def take_action(self, parsed_args): self.log.debug('take_action(%s)', parsed_args) identity_client = self.app.client_manager.identity if parsed_args.domain: domain = common.find_domain(identity_client, parsed_args.domain).id else: domain = None enabled = True if parsed_args.disable: enabled = False kwargs = {} if parsed_args.property: kwargs = parsed_args.property.copy() project = identity_client.projects.create( name=parsed_args.name, domain=domain, description=parsed_args.description, enabled=enabled, **kwargs ) info = {} info.update(project._info) return zip(*sorted(six.iteritems(info)))
def _determine_ec2_user(parsed_args, client_manager): """Determine a user several different ways. Assumes parsed_args has user and user_domain arguments. Attempts to find the user if domain scoping is provided, otherwise revert to a basic user call. Lastly use the currently authenticated user. """ user_domain = None if parsed_args.user_domain: user_domain = common.find_domain(client_manager.identity, parsed_args.user_domain) if parsed_args.user: if user_domain is not None: user = utils.find_resource(client_manager.identity.users, parsed_args.user, domain_id=user_domain.id).id else: user = utils.find_resource( client_manager.identity.users, parsed_args.user).id else: # Get the user from the current auth user = client_manager.auth_ref.user_id return user
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity if (not parsed_args.user and not parsed_args.domain and not parsed_args.group and not parsed_args.project): sys.stderr.write(_("Incorrect set of arguments provided. " "See openstack --help for more details\n")) return domain_id = None if parsed_args.role_domain: domain_id = common.find_domain(identity_client, parsed_args.role_domain).id role = utils.find_resource( identity_client.roles, parsed_args.role, domain_id=domain_id ) kwargs = _process_identity_and_resource_options( parsed_args, self.app.client_manager.identity) if not kwargs: sys.stderr.write(_("Role not removed, incorrect set of arguments " "provided. See openstack --help for more " "details\n")) return identity_client.roles.revoke(role.id, **kwargs)
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity domain = None if parsed_args.domain: domain = common.find_domain(identity_client, parsed_args.domain) errors = 0 for user in parsed_args.users: try: if domain is not None: user_obj = utils.find_resource(identity_client.users, user, domain_id=domain.id) else: user_obj = utils.find_resource(identity_client.users, user) identity_client.users.delete(user_obj.id) except Exception as e: errors += 1 LOG.error(_("Failed to delete user with " "name or ID '%(user)s': %(e)s"), {'user': user, 'e': e}) if errors > 0: total = len(parsed_args.users) msg = (_("%(errors)s of %(total)s users failed " "to delete.") % {'errors': errors, 'total': total}) raise exceptions.CommandError(msg)
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity domain = None if parsed_args.domain: domain = common.find_domain(identity_client, parsed_args.domain).id if parsed_args.user: user = common.find_user( identity_client, parsed_args.user, parsed_args.user_domain, ).id else: user = None # List groups if parsed_args.long: columns = ('ID', 'Name', 'Domain ID', 'Description') else: columns = ('ID', 'Name') data = identity_client.groups.list( domain=domain, user=user, ) return ( columns, (utils.get_item_properties( s, columns, formatters={}, ) for s in data) )
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity if parsed_args.domain: domain = common.find_domain(identity_client, parsed_args.domain) project = utils.find_resource( identity_client.projects, parsed_args.project, domain_id=domain.id, parents_as_list=parsed_args.parents, subtree_as_list=parsed_args.children) else: project = utils.find_resource( identity_client.projects, parsed_args.project, parents_as_list=parsed_args.parents, subtree_as_list=parsed_args.children) if project._info.get('parents'): project._info['parents'] = [str(p['project']['id']) for p in project._info['parents']] if project._info.get('subtree'): project._info['subtree'] = [str(p['project']['id']) for p in project._info['subtree']] project._info.pop('links') return zip(*sorted(six.iteritems(project._info)))
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity if parsed_args.long: columns = ('ID', 'Name', 'Domain ID', 'Description', 'Enabled') else: columns = ('ID', 'Name') kwargs = {} domain_id = None if parsed_args.domain: domain_id = common.find_domain(identity_client, parsed_args.domain).id kwargs['domain'] = domain_id if parsed_args.user: if parsed_args.domain: user_id = utils.find_resource(identity_client.users, parsed_args.user, domain_id=domain_id).id else: user_id = utils.find_resource(identity_client.users, parsed_args.user).id kwargs['user'] = user_id data = identity_client.projects.list(**kwargs) return (columns, (utils.get_item_properties( s, columns, formatters={}, ) for s in data))
def take_action(self, parsed_args): self.log.debug('take_action(%s)', parsed_args) identity_client = self.app.client_manager.identity if (not parsed_args.name and not parsed_args.description and not parsed_args.domain and not parsed_args.enable and not parsed_args.property and not parsed_args.disable): return project = utils.find_resource( identity_client.projects, parsed_args.project, ) kwargs = {} if parsed_args.name: kwargs['name'] = parsed_args.name if parsed_args.domain: kwargs['domain'] = common.find_domain(identity_client, parsed_args.domain).id if parsed_args.description: kwargs['description'] = parsed_args.description if parsed_args.enable: kwargs['enabled'] = True if parsed_args.disable: kwargs['enabled'] = False if parsed_args.property: kwargs.update(parsed_args.property) identity_client.projects.update(project.id, **kwargs) return
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity project_str = common._get_token_resource(identity_client, "project", parsed_args.project) if parsed_args.domain: domain = common.find_domain(identity_client, parsed_args.domain) project = utils.find_resource( identity_client.projects, project_str, domain_id=domain.id, parents_as_list=parsed_args.parents, subtree_as_list=parsed_args.children, ) else: project = utils.find_resource( identity_client.projects, project_str, parents_as_list=parsed_args.parents, subtree_as_list=parsed_args.children, ) if project._info.get("parents"): project._info["parents"] = [str(p["project"]["id"]) for p in project._info["parents"]] if project._info.get("subtree"): project._info["subtree"] = [str(p["project"]["id"]) for p in project._info["subtree"]] project._info.pop("links") return zip(*sorted(six.iteritems(project._info)))
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity client_manager = self.app.client_manager user = _determine_ec2_user(parsed_args, client_manager) project_domain = None if parsed_args.project_domain: project_domain = common.find_domain(identity_client, parsed_args.project_domain) if parsed_args.project: if project_domain is not None: project = utils.find_resource(identity_client.projects, parsed_args.project, domain_id=project_domain.id).id else: project = utils.find_resource( identity_client.projects, parsed_args.project).id else: # Get the project from the current auth project = self.app.client_manager.auth_ref.project_id creds = identity_client.ec2.create(user, project) info = {} info.update(creds._info) if 'tenant_id' in info: info.update( {'project_id': info.pop('tenant_id')} ) return zip(*sorted(six.iteritems(info)))
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity domain_id = None if parsed_args.domain: domain_id = common.find_domain(identity_client, parsed_args.domain).id errors = 0 for role in parsed_args.roles: try: role_obj = utils.find_resource( identity_client.roles, role, domain_id=domain_id ) identity_client.roles.delete(role_obj.id) except Exception as e: errors += 1 LOG.error(_("Failed to delete role with " "name or ID '%(role)s': %(e)s"), {'role': role, 'e': e}) if errors > 0: total = len(parsed_args.roles) msg = (_("%(errors)s of %(total)s roles failed " "to delete.") % {'errors': errors, 'total': total}) raise exceptions.CommandError(msg)
def take_action(self, parsed_args): self.log.debug('take_action(%s)', parsed_args) identity_client = self.app.client_manager.identity domain = None if parsed_args.domain: domain = common.find_domain(identity_client, parsed_args.domain).id try: group = identity_client.groups.create( name=parsed_args.name, domain=domain, description=parsed_args.description) except ksc_exc.Conflict as e: if parsed_args.or_show: group = utils.find_resource(identity_client.groups, parsed_args.name, domain_id=domain) self.log.info('Returning existing group %s', group.name) else: raise e group._info.pop('links') return zip(*sorted(six.iteritems(group._info)))
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity if parsed_args.remote_id_file: file_content = utils.read_blob_file_contents( parsed_args.remote_id_file) remote_ids = file_content.splitlines() remote_ids = list(map(str.strip, remote_ids)) else: remote_ids = (parsed_args.remote_id if parsed_args.remote_id else None) domain_id = None if parsed_args.domain: domain_id = common.find_domain(identity_client, parsed_args.domain).id idp = identity_client.federation.identity_providers.create( id=parsed_args.identity_provider_id, remote_ids=remote_ids, description=parsed_args.description, domain_id=domain_id, enabled=parsed_args.enabled) idp._info.pop('links', None) remote_ids = utils.format_list(idp._info.pop('remote_ids', [])) idp._info['remote_ids'] = remote_ids return zip(*sorted(six.iteritems(idp._info)))
def _process_identity_and_resource_options(parsed_args, identity_client_manager): kwargs = {} if parsed_args.user and parsed_args.domain: kwargs['user'] = common.find_user( identity_client_manager, parsed_args.user, parsed_args.user_domain, ).id kwargs['domain'] = common.find_domain( identity_client_manager, parsed_args.domain, ).id elif parsed_args.user and parsed_args.project: kwargs['user'] = common.find_user( identity_client_manager, parsed_args.user, parsed_args.user_domain, ).id kwargs['project'] = common.find_project( identity_client_manager, parsed_args.project, parsed_args.project_domain, ).id elif parsed_args.group and parsed_args.domain: kwargs['group'] = common.find_group( identity_client_manager, parsed_args.group, parsed_args.group_domain, ).id kwargs['domain'] = common.find_domain( identity_client_manager, parsed_args.domain, ).id elif parsed_args.group and parsed_args.project: kwargs['group'] = common.find_group( identity_client_manager, parsed_args.group, parsed_args.group_domain, ).id kwargs['project'] = common.find_project( identity_client_manager, parsed_args.project, parsed_args.project_domain, ).id kwargs['os_inherit_extension_inherited'] = parsed_args.inherited return kwargs
def _process_identity_and_resource_options(parsed_args, identity_client_manager): kwargs = {} if parsed_args.user and parsed_args.domain: kwargs["user"] = common.find_user(identity_client_manager, parsed_args.user, parsed_args.user_domain).id kwargs["domain"] = common.find_domain(identity_client_manager, parsed_args.domain).id elif parsed_args.user and parsed_args.project: kwargs["user"] = common.find_user(identity_client_manager, parsed_args.user, parsed_args.user_domain).id kwargs["project"] = common.find_project( identity_client_manager, parsed_args.project, parsed_args.project_domain ).id elif parsed_args.group and parsed_args.domain: kwargs["group"] = common.find_group(identity_client_manager, parsed_args.group, parsed_args.group_domain).id kwargs["domain"] = common.find_domain(identity_client_manager, parsed_args.domain).id elif parsed_args.group and parsed_args.project: kwargs["group"] = common.find_group(identity_client_manager, parsed_args.group, parsed_args.group_domain).id kwargs["project"] = common.find_project( identity_client_manager, parsed_args.project, parsed_args.project_domain ).id kwargs["os_inherit_extension_inherited"] = parsed_args.inherited return kwargs
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity domain = None if parsed_args.domain: domain = common.find_domain(identity_client, parsed_args.domain) for project in parsed_args.projects: if domain is not None: project_obj = utils.find_resource(identity_client.projects, project, domain_id=domain.id) else: project_obj = utils.find_resource(identity_client.projects, project) identity_client.projects.delete(project_obj.id)
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity domain_id = None if parsed_args.domain: domain_id = common.find_domain(identity_client, parsed_args.domain).id role = utils.find_resource(identity_client.roles, parsed_args.role, domain_id=domain_id) identity_client.roles.update(role.id, name=parsed_args.name)
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity if parsed_args.domain: domain = common.find_domain(identity_client, parsed_args.domain) user = utils.find_resource(identity_client.users, parsed_args.user, domain_id=domain.id) else: user = utils.find_resource(identity_client.users, parsed_args.user) user._info.pop('links') return zip(*sorted(six.iteritems(user._info)))
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity domain_id = None if parsed_args.domain: domain_id = common.find_domain(identity_client, parsed_args.domain).id role = utils.find_resource(identity_client.roles, parsed_args.role, domain_id=domain_id) role._info.pop('links') return zip(*sorted(six.iteritems(role._info)))
def take_action(self, parsed_args): compute_client = self.app.client_manager.compute volume_client = self.app.client_manager.volume project_id = None if parsed_args.project is not None: identity_client = self.app.client_manager.identity if parsed_args.domain is not None: domain = identity_common.find_domain(identity_client, parsed_args.domain) project_id = utils.find_resource(identity_client.projects, parsed_args.project, domain_id=domain.id).id else: project_id = utils.find_resource(identity_client.projects, parsed_args.project).id compute_limits = None volume_limits = None if self.app.client_manager.is_compute_endpoint_enabled(): compute_limits = compute_client.limits.get(parsed_args.is_reserved, tenant_id=project_id) if self.app.client_manager.is_volume_endpoint_enabled(volume_client): volume_limits = volume_client.limits.get() data = [] if parsed_args.is_absolute: if compute_limits: data.append(compute_limits.absolute) if volume_limits: data.append(volume_limits.absolute) columns = ["Name", "Value"] return (columns, (utils.get_item_properties(s, columns) for s in itertools.chain(*data))) elif parsed_args.is_rate: if compute_limits: data.append(compute_limits.rate) if volume_limits: data.append(volume_limits.rate) columns = ["Verb", "URI", "Value", "Remain", "Unit", "Next Available"] return (columns, (utils.get_item_properties(s, columns) for s in itertools.chain(*data))) else: return {}, {}
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity domain_id = None if parsed_args.domain: domain_id = common.find_domain(identity_client, parsed_args.domain).id for role in parsed_args.roles: role_obj = utils.find_resource( identity_client.roles, role, domain_id=domain_id ) identity_client.roles.delete(role_obj.id)
def take_action(self, parsed_args): self.log.debug('take_action(%s)', parsed_args) identity_client = self.app.client_manager.identity if parsed_args.domain: domain = common.find_domain(identity_client, parsed_args.domain).id else: domain = None group = identity_client.groups.create( name=parsed_args.name, domain=domain, description=parsed_args.description) group._info.pop('links') return zip(*sorted(six.iteritems(group._info)))
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity domain = None if parsed_args.domain: domain = common.find_domain(identity_client, parsed_args.domain) for user in parsed_args.users: if domain is not None: user_obj = utils.find_resource(identity_client.users, user, domain_id=domain.id) else: user_obj = utils.find_resource(identity_client.users, user) identity_client.users.delete(user_obj.id)
def take_action(self, parsed_args): self.log.debug('take_action(%s)', parsed_args) identity_client = self.app.client_manager.identity if parsed_args.domain: domain = common.find_domain(identity_client, parsed_args.domain) group = utils.find_resource(identity_client.groups, parsed_args.group, domain_id=domain.id) else: group = utils.find_resource(identity_client.groups, parsed_args.group) group._info.pop('links') return zip(*sorted(six.iteritems(group._info)))
def take_action(self, parsed_args): self.log.debug('take_action(%s)', parsed_args) identity_client = self.app.client_manager.identity if parsed_args.password_prompt: parsed_args.password = utils.get_password(self.app.stdin) if (not parsed_args.name and not parsed_args.name and not parsed_args.password and not parsed_args.email and not parsed_args.domain and not parsed_args.project and not parsed_args.description and not parsed_args.enable and not parsed_args.disable): return user = utils.find_resource( identity_client.users, parsed_args.user, ) kwargs = {} if parsed_args.name: kwargs['name'] = parsed_args.name if parsed_args.email: kwargs['email'] = parsed_args.email if parsed_args.password: kwargs['password'] = parsed_args.password if parsed_args.description: kwargs['description'] = parsed_args.description if parsed_args.project: project_id = utils.find_resource( identity_client.projects, parsed_args.project).id kwargs['project'] = project_id if parsed_args.domain: kwargs['domain'] = common.find_domain(identity_client, parsed_args.domain).id kwargs['enabled'] = user.enabled if parsed_args.enable: kwargs['enabled'] = True if parsed_args.disable: kwargs['enabled'] = False identity_client.users.update(user.id, **kwargs) return
def take_action(self, parsed_args): self.log.debug('take_action(%s)', parsed_args) identity_client = self.app.client_manager.identity if parsed_args.domain: domain = common.find_domain(identity_client, parsed_args.domain) project = utils.find_resource(identity_client.projects, parsed_args.project, domain_id=domain.id) else: project = utils.find_resource(identity_client.projects, parsed_args.project) project._info.pop('links') # TODO(stevemar): Remove the line below when we support multitenancy project._info.pop('parent_id', None) return zip(*sorted(six.iteritems(project._info)))
def take_action(self, parsed_args): self.log.debug('take_action(%s)', parsed_args) identity_client = self.app.client_manager.identity domain = None if parsed_args.domain: domain = common.find_domain(identity_client, parsed_args.domain) for group in parsed_args.groups: if domain is not None: group_obj = utils.find_resource(identity_client.groups, group, domain_id=domain.id) else: group_obj = utils.find_resource(identity_client.groups, group) identity_client.groups.delete(group_obj.id) return
def take_action(self, parsed_args): self.log.debug('take_action(%s)', parsed_args) identity_client = self.app.client_manager.identity if parsed_args.long: columns = ('ID', 'Name', 'Domain ID', 'Description', 'Enabled') else: columns = ('ID', 'Name') kwargs = {} if parsed_args.domain: domain = common.find_domain(identity_client, parsed_args.domain) kwargs['domain'] = domain.id data = identity_client.projects.list(**kwargs) return (columns, (utils.get_item_properties( s, columns, formatters={}, ) for s in data))
def take_action(self, parsed_args): self.log.debug('take_action(%s)', parsed_args) identity_client = self.app.client_manager.identity group = utils.find_resource(identity_client.groups, parsed_args.group) kwargs = {} if parsed_args.name: kwargs['name'] = parsed_args.name if parsed_args.description: kwargs['description'] = parsed_args.description if parsed_args.domain: kwargs['domain'] = common.find_domain(identity_client, parsed_args.domain).id if not len(kwargs): sys.stderr.write("Group not updated, no arguments present") return identity_client.groups.update(group.id, **kwargs) return
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity project_id = None if parsed_args.project: project_id = common.find_project(identity_client, parsed_args.project, parsed_args.project_domain).id domain_id = None if parsed_args.domain: domain_id = common.find_domain(identity_client, parsed_args.domain).id enabled = True if parsed_args.disable: enabled = False if parsed_args.password_prompt: parsed_args.password = utils.get_password(self.app.stdin) if not parsed_args.password: LOG.warning(_("No password was supplied, authentication will fail " "when a user does not have a password.")) try: user = identity_client.users.create( name=parsed_args.name, domain=domain_id, default_project=project_id, password=parsed_args.password, email=parsed_args.email, description=parsed_args.description, enabled=enabled ) except ks_exc.Conflict: if parsed_args.or_show: user = utils.find_resource(identity_client.users, parsed_args.name, domain_id=domain_id) LOG.info(_('Returning existing user %s'), user.name) else: raise user._info.pop('links') return zip(*sorted(six.iteritems(user._info)))
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity auth_ref = self.app.client_manager.auth_ref role = None role_domain_id = None if parsed_args.role_domain: role_domain_id = common.find_domain(identity_client, parsed_args.role_domain).id if parsed_args.role: role = utils.find_resource(identity_client.roles, parsed_args.role, domain_id=role_domain_id) user = None if parsed_args.user: user = common.find_user( identity_client, parsed_args.user, parsed_args.user_domain, ) elif parsed_args.authuser: if auth_ref: user = common.find_user(identity_client, auth_ref.user_id) domain = None if parsed_args.domain: domain = common.find_domain( identity_client, parsed_args.domain, ) project = None if parsed_args.project: project = common.find_project( identity_client, parsed_args.project, parsed_args.project_domain, ) elif parsed_args.authproject: if auth_ref: project = common.find_project(identity_client, auth_ref.project_id) group = None if parsed_args.group: group = common.find_group( identity_client, parsed_args.group, parsed_args.group_domain, ) include_names = True if parsed_args.names else False effective = True if parsed_args.effective else False columns = ('Role', 'User', 'Group', 'Project', 'Domain', 'Inherited') inherited_to = 'projects' if parsed_args.inherited else None data = identity_client.role_assignments.list( domain=domain, user=user, group=group, project=project, role=role, effective=effective, os_inherit_extension_inherited_to=inherited_to, include_names=include_names) data_parsed = [] for assignment in data: # Removing the extra "scope" layer in the assignment json scope = assignment.scope if 'project' in scope: if include_names: prj = '@'.join([ scope['project']['name'], scope['project']['domain']['name'] ]) setattr(assignment, 'project', prj) else: setattr(assignment, 'project', scope['project']['id']) assignment.domain = '' elif 'domain' in scope: if include_names: setattr(assignment, 'domain', scope['domain']['name']) else: setattr(assignment, 'domain', scope['domain']['id']) assignment.project = '' else: assignment.domain = '' assignment.project = '' inherited = scope.get('OS-INHERIT:inherited_to') == 'projects' assignment.inherited = inherited del assignment.scope if hasattr(assignment, 'user'): if include_names: usr = '******'.join([ assignment.user['name'], assignment.user['domain']['name'] ]) setattr(assignment, 'user', usr) else: setattr(assignment, 'user', assignment.user['id']) assignment.group = '' elif hasattr(assignment, 'group'): if include_names: grp = '@'.join([ assignment.group['name'], assignment.group['domain']['name'] ]) setattr(assignment, 'group', grp) else: setattr(assignment, 'group', assignment.group['id']) assignment.user = '' else: assignment.user = '' assignment.group = '' if hasattr(assignment, 'role'): if include_names: # TODO(henry-nash): If this is a domain specific role it # would be good show this as role@domain, although this # domain info is not yet included in the response from the # server. Although we could get it by re-reading the role # from the ID, let's wait until the server does the right # thing. setattr(assignment, 'role', assignment.role['name']) else: setattr(assignment, 'role', assignment.role['id']) else: assignment.role = '' # Creating a tuple from data object fields # (including the blank ones) data_parsed.append(self._as_tuple(assignment)) return columns, tuple(data_parsed)
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity role = None if parsed_args.role: role = utils.find_resource( identity_client.roles, parsed_args.role, ) user = None if parsed_args.user: user = common.find_user( identity_client, parsed_args.user, parsed_args.user_domain, ) domain = None if parsed_args.domain: domain = common.find_domain( identity_client, parsed_args.domain, ) project = None if parsed_args.project: project = common.find_project( identity_client, parsed_args.project, parsed_args.project_domain, ) group = None if parsed_args.group: group = common.find_group( identity_client, parsed_args.group, parsed_args.group_domain, ) include_names = True if parsed_args.names else False effective = True if parsed_args.effective else False columns = ('Role', 'User', 'Group', 'Project', 'Domain', 'Inherited') inherited_to = 'projects' if parsed_args.inherited else None data = identity_client.role_assignments.list( domain=domain, user=user, group=group, project=project, role=role, effective=effective, os_inherit_extension_inherited_to=inherited_to, include_names=include_names) data_parsed = [] for assignment in data: # Removing the extra "scope" layer in the assignment json scope = assignment.scope if 'project' in scope: if include_names: prj = '@'.join([ scope['project']['name'], scope['project']['domain']['name'] ]) setattr(assignment, 'project', prj) else: setattr(assignment, 'project', scope['project']['id']) assignment.domain = '' elif 'domain' in scope: if include_names: setattr(assignment, 'domain', scope['domain']['name']) else: setattr(assignment, 'domain', scope['domain']['id']) assignment.project = '' else: assignment.domain = '' assignment.project = '' inherited = scope.get('OS-INHERIT:inherited_to') == 'projects' assignment.inherited = inherited del assignment.scope if hasattr(assignment, 'user'): if include_names: usr = '******'.join([ assignment.user['name'], assignment.user['domain']['name'] ]) setattr(assignment, 'user', usr) else: setattr(assignment, 'user', assignment.user['id']) assignment.group = '' elif hasattr(assignment, 'group'): if include_names: grp = '@'.join([ assignment.group['name'], assignment.group['domain']['name'] ]) setattr(assignment, 'group', grp) else: setattr(assignment, 'group', assignment.group['id']) assignment.user = '' else: assignment.user = '' assignment.group = '' if hasattr(assignment, 'role'): if include_names: setattr(assignment, 'role', assignment.role['name']) else: setattr(assignment, 'role', assignment.role['id']) else: assignment.role = '' # Creating a tuple from data object fields # (including the blank ones) data_parsed.append(self._as_tuple(assignment)) return columns, tuple(data_parsed)
def take_action(self, parsed_args): self.log.debug('take_action(%s)' % parsed_args) identity_client = self.app.client_manager.identity if parsed_args.user: user = common.find_user( identity_client, parsed_args.user, parsed_args.user_domain, ) elif parsed_args.group: group = common.find_group( identity_client, parsed_args.group, parsed_args.group_domain, ) if parsed_args.domain: domain = common.find_domain( identity_client, parsed_args.domain, ) elif parsed_args.project: project = common.find_project( identity_client, parsed_args.project, parsed_args.project_domain, ) # no user or group specified, list all roles in the system if not parsed_args.user and not parsed_args.group: columns = ('ID', 'Name') data = identity_client.roles.list() elif parsed_args.user and parsed_args.domain: columns = ('ID', 'Name', 'Domain', 'User') data = identity_client.roles.list( user=user, domain=domain, os_inherit_extension_inherited=parsed_args.inherited ) for user_role in data: user_role.user = user.name user_role.domain = domain.name elif parsed_args.user and parsed_args.project: columns = ('ID', 'Name', 'Project', 'User') data = identity_client.roles.list( user=user, project=project, os_inherit_extension_inherited=parsed_args.inherited ) for user_role in data: user_role.user = user.name user_role.project = project.name elif parsed_args.user: columns = ('ID', 'Name') data = identity_client.roles.list( user=user, domain='default', os_inherit_extension_inherited=parsed_args.inherited ) elif parsed_args.group and parsed_args.domain: columns = ('ID', 'Name', 'Domain', 'Group') data = identity_client.roles.list( group=group, domain=domain, os_inherit_extension_inherited=parsed_args.inherited ) for group_role in data: group_role.group = group.name group_role.domain = domain.name elif parsed_args.group and parsed_args.project: columns = ('ID', 'Name', 'Project', 'Group') data = identity_client.roles.list( group=group, project=project, os_inherit_extension_inherited=parsed_args.inherited ) for group_role in data: group_role.group = group.name group_role.project = project.name else: sys.stderr.write("Error: If a user or group is specified, either " "--domain or --project must also be specified to " "list role grants.\n") return ([], []) return (columns, (utils.get_item_properties( s, columns, formatters={}, ) for s in data))
def _process_identity_and_resource_options(parsed_args, identity_client_manager, validate_actor_existence=True): def _find_user(): try: return common.find_user( identity_client_manager, parsed_args.user, parsed_args.user_domain ).id except exceptions.CommandError: if not validate_actor_existence: return parsed_args.user raise def _find_group(): try: return common.find_group( identity_client_manager, parsed_args.group, parsed_args.group_domain ).id except exceptions.CommandError: if not validate_actor_existence: return parsed_args.group raise kwargs = {} if parsed_args.user and parsed_args.system: kwargs['user'] = _find_user() kwargs['system'] = parsed_args.system elif parsed_args.user and parsed_args.domain: kwargs['user'] = _find_user() kwargs['domain'] = common.find_domain( identity_client_manager, parsed_args.domain, ).id elif parsed_args.user and parsed_args.project: kwargs['user'] = _find_user() kwargs['project'] = common.find_project( identity_client_manager, parsed_args.project, parsed_args.project_domain, ).id elif parsed_args.group and parsed_args.system: kwargs['group'] = _find_group() kwargs['system'] = parsed_args.system elif parsed_args.group and parsed_args.domain: kwargs['group'] = _find_group() kwargs['domain'] = common.find_domain( identity_client_manager, parsed_args.domain, ).id elif parsed_args.group and parsed_args.project: kwargs['group'] = _find_group() kwargs['project'] = common.find_project( identity_client_manager, parsed_args.project, parsed_args.project_domain, ).id kwargs['os_inherit_extension_inherited'] = parsed_args.inherited return kwargs
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity domain = None if parsed_args.domain: domain = common.find_domain(identity_client, parsed_args.domain).id group = None if parsed_args.group: group = common.find_group(identity_client, parsed_args.group, parsed_args.domain).id if parsed_args.project: if domain is not None: project = utils.find_resource( identity_client.projects, parsed_args.project, domain_id=domain ).id else: project = utils.find_resource( identity_client.projects, parsed_args.project, ).id assignments = identity_client.role_assignments.list( project=project) # NOTE(stevemar): If a user has more than one role on a project # then they will have two entries in the returned data. Since we # are looking for any role, let's just track unique user IDs. user_ids = set() for assignment in assignments: if hasattr(assignment, 'user'): user_ids.add(assignment.user['id']) # NOTE(stevemar): Call find_resource once we have unique IDs, so # it's fewer trips to the Identity API, then collect the data. data = [] for user_id in user_ids: user = utils.find_resource(identity_client.users, user_id) data.append(user) else: data = identity_client.users.list( domain=domain, group=group, ) # Column handling if parsed_args.long: columns = ['ID', 'Name', 'Default Project Id', 'Domain Id', 'Description', 'Email', 'Enabled'] column_headers = copy.deepcopy(columns) column_headers[2] = 'Project' column_headers[3] = 'Domain' else: columns = ['ID', 'Name'] column_headers = columns return ( column_headers, (utils.get_item_properties( s, columns, formatters={}, ) for s in data) )
def take_action(self, parsed_args): identity_client = self.app.client_manager.identity if parsed_args.user: user = common.find_user( identity_client, parsed_args.user, parsed_args.user_domain, ) elif parsed_args.group: group = common.find_group( identity_client, parsed_args.group, parsed_args.group_domain, ) if parsed_args.domain: domain = common.find_domain( identity_client, parsed_args.domain, ) elif parsed_args.project: project = common.find_project( identity_client, parsed_args.project, parsed_args.project_domain, ) # no user or group specified, list all roles in the system if not parsed_args.user and not parsed_args.group: if not parsed_args.domain: columns = ('ID', 'Name') data = identity_client.roles.list() else: columns = ('ID', 'Name', 'Domain') data = identity_client.roles.list(domain_id=domain.id) for role in data: role.domain = domain.name elif parsed_args.user and parsed_args.domain: columns = ('ID', 'Name', 'Domain', 'User') data = identity_client.roles.list( user=user, domain=domain, os_inherit_extension_inherited=parsed_args.inherited) for user_role in data: user_role.user = user.name user_role.domain = domain.name self.log.warning( _('Listing assignments using role list is ' 'deprecated. Use role assignment list --user ' '<user-name> --domain <domain-name> --names ' 'instead.')) elif parsed_args.user and parsed_args.project: columns = ('ID', 'Name', 'Project', 'User') data = identity_client.roles.list( user=user, project=project, os_inherit_extension_inherited=parsed_args.inherited) for user_role in data: user_role.user = user.name user_role.project = project.name self.log.warning( _('Listing assignments using role list is ' 'deprecated. Use role assignment list --user ' '<user-name> --project <project-name> --names ' 'instead.')) elif parsed_args.user: columns = ('ID', 'Name') data = identity_client.roles.list( user=user, domain='default', os_inherit_extension_inherited=parsed_args.inherited) self.log.warning( _('Listing assignments using role list is ' 'deprecated. Use role assignment list --user ' '<user-name> --domain default --names ' 'instead.')) elif parsed_args.group and parsed_args.domain: columns = ('ID', 'Name', 'Domain', 'Group') data = identity_client.roles.list( group=group, domain=domain, os_inherit_extension_inherited=parsed_args.inherited) for group_role in data: group_role.group = group.name group_role.domain = domain.name self.log.warning( _('Listing assignments using role list is ' 'deprecated. Use role assignment list --group ' '<group-name> --domain <domain-name> --names ' 'instead.')) elif parsed_args.group and parsed_args.project: columns = ('ID', 'Name', 'Project', 'Group') data = identity_client.roles.list( group=group, project=project, os_inherit_extension_inherited=parsed_args.inherited) for group_role in data: group_role.group = group.name group_role.project = project.name self.log.warning( _('Listing assignments using role list is ' 'deprecated. Use role assignment list --group ' '<group-name> --project <project-name> --names ' 'instead.')) else: msg = _("Error: If a user or group is specified, " "either --domain or --project must also be " "specified to list role grants.") raise exceptions.CommandError(msg) return (columns, (utils.get_item_properties( s, columns, formatters={}, ) for s in data))
def _process_identity_and_resource_options(parsed_args, identity_client_manager): kwargs = {} if parsed_args.user and parsed_args.system: kwargs['user'] = common.find_user( identity_client_manager, parsed_args.user, parsed_args.user_domain, ).id kwargs['system'] = parsed_args.system elif parsed_args.user and parsed_args.domain: kwargs['user'] = common.find_user( identity_client_manager, parsed_args.user, parsed_args.user_domain, ).id kwargs['domain'] = common.find_domain( identity_client_manager, parsed_args.domain, ).id elif parsed_args.user and parsed_args.project: kwargs['user'] = common.find_user( identity_client_manager, parsed_args.user, parsed_args.user_domain, ).id kwargs['project'] = common.find_project( identity_client_manager, parsed_args.project, parsed_args.project_domain, ).id elif parsed_args.group and parsed_args.system: kwargs['group'] = common.find_group( identity_client_manager, parsed_args.group, parsed_args.group_domain, ).id kwargs['system'] = parsed_args.system elif parsed_args.group and parsed_args.domain: kwargs['group'] = common.find_group( identity_client_manager, parsed_args.group, parsed_args.group_domain, ).id kwargs['domain'] = common.find_domain( identity_client_manager, parsed_args.domain, ).id elif parsed_args.group and parsed_args.project: kwargs['group'] = common.find_group( identity_client_manager, parsed_args.group, parsed_args.group_domain, ).id kwargs['project'] = common.find_project( identity_client_manager, parsed_args.project, parsed_args.project_domain, ).id kwargs['os_inherit_extension_inherited'] = parsed_args.inherited return kwargs
def take_action(self, parsed_args): self.log.debug('take_action(%s)' % parsed_args) identity_client = self.app.client_manager.identity if parsed_args.project_domain: project_domain = common.find_domain(identity_client, parsed_args.project_domain).id else: project_domain = None if parsed_args.trustor_domain: trustor_domain = common.find_domain(identity_client, parsed_args.trustor_domain).id else: trustor_domain = None if parsed_args.trustee_domain: trustee_domain = common.find_domain(identity_client, parsed_args.trustee_domain).id else: trustee_domain = None # NOTE(stevemar): Find the two users, project and roles that # are necessary for making a trust usable, the API dictates that # trustee, project and role are optional, but that makes the trust # pointless, and trusts are immutable, so let's enforce it at the # client level. trustor_id = utils.find_resource(identity_client.users, parsed_args.trustor, domain_id=trustor_domain).id trustee_id = utils.find_resource(identity_client.users, parsed_args.trustee, domain_id=trustee_domain).id project_id = utils.find_resource(identity_client.projects, parsed_args.project, domain_id=project_domain).id role_names = [] for role in parsed_args.role: role_name = utils.find_resource( identity_client.roles, role, ).name role_names.append(role_name) expires_at = None if parsed_args.expiration: expires_at = datetime.datetime.strptime(parsed_args.expiration, '%Y-%m-%dT%H:%M:%S') trust = identity_client.trusts.create( trustee_id, trustor_id, impersonation=parsed_args.impersonate, project=project_id, role_names=role_names, expires_at=expires_at, ) trust._info.pop('roles_links', None) trust._info.pop('links', None) # Format roles into something sensible roles = trust._info.pop('roles') msg = ''.join([r['name'] + ' ' for r in roles]) trust._info['roles'] = msg return zip(*sorted(six.iteritems(trust._info)))