def test_user_show_with_domain(self):
user = identity_fakes.FakeUser.create_one_user(
{"name": self.user.name})
identity_client = self.app.client_manager.identity
arglist = [
"--domain", self.user.domain_id,
user.name,
]
verifylist = [
('domain', self.user.domain_id),
('user', user.name),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
user_str = common._get_token_resource(identity_client, 'user',
parsed_args.user,
parsed_args.domain)
self.assertEqual(self.user.id, user_str)
arglist = [
"--domain", user.domain_id,
user.name,
]
verifylist = [
('domain', user.domain_id),
('user', user.name),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
user_str = common._get_token_resource(identity_client, 'user',
parsed_args.user,
parsed_args.domain)
self.assertEqual(user.name, user_str)
def test_user_show_with_domain(self):
user = identity_fakes.FakeUser.create_one_user(
{"name": self.user.name})
identity_client = self.app.client_manager.identity
arglist = [
"--domain", self.user.domain_id,
user.name,
]
verifylist = [
('domain', self.user.domain_id),
('user', user.name),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
user_str = common._get_token_resource(identity_client, 'user',
parsed_args.user,
parsed_args.domain)
self.assertEqual(self.user.id, user_str)
arglist = [
"--domain", user.domain_id,
user.name,
]
verifylist = [
('domain', user.domain_id),
('user', user.name),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
user_str = common._get_token_resource(identity_client, 'user',
parsed_args.user,
parsed_args.domain)
self.assertEqual(user.name, user_str)
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
project_str = common._get_token_resource(identity_client, 'project',
parsed_args.project,
parsed_args.domain)
if parsed_args.domain:
domain = common.find_domain(identity_client, parsed_args.domain)
project = utils.find_resource(identity_client.projects,
project_str,
domain_id=domain.id)
else:
project = utils.find_resource(identity_client.projects,
project_str)
if parsed_args.parents or parsed_args.children:
# NOTE(RuiChen): utils.find_resource() can't pass kwargs,
# if id query hit the result at first, so call
# identity manager.get() with kwargs directly.
project = identity_client.projects.get(
project.id,
parents_as_ids=parsed_args.parents,
subtree_as_ids=parsed_args.children)
project._info.pop('links')
return zip(*sorted(project._info.items()))
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
project_str = common._get_token_resource(identity_client, 'project',
parsed_args.project)
if parsed_args.domain:
domain = common.find_domain(identity_client, parsed_args.domain)
project = utils.find_resource(
identity_client.projects,
project_str,
domain_id=domain.id,
parents_as_list=parsed_args.parents,
subtree_as_list=parsed_args.children)
else:
project = utils.find_resource(
identity_client.projects,
project_str,
parents_as_list=parsed_args.parents,
subtree_as_list=parsed_args.children)
if project._info.get('parents'):
project._info['parents'] = [str(p['project']['id'])
for p in project._info['parents']]
if project._info.get('subtree'):
project._info['subtree'] = [str(p['project']['id'])
for p in project._info['subtree']]
project._info.pop('links')
return zip(*sorted(six.iteritems(project._info)))
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
project_str = common._get_token_resource(identity_client, "project", parsed_args.project)
if parsed_args.domain:
domain = common.find_domain(identity_client, parsed_args.domain)
project = utils.find_resource(
identity_client.projects,
project_str,
domain_id=domain.id,
parents_as_list=parsed_args.parents,
subtree_as_list=parsed_args.children,
)
else:
project = utils.find_resource(
identity_client.projects,
project_str,
parents_as_list=parsed_args.parents,
subtree_as_list=parsed_args.children,
)
if project._info.get("parents"):
project._info["parents"] = [str(p["project"]["id"]) for p in project._info["parents"]]
if project._info.get("subtree"):
project._info["subtree"] = [str(p["project"]["id"]) for p in project._info["subtree"]]
project._info.pop("links")
return zip(*sorted(six.iteritems(project._info)))
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
project_str = common._get_token_resource(identity_client, 'project',
parsed_args.project)
if parsed_args.domain:
domain = common.find_domain(identity_client, parsed_args.domain)
project = utils.find_resource(identity_client.projects,
project_str,
domain_id=domain.id,
parents_as_list=parsed_args.parents,
subtree_as_list=parsed_args.children)
else:
project = utils.find_resource(identity_client.projects,
project_str,
parents_as_list=parsed_args.parents,
subtree_as_list=parsed_args.children)
if project._info.get('parents'):
project._info['parents'] = [
str(p['project']['id']) for p in project._info['parents']
]
if project._info.get('subtree'):
project._info['subtree'] = [
str(p['project']['id']) for p in project._info['subtree']
]
project._info.pop('links')
return zip(*sorted(six.iteritems(project._info)))
def test_project_show_with_domain(self):
project = identity_fakes.FakeProject.create_one_project(
{"name": self.project.name})
self.app.client_manager.identity.tokens.get_token_data.return_value = \
{'token':
{'project':
{'domain': {"id": self.project.domain_id},
'name': self.project.name,
'id': self.project.id
}
}
}
identity_client = self.app.client_manager.identity
arglist = [
"--domain",
self.domain.id,
project.name,
]
verifylist = [
('domain', self.domain.id),
('project', project.name),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
project_str = common._get_token_resource(identity_client, 'project',
parsed_args.project,
parsed_args.domain)
self.assertEqual(self.project.id, project_str)
arglist = [
"--domain",
project.domain_id,
project.name,
]
verifylist = [
('domain', project.domain_id),
('project', project.name),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
project_str = common._get_token_resource(identity_client, 'project',
parsed_args.project,
parsed_args.domain)
self.assertEqual(project.name, project_str)
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
role_ids = []
for role in parsed_args.role:
# A user can only create an application credential for themself,
# not for another user even as an admin, and only on the project to
# which they are currently scoped with a subset of the role
# assignments they have on that project. Don't bother trying to
# look up roles via keystone, just introspect the token.
role_id = common._get_token_resource(identity_client, "roles",
role)
role_ids.append(role_id)
expires_at = None
if parsed_args.expiration:
expires_at = datetime.datetime.strptime(parsed_args.expiration,
'%Y-%m-%dT%H:%M:%S')
if parsed_args.restricted:
unrestricted = False
else:
unrestricted = parsed_args.unrestricted
if parsed_args.access_rules:
try:
access_rules = json.loads(parsed_args.access_rules)
except ValueError:
try:
with open(parsed_args.access_rules) as f:
access_rules = json.load(f)
except IOError:
raise exceptions.CommandError(
_("Access rules is not valid JSON string or file does"
" not exist."))
else:
access_rules = None
app_cred_manager = identity_client.application_credentials
application_credential = app_cred_manager.create(
parsed_args.name,
roles=role_ids,
expires_at=expires_at,
description=parsed_args.description,
secret=parsed_args.secret,
unrestricted=unrestricted,
access_rules=access_rules,
)
application_credential._info.pop('links', None)
# Format roles into something sensible
roles = application_credential._info.pop('roles')
msg = ' '.join(r['name'] for r in roles)
application_credential._info['roles'] = msg
return zip(*sorted(application_credential._info.items()))
def test_project_show_with_domain(self):
project = identity_fakes.FakeProject.create_one_project(
{"name": self.project.name})
self.app.client_manager.identity.tokens.get_token_data.return_value = \
{'token':
{'project':
{'domain': {"id": self.project.domain_id},
'name': self.project.name,
'id': self.project.id
}
}
}
identity_client = self.app.client_manager.identity
arglist = [
"--domain", self.domain.id,
project.name,
]
verifylist = [
('domain', self.domain.id),
('project', project.name),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
project_str = common._get_token_resource(identity_client, 'project',
parsed_args.project,
parsed_args.domain)
self.assertEqual(self.project.id, project_str)
arglist = [
"--domain", project.domain_id,
project.name,
]
verifylist = [
('domain', project.domain_id),
('project', project.name),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
project_str = common._get_token_resource(identity_client, 'project',
parsed_args.project,
parsed_args.domain)
self.assertEqual(project.name, project_str)
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
domain_str = common._get_token_resource(identity_client, 'domain',
parsed_args.domain)
domain = utils.find_resource(identity_client.domains, domain_str)
domain._info.pop('links')
return zip(*sorted(six.iteritems(domain._info)))
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
domain_str = common._get_token_resource(identity_client, 'domain',
parsed_args.domain)
domain = utils.find_resource(identity_client.domains,
domain_str)
domain._info.pop('links')
return zip(*sorted(six.iteritems(domain._info)))
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
if parsed_args.password_prompt:
parsed_args.password = utils.get_password(self.app.stdin)
if '' == parsed_args.password:
LOG.warning(_("No password was supplied, authentication will fail "
"when a user does not have a password."))
user_str = common._get_token_resource(identity_client, 'user',
parsed_args.user,
parsed_args.domain)
if parsed_args.domain:
domain = common.find_domain(identity_client, parsed_args.domain)
user = utils.find_resource(identity_client.users,
user_str,
domain_id=domain.id)
else:
user = utils.find_resource(
identity_client.users,
parsed_args.user,
)
kwargs = {}
if parsed_args.name:
kwargs['name'] = parsed_args.name
if parsed_args.email:
kwargs['email'] = parsed_args.email
if parsed_args.password:
kwargs['password'] = parsed_args.password
if parsed_args.description:
kwargs['description'] = parsed_args.description
if parsed_args.project:
project_id = common.find_project(identity_client,
parsed_args.project,
parsed_args.project_domain).id
kwargs['default_project'] = project_id
kwargs['enabled'] = user.enabled
if parsed_args.enable:
kwargs['enabled'] = True
if parsed_args.disable:
kwargs['enabled'] = False
options = _get_options_for_user(identity_client, parsed_args)
if options:
kwargs['options'] = options
identity_client.users.update(user.id, **kwargs)
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
if parsed_args.password_prompt:
parsed_args.password = utils.get_password(self.app.stdin)
if '' == parsed_args.password:
LOG.warning(_("No password was supplied, authentication will fail "
"when a user does not have a password."))
user_str = common._get_token_resource(identity_client, 'user',
parsed_args.user,
parsed_args.domain)
if parsed_args.domain:
domain = common.find_domain(identity_client, parsed_args.domain)
user = utils.find_resource(identity_client.users,
user_str,
domain_id=domain.id)
else:
user = utils.find_resource(
identity_client.users,
parsed_args.user,
)
kwargs = {}
if parsed_args.name:
kwargs['name'] = parsed_args.name
if parsed_args.email:
kwargs['email'] = parsed_args.email
if parsed_args.password:
kwargs['password'] = parsed_args.password
if parsed_args.description:
kwargs['description'] = parsed_args.description
if parsed_args.project:
project_id = common.find_project(identity_client,
parsed_args.project,
parsed_args.project_domain).id
kwargs['default_project'] = project_id
kwargs['enabled'] = user.enabled
if parsed_args.enable:
kwargs['enabled'] = True
if parsed_args.disable:
kwargs['enabled'] = False
identity_client.users.update(user.id, **kwargs)
if user.name == 'admin' and 'password' in kwargs :
print("Warning: '%s' password changed. Please wait 5 minutes "
"before Locking/Unlocking the controllers for the password "
"change to come into effect\n" %(user.name))
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
user_str = common._get_token_resource(identity_client, 'user',
parsed_args.user)
if parsed_args.domain:
domain = common.find_domain(identity_client, parsed_args.domain)
user = utils.find_resource(identity_client.users,
user_str,
domain_id=domain.id)
else:
user = utils.find_resource(identity_client.users, user_str)
user._info.pop('links')
return zip(*sorted(six.iteritems(user._info)))
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
user_str = common._get_token_resource(identity_client, 'user',
parsed_args.user)
if parsed_args.domain:
domain = common.find_domain(identity_client, parsed_args.domain)
user = utils.find_resource(identity_client.users,
user_str,
domain_id=domain.id)
else:
user = utils.find_resource(identity_client.users,
user_str)
user._info.pop('links')
return zip(*sorted(six.iteritems(user._info)))
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
if parsed_args.password_prompt:
parsed_args.password = utils.get_password(self.app.stdin)
if '' == parsed_args.password:
LOG.warning(_("No password was supplied, authentication will fail "
"when a user does not have a password."))
user_str = common._get_token_resource(identity_client, 'user',
parsed_args.user,
parsed_args.domain)
if parsed_args.domain:
domain = common.find_domain(identity_client, parsed_args.domain)
user = utils.find_resource(identity_client.users,
user_str,
domain_id=domain.id)
else:
user = utils.find_resource(
identity_client.users,
parsed_args.user,
)
kwargs = {}
if parsed_args.name:
kwargs['name'] = parsed_args.name
if parsed_args.email:
kwargs['email'] = parsed_args.email
if parsed_args.password:
kwargs['password'] = parsed_args.password
if parsed_args.description:
kwargs['description'] = parsed_args.description
if parsed_args.project:
project_id = common.find_project(identity_client,
parsed_args.project,
parsed_args.project_domain).id
kwargs['default_project'] = project_id
kwargs['enabled'] = user.enabled
if parsed_args.enable:
kwargs['enabled'] = True
if parsed_args.disable:
kwargs['enabled'] = False
identity_client.users.update(user.id, **kwargs)
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
role_ids = []
for role in parsed_args.role:
# A user can only create an application credential for themself,
# not for another user even as an admin, and only on the project to
# which they are currently scoped with a subset of the role
# assignments they have on that project. Don't bother trying to
# look up roles via keystone, just introspect the token.
role_id = common._get_token_resource(identity_client, "roles",
role)
role_ids.append(role_id)
expires_at = None
if parsed_args.expiration:
expires_at = datetime.datetime.strptime(parsed_args.expiration,
'%Y-%m-%dT%H:%M:%S')
if parsed_args.restricted:
unrestricted = False
else:
unrestricted = parsed_args.unrestricted
app_cred_manager = identity_client.application_credentials
application_credential = app_cred_manager.create(
parsed_args.name,
roles=role_ids,
expires_at=expires_at,
description=parsed_args.description,
secret=parsed_args.secret,
unrestricted=unrestricted,
)
application_credential._info.pop('links', None)
# Format roles into something sensible
roles = application_credential._info.pop('roles')
msg = ' '.join(r['name'] for r in roles)
application_credential._info['roles'] = msg
return zip(*sorted(six.iteritems(application_credential._info)))
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
auth_ref = self.app.client_manager.auth_ref
role = None
role_domain_id = None
if parsed_args.role_domain:
role_domain_id = common.find_domain(identity_client,
parsed_args.role_domain).id
if parsed_args.role:
role = utils.find_resource(
identity_client.roles,
parsed_args.role,
domain_id=role_domain_id
)
user = None
if parsed_args.user:
user = common.find_user(
identity_client,
parsed_args.user,
parsed_args.user_domain,
)
elif parsed_args.authuser:
if auth_ref:
user = common.find_user(
identity_client,
auth_ref.user_id
)
system = None
if parsed_args.system:
system = parsed_args.system
domain = None
if parsed_args.domain:
domain = common.find_domain(
identity_client,
parsed_args.domain,
)
project = None
if parsed_args.project:
project = common.find_project(
identity_client,
common._get_token_resource(identity_client, 'project',
parsed_args.project),
parsed_args.project_domain,
)
elif parsed_args.authproject:
if auth_ref:
project = common.find_project(
identity_client,
auth_ref.project_id
)
group = None
if parsed_args.group:
group = common.find_group(
identity_client,
parsed_args.group,
parsed_args.group_domain,
)
include_names = True if parsed_args.names else False
effective = True if parsed_args.effective else False
columns = (
'Role', 'User', 'Group', 'Project', 'Domain', 'System', 'Inherited'
)
inherited_to = 'projects' if parsed_args.inherited else None
data = identity_client.role_assignments.list(
domain=domain,
user=user,
group=group,
project=project,
system=system,
role=role,
effective=effective,
os_inherit_extension_inherited_to=inherited_to,
include_names=include_names)
data_parsed = []
for assignment in data:
# Removing the extra "scope" layer in the assignment json
scope = assignment.scope
if 'project' in scope:
if include_names:
prj = '@'.join([scope['project']['name'],
scope['project']['domain']['name']])
setattr(assignment, 'project', prj)
else:
setattr(assignment, 'project', scope['project']['id'])
assignment.domain = ''
assignment.system = ''
elif 'domain' in scope:
if include_names:
setattr(assignment, 'domain', scope['domain']['name'])
else:
setattr(assignment, 'domain', scope['domain']['id'])
assignment.project = ''
assignment.system = ''
elif 'system' in scope:
# NOTE(lbragstad): If, or when, keystone supports role
# assignments on subsets of a system, this will have to evolve
# to handle that case instead of hardcoding to the entire
# system.
setattr(assignment, 'system', 'all')
assignment.domain = ''
assignment.project = ''
else:
assignment.system = ''
assignment.domain = ''
assignment.project = ''
inherited = scope.get('OS-INHERIT:inherited_to') == 'projects'
assignment.inherited = inherited
del assignment.scope
if hasattr(assignment, 'user'):
if include_names:
usr = '******'.join([assignment.user['name'],
assignment.user['domain']['name']])
setattr(assignment, 'user', usr)
else:
setattr(assignment, 'user', assignment.user['id'])
assignment.group = ''
elif hasattr(assignment, 'group'):
if include_names:
grp = '@'.join([assignment.group['name'],
assignment.group['domain']['name']])
setattr(assignment, 'group', grp)
else:
setattr(assignment, 'group', assignment.group['id'])
assignment.user = ''
else:
assignment.user = ''
assignment.group = ''
if hasattr(assignment, 'role'):
if include_names:
# TODO(henry-nash): If this is a domain specific role it
# would be good show this as role@domain, although this
# domain info is not yet included in the response from the
# server. Although we could get it by re-reading the role
# from the ID, let's wait until the server does the right
# thing.
setattr(assignment, 'role', assignment.role['name'])
else:
setattr(assignment, 'role', assignment.role['id'])
else:
assignment.role = ''
# Creating a tuple from data object fields
# (including the blank ones)
data_parsed.append(self._as_tuple(assignment))
return columns, tuple(data_parsed)
