diff --git a/doc/source/command-objects/role.rst b/doc/source/command-objects/role.rst index 02766b03..5fcbe825 100644 --- a/doc/source/command-objects/role.rst +++ b/doc/source/command-objects/role.rst @@ -37,6 +37,27 @@ Add role to a user or group in a project or domain .. versionadded:: 3 +.. option:: --user-domain + + Domain the user belongs to (name or ID). + This can be used in case collisions between user names exist. + + .. versionadded:: 3 + +.. option:: --group-domain + + Domain the group belongs to (name or ID). + This can be used in case collisions between group names exist. + + .. versionadded:: 3 + +.. option:: --project-domain + + Domain the project belongs to (name or ID). + This can be used in case collisions between project names exist. + + .. versionadded:: 3 + .. describe:: Role to add to ``:`` (name or ID) diff --git a/openstackclient/identity/common.py b/openstackclient/identity/common.py index 2cc68c8d..a6e674c0 100644 --- a/openstackclient/identity/common.py +++ b/openstackclient/identity/common.py @@ -48,23 +48,23 @@ def find_domain(identity_client, name_or_id): domains.Domain) -def find_group(identity_client, name_or_id): +def find_group(identity_client, name_or_id, domain_id=None): return _find_identity_resource(identity_client.groups, name_or_id, - groups.Group) + groups.Group, domain_id=domain_id) -def find_project(identity_client, name_or_id): +def find_project(identity_client, name_or_id, domain_id=None): return _find_identity_resource(identity_client.projects, name_or_id, - projects.Project) + projects.Project, domain_id=domain_id) -def find_user(identity_client, name_or_id): +def find_user(identity_client, name_or_id, domain_id=None): return _find_identity_resource(identity_client.users, name_or_id, - users.User) + users.User, domain_id=domain_id) def _find_identity_resource(identity_client_manager, name_or_id, - resource_type): + resource_type, **kwargs): """Find a specific identity resource. Using keystoneclient's manager, attempt to find a specific resource by its @@ -92,7 +92,7 @@ def _find_identity_resource(identity_client_manager, name_or_id, try: identity_resource = utils.find_resource(identity_client_manager, - name_or_id) + name_or_id, **kwargs) if identity_resource is not None: return identity_resource except identity_exc.Forbidden: diff --git a/openstackclient/identity/v3/role.py b/openstackclient/identity/v3/role.py index 3dd998ba..bc64f7f8 100644 --- a/openstackclient/identity/v3/role.py +++ b/openstackclient/identity/v3/role.py @@ -63,6 +63,27 @@ class AddRole(command.Command): metavar='', help='Include (name or ID)', ) + parser.add_argument( + '--user-domain', + metavar='', + help=('Domain the user belongs to (name or ID). ' + 'This can be used in case collisions between user names ' + 'exist.') + ) + parser.add_argument( + '--group-domain', + metavar='', + help=('Domain the group belongs to (name or ID). ' + 'This can be used in case collisions between group names ' + 'exist.') + ) + parser.add_argument( + '--project-domain', + metavar='', + help=('Domain the project belongs to (name or ID). ' + 'This can be used in case collisions between project names ' + 'exist.') + ) return parser def take_action(self, parsed_args): @@ -78,67 +99,76 @@ class AddRole(command.Command): parsed_args.role, ) + kwargs = {} if parsed_args.user and parsed_args.domain: - user = common.find_user( + user_domain_id = self._get_domain_id_if_requested( + parsed_args.user_domain) + kwargs['user'] = common.find_user( identity_client, parsed_args.user, - ) - domain = common.find_domain( + user_domain_id, + ).id + kwargs['domain'] = common.find_domain( identity_client, parsed_args.domain, - ) - identity_client.roles.grant( - role.id, - user=user.id, - domain=domain.id, - ) + ).id elif parsed_args.user and parsed_args.project: - user = common.find_user( + user_domain_id = self._get_domain_id_if_requested( + parsed_args.user_domain) + kwargs['user'] = common.find_user( identity_client, parsed_args.user, - ) - project = common.find_project( + user_domain_id, + ).id + project_domain_id = self._get_domain_id_if_requested( + parsed_args.project_domain) + kwargs['project'] = common.find_project( identity_client, parsed_args.project, - ) - identity_client.roles.grant( - role.id, - user=user.id, - project=project.id, - ) + project_domain_id, + ).id elif parsed_args.group and parsed_args.domain: - group = common.find_group( + group_domain_id = self._get_domain_id_if_requested( + parsed_args.group_domain) + kwargs['group'] = common.find_group( identity_client, parsed_args.group, - ) - domain = common.find_domain( + group_domain_id, + ).id + kwargs['domain'] = common.find_domain( identity_client, parsed_args.domain, - ) - identity_client.roles.grant( - role.id, - group=group.id, - domain=domain.id, - ) + ).id elif parsed_args.group and parsed_args.project: - group = common.find_group( + group_domain_id = self._get_domain_id_if_requested( + parsed_args.group_domain) + kwargs['group'] = common.find_group( identity_client, parsed_args.group, - ) - project = common.find_project( + group_domain_id, + ).id + project_domain_id = self._get_domain_id_if_requested( + parsed_args.project_domain) + kwargs['project'] = common.find_project( identity_client, parsed_args.project, - ) - identity_client.roles.grant( - role.id, - group=group.id, - project=project.id, - ) + project_domain_id, + ).id else: sys.stderr.write("Role not added, incorrect set of arguments \ provided. See openstack --help for more details\n") + return + + identity_client.roles.grant(role.id, **kwargs) return + def _get_domain_id_if_requested(self, domain_name_or_id): + if domain_name_or_id is None: + return None + domain = common.find_domain(self.app.client_manager.identity, + domain_name_or_id) + return domain.id + class CreateRole(show.ShowOne): """Create new role"""