roles, parsed_args.role, domain_id=role_domain_id ) user = None if parsed_args.user: user = common.find_user( identity_client, parsed_args.user, parsed_args.user_domain, ) elif parsed_args.authuser: if auth_ref: user = common.find_user( identity_client, auth_ref.user_id ) system = None if parsed_args.system: system = parsed_args.system domain = None if parsed_args.domain: domain = common.find_domain( identity_client, parsed_args.domain, ) project = None if parsed_args.project: project = common.find_project( identity_client, common._get_token_resource(identity_client, 'project', parsed_args.project), parsed_args.project_domain, ) elif parsed_args.authproject: if auth_ref: project = common.find_project( identity_client, auth_ref.project_id ) group = None if parsed_args.group: group = common.find_group( identity_client, parsed_args.group, parsed_args.group_domain, ) include_names = True if parsed_args.names else False effective = True if parsed_args.effective else False columns = ( 'Role', 'User', 'Group', 'Project', 'Domain', 'System', 'Inherited' ) inherited_to = 'projects' if parsed_args.inherited else None data = identity_client.role_assignments.list( domain=domain, user=user, group=group, project=project, system=system, role=role, effective=effective, os_inherit_extension_inherited_to=inherited_to, include_names=include_names) data_parsed = [] for assignment in data: # Removing the extra "scope" layer in the assignment json scope = assignment.scope if 'project' in scope: if include_names: prj = '@'.join([scope['project']['name'], scope['project']['domain']['name']]) setattr(assignment, 'project', prj) else: setattr(assignment, 'project', scope['project']['id']) assignment.domain = '' assignment.system = '' elif 'domain' in scope: if include_names: setattr(assignment, 'domain', scope['domain']['name']) else: setattr(assignment, 'domain', scope['domain']['id']) assignment.project = '' assignment.system = '' elif 'system' in scope: # NOTE(lbragstad): If, or when, keystone supports role # assignments on subsets of a system, this will have to evolve # to handle that case instead of hardcoding to the entire # system. setattr(assignment, 'system', 'all') assignment.domain = '' assignment.project = '' else: assignment.system = '' assignment.domain = '' assignment.project = '' inherited = scope.get('OS-INHERIT:inherited_to') == 'projects' assignment.inherited = inherited del assignment.scope if hasattr(assignment, 'user'): if include_names: usr = '******'.join([assignment.user['name'], assignment.user['domain']['name']]) setattr(assignment, 'user', usr) else: setattr(assignment, 'user', assignment.user['id']) assignment.group = '' elif hasattr(assignment, 'group'): if include_names: grp = '@'.join([assignment.group['name'], assignment.group['domain']['name']]) setattr(assignment, 'group', grp) else: setattr(assignment, 'group', assignment.group['id']) assignment.user = '' else: assignment.user = '' assignment.group = '' if hasattr(assignment, 'role'): if include_names: # TODO(henry-nash): If this is a domain specific role it # would be good show this as role@domain, although this # domain info is not yet included in the response from the # server. Although we could get it by re-reading the role # from the ID, let's wait until the server does the right # thing. setattr(assignment, 'role', assignment.role['name']) else: setattr(assignment, 'role', assignment.role['id']) else: assignment.role = '' # Creating a tuple from data object fields # (including the blank ones) data_parsed.append(self._as_tuple(assignment)) return columns, tuple(data_parsed)