From 7665d52a0c0643aa6034aa8cf3ae1240c693ca5f Mon Sep 17 00:00:00 2001
From: Steve Martinelli <stevemar@ca.ibm.com>
Date: Tue, 2 Jun 2015 23:38:02 -0400
Subject: [PATCH] Add domain support for ec2creds in v3 identity
A follow up work item from I52ff2020ef2fcbdc8a98280b73c6fd4a93bc8e0f
to support domain scoped users and projects for ec2creds in the
v3 identity api.
Related-Bug: 1236326
Change-Id: If4ac5356ade8cff347bb9eb9f88d1ace82bb7275
---
.../command-objects/ec2-credentials.rst | 41 ++++++
openstackclient/identity/v3/ec2creds.py | 135 ++++++++++++------
2 files changed, 129 insertions(+), 47 deletions(-)
diff --git a/doc/source/command-objects/ec2-credentials.rst b/doc/source/command-objects/ec2-credentials.rst
index a5b6754947..d675dc8c12 100644
--- a/doc/source/command-objects/ec2-credentials.rst
+++ b/doc/source/command-objects/ec2-credentials.rst
@@ -15,6 +15,8 @@ Create EC2 credentials
os ec2 credentials create
[--project <project>]
[--user <user>]
+ [--user-domain <user-domain>]
+ [--project-domain <project-domain>]
.. option:: --project <project>
@@ -24,6 +26,21 @@ Create EC2 credentials
Specify an alternate user (default: current authenticated user)
+.. option:: --user-domain <user-domain>
+
+ Domain the user belongs to (name or ID).
+ This can be used in case collisions between user names exist.
+
+ .. versionadded:: 3
+
+.. option:: --project-domain <project-domain>
+
+ Domain the project belongs to (name or ID).
+ This can be used in case collisions between project names exist.
+
+ .. versionadded:: 3
+
+
The :option:`--project` and :option:`--user` options are typically only
useful for admin users, but may be allowed for other users depending on
the policy of the cloud and the roles granted to the user.
@@ -38,12 +55,20 @@ Delete EC2 credentials
os ec2 credentials delete
[--user <user>]
+ [--user-domain <user-domain>]
<access-key>
.. option:: --user <user>
Specify a user
+.. option:: --user-domain <user-domain>
+
+ Domain the user belongs to (name or ID).
+ This can be used in case collisions between user names exist.
+
+ .. versionadded:: 3
+
.. _ec2_credentials_delete-access-key:
.. describe:: access-key
@@ -63,11 +88,19 @@ List EC2 credentials
os ec2 credentials list
[--user <user>]
+ [--user-domain <user-domain>]
.. option:: --user <user>
Filter list by <user>
+.. option:: --user-domain <user-domain>
+
+ Domain the user belongs to (name or ID).
+ This can be used in case collisions between user names exist.
+
+ .. versionadded:: 3
+
The :option:`--user` option is typically only useful for admin users, but
may be allowed for other users depending on the policy of the cloud and
the roles granted to the user.
@@ -82,12 +115,20 @@ Display EC2 credentials details
os ec2 credentials show
[--user <user>]
+ [--user-domain <user-domain>]
<access-key>
.. option:: --user <user>
Specify a user
+.. option:: --user-domain <user-domain>
+
+ Domain the user belongs to (name or ID).
+ This can be used in case collisions between user names exist.
+
+ .. versionadded:: 3
+
.. _ec2_credentials_show-access-key:
.. describe:: access-key
diff --git a/openstackclient/identity/v3/ec2creds.py b/openstackclient/identity/v3/ec2creds.py
index 254cca78a5..c49502c68b 100644
--- a/openstackclient/identity/v3/ec2creds.py
+++ b/openstackclient/identity/v3/ec2creds.py
@@ -21,6 +21,35 @@ from cliff import show
from openstackclient.common import utils
from openstackclient.i18n import _ # noqa
+from openstackclient.identity import common
+
+
+def _determine_ec2_user(parsed_args, client_manager):
+ """Determine a user several different ways.
+
+ Assumes parsed_args has user and user_domain arguments. Attempts to find
+ the user if domain scoping is provided, otherwise revert to a basic user
+ call. Lastly use the currently authenticated user.
+
+ """
+
+ user_domain = None
+ if parsed_args.user_domain:
+ user_domain = common.find_domain(client_manager.identity,
+ parsed_args.user_domain)
+ if parsed_args.user:
+ if user_domain is not None:
+ user = utils.find_resource(client_manager.identity.users,
+ parsed_args.user,
+ domain_id=user_domain.id).id
+ else:
+ user = utils.find_resource(
+ client_manager.identity.users,
+ parsed_args.user).id
+ else:
+ # Get the user from the current auth
+ user = client_manager.auth_ref.user_id
+ return user
class CreateEC2Creds(show.ShowOne):
@@ -42,28 +71,45 @@ class CreateEC2Creds(show.ShowOne):
help=_('Specify an alternate user'
' (default: current authenticated user)'),
)
+ parser.add_argument(
+ '--user-domain',
+ metavar='<user-domain>',
+ help=('Domain the user belongs to (name or ID). '
+ 'This can be used in case collisions between user names '
+ 'exist.')
+ )
+ parser.add_argument(
+ '--project-domain',
+ metavar='<project-domain>',
+ help=('Domain the project belongs to (name or ID). '
+ 'This can be used in case collisions between project names '
+ 'exist.')
+ )
return parser
def take_action(self, parsed_args):
self.log.debug('take_action(%s)', parsed_args)
identity_client = self.app.client_manager.identity
+ client_manager = self.app.client_manager
+ user = self.determine_ec2_user(parsed_args, client_manager)
+
+ project_domain = None
+ if parsed_args.project_domain:
+ project_domain = common.find_domain(identity_client,
+ parsed_args.project_domain)
if parsed_args.project:
- project = utils.find_resource(
- identity_client.projects,
- parsed_args.project,
- ).id
+ if project_domain is not None:
+ project = utils.find_resource(identity_client.projects,
+ parsed_args.project,
+ domain_id=project_domain.id).id
+ else:
+ project = utils.find_resource(
+ identity_client.projects,
+ parsed_args.project).id
else:
# Get the project from the current auth
project = self.app.client_manager.auth_ref.project_id
- if parsed_args.user:
- user = utils.find_resource(
- identity_client.users,
- parsed_args.user,
- ).id
- else:
- # Get the user from the current auth
- user = self.app.client_manager.auth_ref.user_id
creds = identity_client.ec2.create(user, project)
@@ -95,22 +141,20 @@ class DeleteEC2Creds(command.Command):
metavar='<user>',
help=_('Specify a user'),
)
+ parser.add_argument(
+ '--user-domain',
+ metavar='<user-domain>',
+ help=('Domain the user belongs to (name or ID). '
+ 'This can be used in case collisions between user names '
+ 'exist.')
+ )
return parser
def take_action(self, parsed_args):
self.log.debug('take_action(%s)', parsed_args)
- identity_client = self.app.client_manager.identity
-
- if parsed_args.user:
- user = utils.find_resource(
- identity_client.users,
- parsed_args.user,
- ).id
- else:
- # Get the user from the current auth
- user = self.app.client_manager.auth_ref.user_id
-
- identity_client.ec2.delete(user, parsed_args.access_key)
+ client_manager = self.app.client_manager
+ user = self.determine_ec2_user(parsed_args, client_manager)
+ client_manager.identity.ec2.delete(user, parsed_args.access_key)
class ListEC2Creds(lister.Lister):
@@ -125,24 +169,23 @@ class ListEC2Creds(lister.Lister):
metavar='<user>',
help=_('Specify a user'),
)
+ parser.add_argument(
+ '--user-domain',
+ metavar='<user-domain>',
+ help=('Domain the user belongs to (name or ID). '
+ 'This can be used in case collisions between user names '
+ 'exist.')
+ )
return parser
def take_action(self, parsed_args):
self.log.debug('take_action(%s)', parsed_args)
- identity_client = self.app.client_manager.identity
-
- if parsed_args.user:
- user = utils.find_resource(
- identity_client.users,
- parsed_args.user,
- ).id
- else:
- # Get the user from the current auth
- user = self.app.client_manager.auth_ref.user_id
+ client_manager = self.app.client_manager
+ user = self.determine_ec2_user(parsed_args, client_manager)
columns = ('access', 'secret', 'tenant_id', 'user_id')
column_headers = ('Access', 'Secret', 'Project ID', 'User ID')
- data = identity_client.ec2.list(user)
+ data = client_manager.identity.ec2.list(user)
return (column_headers,
(utils.get_item_properties(
@@ -168,22 +211,20 @@ class ShowEC2Creds(show.ShowOne):
metavar='<user>',
help=_('Specify a user'),
)
+ parser.add_argument(
+ '--user-domain',
+ metavar='<user-domain>',
+ help=('Domain the user belongs to (name or ID). '
+ 'This can be used in case collisions between user names '
+ 'exist.')
+ )
return parser
def take_action(self, parsed_args):
self.log.debug('take_action(%s)', parsed_args)
- identity_client = self.app.client_manager.identity
-
- if parsed_args.user:
- user = utils.find_resource(
- identity_client.users,
- parsed_args.user,
- ).id
- else:
- # Get the user from the current auth
- user = self.app.client_manager.auth_ref.user_id
-
- creds = identity_client.ec2.get(user, parsed_args.access_key)
+ client_manager = self.app.client_manager
+ user = self.determine_ec2_user(parsed_args, client_manager)
+ creds = client_manager.identity.ec2.get(user, parsed_args.access_key)
info = {}
info.update(creds._info)