Add domain support for ec2creds in v3 identity

A follow up work item from I52ff2020ef2fcbdc8a98280b73c6fd4a93bc8e0f
to support domain scoped users and projects for ec2creds in the
v3 identity api.

Related-Bug: 1236326

Change-Id: If4ac5356ade8cff347bb9eb9f88d1ace82bb7275

doc/source/command-objects/ec2-credentials.rst

@@ -15,6 +15,8 @@ Create EC2 credentials
     os ec2 credentials create
         [--project <project>]
         [--user <user>]
+        [--user-domain <user-domain>]
+        [--project-domain <project-domain>]
 
 .. option:: --project <project>
 
@@ -24,6 +26,21 @@ Create EC2 credentials
 
     Specify an alternate user (default: current authenticated user)
 
+.. option:: --user-domain <user-domain>
+
+    Domain the user belongs to (name or ID).
+    This can be used in case collisions between user names exist.
+
+    .. versionadded:: 3
+
+.. option:: --project-domain <project-domain>
+
+    Domain the project belongs to (name or ID).
+    This can be used in case collisions between project names exist.
+
+    .. versionadded:: 3
+
+
 The :option:`--project` and :option:`--user`  options are typically only
 useful for admin users, but may be allowed for other users depending on
 the policy of the cloud and the roles granted to the user.
@@ -38,12 +55,20 @@ Delete EC2 credentials
 
     os ec2 credentials delete
         [--user <user>]
+        [--user-domain <user-domain>]
         <access-key>
 
 .. option:: --user <user>
 
     Specify a user
 
+.. option:: --user-domain <user-domain>
+
+    Domain the user belongs to (name or ID).
+    This can be used in case collisions between user names exist.
+
+    .. versionadded:: 3
+
 .. _ec2_credentials_delete-access-key:
 .. describe:: access-key
 
@@ -63,11 +88,19 @@ List EC2 credentials
 
     os ec2 credentials list
         [--user <user>]
+        [--user-domain <user-domain>]
 
 .. option:: --user <user>
 
     Filter list by <user>
 
+.. option:: --user-domain <user-domain>
+
+    Domain the user belongs to (name or ID).
+    This can be used in case collisions between user names exist.
+
+    .. versionadded:: 3
+
 The :option:`--user` option is typically only useful for admin users, but
 may be allowed for other users depending on the policy of the cloud and
 the roles granted to the user.
@@ -82,12 +115,20 @@ Display EC2 credentials details
 
     os ec2 credentials show
         [--user <user>]
+        [--user-domain <user-domain>]
         <access-key>
 
 .. option:: --user <user>
 
     Specify a user
 
+.. option:: --user-domain <user-domain>
+
+    Domain the user belongs to (name or ID).
+    This can be used in case collisions between user names exist.
+
+    .. versionadded:: 3
+
 .. _ec2_credentials_show-access-key:
 .. describe:: access-key
 

openstackclient/identity/v3/ec2creds.py

@@ -21,6 +21,35 @@ from cliff import show
 
 from openstackclient.common import utils
 from openstackclient.i18n import _  # noqa
+from openstackclient.identity import common
+
+
+def _determine_ec2_user(parsed_args, client_manager):
+    """Determine a user several different ways.
+
+    Assumes parsed_args has user and user_domain arguments. Attempts to find
+    the user if domain scoping is provided, otherwise revert to a basic user
+    call. Lastly use the currently authenticated user.
+
+    """
+
+    user_domain = None
+    if parsed_args.user_domain:
+        user_domain = common.find_domain(client_manager.identity,
+                                         parsed_args.user_domain)
+    if parsed_args.user:
+        if user_domain is not None:
+            user = utils.find_resource(client_manager.identity.users,
+                                       parsed_args.user,
+                                       domain_id=user_domain.id).id
+        else:
+            user = utils.find_resource(
+                client_manager.identity.users,
+                parsed_args.user).id
+    else:
+        # Get the user from the current auth
+        user = client_manager.auth_ref.user_id
+    return user
 
 
 class CreateEC2Creds(show.ShowOne):
@@ -42,28 +71,45 @@ class CreateEC2Creds(show.ShowOne):
             help=_('Specify an alternate user'
                    ' (default: current authenticated user)'),
         )
+        parser.add_argument(
+            '--user-domain',
+            metavar='<user-domain>',
+            help=('Domain the user belongs to (name or ID). '
+                  'This can be used in case collisions between user names '
+                  'exist.')
+        )
+        parser.add_argument(
+            '--project-domain',
+            metavar='<project-domain>',
+            help=('Domain the project belongs to (name or ID). '
+                  'This can be used in case collisions between project names '
+                  'exist.')
+        )
         return parser
 
     def take_action(self, parsed_args):
         self.log.debug('take_action(%s)', parsed_args)
         identity_client = self.app.client_manager.identity
+        client_manager = self.app.client_manager
+        user = self.determine_ec2_user(parsed_args, client_manager)
+
+        project_domain = None
+        if parsed_args.project_domain:
+            project_domain = common.find_domain(identity_client,
+                                                parsed_args.project_domain)
 
         if parsed_args.project:
-            project = utils.find_resource(
+            if project_domain is not None:
-                identity_client.projects,
+                project = utils.find_resource(identity_client.projects,
-                parsed_args.project,
+                                              parsed_args.project,
-            ).id
+                                              domain_id=project_domain.id).id
+            else:
+                project = utils.find_resource(
+                    identity_client.projects,
+                    parsed_args.project).id
         else:
             # Get the project from the current auth
             project = self.app.client_manager.auth_ref.project_id
-        if parsed_args.user:
-            user = utils.find_resource(
-                identity_client.users,
-                parsed_args.user,
-            ).id
-        else:
-            # Get the user from the current auth
-            user = self.app.client_manager.auth_ref.user_id
 
         creds = identity_client.ec2.create(user, project)
 
@@ -95,22 +141,20 @@ class DeleteEC2Creds(command.Command):
             metavar='<user>',
             help=_('Specify a user'),
         )
+        parser.add_argument(
+            '--user-domain',
+            metavar='<user-domain>',
+            help=('Domain the user belongs to (name or ID). '
+                  'This can be used in case collisions between user names '
+                  'exist.')
+        )
         return parser
 
     def take_action(self, parsed_args):
         self.log.debug('take_action(%s)', parsed_args)
-        identity_client = self.app.client_manager.identity
+        client_manager = self.app.client_manager
-
+        user = self.determine_ec2_user(parsed_args, client_manager)
-        if parsed_args.user:
+        client_manager.identity.ec2.delete(user, parsed_args.access_key)
-            user = utils.find_resource(
-                identity_client.users,
-                parsed_args.user,
-            ).id
-        else:
-            # Get the user from the current auth
-            user = self.app.client_manager.auth_ref.user_id
-
-        identity_client.ec2.delete(user, parsed_args.access_key)
 
 
 class ListEC2Creds(lister.Lister):
@@ -125,24 +169,23 @@ class ListEC2Creds(lister.Lister):
             metavar='<user>',
             help=_('Specify a user'),
         )
+        parser.add_argument(
+            '--user-domain',
+            metavar='<user-domain>',
+            help=('Domain the user belongs to (name or ID). '
+                  'This can be used in case collisions between user names '
+                  'exist.')
+        )
         return parser
 
     def take_action(self, parsed_args):
         self.log.debug('take_action(%s)', parsed_args)
-        identity_client = self.app.client_manager.identity
+        client_manager = self.app.client_manager
-
+        user = self.determine_ec2_user(parsed_args, client_manager)
-        if parsed_args.user:
-            user = utils.find_resource(
-                identity_client.users,
-                parsed_args.user,
-            ).id
-        else:
-            # Get the user from the current auth
-            user = self.app.client_manager.auth_ref.user_id
 
         columns = ('access', 'secret', 'tenant_id', 'user_id')
         column_headers = ('Access', 'Secret', 'Project ID', 'User ID')
-        data = identity_client.ec2.list(user)
+        data = client_manager.identity.ec2.list(user)
 
         return (column_headers,
                 (utils.get_item_properties(
@@ -168,22 +211,20 @@ class ShowEC2Creds(show.ShowOne):
             metavar='<user>',
             help=_('Specify a user'),
         )
+        parser.add_argument(
+            '--user-domain',
+            metavar='<user-domain>',
+            help=('Domain the user belongs to (name or ID). '
+                  'This can be used in case collisions between user names '
+                  'exist.')
+        )
         return parser
 
     def take_action(self, parsed_args):
         self.log.debug('take_action(%s)', parsed_args)
-        identity_client = self.app.client_manager.identity
+        client_manager = self.app.client_manager
-
+        user = self.determine_ec2_user(parsed_args, client_manager)
-        if parsed_args.user:
+        creds = client_manager.identity.ec2.get(user, parsed_args.access_key)
-            user = utils.find_resource(
-                identity_client.users,
-                parsed_args.user,
-            ).id
-        else:
-            # Get the user from the current auth
-            user = self.app.client_manager.auth_ref.user_id
-
-        creds = identity_client.ec2.get(user, parsed_args.access_key)
 
         info = {}
         info.update(creds._info)