2a1c94a753
* Fixes bug #936422 * Fixes bug #932223 * Depends on bcwaldon's review: https://review.openstack.org/#change,4305 * This review proposes making changes outlined in this spreadsheet: https://docs.google.com/spreadsheet/ccc?key=0Ak6TA47h_6fwdGZwRE5WWEJBdEhnckpMTG5RcWFjY3c#gid=0 This cleans up the CLI, normalizing commands and arguments, correcting optional and required arguments and flags. * included https://review.openstack.org/4270 here per Brian's request Note that some commands have changed names to conform to noun-verb form: user-update-password -> user-password-update add-user-role -> user-role-add remove-user-role -> user-role-remove ec2-create-credentials -> ec2-credentials-create ec2-list-credentials -> ec2-credentials-list ec2-delete-credentials -> ec2-credentials-delete token -> token-get Change-Id: I8128fa105a1b8002199211f9e475b1a7a6229b8c
293 lines
10 KiB
Python
Executable File
293 lines
10 KiB
Python
Executable File
# Copyright 2010 Jacob Kaplan-Moss
|
|
# Copyright 2011 OpenStack LLC.
|
|
# Copyright 2011 Nebula, Inc.
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
from keystoneclient.v2_0 import client
|
|
from keystoneclient import utils
|
|
|
|
CLIENT_CLASS = client.Client
|
|
|
|
|
|
@utils.arg('tenant', metavar='<tenant-id>', nargs='?', default=None,
|
|
help='Tenant ID (Optional); lists all users if not specified')
|
|
def do_user_list(kc, args):
|
|
"""List users"""
|
|
users = kc.users.list(tenant_id=args.tenant)
|
|
utils.print_list(users, ['id', 'enabled', 'email', 'name'])
|
|
|
|
|
|
@utils.arg('--name', metavar='<user-name>', required=True,
|
|
help='New user name (must be unique)')
|
|
@utils.arg('--tenant_id', metavar='<tenant-id>',
|
|
help='New user default tenant')
|
|
@utils.arg('--pass', metavar='<pass>', dest='passwd',
|
|
help='New user password')
|
|
@utils.arg('--email', metavar='<email>',
|
|
help='New user email address')
|
|
@utils.arg('--enabled', metavar='<true|false>', default=True,
|
|
help='Initial user enabled status (default true)')
|
|
def do_user_create(kc, args):
|
|
"""Create new user"""
|
|
user = kc.users.create(args.name, args.passwd, args.email,
|
|
tenant_id=args.tenant_id, enabled=args.enabled)
|
|
utils.print_dict(user._info)
|
|
|
|
|
|
@utils.arg('--name', metavar='<user-name>',
|
|
help='Desired new user name')
|
|
@utils.arg('--email', metavar='<email>',
|
|
help='Desired new email address')
|
|
@utils.arg('--enabled', metavar='<true|false>',
|
|
help='Enable or disable user')
|
|
@utils.arg('id', metavar='<user-id>', help='User ID to update')
|
|
def do_user_update(kc, args):
|
|
"""Update user's name, email, and enabled status"""
|
|
kwargs = {}
|
|
if args.name:
|
|
kwargs['name'] = args.name
|
|
if args.email:
|
|
kwargs['email'] = args.email
|
|
if args.enabled:
|
|
kwargs['enabled'] = utils.string_to_bool(args.enabled)
|
|
|
|
if not len(kwargs):
|
|
print "User not updated, no arguments present."
|
|
return
|
|
|
|
try:
|
|
kc.users.update(args.id, **kwargs)
|
|
print 'User has been updated.'
|
|
except Exception, e:
|
|
print 'Unable to update user: %s' % e
|
|
|
|
|
|
@utils.arg('--pass', metavar='<password>', required=True,
|
|
help='Desired new password')
|
|
@utils.arg('id', metavar='<user-id>', help='User ID to update')
|
|
def do_user_password_update(kc, args):
|
|
"""Update user password"""
|
|
kc.users.update_password(args.id, args.password)
|
|
|
|
|
|
@utils.arg('id', metavar='<user-id>', help='User ID to delete')
|
|
def do_user_delete(kc, args):
|
|
"""Delete user"""
|
|
kc.users.delete(args.id)
|
|
|
|
|
|
def do_tenant_list(kc, args):
|
|
"""List all tenants"""
|
|
tenants = kc.tenants.list()
|
|
utils.print_list(tenants, ['id', 'name', 'enabled'])
|
|
|
|
|
|
@utils.arg('id', metavar='<tenant-id>', help='Tenant ID to display')
|
|
def do_tenant_get(kc, args):
|
|
"""Display tenant details"""
|
|
tenant = kc.tenants.get(args.id)
|
|
utils.print_dict(tenant._info)
|
|
|
|
|
|
@utils.arg('--name', metavar='<tenant-name>', required=True,
|
|
help='New tenant name (must be unique)')
|
|
@utils.arg('--description', metavar='<tenant-description>', default=None,
|
|
help='Description of new tenant (default is none)')
|
|
@utils.arg('--enabled', metavar='<true|false>', default=True,
|
|
help='Initial tenant enabled status (default true)')
|
|
def do_tenant_create(kc, args):
|
|
"""Create new tenant"""
|
|
tenant = kc.tenants.create(args.name,
|
|
description=args.description,
|
|
enabled=args.enabled)
|
|
utils.print_dict(tenant._info)
|
|
|
|
|
|
@utils.arg('--name', metavar='<tenant_name>',
|
|
help='Desired new name of tenant')
|
|
@utils.arg('--description', metavar='<tenant-description>', default=None,
|
|
help='Desired new description of tenant')
|
|
@utils.arg('--enabled', metavar='<true|false>',
|
|
help='Enable or disable tenant')
|
|
@utils.arg('id', metavar='<tenant-id>', help='Tenant ID to update')
|
|
def do_tenant_update(kc, args):
|
|
"""Update tenant name, description, enabled status"""
|
|
tenant = kc.tenants.get(args.id)
|
|
kwargs = {}
|
|
if args.name:
|
|
kwargs.update({'name': args.name})
|
|
if args.description:
|
|
kwargs.update({'description': args.description})
|
|
if args.enabled:
|
|
new_enable = args.enabled.lower() in ['true', 'yes', '1']
|
|
kwargs.update({'enabled': new_enable})
|
|
|
|
if kwargs == {}:
|
|
print "Tenant not updated, no arguments present."
|
|
return
|
|
tenant.update(**kwargs)
|
|
|
|
|
|
@utils.arg('id', metavar='<tenant-id>', help='Tenant ID to delete')
|
|
def do_tenant_delete(kc, args):
|
|
"""Delete tenant"""
|
|
kc.tenants.delete(args.id)
|
|
|
|
|
|
@utils.arg('--name', metavar='<name>', required=True,
|
|
help='Name of new service (must be unique)')
|
|
@utils.arg('--type', metavar='<type>', required=True,
|
|
help='Service type (one of: identity, compute, network, '
|
|
'image, or object-store)')
|
|
@utils.arg('--description', metavar='<service-description>',
|
|
help='Description of service')
|
|
def do_service_create(kc, args):
|
|
"""Add service to Service Catalog"""
|
|
service = kc.services.create(args.name,
|
|
args.type,
|
|
args.description)
|
|
utils.print_dict(service._info)
|
|
|
|
|
|
def do_service_list(kc, args):
|
|
"""List all services in Service Catalog"""
|
|
services = kc.services.list()
|
|
utils.print_list(services, ['id', 'name', 'type', 'description'])
|
|
|
|
|
|
@utils.arg('id', metavar='<service-id>', help='Service ID to display')
|
|
def do_service_get(kc, args):
|
|
"""Display service from Service Catalog"""
|
|
service = kc.services.get(args.id)
|
|
utils.print_dict(service._info)
|
|
|
|
|
|
@utils.arg('id', metavar='<service-id>', help='Service ID to delete')
|
|
def do_service_delete(kc, args):
|
|
"""Delete service from Service Catalog"""
|
|
kc.services.delete(args.id)
|
|
|
|
|
|
def do_role_list(kc, args):
|
|
"""List all available roles"""
|
|
roles = kc.roles.list()
|
|
utils.print_list(roles, ['id', 'name'])
|
|
|
|
|
|
@utils.arg('id', metavar='<role-id>', help='Role ID to display')
|
|
def do_role_get(kc, args):
|
|
"""Display role details"""
|
|
role = kc.roles.get(args.id)
|
|
utils.print_dict(role._info)
|
|
|
|
|
|
@utils.arg('--name', metavar='<role-name>', required=True,
|
|
help='Name of new role')
|
|
def do_role_create(kc, args):
|
|
"""Create new role"""
|
|
role = kc.roles.create(args.name)
|
|
utils.print_dict(role._info)
|
|
|
|
|
|
@utils.arg('id', metavar='<role-id>', help='Role ID to delete')
|
|
def do_role_delete(kc, args):
|
|
"""Delete role"""
|
|
kc.roles.delete(args.id)
|
|
|
|
|
|
# TODO(jakedahn): refactor this to allow role, user, and tenant names.
|
|
@utils.arg('--user', metavar='<user-id>', required=True, help='User ID')
|
|
@utils.arg('--role', metavar='<role-id>', required=True, help='Role ID')
|
|
@utils.arg('--tenant_id', metavar='<tenant-id>', help='Tenant ID')
|
|
def do_user_role_add(kc, args):
|
|
"""Add role to user"""
|
|
kc.roles.add_user_role(args.user, args.role, args.tenant_id)
|
|
|
|
|
|
# TODO(jakedahn): refactor this to allow role, user, and tenant names.
|
|
@utils.arg('--user', metavar='<user-id>', required=True, help='User ID')
|
|
@utils.arg('--role', metavar='<role-id>', required=True, help='Role ID')
|
|
@utils.arg('--tenant_id', metavar='<tenant-id>', help='Tenant ID')
|
|
def do_user_role_remove(kc, args):
|
|
"""Remove role from user"""
|
|
kc.roles.remove_user_role(args.user, args.role, args.tenant_id)
|
|
|
|
|
|
@utils.arg('--user', metavar='<user-id>', required=True, help='User ID')
|
|
@utils.arg('--tenant_id', metavar='<tenant-id>', required=True,
|
|
help='Tenant ID')
|
|
def do_ec2_credentials_create(kc, args):
|
|
"""Create EC2-compatibile credentials for user per tenant"""
|
|
credentials = kc.ec2.create(args.user, args.tenant_id)
|
|
utils.print_dict(credentials._info)
|
|
|
|
|
|
@utils.arg('--user', metavar='<user-id>', help='User ID to list')
|
|
def do_ec2_credentials_list(kc, args):
|
|
"""List EC2-compatibile credentials for a user"""
|
|
credentials = kc.ec2.list(args.user)
|
|
for cred in credentials:
|
|
cred.tenant = kc.tenants.get(cred.tenant_id).name
|
|
utils.print_list(credentials, ['tenant', 'key', 'secret'])
|
|
|
|
|
|
@utils.arg('--user', metavar='<user-id>', help='User ID')
|
|
@utils.arg('--key', metavar='<access-key>', help='Access Key')
|
|
def do_ec2_credentials_delete(kc, args):
|
|
"""Delete EC2-compatibile credentials"""
|
|
kc.ec2.delete(args.user, args.key)
|
|
|
|
|
|
@utils.arg('--service', metavar='<service-type>', default=None,
|
|
help='Service type to return')
|
|
def do_catalog(kc, args):
|
|
"""List service catalog, possibly filtered by service."""
|
|
endpoints = kc.service_catalog.get_endpoints(service_type=args.service)
|
|
for (service, service_endpoints) in endpoints.iteritems():
|
|
if len(service_endpoints) > 0:
|
|
print "Service: %s" % service
|
|
for ep in service_endpoints:
|
|
utils.print_dict(ep)
|
|
|
|
|
|
@utils.arg('--service', metavar='<service-type>', required=True,
|
|
help='Service type to select')
|
|
@utils.arg('--endpoint_type', metavar='<endpoint-type>', default='publicURL',
|
|
help='Endpoint type to select')
|
|
@utils.arg('--attr', metavar='<service-attribute>',
|
|
help='Service attribute to match for selection')
|
|
@utils.arg('--value', metavar='<value>',
|
|
help='Value of attribute to match')
|
|
def do_endpoint_get(kc, args):
|
|
"""Find endpoint filtered by a specific attribute or service type"""
|
|
kwargs = {
|
|
'service_type': args.service,
|
|
'endpoint_type': args.endpoint_type,
|
|
}
|
|
|
|
if args.attr and args.value:
|
|
kwargs.update({'attr': args.attr, 'filter_value': args.value})
|
|
elif args.attr or args.value:
|
|
print 'Both --attr and --value required.'
|
|
return
|
|
|
|
url = kc.service_catalog.url_for(**kwargs)
|
|
utils.print_dict({'%s.%s' % (args.service, args.endpoint_type): url})
|
|
|
|
|
|
def do_token_get(kc, args):
|
|
"""Display the current user token"""
|
|
utils.print_dict(kc.service_catalog.get_token())
|