Browse Source

Restrict groups and users from changing domains

Similar to projects, we shouldn't allow users and groups to
change domains. The server side tosses up an error but osc
should restrict that behaviour in the first place.

Related-Bug: #1418384

Change-Id: I860291a5859c576021b18e35d1a12c32abfb6ca5
changes/23/153923/5
Steve Martinelli 6 years ago
parent
commit
07c4fa9d4b
5 changed files with 1 additions and 74 deletions
  1. +0
    -5
      doc/source/command-objects/group.rst
  2. +0
    -7
      doc/source/command-objects/user.rst
  3. +1
    -7
      openstackclient/identity/v3/group.py
  4. +0
    -9
      openstackclient/identity/v3/user.py
  5. +0
    -46
      openstackclient/tests/identity/v3/test_user.py

+ 0
- 5
doc/source/command-objects/group.rst View File

@ -151,7 +151,6 @@ Set group properties
os group set
[--name <name>]
[--domain <domain>]
[--description <description>]
<group>
@ -159,10 +158,6 @@ Set group properties
New group name
.. option:: --domain <domain>
New domain to contain <group> (name or ID)
.. option:: --description <description>
New group description


+ 0
- 7
doc/source/command-objects/user.rst View File

@ -136,7 +136,6 @@ Set user properties
os user set
[--name <name>]
[--domain <domain>]
[--project <project>]
[--password <password>]
[--email <email-address>]
@ -148,12 +147,6 @@ Set user properties
Set user name
.. option:: --domain <domain>
Set default domain (name or ID)
.. versionadded:: 3
.. option:: --project <project>
Set default project (name or ID)


+ 1
- 7
openstackclient/identity/v3/group.py View File

@ -314,10 +314,6 @@ class SetGroup(command.Command):
'--name',
metavar='<name>',
help='New group name')
parser.add_argument(
'--domain',
metavar='<domain>',
help='New domain to contain <group> (name or ID)')
parser.add_argument(
'--description',
metavar='<description>',
@ -333,9 +329,7 @@ class SetGroup(command.Command):
kwargs['name'] = parsed_args.name
if parsed_args.description:
kwargs['description'] = parsed_args.description
if parsed_args.domain:
kwargs['domain'] = common.find_domain(identity_client,
parsed_args.domain).id
if not len(kwargs):
sys.stderr.write("Group not updated, no arguments present")
return


+ 0
- 9
openstackclient/identity/v3/user.py View File

@ -299,11 +299,6 @@ class SetUser(command.Command):
metavar='<name>',
help='Set user name',
)
parser.add_argument(
'--domain',
metavar='<domain>',
help='Set default domain (name or ID)',
)
parser.add_argument(
'--project',
metavar='<project>',
@ -354,7 +349,6 @@ class SetUser(command.Command):
and not parsed_args.name
and not parsed_args.password
and not parsed_args.email
and not parsed_args.domain
and not parsed_args.project
and not parsed_args.description
and not parsed_args.enable
@ -379,9 +373,6 @@ class SetUser(command.Command):
project_id = utils.find_resource(
identity_client.projects, parsed_args.project).id
kwargs['project'] = project_id
if parsed_args.domain:
kwargs['domain'] = common.find_domain(identity_client,
parsed_args.domain).id
kwargs['enabled'] = user.enabled
if parsed_args.enable:
kwargs['enabled'] = True


+ 0
- 46
openstackclient/tests/identity/v3/test_user.py View File

@ -696,12 +696,6 @@ class TestUserSet(TestUser):
def setUp(self):
super(TestUserSet, self).setUp()
self.domains_mock.get.return_value = fakes.FakeResource(
None,
copy.deepcopy(identity_fakes.DOMAIN),
loaded=True,
)
self.projects_mock.get.return_value = fakes.FakeResource(
None,
copy.deepcopy(identity_fakes.PROJECT),
@ -730,7 +724,6 @@ class TestUserSet(TestUser):
('name', None),
('password', None),
('email', None),
('domain', None),
('project', None),
('enable', False),
('disable', False),
@ -750,7 +743,6 @@ class TestUserSet(TestUser):
('name', 'qwerty'),
('password', None),
('email', None),
('domain', None),
('project', None),
('enable', False),
('disable', False),
@ -783,7 +775,6 @@ class TestUserSet(TestUser):
('password', 'secret'),
('password_prompt', False),
('email', None),
('domain', None),
('project', None),
('enable', False),
('disable', False),
@ -816,7 +807,6 @@ class TestUserSet(TestUser):
('password', None),
('password_prompt', True),
('email', None),
('domain', None),
('project', None),
('enable', False),
('disable', False),
@ -851,7 +841,6 @@ class TestUserSet(TestUser):
('name', None),
('password', None),
('email', 'barney@example.com'),
('domain', None),
('project', None),
('enable', False),
('disable', False),
@ -874,38 +863,6 @@ class TestUserSet(TestUser):
**kwargs
)
def test_user_set_domain(self):
arglist = [
'--domain', identity_fakes.domain_id,
identity_fakes.user_name,
]
verifylist = [
('name', None),
('password', None),
('email', None),
('domain', identity_fakes.domain_id),
('project', None),
('enable', False),
('disable', False),
('user', identity_fakes.user_name),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
# DisplayCommandBase.take_action() returns two tuples
self.cmd.take_action(parsed_args)
# Set expected values
kwargs = {
'enabled': True,
'domain': identity_fakes.domain_id,
}
# UserManager.update(user, name=, domain=, project=, password=,
# email=, description=, enabled=, default_project=)
self.users_mock.update.assert_called_with(
identity_fakes.user_id,
**kwargs
)
def test_user_set_project(self):
arglist = [
'--project', identity_fakes.project_id,
@ -915,7 +872,6 @@ class TestUserSet(TestUser):
('name', None),
('password', None),
('email', None),
('domain', None),
('project', identity_fakes.project_id),
('enable', False),
('disable', False),
@ -947,7 +903,6 @@ class TestUserSet(TestUser):
('name', None),
('password', None),
('email', None),
('domain', None),
('project', None),
('enable', True),
('disable', False),
@ -978,7 +933,6 @@ class TestUserSet(TestUser):
('name', None),
('password', None),
('email', None),
('domain', None),
('project', None),
('enable', False),
('disable', True),


Loading…
Cancel
Save