openstack
/
python-openstackclient
Code Issues Proposed changes

Add domain support for ec2creds in v3 identity 

A follow up work item from I52ff2020ef2fcbdc8a98280b73c6fd4a93bc8e0f
to support domain scoped users and projects for ec2creds in the
v3 identity api.

Related-Bug: 1236326

Change-Id: If4ac5356ade8cff347bb9eb9f88d1ace82bb7275
This commit is contained in:
Steve Martinelli 2015-06-02 23:38:02 -04:00
parent 15d3717e73
commit 7665d52a0c
2 changed files with 129 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
doc/source/command-objects/ec2-credentials.rst
View File

@ -15,6 +15,8 @@ Create EC2 credentials
os ec2 credentials create
[--project <project>]
[--user <user>]
[--user-domain <user-domain>]
[--project-domain <project-domain>]
.. option:: --project <project>
@ -24,6 +26,21 @@ Create EC2 credentials
Specify an alternate user (default: current authenticated user)
.. option:: --user-domain <user-domain>
Domain the user belongs to (name or ID).
This can be used in case collisions between user names exist.
.. versionadded:: 3
.. option:: --project-domain <project-domain>
Domain the project belongs to (name or ID).
This can be used in case collisions between project names exist.
.. versionadded:: 3
The :option:`--project` and :option:`--user` options are typically only
useful for admin users, but may be allowed for other users depending on
the policy of the cloud and the roles granted to the user.
@ -38,12 +55,20 @@ Delete EC2 credentials
os ec2 credentials delete
[--user <user>]
[--user-domain <user-domain>]
<access-key>
.. option:: --user <user>
Specify a user
.. option:: --user-domain <user-domain>
Domain the user belongs to (name or ID).
This can be used in case collisions between user names exist.
.. versionadded:: 3
.. _ec2_credentials_delete-access-key:
.. describe:: access-key
@ -63,11 +88,19 @@ List EC2 credentials
os ec2 credentials list
[--user <user>]
[--user-domain <user-domain>]
.. option:: --user <user>
Filter list by <user>
.. option:: --user-domain <user-domain>
Domain the user belongs to (name or ID).
This can be used in case collisions between user names exist.
.. versionadded:: 3
The :option:`--user` option is typically only useful for admin users, but
may be allowed for other users depending on the policy of the cloud and
the roles granted to the user.
@ -82,12 +115,20 @@ Display EC2 credentials details
os ec2 credentials show
[--user <user>]
[--user-domain <user-domain>]
<access-key>
.. option:: --user <user>
Specify a user
.. option:: --user-domain <user-domain>
Domain the user belongs to (name or ID).
This can be used in case collisions between user names exist.
.. versionadded:: 3
.. _ec2_credentials_show-access-key:
.. describe:: access-key

135
openstackclient/identity/v3/ec2creds.py
View File

@ -21,6 +21,35 @@ from cliff import show
from openstackclient.common import utils
from openstackclient.i18n import _ # noqa
from openstackclient.identity import common
def _determine_ec2_user(parsed_args, client_manager):
"""Determine a user several different ways.
Assumes parsed_args has user and user_domain arguments. Attempts to find
the user if domain scoping is provided, otherwise revert to a basic user
call. Lastly use the currently authenticated user.
"""
user_domain = None
if parsed_args.user_domain:
user_domain = common.find_domain(client_manager.identity,
parsed_args.user_domain)
if parsed_args.user:
if user_domain is not None:
user = utils.find_resource(client_manager.identity.users,
parsed_args.user,
domain_id=user_domain.id).id
else:
user = utils.find_resource(
client_manager.identity.users,
parsed_args.user).id
else:
# Get the user from the current auth
user = client_manager.auth_ref.user_id
return user
class CreateEC2Creds(show.ShowOne):
@ -42,28 +71,45 @@ class CreateEC2Creds(show.ShowOne):
help=_('Specify an alternate user'
' (default: current authenticated user)'),
)
parser.add_argument(
'--user-domain',
metavar='<user-domain>',
help=('Domain the user belongs to (name or ID). '
'This can be used in case collisions between user names '
'exist.')
)
parser.add_argument(
'--project-domain',
metavar='<project-domain>',
help=('Domain the project belongs to (name or ID). '
'This can be used in case collisions between project names '
'exist.')
)
return parser
def take_action(self, parsed_args):
self.log.debug('take_action(%s)', parsed_args)
identity_client = self.app.client_manager.identity
client_manager = self.app.client_manager
user = self.determine_ec2_user(parsed_args, client_manager)
project_domain = None
if parsed_args.project_domain:
project_domain = common.find_domain(identity_client,
parsed_args.project_domain)
if parsed_args.project:
project = utils.find_resource(
identity_client.projects,
parsed_args.project,
).id
if project_domain is not None:
project = utils.find_resource(identity_client.projects,
parsed_args.project,
domain_id=project_domain.id).id
else:
project = utils.find_resource(
identity_client.projects,
parsed_args.project).id
else:
# Get the project from the current auth
project = self.app.client_manager.auth_ref.project_id
if parsed_args.user:
user = utils.find_resource(
identity_client.users,
parsed_args.user,
).id
else:
# Get the user from the current auth
user = self.app.client_manager.auth_ref.user_id
creds = identity_client.ec2.create(user, project)
@ -95,22 +141,20 @@ class DeleteEC2Creds(command.Command):
metavar='<user>',
help=_('Specify a user'),
)
parser.add_argument(
'--user-domain',
metavar='<user-domain>',
help=('Domain the user belongs to (name or ID). '
'This can be used in case collisions between user names '
'exist.')
)
return parser
def take_action(self, parsed_args):
self.log.debug('take_action(%s)', parsed_args)
identity_client = self.app.client_manager.identity
if parsed_args.user:
user = utils.find_resource(
identity_client.users,
parsed_args.user,
).id
else:
# Get the user from the current auth
user = self.app.client_manager.auth_ref.user_id
identity_client.ec2.delete(user, parsed_args.access_key)
client_manager = self.app.client_manager
user = self.determine_ec2_user(parsed_args, client_manager)
client_manager.identity.ec2.delete(user, parsed_args.access_key)
class ListEC2Creds(lister.Lister):
@ -125,24 +169,23 @@ class ListEC2Creds(lister.Lister):
metavar='<user>',
help=_('Specify a user'),
)
parser.add_argument(
'--user-domain',
metavar='<user-domain>',
help=('Domain the user belongs to (name or ID). '
'This can be used in case collisions between user names '
'exist.')
)
return parser
def take_action(self, parsed_args):
self.log.debug('take_action(%s)', parsed_args)
identity_client = self.app.client_manager.identity
if parsed_args.user:
user = utils.find_resource(
identity_client.users,
parsed_args.user,
).id
else:
# Get the user from the current auth
user = self.app.client_manager.auth_ref.user_id
client_manager = self.app.client_manager
user = self.determine_ec2_user(parsed_args, client_manager)
columns = ('access', 'secret', 'tenant_id', 'user_id')
column_headers = ('Access', 'Secret', 'Project ID', 'User ID')
data = identity_client.ec2.list(user)
data = client_manager.identity.ec2.list(user)
return (column_headers,
(utils.get_item_properties(
@ -168,22 +211,20 @@ class ShowEC2Creds(show.ShowOne):
metavar='<user>',
help=_('Specify a user'),
)
parser.add_argument(
'--user-domain',
metavar='<user-domain>',
help=('Domain the user belongs to (name or ID). '
'This can be used in case collisions between user names '
'exist.')
)
return parser
def take_action(self, parsed_args):
self.log.debug('take_action(%s)', parsed_args)
identity_client = self.app.client_manager.identity
if parsed_args.user:
user = utils.find_resource(
identity_client.users,
parsed_args.user,
).id
else:
# Get the user from the current auth
user = self.app.client_manager.auth_ref.user_id
creds = identity_client.ec2.get(user, parsed_args.access_key)
client_manager = self.app.client_manager
user = self.determine_ec2_user(parsed_args, client_manager)
creds = client_manager.identity.ec2.get(user, parsed_args.access_key)
info = {}
info.update(creds._info)