Fix the wrong value assignment which made the --user-domain option
ignored. Unit tests are updated to verify usage of domain options to
avoid further regressions.
Also drop the redundant look up of domain id to avoid unnecessary API
call.
Closes-Bug: #2085604
Change-Id: I5112b8e831fb26eb6544615277f0d3fe4f15dc5a
The --user-domain option and the --project-domain option may take id or
name. In case name is given it should be translated to id.
Closes-Bug: 2083390
Change-Id: Idf3f113a74452daabc80660574030cb9b24b1a15
Currently, it is passing None value which is not accepted by keystone
parameters validation:
BadRequestException: 400: Client Error for url: ... Invalid input for field 'enabled': None is not of type 'boolean'
Failed validating 'type' in schema['properties']['enabled']:
{'enum': [True, False, None], 'type': 'boolean'}
On instance['enabled']:
None
Closes-Bug: #2083021
Change-Id: Ia8772560deb54e71672102157659d4eb22e6ad59
In change I06f3848812bce60c65909f1311f36b70eba427d4, we migrated the
'user *' commands from keystoneclient to SDK. One side effect of this is
that we are no longer able to rely on keystoneclient's 'filter_none'
helper method that filters out parameters that are set to None. As such,
we now need to do this ourselves. Eventually, it would be nice if SDK
provided such functionality itself.
The same change also introduced a bug where the '--domain' argument was
being used to lookup a project rather than the '--project-domain'
argument. This is also corrected.
Change-Id: I1204ca611a74d134c879467d6c2b73f16e043213
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Closes-bug: #2080600
The name of the errors change and we need to move things around a
little, but it's otherwise a straight swap.
Change-Id: I0a19765ebeaa14c0534faa1542165b76ed2bf4e2
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
We changed these in change I37d07a6c5cdc98680b8d65d596521cad2b049500 but
the '-c/--column' option provided by cliff currently requires an
explicit match on column names. Change them back for now. We can revert
this when cliff is a little bit smarter.
Change-Id: I9180922e9da5c22ae3d8878946d1bf1ec4b8c6e1
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Closes-bug: #2076212
We changed these in change Iba3fee2672d32266623c6f367beaabe84bd3d24e but
the '-c/--column' option provided by cliff currently requires an
explicit match on column names. Change them back for now. We can revert
this when cliff is a little bit cleverer.
Change-Id: I6b4f1b793dc383856bfdf9a01514381be3cd2bf1
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Related-bug: #2076212
This change is entirely automated save for the update of some mocks from
'io.open' to '__builtins__.open').
We are keeping this change separate from addition of the actual hook so
that we can ignore the commit later.
Change-Id: I0a9d8736632084473b57b57b693322447d7be519
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Most of these skips were unnecessary. The few that did generate warnings
could be skipped.
We also set 'skip_install' since there's no reason to build the package
for linting purposes.
Change-Id: I9644e5c19720b9c41c60e0a5882b7cd7f6a71f7b
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
We've seen an ordering issue pop up occasionally in the CI. Resolve it.
Change-Id: I4dd10268b673c260ac0894fac92cd8bea9e626f4
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
The help text for this arg says 'repeat option to delete multiple tags'.
Fix to reflect what docs says.
Also add missing test for this argument.
Change-Id: Ib1069ce7a441c1ff10d2dca05095eb6bf53e7fb6
This patch modifies the access rule commands to use only the resource
ID. The previous logic incorrectly assumed that access rules have a
"name" property, which resulted in unexpected behaviors.
For example, "access rule delete {non-existent-id}" now results in a
"not found" error instead of sometimes deleting an unrelated rule.
Story: 2010775
Task: 48163
Change-Id: Ib5c3b7f86acf1dfe7cc76dfa99fa4c118388bd71
Black used with the '-l 79 -S' flags.
A future change will ignore this commit in git-blame history by adding a
'git-blame-ignore-revs' file.
Change-Id: I2eeade1ce6653be8e9179ecc40105182c5ff5f16
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
The keystone API supports filtering trusts by trustor and/or
trustee.
Also adds a shortcut parameter to get trusts with current
user as trustee or trustor.
Signed-off-by: Nicolas Belouin <nicolas.belouin@gandi.net>
Change-Id: I00ed2b68cf8ada214a59f640f4f0a5c9dbc37063
This requires fixes found in cliff 3.5.0 [1] and osc-lib 2.3.0 [2]. With
these fixes in place, we can remove the icky, still broken
'assertItemEqual' and 'assertListItemEqual' helpers.
[1] https://review.opendev.org/761421
[2] https://review.opendev.org/761394
Change-Id: Id6c26b37c3c7d5ec6761361abca57f9219b76838
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
With python3.x, classes can use 'metaclass=' instead of
'six.add_metaclass', 'six.iteritems' and 'six.iterkeys' can
be replaced by 'items' and 'keys', 'six.moves.urllib.parse'
can be replaced by 'urllib.parse', 'six.StringIO' and
'six.moves.cStringIO' can be replaced by 'io.StringIO',
'six.text_type' and 'six.string_type' are just 'str'.
Change-Id: I84848c0bf8ab3c36dd821141191e2725e4e3b58b
Keystone let's users remove role assignments that reference non-existent
users and groups. This is nice when keystone backs to an identity store
like LDAP and users or groups are removed.
Previously, openstackclient would validate the user and group existed in
keystone before sending the request to delete the role assignment. This
commit updates the code to bypass that validation so that users can use
IDs to forcibly cleanup role assignments.
Change-Id: I102b41677736bbe37a82abaa3c5b3e1faf2475d5
Story: 2006635
Task: 36848
when doing openstack identity provider list --name xyz_id,
and openstack identity provider list --enabled CLI raising
error unrecognized arguments, whereas in api-ref document [1],
user can pass name and enabled as optional query param. This
addresses the above issue, by adding param --id and --enabled in
parser of ListIdentityProvider.
[1] https://docs.openstack.org/api-ref/identity/v3-ext/?expanded=list-identity-providers-detail#list-identity-providers
Change-Id: I59ce3a5f54700ba5a735f0b3b4b3b73b3a8658fa
The patch https://review.opendev.org/#/c/673389/ introduced a regression
by changing the osc-lib interface.
Two conflicting attempts to fix the regression were launched:
1) Reverting the patch.
2) The patch https://review.opendev.org/683119 changes the exception
from the generic CommandError back to a specific Forbidden exception.
The patch https://review.opendev.org/683118 catches this exception
and passes on, i.e. re-implements the same behavior as before.
The first idea was implemented, the initial patch reverted. The second
idea was partially implemented. The change in python-openstackclient
(683118) was merged. The change in osc-lib was approved but failed to
merge because the initial change had been reverted.
Now we have again a situation where the exception produced in osc-lib
does not match the exception expected by the caller.
It is unclear if the osc-lib interface will ever get a rebased version
of https://review.opendev.org/683119 merged, so the safest way to
address the issue is to also catch the exception that used to be
thrown before the inital change and is again thrown after the inital
change has been reverted.
Change-Id: I2ea2def607ec5be112e42d53a1e660fef0cdd69c
when doing openstack domain list --name xyz_id,
and openstack domain list --enabled CLI raising
error unrecognized arguments, whereas in api-ref
document [1], user can pass name and enabled as
optional query param. This addresses the above
issue, by adding param --name and --enabled in
parser of ListDomain.
[1]https://docs.openstack.org/api-ref/identity/v3/?expanded=list-domains-detail#list-domains
Change-Id: I3cdb511d3c7059ddfb802ca025188d8976c9302c
When we use "--property" parameter, client get lists these the
value is string type, but the type of the value 'is_domain'
should be boolean, so we should judge it and parse it.
The patch parse string to boolean for value 'is_domain'.
Co-Authored-By: Lance Bragstad <lbragstad@gmail.com>
Change-Id: I37c9eb854524bde3a1530bfe2e3a03810fb1a676
Task: 30039
Story: 2005246
This patch adds the --immutable and --no-immutable option to the
role, project and domain CLI.
Related-Patch: https://review.opendev.org/#/c/712182/
Change-Id: I9c3bdd741f28bf558267fb217818d947597ce13e
This commit introduces the --access-rules option for 'application
credential create' as well as new 'access rule' commands for listing,
showing, and deleting access rules.
bp whitelist-extension-for-app-creds
Change-Id: I04834b2874ec2a70da456a380b5bef03a392effa
