Merge "Enable specifing domains in "role add""
This commit is contained in:
commit
61cfebb8aa
@ -37,6 +37,27 @@ Add role to a user or group in a project or domain
|
||||
|
||||
.. versionadded:: 3
|
||||
|
||||
.. option:: --user-domain <user-domain>
|
||||
|
||||
Domain the user belongs to (name or ID).
|
||||
This can be used in case collisions between user names exist.
|
||||
|
||||
.. versionadded:: 3
|
||||
|
||||
.. option:: --group-domain <group-domain>
|
||||
|
||||
Domain the group belongs to (name or ID).
|
||||
This can be used in case collisions between group names exist.
|
||||
|
||||
.. versionadded:: 3
|
||||
|
||||
.. option:: --project-domain <project-domain>
|
||||
|
||||
Domain the project belongs to (name or ID).
|
||||
This can be used in case collisions between project names exist.
|
||||
|
||||
.. versionadded:: 3
|
||||
|
||||
.. describe:: <role>
|
||||
|
||||
Role to add to `<project>`:`<user>` (name or ID)
|
||||
|
@ -48,23 +48,23 @@ def find_domain(identity_client, name_or_id):
|
||||
domains.Domain)
|
||||
|
||||
|
||||
def find_group(identity_client, name_or_id):
|
||||
def find_group(identity_client, name_or_id, domain_id=None):
|
||||
return _find_identity_resource(identity_client.groups, name_or_id,
|
||||
groups.Group)
|
||||
groups.Group, domain_id=domain_id)
|
||||
|
||||
|
||||
def find_project(identity_client, name_or_id):
|
||||
def find_project(identity_client, name_or_id, domain_id=None):
|
||||
return _find_identity_resource(identity_client.projects, name_or_id,
|
||||
projects.Project)
|
||||
projects.Project, domain_id=domain_id)
|
||||
|
||||
|
||||
def find_user(identity_client, name_or_id):
|
||||
def find_user(identity_client, name_or_id, domain_id=None):
|
||||
return _find_identity_resource(identity_client.users, name_or_id,
|
||||
users.User)
|
||||
users.User, domain_id=domain_id)
|
||||
|
||||
|
||||
def _find_identity_resource(identity_client_manager, name_or_id,
|
||||
resource_type):
|
||||
resource_type, **kwargs):
|
||||
"""Find a specific identity resource.
|
||||
|
||||
Using keystoneclient's manager, attempt to find a specific resource by its
|
||||
@ -92,7 +92,7 @@ def _find_identity_resource(identity_client_manager, name_or_id,
|
||||
|
||||
try:
|
||||
identity_resource = utils.find_resource(identity_client_manager,
|
||||
name_or_id)
|
||||
name_or_id, **kwargs)
|
||||
if identity_resource is not None:
|
||||
return identity_resource
|
||||
except identity_exc.Forbidden:
|
||||
|
@ -63,6 +63,27 @@ class AddRole(command.Command):
|
||||
metavar='<group>',
|
||||
help='Include <group> (name or ID)',
|
||||
)
|
||||
parser.add_argument(
|
||||
'--user-domain',
|
||||
metavar='<user-domain>',
|
||||
help=('Domain the user belongs to (name or ID). '
|
||||
'This can be used in case collisions between user names '
|
||||
'exist.')
|
||||
)
|
||||
parser.add_argument(
|
||||
'--group-domain',
|
||||
metavar='<group-domain>',
|
||||
help=('Domain the group belongs to (name or ID). '
|
||||
'This can be used in case collisions between group names '
|
||||
'exist.')
|
||||
)
|
||||
parser.add_argument(
|
||||
'--project-domain',
|
||||
metavar='<project-domain>',
|
||||
help=('Domain the project belongs to (name or ID). '
|
||||
'This can be used in case collisions between project names '
|
||||
'exist.')
|
||||
)
|
||||
return parser
|
||||
|
||||
def take_action(self, parsed_args):
|
||||
@ -78,67 +99,76 @@ class AddRole(command.Command):
|
||||
parsed_args.role,
|
||||
)
|
||||
|
||||
kwargs = {}
|
||||
if parsed_args.user and parsed_args.domain:
|
||||
user = common.find_user(
|
||||
user_domain_id = self._get_domain_id_if_requested(
|
||||
parsed_args.user_domain)
|
||||
kwargs['user'] = common.find_user(
|
||||
identity_client,
|
||||
parsed_args.user,
|
||||
)
|
||||
domain = common.find_domain(
|
||||
user_domain_id,
|
||||
).id
|
||||
kwargs['domain'] = common.find_domain(
|
||||
identity_client,
|
||||
parsed_args.domain,
|
||||
)
|
||||
identity_client.roles.grant(
|
||||
role.id,
|
||||
user=user.id,
|
||||
domain=domain.id,
|
||||
)
|
||||
).id
|
||||
elif parsed_args.user and parsed_args.project:
|
||||
user = common.find_user(
|
||||
user_domain_id = self._get_domain_id_if_requested(
|
||||
parsed_args.user_domain)
|
||||
kwargs['user'] = common.find_user(
|
||||
identity_client,
|
||||
parsed_args.user,
|
||||
)
|
||||
project = common.find_project(
|
||||
user_domain_id,
|
||||
).id
|
||||
project_domain_id = self._get_domain_id_if_requested(
|
||||
parsed_args.project_domain)
|
||||
kwargs['project'] = common.find_project(
|
||||
identity_client,
|
||||
parsed_args.project,
|
||||
)
|
||||
identity_client.roles.grant(
|
||||
role.id,
|
||||
user=user.id,
|
||||
project=project.id,
|
||||
)
|
||||
project_domain_id,
|
||||
).id
|
||||
elif parsed_args.group and parsed_args.domain:
|
||||
group = common.find_group(
|
||||
group_domain_id = self._get_domain_id_if_requested(
|
||||
parsed_args.group_domain)
|
||||
kwargs['group'] = common.find_group(
|
||||
identity_client,
|
||||
parsed_args.group,
|
||||
)
|
||||
domain = common.find_domain(
|
||||
group_domain_id,
|
||||
).id
|
||||
kwargs['domain'] = common.find_domain(
|
||||
identity_client,
|
||||
parsed_args.domain,
|
||||
)
|
||||
identity_client.roles.grant(
|
||||
role.id,
|
||||
group=group.id,
|
||||
domain=domain.id,
|
||||
)
|
||||
).id
|
||||
elif parsed_args.group and parsed_args.project:
|
||||
group = common.find_group(
|
||||
group_domain_id = self._get_domain_id_if_requested(
|
||||
parsed_args.group_domain)
|
||||
kwargs['group'] = common.find_group(
|
||||
identity_client,
|
||||
parsed_args.group,
|
||||
)
|
||||
project = common.find_project(
|
||||
group_domain_id,
|
||||
).id
|
||||
project_domain_id = self._get_domain_id_if_requested(
|
||||
parsed_args.project_domain)
|
||||
kwargs['project'] = common.find_project(
|
||||
identity_client,
|
||||
parsed_args.project,
|
||||
)
|
||||
identity_client.roles.grant(
|
||||
role.id,
|
||||
group=group.id,
|
||||
project=project.id,
|
||||
)
|
||||
project_domain_id,
|
||||
).id
|
||||
else:
|
||||
sys.stderr.write("Role not added, incorrect set of arguments \
|
||||
provided. See openstack --help for more details\n")
|
||||
return
|
||||
|
||||
identity_client.roles.grant(role.id, **kwargs)
|
||||
return
|
||||
|
||||
def _get_domain_id_if_requested(self, domain_name_or_id):
|
||||
if domain_name_or_id is None:
|
||||
return None
|
||||
domain = common.find_domain(self.app.client_manager.identity,
|
||||
domain_name_or_id)
|
||||
return domain.id
|
||||
|
||||
|
||||
class CreateRole(show.ShowOne):
|
||||
"""Create new role"""
|
||||
|
Loading…
x
Reference in New Issue
Block a user