Merge "Enable specifing domains in "role add""

2015-05-22 20:00:01 +00:00 · 2015-05-22 20:00:01 +00:00 · 61cfebb8aa
commit 61cfebb8aa
parent 7cc9632939 3ca96ef93c
3 changed files with 95 additions and 44 deletions
--- a/doc/source/command-objects/role.rst
+++ b/doc/source/command-objects/role.rst
@ -37,6 +37,27 @@ Add role to a user or group in a project or domain

    .. versionadded:: 3

+.. option:: --user-domain <user-domain>
+
+    Domain the user belongs to (name or ID).
+    This can be used in case collisions between user names exist.
+
+    .. versionadded:: 3
+
+.. option:: --group-domain <group-domain>
+
+    Domain the group belongs to (name or ID).
+    This can be used in case collisions between group names exist.
+
+    .. versionadded:: 3
+
+.. option:: --project-domain <project-domain>
+
+    Domain the project belongs to (name or ID).
+    This can be used in case collisions between project names exist.
+
+    .. versionadded:: 3
+
 .. describe:: <role>

    Role to add to `<project>`:`<user>` (name or ID)
--- a/openstackclient/identity/common.py
+++ b/openstackclient/identity/common.py
@ -48,23 +48,23 @@ def find_domain(identity_client, name_or_id):
                                   domains.Domain)


-def find_group(identity_client, name_or_id):
+def find_group(identity_client, name_or_id, domain_id=None):
    return _find_identity_resource(identity_client.groups, name_or_id,
-                                   groups.Group)
+                                   groups.Group, domain_id=domain_id)


-def find_project(identity_client, name_or_id):
+def find_project(identity_client, name_or_id, domain_id=None):
    return _find_identity_resource(identity_client.projects, name_or_id,
-                                   projects.Project)
+                                   projects.Project, domain_id=domain_id)


-def find_user(identity_client, name_or_id):
+def find_user(identity_client, name_or_id, domain_id=None):
    return _find_identity_resource(identity_client.users, name_or_id,
-                                   users.User)
+                                   users.User, domain_id=domain_id)


 def _find_identity_resource(identity_client_manager, name_or_id,
-                            resource_type):
+                            resource_type, **kwargs):
    """Find a specific identity resource.

    Using keystoneclient's manager, attempt to find a specific resource by its
@ -92,7 +92,7 @@ def _find_identity_resource(identity_client_manager, name_or_id,

    try:
        identity_resource = utils.find_resource(identity_client_manager,
-                                                name_or_id)
+                                                name_or_id, **kwargs)
        if identity_resource is not None:
            return identity_resource
    except identity_exc.Forbidden:
--- a/openstackclient/identity/v3/role.py
+++ b/openstackclient/identity/v3/role.py
@ -63,6 +63,27 @@ class AddRole(command.Command):
            metavar='<group>',
            help='Include <group> (name or ID)',
        )
+        parser.add_argument(
+            '--user-domain',
+            metavar='<user-domain>',
+            help=('Domain the user belongs to (name or ID). '
+                  'This can be used in case collisions between user names '
+                  'exist.')
+        )
+        parser.add_argument(
+            '--group-domain',
+            metavar='<group-domain>',
+            help=('Domain the group belongs to (name or ID). '
+                  'This can be used in case collisions between group names '
+                  'exist.')
+        )
+        parser.add_argument(
+            '--project-domain',
+            metavar='<project-domain>',
+            help=('Domain the project belongs to (name or ID). '
+                  'This can be used in case collisions between project names '
+                  'exist.')
+        )
        return parser

    def take_action(self, parsed_args):
@ -78,67 +99,76 @@ class AddRole(command.Command):
            parsed_args.role,
        )

+        kwargs = {}
        if parsed_args.user and parsed_args.domain:
-            user = common.find_user(
+            user_domain_id = self._get_domain_id_if_requested(
+                parsed_args.user_domain)
+            kwargs['user'] = common.find_user(
                identity_client,
                parsed_args.user,
-            )
-            domain = common.find_domain(
+                user_domain_id,
+            ).id
+            kwargs['domain'] = common.find_domain(
                identity_client,
                parsed_args.domain,
-            )
-            identity_client.roles.grant(
-                role.id,
-                user=user.id,
-                domain=domain.id,
-            )
+            ).id
        elif parsed_args.user and parsed_args.project:
-            user = common.find_user(
+            user_domain_id = self._get_domain_id_if_requested(
+                parsed_args.user_domain)
+            kwargs['user'] = common.find_user(
                identity_client,
                parsed_args.user,
-            )
-            project = common.find_project(
+                user_domain_id,
+            ).id
+            project_domain_id = self._get_domain_id_if_requested(
+                parsed_args.project_domain)
+            kwargs['project'] = common.find_project(
                identity_client,
                parsed_args.project,
-            )
-            identity_client.roles.grant(
-                role.id,
-                user=user.id,
-                project=project.id,
-            )
+                project_domain_id,
+            ).id
        elif parsed_args.group and parsed_args.domain:
-            group = common.find_group(
+            group_domain_id = self._get_domain_id_if_requested(
+                parsed_args.group_domain)
+            kwargs['group'] = common.find_group(
                identity_client,
                parsed_args.group,
-            )
-            domain = common.find_domain(
+                group_domain_id,
+            ).id
+            kwargs['domain'] = common.find_domain(
                identity_client,
                parsed_args.domain,
-            )
-            identity_client.roles.grant(
-                role.id,
-                group=group.id,
-                domain=domain.id,
-            )
+            ).id
        elif parsed_args.group and parsed_args.project:
-            group = common.find_group(
+            group_domain_id = self._get_domain_id_if_requested(
+                parsed_args.group_domain)
+            kwargs['group'] = common.find_group(
                identity_client,
                parsed_args.group,
-            )
-            project = common.find_project(
+                group_domain_id,
+            ).id
+            project_domain_id = self._get_domain_id_if_requested(
+                parsed_args.project_domain)
+            kwargs['project'] = common.find_project(
                identity_client,
                parsed_args.project,
-            )
-            identity_client.roles.grant(
-                role.id,
-                group=group.id,
-                project=project.id,
-            )
+                project_domain_id,
+            ).id
        else:
            sys.stderr.write("Role not added, incorrect set of arguments \
            provided. See openstack --help for more details\n")
+            return
+
+        identity_client.roles.grant(role.id, **kwargs)
        return

+    def _get_domain_id_if_requested(self, domain_name_or_id):
+        if domain_name_or_id is None:
+            return None
+        domain = common.find_domain(self.app.client_manager.identity,
+                                    domain_name_or_id)
+        return domain.id
+

 class CreateRole(show.ShowOne):
    """Create new role"""