def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
if parsed_args.long:
columns = ('ID', 'Name', 'Domain ID', 'Description', 'Enabled')
else:
columns = ('ID', 'Name')
kwargs = {}
domain_id = None
if parsed_args.domain:
domain_id = common.find_domain(identity_client,
parsed_args.domain).id
kwargs['domain'] = domain_id
if parsed_args.user:
if parsed_args.domain:
user_id = utils.find_resource(identity_client.users,
parsed_args.user,
domain_id=domain_id).id
else:
user_id = utils.find_resource(identity_client.users,
parsed_args.user).id
kwargs['user'] = user_id
data = identity_client.projects.list(**kwargs)
return (columns, (utils.get_item_properties(
s,
columns,
formatters={},
) for s in data))
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
client_manager = self.app.client_manager
user = _determine_ec2_user(parsed_args, client_manager)
project_domain = None
if parsed_args.project_domain:
project_domain = common.find_domain(identity_client,
parsed_args.project_domain)
if parsed_args.project:
if project_domain is not None:
project = utils.find_resource(identity_client.projects,
parsed_args.project,
domain_id=project_domain.id).id
else:
project = utils.find_resource(
identity_client.projects,
parsed_args.project).id
else:
# Get the project from the current auth
project = self.app.client_manager.auth_ref.project_id
creds = identity_client.ec2.create(user, project)
info = {}
info.update(creds._info)
if 'tenant_id' in info:
info.update(
{'project_id': info.pop('tenant_id')}
)
return zip(*sorted(six.iteritems(info)))
def _determine_ec2_user(parsed_args, client_manager):
"""Determine a user several different ways.
Assumes parsed_args has user and user_domain arguments. Attempts to find
the user if domain scoping is provided, otherwise revert to a basic user
call. Lastly use the currently authenticated user.
"""
user_domain = None
if parsed_args.user_domain:
user_domain = common.find_domain(client_manager.identity,
parsed_args.user_domain)
if parsed_args.user:
if user_domain is not None:
user = utils.find_resource(client_manager.identity.users,
parsed_args.user,
domain_id=user_domain.id).id
else:
user = utils.find_resource(
client_manager.identity.users,
parsed_args.user).id
else:
# Get the user from the current auth
user = client_manager.auth_ref.user_id
return user
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
if parsed_args.domain:
domain = common.find_domain(identity_client, parsed_args.domain)
project = utils.find_resource(identity_client.projects,
parsed_args.project,
domain_id=domain.id,
parents_as_list=parsed_args.parents,
subtree_as_list=parsed_args.children)
else:
project = utils.find_resource(identity_client.projects,
parsed_args.project,
parents_as_list=parsed_args.parents,
subtree_as_list=parsed_args.children)
if project._info.get('parents'):
project._info['parents'] = [
str(p['project']['id']) for p in project._info['parents']
]
if project._info.get('subtree'):
project._info['subtree'] = [
str(p['project']['id']) for p in project._info['subtree']
]
project._info.pop('links')
return zip(*sorted(six.iteritems(project._info)))
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
domain = None
if parsed_args.domain:
domain = common.find_domain(identity_client, parsed_args.domain).id
if parsed_args.user:
user = common.find_user(
identity_client,
parsed_args.user,
parsed_args.user_domain,
).id
else:
user = None
# List groups
if parsed_args.long:
columns = ('ID', 'Name', 'Domain ID', 'Description')
else:
columns = ('ID', 'Name')
data = identity_client.groups.list(
domain=domain,
user=user,
)
return (columns, (utils.get_item_properties(
s,
columns,
formatters={},
) for s in data))
def _process_identity_and_resource_options(parsed_args,
identity_client_manager):
kwargs = {}
if parsed_args.user and parsed_args.domain:
kwargs['user'] = common.find_user(
identity_client_manager,
parsed_args.user,
parsed_args.user_domain,
).id
kwargs['domain'] = common.find_domain(
identity_client_manager,
parsed_args.domain,
).id
elif parsed_args.user and parsed_args.project:
kwargs['user'] = common.find_user(
identity_client_manager,
parsed_args.user,
parsed_args.user_domain,
).id
kwargs['project'] = common.find_project(
identity_client_manager,
parsed_args.project,
parsed_args.project_domain,
).id
elif parsed_args.group and parsed_args.domain:
kwargs['group'] = common.find_group(
identity_client_manager,
parsed_args.group,
parsed_args.group_domain,
).id
kwargs['domain'] = common.find_domain(
identity_client_manager,
parsed_args.domain,
).id
elif parsed_args.group and parsed_args.project:
kwargs['group'] = common.find_group(
identity_client_manager,
parsed_args.group,
parsed_args.group_domain,
).id
kwargs['project'] = common.find_project(
identity_client_manager,
parsed_args.project,
parsed_args.project_domain,
).id
kwargs['os_inherit_extension_inherited'] = parsed_args.inherited
return kwargs
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
if parsed_args.domain:
domain = common.find_domain(identity_client, parsed_args.domain)
user = utils.find_resource(identity_client.users,
parsed_args.user,
domain_id=domain.id)
else:
user = utils.find_resource(identity_client.users, parsed_args.user)
user._info.pop('links')
return zip(*sorted(six.iteritems(user._info)))
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
domain = None
if parsed_args.domain:
domain = common.find_domain(identity_client, parsed_args.domain)
for user in parsed_args.users:
if domain is not None:
user_obj = utils.find_resource(identity_client.users,
user,
domain_id=domain.id)
else:
user_obj = utils.find_resource(identity_client.users, user)
identity_client.users.delete(user_obj.id)
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
domain = None
if parsed_args.domain:
domain = common.find_domain(identity_client, parsed_args.domain)
for project in parsed_args.projects:
if domain is not None:
project_obj = utils.find_resource(identity_client.projects,
project,
domain_id=domain.id)
else:
project_obj = utils.find_resource(identity_client.projects,
project)
identity_client.projects.delete(project_obj.id)
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
if parsed_args.domain:
domain = common.find_domain(identity_client, parsed_args.domain)
project = utils.find_resource(identity_client.projects,
parsed_args.project,
domain_id=domain.id)
else:
project = utils.find_resource(identity_client.projects,
parsed_args.project)
token_client = identity_client.oauth1.request_tokens
request_token = token_client.create(
parsed_args.consumer_key,
parsed_args.consumer_secret,
project.id)
return zip(*sorted(six.iteritems(request_token._info)))
def take_action(self, parsed_args):
compute_client = self.app.client_manager.compute
volume_client = self.app.client_manager.volume
project_id = None
if parsed_args.project is not None:
identity_client = self.app.client_manager.identity
if parsed_args.domain is not None:
domain = identity_common.find_domain(identity_client,
parsed_args.domain)
project_id = utils.find_resource(identity_client.projects,
parsed_args.project,
domain_id=domain.id).id
else:
project_id = utils.find_resource(identity_client.projects,
parsed_args.project).id
compute_limits = compute_client.limits.get(parsed_args.is_reserved,
tenant_id=project_id)
volume_limits = volume_client.limits.get()
if parsed_args.is_absolute:
compute_limits = compute_limits.absolute
volume_limits = volume_limits.absolute
columns = ["Name", "Value"]
return (columns,
(utils.get_item_properties(s, columns)
for s in itertools.chain(compute_limits, volume_limits)))
elif parsed_args.is_rate:
compute_limits = compute_limits.rate
volume_limits = volume_limits.rate
columns = [
"Verb", "URI", "Value", "Remain", "Unit", "Next Available"
]
return (columns,
(utils.get_item_properties(s, columns)
for s in itertools.chain(compute_limits, volume_limits)))
else:
return ({}, {})
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
domain = None
if parsed_args.domain:
domain = common.find_domain(identity_client, parsed_args.domain).id
parent = None
if parsed_args.parent:
parent = utils.find_resource(
identity_client.projects,
parsed_args.parent,
).id
enabled = True
if parsed_args.disable:
enabled = False
kwargs = {}
if parsed_args.property:
kwargs = parsed_args.property.copy()
try:
project = identity_client.projects.create(
name=parsed_args.name,
domain=domain,
parent=parent,
description=parsed_args.description,
enabled=enabled,
**kwargs)
except ks_exc.Conflict as e:
if parsed_args.or_show:
project = utils.find_resource(identity_client.projects,
parsed_args.name,
domain_id=domain)
self.log.info('Returning existing project %s', project.name)
else:
raise e
project._info.pop('links')
return zip(*sorted(six.iteritems(project._info)))
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
project_id = None
if parsed_args.project:
project_id = common.find_project(identity_client,
parsed_args.project,
parsed_args.project_domain).id
domain_id = None
if parsed_args.domain:
domain_id = common.find_domain(identity_client,
parsed_args.domain).id
enabled = True
if parsed_args.disable:
enabled = False
if parsed_args.password_prompt:
parsed_args.password = utils.get_password(self.app.stdin)
try:
user = identity_client.users.create(
name=parsed_args.name,
domain=domain_id,
default_project=project_id,
password=parsed_args.password,
email=parsed_args.email,
description=parsed_args.description,
enabled=enabled)
except ks_exc.Conflict as e:
if parsed_args.or_show:
user = utils.find_resource(identity_client.users,
parsed_args.name,
domain_id=domain_id)
self.log.info('Returning existing user %s', user.name)
else:
raise e
user._info.pop('links')
return zip(*sorted(six.iteritems(user._info)))
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
domain = None
if parsed_args.domain:
domain = common.find_domain(identity_client, parsed_args.domain).id
try:
group = identity_client.groups.create(
name=parsed_args.name,
domain=domain,
description=parsed_args.description)
except ks_exc.Conflict as e:
if parsed_args.or_show:
group = utils.find_resource(identity_client.groups,
parsed_args.name,
domain_id=domain)
self.log.info('Returning existing group %s', group.name)
else:
raise e
group._info.pop('links')
return zip(*sorted(six.iteritems(group._info)))
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
role = None
if parsed_args.role:
role = utils.find_resource(
identity_client.roles,
parsed_args.role,
)
user = None
if parsed_args.user:
user = common.find_user(
identity_client,
parsed_args.user,
parsed_args.user_domain,
)
domain = None
if parsed_args.domain:
domain = common.find_domain(
identity_client,
parsed_args.domain,
)
project = None
if parsed_args.project:
project = common.find_project(
identity_client,
parsed_args.project,
parsed_args.project_domain,
)
group = None
if parsed_args.group:
group = common.find_group(
identity_client,
parsed_args.group,
parsed_args.group_domain,
)
include_names = True if parsed_args.names else False
effective = True if parsed_args.effective else False
columns = ('Role', 'User', 'Group', 'Project', 'Domain', 'Inherited')
inherited_to = 'projects' if parsed_args.inherited else None
data = identity_client.role_assignments.list(
domain=domain,
user=user,
group=group,
project=project,
role=role,
effective=effective,
os_inherit_extension_inherited_to=inherited_to,
include_names=include_names)
data_parsed = []
for assignment in data:
# Removing the extra "scope" layer in the assignment json
scope = assignment.scope
if 'project' in scope:
if include_names:
prj = '@'.join([
scope['project']['name'],
scope['project']['domain']['name']
])
setattr(assignment, 'project', prj)
else:
setattr(assignment, 'project', scope['project']['id'])
assignment.domain = ''
elif 'domain' in scope:
if include_names:
setattr(assignment, 'domain', scope['domain']['name'])
else:
setattr(assignment, 'domain', scope['domain']['id'])
assignment.project = ''
else:
assignment.domain = ''
assignment.project = ''
inherited = scope.get('OS-INHERIT:inherited_to') == 'projects'
assignment.inherited = inherited
del assignment.scope
if hasattr(assignment, 'user'):
if include_names:
usr = '******'.join([
assignment.user['name'],
assignment.user['domain']['name']
])
setattr(assignment, 'user', usr)
else:
setattr(assignment, 'user', assignment.user['id'])
assignment.group = ''
elif hasattr(assignment, 'group'):
if include_names:
grp = '@'.join([
assignment.group['name'],
assignment.group['domain']['name']
])
setattr(assignment, 'group', grp)
else:
setattr(assignment, 'group', assignment.group['id'])
assignment.user = ''
else:
assignment.user = ''
assignment.group = ''
if hasattr(assignment, 'role'):
if include_names:
setattr(assignment, 'role', assignment.role['name'])
else:
setattr(assignment, 'role', assignment.role['id'])
else:
assignment.role = ''
# Creating a tuple from data object fields
# (including the blank ones)
data_parsed.append(self._as_tuple(assignment))
return columns, tuple(data_parsed)
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
if parsed_args.user:
user = common.find_user(
identity_client,
parsed_args.user,
parsed_args.user_domain,
)
elif parsed_args.group:
group = common.find_group(
identity_client,
parsed_args.group,
parsed_args.group_domain,
)
if parsed_args.domain:
domain = common.find_domain(
identity_client,
parsed_args.domain,
)
elif parsed_args.project:
project = common.find_project(
identity_client,
parsed_args.project,
parsed_args.project_domain,
)
# no user or group specified, list all roles in the system
if not parsed_args.user and not parsed_args.group:
columns = ('ID', 'Name')
data = identity_client.roles.list()
elif parsed_args.user and parsed_args.domain:
columns = ('ID', 'Name', 'Domain', 'User')
data = identity_client.roles.list(
user=user,
domain=domain,
os_inherit_extension_inherited=parsed_args.inherited)
for user_role in data:
user_role.user = user.name
user_role.domain = domain.name
elif parsed_args.user and parsed_args.project:
columns = ('ID', 'Name', 'Project', 'User')
data = identity_client.roles.list(
user=user,
project=project,
os_inherit_extension_inherited=parsed_args.inherited)
for user_role in data:
user_role.user = user.name
user_role.project = project.name
elif parsed_args.user:
columns = ('ID', 'Name')
data = identity_client.roles.list(
user=user,
domain='default',
os_inherit_extension_inherited=parsed_args.inherited)
elif parsed_args.group and parsed_args.domain:
columns = ('ID', 'Name', 'Domain', 'Group')
data = identity_client.roles.list(
group=group,
domain=domain,
os_inherit_extension_inherited=parsed_args.inherited)
for group_role in data:
group_role.group = group.name
group_role.domain = domain.name
elif parsed_args.group and parsed_args.project:
columns = ('ID', 'Name', 'Project', 'Group')
data = identity_client.roles.list(
group=group,
project=project,
os_inherit_extension_inherited=parsed_args.inherited)
for group_role in data:
group_role.group = group.name
group_role.project = project.name
else:
sys.stderr.write("Error: If a user or group is specified, either "
"--domain or --project must also be specified to "
"list role grants.\n")
return ([], [])
return (columns, (utils.get_item_properties(
s,
columns,
formatters={},
) for s in data))
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
domain = None
if parsed_args.domain:
domain = common.find_domain(identity_client, parsed_args.domain).id
group = None
if parsed_args.group:
group = common.find_group(identity_client, parsed_args.group,
parsed_args.domain).id
if parsed_args.project:
if domain is not None:
project = utils.find_resource(identity_client.projects,
parsed_args.project,
domain_id=domain).id
else:
project = utils.find_resource(
identity_client.projects,
parsed_args.project,
).id
assignments = identity_client.role_assignments.list(
project=project)
# NOTE(stevemar): If a user has more than one role on a project
# then they will have two entries in the returned data. Since we
# are looking for any role, let's just track unique user IDs.
user_ids = set()
for assignment in assignments:
if hasattr(assignment, 'user'):
user_ids.add(assignment.user['id'])
# NOTE(stevemar): Call find_resource once we have unique IDs, so
# it's fewer trips to the Identity API, then collect the data.
data = []
for user_id in user_ids:
user = utils.find_resource(identity_client.users, user_id)
data.append(user)
else:
data = identity_client.users.list(
domain=domain,
group=group,
)
# Column handling
if parsed_args.long:
columns = [
'ID', 'Name', 'Default Project Id', 'Domain Id', 'Description',
'Email', 'Enabled'
]
column_headers = copy.deepcopy(columns)
column_headers[2] = 'Project'
column_headers[3] = 'Domain'
else:
columns = ['ID', 'Name']
column_headers = columns
return (column_headers, (utils.get_item_properties(
s,
columns,
formatters={},
) for s in data))