Merge "Add support for endpoint group commands"
This commit is contained in:
28
doc/source/cli/command-objects/endpoint_group.rst
Normal file
28
doc/source/cli/command-objects/endpoint_group.rst
Normal file
@@ -0,0 +1,28 @@
|
|||||||
|
==============
|
||||||
|
endpoint group
|
||||||
|
==============
|
||||||
|
|
||||||
|
A **endpoint group** is used to create groups of endpoints that then
|
||||||
|
can be used to filter the endpoints that are available to a project.
|
||||||
|
Applicable to Identity v3
|
||||||
|
|
||||||
|
.. autoprogram-cliff:: openstack.identity.v3
|
||||||
|
:command: endpoint group add project
|
||||||
|
|
||||||
|
.. autoprogram-cliff:: openstack.identity.v3
|
||||||
|
:command: endpoint group create
|
||||||
|
|
||||||
|
.. autoprogram-cliff:: openstack.identity.v3
|
||||||
|
:command: endpoint group delete
|
||||||
|
|
||||||
|
.. autoprogram-cliff:: openstack.identity.v3
|
||||||
|
:command: endpoint group list
|
||||||
|
|
||||||
|
.. autoprogram-cliff:: openstack.identity.v3
|
||||||
|
:command: endpoint group remove project
|
||||||
|
|
||||||
|
.. autoprogram-cliff:: openstack.identity.v3
|
||||||
|
:command: endpoint group set
|
||||||
|
|
||||||
|
.. autoprogram-cliff:: openstack.identity.v3
|
||||||
|
:command: endpoint group show
|
@@ -91,6 +91,7 @@ referring to both Compute and Volume quotas.
|
|||||||
* ``domain``: (**Identity**) a grouping of projects
|
* ``domain``: (**Identity**) a grouping of projects
|
||||||
* ``ec2 credentials``: (**Identity**) AWS EC2-compatible credentials
|
* ``ec2 credentials``: (**Identity**) AWS EC2-compatible credentials
|
||||||
* ``endpoint``: (**Identity**) the base URL used to contact a specific service
|
* ``endpoint``: (**Identity**) the base URL used to contact a specific service
|
||||||
|
* ``endpoint group``: (**Identity**) group endpoints to be used as filters
|
||||||
* ``extension``: (**Compute**, **Identity**, **Network**, **Volume**) OpenStack server API extensions
|
* ``extension``: (**Compute**, **Identity**, **Network**, **Volume**) OpenStack server API extensions
|
||||||
* ``federation protocol``: (**Identity**) the underlying protocol used while federating identities
|
* ``federation protocol``: (**Identity**) the underlying protocol used while federating identities
|
||||||
* ``flavor``: (**Compute**) predefined server configurations: ram, root disk and so on
|
* ``flavor``: (**Compute**) predefined server configurations: ram, root disk and so on
|
||||||
|
324
openstackclient/identity/v3/endpoint_group.py
Normal file
324
openstackclient/identity/v3/endpoint_group.py
Normal file
@@ -0,0 +1,324 @@
|
|||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
#
|
||||||
|
|
||||||
|
"""Identity v3 Endpoint Group action implementations"""
|
||||||
|
|
||||||
|
import json
|
||||||
|
import logging
|
||||||
|
|
||||||
|
from osc_lib.command import command
|
||||||
|
from osc_lib import exceptions
|
||||||
|
from osc_lib import utils
|
||||||
|
import six
|
||||||
|
|
||||||
|
from openstackclient.i18n import _
|
||||||
|
from openstackclient.identity import common
|
||||||
|
|
||||||
|
|
||||||
|
LOG = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
||||||
|
class _FiltersReader(object):
|
||||||
|
_description = _("Helper class capable of reading filters from files")
|
||||||
|
|
||||||
|
def _read_filters(self, path):
|
||||||
|
"""Read and parse rules from path
|
||||||
|
|
||||||
|
Expect the file to contain a valid JSON structure.
|
||||||
|
|
||||||
|
:param path: path to the file
|
||||||
|
:return: loaded and valid dictionary with filters
|
||||||
|
:raises exception.CommandError: In case the file cannot be
|
||||||
|
accessed or the content is not a valid JSON.
|
||||||
|
|
||||||
|
Example of the content of the file:
|
||||||
|
{
|
||||||
|
"interface": "admin",
|
||||||
|
"service_id": "1b501a"
|
||||||
|
}
|
||||||
|
"""
|
||||||
|
blob = utils.read_blob_file_contents(path)
|
||||||
|
try:
|
||||||
|
rules = json.loads(blob)
|
||||||
|
except ValueError as e:
|
||||||
|
msg = _("An error occurred when reading filters from file "
|
||||||
|
"%(path)s: %(error)s") % {"path": path, "error": e}
|
||||||
|
raise exceptions.CommandError(msg)
|
||||||
|
else:
|
||||||
|
return rules
|
||||||
|
|
||||||
|
|
||||||
|
class AddProjectToEndpointGroup(command.Command):
|
||||||
|
_description = _("Add a project to an endpoint group")
|
||||||
|
|
||||||
|
def get_parser(self, prog_name):
|
||||||
|
parser = super(
|
||||||
|
AddProjectToEndpointGroup, self).get_parser(prog_name)
|
||||||
|
parser.add_argument(
|
||||||
|
'endpointgroup',
|
||||||
|
metavar='<endpoint-group>',
|
||||||
|
help=_('Endpoint group (name or ID)'),
|
||||||
|
)
|
||||||
|
parser.add_argument(
|
||||||
|
'project',
|
||||||
|
metavar='<project>',
|
||||||
|
help=_('Project to associate (name or ID)'),
|
||||||
|
)
|
||||||
|
common.add_project_domain_option_to_parser(parser)
|
||||||
|
return parser
|
||||||
|
|
||||||
|
def take_action(self, parsed_args):
|
||||||
|
client = self.app.client_manager.identity
|
||||||
|
|
||||||
|
endpointgroup = utils.find_resource(client.endpoint_groups,
|
||||||
|
parsed_args.endpointgroup)
|
||||||
|
|
||||||
|
project = common.find_project(client,
|
||||||
|
parsed_args.project,
|
||||||
|
parsed_args.project_domain)
|
||||||
|
|
||||||
|
client.endpoint_filter.add_endpoint_group_to_project(
|
||||||
|
endpoint_group=endpointgroup.id,
|
||||||
|
project=project.id)
|
||||||
|
|
||||||
|
|
||||||
|
class CreateEndpointGroup(command.ShowOne, _FiltersReader):
|
||||||
|
_description = _("Create new endpoint group")
|
||||||
|
|
||||||
|
def get_parser(self, prog_name):
|
||||||
|
parser = super(CreateEndpointGroup, self).get_parser(prog_name)
|
||||||
|
parser.add_argument(
|
||||||
|
'name',
|
||||||
|
metavar='<name>',
|
||||||
|
help=_('Name of the endpoint group'),
|
||||||
|
)
|
||||||
|
parser.add_argument(
|
||||||
|
'filters',
|
||||||
|
metavar='<filename>',
|
||||||
|
help=_('Filename that contains a new set of filters'),
|
||||||
|
)
|
||||||
|
parser.add_argument(
|
||||||
|
'--description',
|
||||||
|
help=_('Description of the endpoint group'),
|
||||||
|
)
|
||||||
|
return parser
|
||||||
|
|
||||||
|
def take_action(self, parsed_args):
|
||||||
|
identity_client = self.app.client_manager.identity
|
||||||
|
|
||||||
|
filters = None
|
||||||
|
if parsed_args.filters:
|
||||||
|
filters = self._read_filters(parsed_args.filters)
|
||||||
|
|
||||||
|
endpoint_group = identity_client.endpoint_groups.create(
|
||||||
|
name=parsed_args.name,
|
||||||
|
filters=filters,
|
||||||
|
description=parsed_args.description
|
||||||
|
)
|
||||||
|
|
||||||
|
info = {}
|
||||||
|
endpoint_group._info.pop('links')
|
||||||
|
info.update(endpoint_group._info)
|
||||||
|
return zip(*sorted(six.iteritems(info)))
|
||||||
|
|
||||||
|
|
||||||
|
class DeleteEndpointGroup(command.Command):
|
||||||
|
_description = _("Delete endpoint group(s)")
|
||||||
|
|
||||||
|
def get_parser(self, prog_name):
|
||||||
|
parser = super(DeleteEndpointGroup, self).get_parser(prog_name)
|
||||||
|
parser.add_argument(
|
||||||
|
'endpointgroup',
|
||||||
|
metavar='<endpoint-group>',
|
||||||
|
nargs='+',
|
||||||
|
help=_('Endpoint group(s) to delete (name or ID)'),
|
||||||
|
)
|
||||||
|
return parser
|
||||||
|
|
||||||
|
def take_action(self, parsed_args):
|
||||||
|
identity_client = self.app.client_manager.identity
|
||||||
|
result = 0
|
||||||
|
for i in parsed_args.endpointgroup:
|
||||||
|
try:
|
||||||
|
endpoint_id = utils.find_resource(
|
||||||
|
identity_client.endpoint_groups, i).id
|
||||||
|
identity_client.endpoint_groups.delete(endpoint_id)
|
||||||
|
except Exception as e:
|
||||||
|
result += 1
|
||||||
|
LOG.error(_("Failed to delete endpoint group with "
|
||||||
|
"ID '%(endpointgroup)s': %(e)s"),
|
||||||
|
{'endpointgroup': i, 'e': e})
|
||||||
|
|
||||||
|
if result > 0:
|
||||||
|
total = len(parsed_args.endpointgroup)
|
||||||
|
msg = (_("%(result)s of %(total)s endpointgroups failed "
|
||||||
|
"to delete.") % {'result': result, 'total': total})
|
||||||
|
raise exceptions.CommandError(msg)
|
||||||
|
|
||||||
|
|
||||||
|
class ListEndpointGroup(command.Lister):
|
||||||
|
_description = _("List endpoint groups")
|
||||||
|
|
||||||
|
def get_parser(self, prog_name):
|
||||||
|
parser = super(ListEndpointGroup, self).get_parser(prog_name)
|
||||||
|
list_group = parser.add_mutually_exclusive_group()
|
||||||
|
list_group.add_argument(
|
||||||
|
'--endpointgroup',
|
||||||
|
metavar='<endpoint-group>',
|
||||||
|
help=_('Endpoint Group (name or ID)'),
|
||||||
|
)
|
||||||
|
list_group.add_argument(
|
||||||
|
'--project',
|
||||||
|
metavar='<project>',
|
||||||
|
help=_('Project (name or ID)'),
|
||||||
|
)
|
||||||
|
parser.add_argument(
|
||||||
|
'--domain',
|
||||||
|
metavar='<domain>',
|
||||||
|
help=_('Domain owning <project> (name or ID)'),
|
||||||
|
)
|
||||||
|
return parser
|
||||||
|
|
||||||
|
def take_action(self, parsed_args):
|
||||||
|
client = self.app.client_manager.identity
|
||||||
|
|
||||||
|
endpointgroup = None
|
||||||
|
if parsed_args.endpointgroup:
|
||||||
|
endpointgroup = utils.find_resource(client.endpoint_groups,
|
||||||
|
parsed_args.endpointgroup)
|
||||||
|
project = None
|
||||||
|
if parsed_args.project:
|
||||||
|
project = common.find_project(client,
|
||||||
|
parsed_args.project,
|
||||||
|
parsed_args.domain)
|
||||||
|
|
||||||
|
if endpointgroup:
|
||||||
|
# List projects associated to the endpoint group
|
||||||
|
columns = ('ID', 'Name')
|
||||||
|
data = client.endpoint_filter.list_projects_for_endpoint_group(
|
||||||
|
endpoint_group=endpointgroup.id)
|
||||||
|
elif project:
|
||||||
|
columns = ('ID', 'Name')
|
||||||
|
data = client.endpoint_filter.list_endpoint_groups_for_project(
|
||||||
|
project=project.id)
|
||||||
|
else:
|
||||||
|
columns = ('ID', 'Name', 'Description')
|
||||||
|
data = client.endpoint_groups.list()
|
||||||
|
|
||||||
|
return (columns,
|
||||||
|
(utils.get_item_properties(
|
||||||
|
s, columns,
|
||||||
|
formatters={},
|
||||||
|
) for s in data))
|
||||||
|
|
||||||
|
|
||||||
|
class RemoveProjectFromEndpointGroup(command.Command):
|
||||||
|
_description = _("Remove project from endpoint group")
|
||||||
|
|
||||||
|
def get_parser(self, prog_name):
|
||||||
|
parser = super(
|
||||||
|
RemoveProjectFromEndpointGroup, self).get_parser(prog_name)
|
||||||
|
parser.add_argument(
|
||||||
|
'endpointgroup',
|
||||||
|
metavar='<endpoint-group>',
|
||||||
|
help=_('Endpoint group (name or ID)'),
|
||||||
|
)
|
||||||
|
parser.add_argument(
|
||||||
|
'project',
|
||||||
|
metavar='<project>',
|
||||||
|
help=_('Project to remove (name or ID)'),
|
||||||
|
)
|
||||||
|
common.add_project_domain_option_to_parser(parser)
|
||||||
|
return parser
|
||||||
|
|
||||||
|
def take_action(self, parsed_args):
|
||||||
|
client = self.app.client_manager.identity
|
||||||
|
|
||||||
|
endpointgroup = utils.find_resource(client.endpoint_groups,
|
||||||
|
parsed_args.endpointgroup)
|
||||||
|
|
||||||
|
project = common.find_project(client,
|
||||||
|
parsed_args.project,
|
||||||
|
parsed_args.project_domain)
|
||||||
|
|
||||||
|
client.endpoint_filter.delete_endpoint_group_to_project(
|
||||||
|
endpoint_group=endpointgroup.id,
|
||||||
|
project=project.id)
|
||||||
|
|
||||||
|
|
||||||
|
class SetEndpointGroup(command.Command, _FiltersReader):
|
||||||
|
_description = _("Set endpoint group properties")
|
||||||
|
|
||||||
|
def get_parser(self, prog_name):
|
||||||
|
parser = super(SetEndpointGroup, self).get_parser(prog_name)
|
||||||
|
parser.add_argument(
|
||||||
|
'endpointgroup',
|
||||||
|
metavar='<endpoint-group>',
|
||||||
|
help=_('Endpoint Group to modify (name or ID)'),
|
||||||
|
)
|
||||||
|
parser.add_argument(
|
||||||
|
'--name',
|
||||||
|
metavar='<name>',
|
||||||
|
help=_('New enpoint group name'),
|
||||||
|
)
|
||||||
|
parser.add_argument(
|
||||||
|
'--filters',
|
||||||
|
metavar='<filename>',
|
||||||
|
help=_('Filename that contains a new set of filters'),
|
||||||
|
)
|
||||||
|
parser.add_argument(
|
||||||
|
'--description',
|
||||||
|
metavar='<description>',
|
||||||
|
default='',
|
||||||
|
help=_('New endpoint group description'),
|
||||||
|
)
|
||||||
|
return parser
|
||||||
|
|
||||||
|
def take_action(self, parsed_args):
|
||||||
|
identity_client = self.app.client_manager.identity
|
||||||
|
endpointgroup = utils.find_resource(identity_client.endpoint_groups,
|
||||||
|
parsed_args.endpointgroup)
|
||||||
|
|
||||||
|
filters = None
|
||||||
|
if parsed_args.filters:
|
||||||
|
filters = self._read_filters(parsed_args.filters)
|
||||||
|
|
||||||
|
identity_client.endpoint_groups.update(
|
||||||
|
endpointgroup.id,
|
||||||
|
name=parsed_args.name,
|
||||||
|
filters=filters,
|
||||||
|
description=parsed_args.description
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
class ShowEndpointGroup(command.ShowOne):
|
||||||
|
_description = _("Display endpoint group details")
|
||||||
|
|
||||||
|
def get_parser(self, prog_name):
|
||||||
|
parser = super(ShowEndpointGroup, self).get_parser(prog_name)
|
||||||
|
parser.add_argument(
|
||||||
|
'endpointgroup',
|
||||||
|
metavar='<endpointgroup>',
|
||||||
|
help=_('Endpoint group (name or ID)'),
|
||||||
|
)
|
||||||
|
return parser
|
||||||
|
|
||||||
|
def take_action(self, parsed_args):
|
||||||
|
identity_client = self.app.client_manager.identity
|
||||||
|
endpoint_group = utils.find_resource(identity_client.endpoint_groups,
|
||||||
|
parsed_args.endpointgroup)
|
||||||
|
|
||||||
|
info = {}
|
||||||
|
endpoint_group._info.pop('links')
|
||||||
|
info.update(endpoint_group._info)
|
||||||
|
return zip(*sorted(six.iteritems(info)))
|
@@ -228,6 +228,20 @@ ENDPOINT = {
|
|||||||
'links': base_url + 'endpoints/' + endpoint_id,
|
'links': base_url + 'endpoints/' + endpoint_id,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
endpoint_group_id = 'eg-123'
|
||||||
|
endpoint_group_description = 'eg 123 description'
|
||||||
|
endpoint_group_filters = {
|
||||||
|
'service_id': service_id,
|
||||||
|
'region_id': endpoint_region,
|
||||||
|
}
|
||||||
|
|
||||||
|
ENDPOINT_GROUP = {
|
||||||
|
'id': endpoint_group_id,
|
||||||
|
'filters': endpoint_group_filters,
|
||||||
|
'description': endpoint_group_description,
|
||||||
|
'links': base_url + 'endpoint_groups/' + endpoint_group_id,
|
||||||
|
}
|
||||||
|
|
||||||
user_id = 'bbbbbbb-aaaa-aaaa-aaaa-bbbbbbbaaaa'
|
user_id = 'bbbbbbb-aaaa-aaaa-aaaa-bbbbbbbaaaa'
|
||||||
user_name = 'paul'
|
user_name = 'paul'
|
||||||
user_description = 'Sir Paul'
|
user_description = 'Sir Paul'
|
||||||
@@ -500,6 +514,8 @@ class FakeIdentityv3Client(object):
|
|||||||
self.endpoints.resource_class = fakes.FakeResource(None, {})
|
self.endpoints.resource_class = fakes.FakeResource(None, {})
|
||||||
self.endpoint_filter = mock.Mock()
|
self.endpoint_filter = mock.Mock()
|
||||||
self.endpoint_filter.resource_class = fakes.FakeResource(None, {})
|
self.endpoint_filter.resource_class = fakes.FakeResource(None, {})
|
||||||
|
self.endpoint_groups = mock.Mock()
|
||||||
|
self.endpoint_groups.resource_class = fakes.FakeResource(None, {})
|
||||||
self.groups = mock.Mock()
|
self.groups = mock.Mock()
|
||||||
self.groups.resource_class = fakes.FakeResource(None, {})
|
self.groups.resource_class = fakes.FakeResource(None, {})
|
||||||
self.oauth1 = mock.Mock()
|
self.oauth1 = mock.Mock()
|
||||||
|
@@ -0,0 +1,7 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Add endpoint group commands: ``endpoint group add project``, ``endpoint group create``,
|
||||||
|
``endpoint group delete``, ``endpoint group list``, ``endpoint group remove project``,
|
||||||
|
``endpoint group set`` and ``endpoint group show``.
|
||||||
|
[Blueprint `keystone-endpoint-filter <https://blueprints.launchpad.net/python-openstackclient/+spec/keystone-endpoint-filter>`_]
|
@@ -236,6 +236,14 @@ openstack.identity.v3 =
|
|||||||
endpoint_set = openstackclient.identity.v3.endpoint:SetEndpoint
|
endpoint_set = openstackclient.identity.v3.endpoint:SetEndpoint
|
||||||
endpoint_show = openstackclient.identity.v3.endpoint:ShowEndpoint
|
endpoint_show = openstackclient.identity.v3.endpoint:ShowEndpoint
|
||||||
|
|
||||||
|
endpoint_group_add_project = openstackclient.identity.v3.endpoint_group:AddProjectToEndpointGroup
|
||||||
|
endpoint_group_create = openstackclient.identity.v3.endpoint_group:CreateEndpointGroup
|
||||||
|
endpoint_group_delete = openstackclient.identity.v3.endpoint_group:DeleteEndpointGroup
|
||||||
|
endpoint_group_list = openstackclient.identity.v3.endpoint_group:ListEndpointGroup
|
||||||
|
endpoint_group_remove_project = openstackclient.identity.v3.endpoint_group:RemoveProjectFromEndpointGroup
|
||||||
|
endpoint_group_set = openstackclient.identity.v3.endpoint_group:SetEndpointGroup
|
||||||
|
endpoint_group_show = openstackclient.identity.v3.endpoint_group:ShowEndpointGroup
|
||||||
|
|
||||||
group_add_user = openstackclient.identity.v3.group:AddUserToGroup
|
group_add_user = openstackclient.identity.v3.group:AddUserToGroup
|
||||||
group_contains_user = openstackclient.identity.v3.group:CheckUserInGroup
|
group_contains_user = openstackclient.identity.v3.group:CheckUserInGroup
|
||||||
group_create = openstackclient.identity.v3.group:CreateGroup
|
group_create = openstackclient.identity.v3.group:CreateGroup
|
||||||
|
Reference in New Issue
Block a user