openstack/python-openstackclient
Code Issues Proposed changes

Add support to inherited project role grant calls

Browse Source 
Once inherited project role grant calls are
implemented on python-keystoneclient,
python-openstackclient also should support such
calls.
This patch add such support as well as its
related tests.

Co-Authored-By: Raildo Mascena <raildo@lsd.ufcg.edu.br>

Change-Id: Id72670be8640e5c6e2490a6ef849e9ec3493b1a9
Implements: blueprint hierarchical-multitenancy
This commit is contained in:
Samuel de Medeiros Queiroz 2014-09-19 12:29:39 -03:00 committed by Raildo Mascena
parent 3120a0bd2a
commit ed241ef9bc
4 changed files with 62 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
doc/source/command-objects/role_assignment.rst
View File

@ -19,6 +19,7 @@ List role assignments
[--domain <domain>]
[--project <project>]
[--effective]
[--inherited]
.. option:: --role <role>
@ -43,3 +44,7 @@ List role assignments
.. option:: --effective
Returns only effective role assignments (defaults to False)
.. option:: --inherited
Specifies if the role grant is inheritable to the sub projects

9
openstackclient/identity/common.py
View File

@ -139,3 +139,12 @@ def add_project_domain_option_to_parser(parser):
'This can be used in case collisions between project names '
'exist.')
)
def add_inherited_option_to_parser(parser):
parser.add_argument(
'--inherited',
action='store_true',
default=False,
help=('Specifies if the role grant is inheritable to the sub projects')
)

2
openstackclient/identity/v3/role.py
View File

@ -55,6 +55,7 @@ def _add_identity_and_resource_options_to_parser(parser):
common.add_group_domain_option_to_parser(parser)
common.add_project_domain_option_to_parser(parser)
common.add_user_domain_option_to_parser(parser)
common.add_inherited_option_to_parser(parser)
def _process_identity_and_resource_options(parsed_args,
@ -102,6 +103,7 @@ def _process_identity_and_resource_options(parsed_args,
parsed_args.project,
parsed_args.group_domain,
).id
kwargs['inherited'] = parsed_args.inherited
return kwargs

46
openstackclient/tests/identity/v3/test_role.py
View File

@ -45,6 +45,15 @@ class TestRole(identity_fakes.TestIdentityv3):
self.roles_mock = self.app.client_manager.identity.roles
self.roles_mock.reset_mock()
def _is_inheritance_testcase(self):
return False
class TestRoleInherited(TestRole):
def _is_inheritance_testcase(self):
return True
class TestRoleAdd(TestRole):
@ -95,12 +104,15 @@ class TestRoleAdd(TestRole):
'--domain', identity_fakes.domain_name,
identity_fakes.role_name,
]
if self._is_inheritance_testcase():
arglist.append('--inherited')
verifylist = [
('user', identity_fakes.user_name),
('group', None),
('domain', identity_fakes.domain_name),
('project', None),
('role', identity_fakes.role_name),
('inherited', self._is_inheritance_testcase()),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@ -111,6 +123,7 @@ class TestRoleAdd(TestRole):
kwargs = {
'user': identity_fakes.user_id,
'domain': identity_fakes.domain_id,
'inherited': self._is_inheritance_testcase(),
}
# RoleManager.grant(role, user=, group=, domain=, project=)
self.roles_mock.grant.assert_called_with(
@ -124,12 +137,15 @@ class TestRoleAdd(TestRole):
'--project', identity_fakes.project_name,
identity_fakes.role_name,
]
if self._is_inheritance_testcase():
arglist.append('--inherited')
verifylist = [
('user', identity_fakes.user_name),
('group', None),
('domain', None),
('project', identity_fakes.project_name),
('role', identity_fakes.role_name),
('inherited', self._is_inheritance_testcase()),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@ -140,6 +156,7 @@ class TestRoleAdd(TestRole):
kwargs = {
'user': identity_fakes.user_id,
'project': identity_fakes.project_id,
'inherited': self._is_inheritance_testcase(),
}
# RoleManager.grant(role, user=, group=, domain=, project=)
self.roles_mock.grant.assert_called_with(
@ -153,12 +170,15 @@ class TestRoleAdd(TestRole):
'--domain', identity_fakes.domain_name,
identity_fakes.role_name,
]
if self._is_inheritance_testcase():
arglist.append('--inherited')
verifylist = [
('user', None),
('group', identity_fakes.group_name),
('domain', identity_fakes.domain_name),
('project', None),
('role', identity_fakes.role_name),
('inherited', self._is_inheritance_testcase()),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@ -169,6 +189,7 @@ class TestRoleAdd(TestRole):
kwargs = {
'group': identity_fakes.group_id,
'domain': identity_fakes.domain_id,
'inherited': self._is_inheritance_testcase(),
}
# RoleManager.grant(role, user=, group=, domain=, project=)
self.roles_mock.grant.assert_called_with(
@ -182,12 +203,15 @@ class TestRoleAdd(TestRole):
'--project', identity_fakes.project_name,
identity_fakes.role_name,
]
if self._is_inheritance_testcase():
arglist.append('--inherited')
verifylist = [
('user', None),
('group', identity_fakes.group_name),
('domain', None),
('project', identity_fakes.project_name),
('role', identity_fakes.role_name),
('inherited', self._is_inheritance_testcase()),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@ -198,6 +222,7 @@ class TestRoleAdd(TestRole):
kwargs = {
'group': identity_fakes.group_id,
'project': identity_fakes.project_id,
'inherited': self._is_inheritance_testcase(),
}
# RoleManager.grant(role, user=, group=, domain=, project=)
self.roles_mock.grant.assert_called_with(
@ -206,6 +231,10 @@ class TestRoleAdd(TestRole):
)
class TestRoleAddInherited(TestRoleAdd, TestRoleInherited):
pass
class TestRoleCreate(TestRole):
def setUp(self):
@ -550,12 +579,15 @@ class TestRoleRemove(TestRole):
'--domain', identity_fakes.domain_name,
identity_fakes.role_name,
]
if self._is_inheritance_testcase():
arglist.append('--inherited')
verifylist = [
('user', identity_fakes.user_name),
('group', None),
('domain', identity_fakes.domain_name),
('project', None),
('role', identity_fakes.role_name),
('inherited', self._is_inheritance_testcase()),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@ -566,6 +598,7 @@ class TestRoleRemove(TestRole):
kwargs = {
'user': identity_fakes.user_id,
'domain': identity_fakes.domain_id,
'inherited': self._is_inheritance_testcase(),
}
# RoleManager.revoke(role, user=, group=, domain=, project=)
self.roles_mock.revoke.assert_called_with(
@ -579,12 +612,15 @@ class TestRoleRemove(TestRole):
'--project', identity_fakes.project_name,
identity_fakes.role_name,
]
if self._is_inheritance_testcase():
arglist.append('--inherited')
verifylist = [
('user', identity_fakes.user_name),
('group', None),
('domain', None),
('project', identity_fakes.project_name),
('role', identity_fakes.role_name),
('inherited', self._is_inheritance_testcase()),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@ -595,6 +631,7 @@ class TestRoleRemove(TestRole):
kwargs = {
'user': identity_fakes.user_id,
'project': identity_fakes.project_id,
'inherited': self._is_inheritance_testcase(),
}
# RoleManager.revoke(role, user=, group=, domain=, project=)
self.roles_mock.revoke.assert_called_with(
@ -608,12 +645,16 @@ class TestRoleRemove(TestRole):
'--domain', identity_fakes.domain_name,
identity_fakes.role_name,
]
if self._is_inheritance_testcase():
arglist.append('--inherited')
verifylist = [
('user', None),
('group', identity_fakes.group_name),
('domain', identity_fakes.domain_name),
('project', None),
('role', identity_fakes.role_name),
('role', identity_fakes.role_name),
('inherited', self._is_inheritance_testcase()),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@ -624,6 +665,7 @@ class TestRoleRemove(TestRole):
kwargs = {
'group': identity_fakes.group_id,
'domain': identity_fakes.domain_id,
'inherited': self._is_inheritance_testcase(),
}
# RoleManager.revoke(role, user=, group=, domain=, project=)
self.roles_mock.revoke.assert_called_with(
@ -637,12 +679,15 @@ class TestRoleRemove(TestRole):
'--project', identity_fakes.project_name,
identity_fakes.role_name,
]
if self._is_inheritance_testcase():
arglist.append('--inherited')
verifylist = [
('user', None),
('group', identity_fakes.group_name),
('domain', None),
('project', identity_fakes.project_name),
('role', identity_fakes.role_name),
('inherited', self._is_inheritance_testcase()),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@ -653,6 +698,7 @@ class TestRoleRemove(TestRole):
kwargs = {
'group': identity_fakes.group_id,
'project': identity_fakes.project_id,
'inherited': self._is_inheritance_testcase(),
}
# RoleManager.revoke(role, user=, group=, domain=, project=)
self.roles_mock.revoke.assert_called_with(