diff --git a/openstackclient/identity/v3/role.py b/openstackclient/identity/v3/role.py
index 5b4ceb1da5..faff906293 100644
--- a/openstackclient/identity/v3/role.py
+++ b/openstackclient/identity/v3/role.py
@@ -25,6 +25,87 @@ from cliff import show
from openstackclient.common import utils
+class AddRole(command.Command):
+ """Add role command"""
+
+ api = 'identity'
+ log = logging.getLogger(__name__ + '.AddRole')
+
+ def get_parser(self, prog_name):
+ parser = super(AddRole, self).get_parser(prog_name)
+ parser.add_argument(
+ 'role',
+ metavar='<role>',
+ help='Name or ID of role to add',
+ )
+ user_or_group = parser.add_mutually_exclusive_group()
+ user_or_group.add_argument(
+ '--user',
+ metavar='<user>',
+ help='Name or ID of user to assign a role',
+ )
+ user_or_group.add_argument(
+ '--group',
+ metavar='<group>',
+ help='Name or ID of group to assign a role',
+ )
+ domain_or_project = parser.add_mutually_exclusive_group()
+ domain_or_project.add_argument(
+ '--domain',
+ metavar='<domain>',
+ help='Name or ID of domain where user or group resides',
+ )
+ domain_or_project.add_argument(
+ '--project',
+ metavar='<project>',
+ help='Name or ID of project where user or group resides',
+ )
+ return parser
+
+ def take_action(self, parsed_args):
+ self.log.debug('take_action(%s)' % parsed_args)
+ identity_client = self.app.client_manager.identity
+
+ if (not parsed_args.user and not parsed_args.domain
+ and not parsed_args.group and not parsed_args.project):
+ sys.stdout.write("Role not updated, no arguments present \n")
+ return
+
+ role_id = utils.find_resource(identity_client.roles,
+ parsed_args.role).id
+
+ if (parsed_args.user and parsed_args.domain):
+ user = utils.find_resource(identity_client.users,
+ parsed_args.user)
+ domain = utils.find_resource(identity_client.domains,
+ parsed_args.domain)
+ identity_client.roles.grant(role_id, user=user, domain=domain)
+ return
+ elif (parsed_args.user and parsed_args.project):
+ user = utils.find_resource(identity_client.users,
+ parsed_args.user)
+ project = utils.find_resource(identity_client.projects,
+ parsed_args.project)
+ identity_client.roles.grant(role_id, user=user, project=project)
+ return
+ elif (parsed_args.group and parsed_args.project):
+ group = utils.find_resource(identity_client.group,
+ parsed_args.group)
+ project = utils.find_resource(identity_client.projects,
+ parsed_args.project)
+ identity_client.roles.grant(role_id, group=group, project=project)
+ return
+ elif (parsed_args.group and parsed_args.domain):
+ group = utils.find_resource(identity_client.group,
+ parsed_args.group)
+ domain = utils.find_resource(identity_client.domains,
+ parsed_args.domain)
+ identity_client.roles.grant(role_id, group=group, domain=domain)
+ return
+ else:
+ return
+
+
class CreateRole(show.ShowOne):
"""Create new role"""
diff --git a/setup.py b/setup.py
index 04466a5179..d7926f0773 100644
--- a/setup.py
+++ b/setup.py
@@ -139,6 +139,7 @@ setuptools.setup(
'list_role=openstackclient.identity.v3.role:ListRole',
'show_role=openstackclient.identity.v3.role:ShowRole',
'set_role=openstackclient.identity.v3.role:SetRole',
+ 'add_role=openstackclient.identity.v3.role:AddRole',
],
'openstack.image.v2': [
'list_image=openstackclient.image.v2.image:ListImage',