When we use "--property" parameter, client get lists these the
value is string type, but the type of the value 'is_domain'
should be boolean, so we should judge it and parse it.
The patch parse string to boolean for value 'is_domain'.
Co-Authored-By: Lance Bragstad <lbragstad@gmail.com>
Change-Id: I37c9eb854524bde3a1530bfe2e3a03810fb1a676
Task: 30039
Story: 2005246
This patch adds the --immutable and --no-immutable option to the
role, project and domain CLI.
Related-Patch: https://review.opendev.org/#/c/712182/
Change-Id: I9c3bdd741f28bf558267fb217818d947597ce13e
1. As mentioned in [1], we should avoid using six.iteritems to achieve
iterators. We can use dict.items instead, as it will return iterators
in PY3 as well. And dict.items/keys will more readable.
2. In py2, the performance about list should be negligible,
see the link [2].
[1] https://wiki.openstack.org/wiki/Python3
[2] http://lists.openstack.org/pipermail/openstack-dev/2015-June/066391.html
Co-Authored-By: Akihiro Motoki <amotoki@gmail.com>
Change-Id: I4b9edb326444264c0f6c4ad281acaac356a07e85
Implements: blueprint replace-iteritems-with-items
This patch introduces a new option --parent into project list,
to specify a parent project to filter projects which has
the given project as their parent.
Depends-on: https://review.opendev.org/#/c/677101
Change-Id: I6725262cf040e0ec6ceca9cf0462ce59224049c6
This change adds tags functionality for projects in keystone. A user
can add a single tag with "--tag", chain "--tag" to add multiple
tags, or clear tags with "--no-tag".
Change-Id: I31cfef3e76dcefe299dacb00c11bb1a10a252628
Partially-Implements: bp project-tags
The 'domain' filter not work well in commands 'project show',
'user show' and 'user set'.
Depends-On: I490900d6249f01654d4cba43bddd3e7af7928a84
Closes-Bug: #1704097
Change-Id: Ib4f47cbaba27eb56c4a41d187fee74a995e62dc7
Due to a default Keystone policy until Newtown,
and the use of resource_find, non-admins are unable
to list their own projects.
This patch bypasses this problem while also introducing better
UX for non-admins wishing to get their project list.
'openstack project list' retains the default of 'list all projects'
but on a forbidden error will default instead to 'list my projects'.
This way for non-admins 'list my projects' feels like the default
without breaking the expected admin default.
Adding the '--my-projects' option allows admins to easily list their
own projects or allows non-admins to be explicit and bypass the
forbidden error fallback.
Change-Id: I1021276f69fbbf28e13e17c4e567d932fce7ed8b
Closes-Bug: #1627555
Add sort support to project list by sorting items in the client side.
By default list will be sorted by name.
Change-Id: I00011406846b4003aff075eeeb88ac18fa5e2820
Closes-Bug: #1596818
The parents_as_list and subtree_as_list query parameters limit the
result to only parents and subtree where the user making the call has
role assignments in. Since OSC only displays the IDs, the call would be
the same as the similar *_as_ids queries, the difference is that the
later doesn't enforce the role assignments (making it more useful).
Output example by using this patch:
$ openstack project show --children root
+-------------+------------------------------+
| Field | Value |
+-------------+------------------------------+
| description | |
| domain_id | default |
| enabled | True |
| id | 123 |
| is_domain | False |
| name | root |
| parent_id | default |
| subtree | {u'456': None, u'789': None} |
+-------------+------------------------------+
Change-Id: Ib7b37ae8f55190a7efcc375d5be4a2823d02d1a4
Options "--parents" and "--children" don't work in "project show"
command, fix the issue and add related unit and functional tests.
Change-Id: Id9965267a037442f1077f8e1929d0527981f643d
Closes-Bug: #1499657
Add missing multi deletion error handling for
identity delete commands.
All delete commands in identity support
error handling now.
Change-Id: I05626dcb5e516a423d610906347b02236ba7eeaf
Leverage the new cliff command class attribute (_description)
to get the help of a command, this allows us to mark strings
for translation. We could not do this before since the help
was grabbed from the docstring.
This also depends on a new release of cliff and a bump to the
minimum level in osc's requirements.
Closes-Bug: 1636209
Depends-On: Id915f6aa7d95a0ff3dc6e2ceaac5decb3f3bf0da
Change-Id: I8673080bb5625e8e3c499feaefd42dfc7121e96f
When an exception was caught and rethrown,
it should call 'raise' without any arguments
because it shows the place where an exception
occured initially instead of place where the exception re-raised.
Change-Id: I5fb6dea5da7fb6e1e2b339a713c7d37f8c99e407
Currently a user is allowed to specify either a resource ID or name
when running openstack identity comands. In some cases, when a name
is specified instead of an ID, the command will return as not able
to find the resource when it in fact does exist.
The changes here are to check the client against the token on such
requests and to extract the ID of the resource specified if enough
information exists between the two. We then use the ID associated
with the resource to complete the user requests.
Change-Id: I40713b0ded42063b786dc21247e854224b9d2fe2
Closes-Bug: #1561599
Use file logger for all command specific logs.
This patch also fixes some usage that doesn't
follow rules in:
http://docs.openstack.org/developer/oslo.i18n/guidelines.html
After this patch, all self.log and self.app.log
will be standardized to LOG().
NOTE: In shell.py, we got the log in class OpenStackShell,
which is also known as self.app.log in other classes.
This logger is used to record non-command-specific logs.
So we leave it as-is.
Change-Id: I114f73ee6c7e84593d71e724bc1ad00d343c1896
Implements: blueprint log-usage
command.Command and command.Showone are base classes implemented
in cliff framework. Showone extends Command to allow take_action()
to return data to be formatted using a user-selectable formatter.
Most of the classes which are extended from Command in
openstackclient/identity/v3/ in some cases return data or return
nothing where it is not necessary, this commit fixes most of them.
Change-Id: I84c72ea4d6680f8bdbef5449316dd9a8af8c8286
Closes-Bug: 1550892
Previously each command logs take_action parameters explicitly
by using @utils.log_method decorator or log.debug().
Some commands have no logging.
This commit calls a logger in the base class and
drops all logging definition from individual commands.
Closes-Bug: #1532294
Change-Id: I43cd0290a4353c68c075bade9571c940733da1be
Currently the domain option for `project set` attempts to set
a new domain that owns the project. This is actually an action
that is denied by keystone server. Instead, the domain option
should be used as a lookup, to find projects that exist in the
non-default domain.
Co-Authored-By: Steve Martinelli <stevemar@ca.ibm.com>
Closes-Bug: #1524456
Change-Id: I30a3812184fe262667e09baa106d2275c2cbb981
* Change session imports to keystoneauth1
* Change keystoneclient.exception imports to keystoneauth1
* Change exceptions raised from internal API from keystoneclient to openstack.common
Change-Id: I046d89f561d6fe04baae53726f9749d2e7fe2056
Instead of duplicating the same log statement throughout
the code, the same logic can be provided by a shared decorator
that abstracts away the logging capability and unifies it behind
a common function instead.
Change-Id: Icc63bced7347c8bbf0299a4c5821425a10892a79
Adds the possibility to retrieve a project and list its
parents and subtree in the hierarchy.
Co-Authored-By: Rodrigo Duarte <rodrigods@lsd.ufcg.edu.br>
Co-Authored-By: Samuel de Medeiros Queiroz <samuel@lsd.ufcg.edu.br>
Implements: bp hierarchical-multitenancy
Change-Id: I874f6faffc8a2db9d99f12cbe0a69c0a30c0d9df
Currently argument 'domain' is not supported by command 'os project
set', but it is required by keystone v3 update project API to match
the domain id.
Closes-Bug: #1460122
Change-Id: I1b32f67f78b369f6134a74cdf9a4811b7539d44b
In several places we had else branches where a reasonable default
would do the job. This makes the code a mean cleaer and easier to
read.
Change-Id: I231e09aab85fd32b8300bc33c48d0899b728b96e
Adding the possibility to create projects hierarchies by adding
the parent field in the create project call.
Co-Authored-By: Victor Silva <victor@lsd.ufcg.edu.br>
Implements: bp hierarchical-multitenancy
Change-Id: I4eac4f5bc067634cc38c305dacc59ab1da63c153
Keystone Server already surfaces an error for this operation, but
we should restrict the user, and not offer --domain to be changed
for a project.
Change-Id: I48317e8accfea3c285e6ad213e75b783de8070ac
Closes-Bug: #1418384
try and add some consistency with the show and delete commands.
replace 'show x' with 'display x'
change 'delete a y' with just 'delete y'
Change-Id: I47dfa8ee23ac5c41b355796415eb515155832f65
This is part2. Add support for these objects:
identity.project(v2.0)
identity.role(v2.0)
identity.user(v2.0)
identity.project(v3)
identity.role(v3)
identity.user(v3)
identity.group(v3)
Closes-Bug: #1400597
Change-Id: I270434d657cf4ddc23c3aba2c704d6ef184b0dbc
The keystoneclient.openstack.common directory is where we sync files
from oslo incubator. It is not a public directory and should not be
being consumed by openstackclient.
Change-Id: I011bb95c2c824e2dbc4b822ca922ae77b8d9b955
Since we don't support multitenancy yet, we should just pop the
parent id of a project. When keystoneclient supports mulittenancy
we should bring everything in at once (CRUD), and these changes
should be removed.
Change-Id: I82c7c825502124a24ccdbadf09ecb2748887ca5d
Currently, only deleting via IDs is possible for groups, projects
and users.
We should have an optional --domain argument that allows for
a name to be specified for the resource. (Since these are all
namespaced by domains).
Change-Id: I18ace3db85a3969f0b97678d432d6f8368baa9cd
The links field in the returned objects from the v3 Identity
API aren't really useful, so let's remove them.
Managed to remove most of them from the core API.
I'll likely remove the extension/contribution (oauth/federation)
related ones in another patch.
Also in this patch the code for setting services and projects
was changed. Though not incorrect, it was not needed to copy
the entire returned object, we should just need to pass in
the fields we want to update.
Change-Id: I164ca9ad8b28fa10b291e9115ef40753e387c547
Performing create, list, or set operations for users, groups, and projects
with the --domain option attempts to look up the domain for name to ID
conversion. In the case of an environment using Keystone domains, it is
desired to allow a domain admin to perform these operations for objects in
their domain without allowing them to list or show domains. The current
behavior prevents the domain admin from performing these operations since
they will be forbidden to perform the underlying list_domains operation.
This patch makes the domain lookup error a soft failure, and falls back
to using the passed in domain argument directly as a domain ID in the
request that it sends to Keystone.
Change-Id: I5139097f8cedc53693f6f71297518917ac72e50a
Closes-Bug: #1378565
Update `user show` for Identity V3 to account for a domain argument,
in doing so, also update `find resource` to be more flexible by
allowing **kwargs.
Also update `group show` and `project show` since they follow the
same logic as a user within a group.
Change-Id: Ib828e4dbeb0bd31164396069ce8a64c873179779
Closes-Bug: #1378165
Domain administrator cannot do project operations because the
require access to the domain API (which they don't have). When
attempting to find a domain for project operations, ignore errors
because the API returns nothing without indicating there is a
problem. The domain administrators will have to use a domain id,
but they will still be able to do project operations. If the user
does not have permission to read the domain table, they cannot
use domain names.
Change-Id: Ieed5d420022a407c8296a0bb3569d9469c89d752
Closes-Bug: #1317478
Closes-Bug: #1317485
There are files containing string format arguments inside
logging messages. Using logging function parameters should
be preferred.
Change-Id: Ic749ac9eb55564ed631d57055a5a4dfc3aebd169
