Adds inherited information when listing role
assignments. In addition, it makes possible
to list only inherited ones by adding
--inherited option.
Change-Id: Idf889603d584716da95e2c7b4880142fbd8291c4
Closes-Bug: 1370546
The paremeter to Keystone Client was passed as
'inherited', when it should be
'os_inherit_extension_inherited'.
Closes-Bug: #1482254
Change-Id: I1cb46add532223ef0b9620763b1047cc80e19ec0
user v3 create/set only support --project option,
we need --project-domain to prevent collisions between
project names exist.
Change-Id: I2d62e5b9bb6df4c5c5a9542514faf2e4365bb18b
Closes-Bug: #1475357
With this change 'openstack catalog list' returns the correspoding URL for
publicURL, internalURL and adminURL in _format_endpoints .
Change-Id: I5d946c9d70a2d3c22a7cc77067fec8e2e9aa4940
Closes-Bug: 1472629
Once inherited project role grant calls are
implemented on python-keystoneclient,
python-openstackclient also should support such
calls.
This patch add such support as well as its
related tests.
Co-Authored-By: Raildo Mascena <raildo@lsd.ufcg.edu.br>
Change-Id: Id72670be8640e5c6e2490a6ef849e9ec3493b1a9
Implements: blueprint hierarchical-multitenancy
Adds the possibility to retrieve a project and list its
parents and subtree in the hierarchy.
Co-Authored-By: Rodrigo Duarte <rodrigods@lsd.ufcg.edu.br>
Co-Authored-By: Samuel de Medeiros Queiroz <samuel@lsd.ufcg.edu.br>
Implements: bp hierarchical-multitenancy
Change-Id: I874f6faffc8a2db9d99f12cbe0a69c0a30c0d9df
`project` argument is deprecated in keystoneclient for V3 API,
and use `default_project` instead, should use `default_project`
as the argument name in the openstackclient accordingly.
Change-Id: Ib9d70801c933a184afcdab75204393efa764fa87
Closes-Bug: #1462389
Currently argument 'domain' is not supported by command 'os project
set', but it is required by keystone v3 update project API to match
the domain id.
Closes-Bug: #1460122
Change-Id: I1b32f67f78b369f6134a74cdf9a4811b7539d44b
Adds CRUD support for service providers as it's now available through
keystoneclient
Closes-Bug: 1435962
Depends-On: If802e8a47e45ae00112de3739334b4b5482d0500
Change-Id: Ic55101e50209070aa49ca2adc91c89ba754c8c68
The federation APIs for the identity providers introduce a new parameter
for every identity provider, named remote_ids, which contains a list of
entity ID associated with. This parameter can be provided during the creation
of the identity provider and can be updated at any time. For more information
look at the blueprint:
https://blueprints.launchpad.net/keystone/+spec/idp-id-registration
This patch add the support to this new parameter in the command line by
inserting the option "--remote-id" in the following commands:
- "identity provider create"
- "identity provider set"
Additionally, the values can be read from a file, specified by
"--remote-id-file", containing an entity id per line.
Change-Id: Ie93340ee57e54128daa70d8a7bd0a9975ff7eef4
Depends-On: I12a262c55b5f6b5cc7007865edf30f14269da537
Implements: blueprint idp-id-registration
Adding the possibility to create projects hierarchies by adding
the parent field in the create project call.
Co-Authored-By: Victor Silva <victor@lsd.ufcg.edu.br>
Implements: bp hierarchical-multitenancy
Change-Id: I4eac4f5bc067634cc38c305dacc59ab1da63c153
Without this patch, openstackclient has no way to specify to which
project a network belongs upon creation. Instead, it uses the project
ID that the user is authenticating with to fill the tenant_id column.
This is a problem because an admin user is unable to specify a project
for a non-admin network. To fix this and to improve feature parity with
the neutron client, this patch adds project and domain parameters to
the network create command and uses the given project name to look up
the project ID.
Neutron does not allow the project to be changed after creation, so no
such parameter has been added to the neutron set command.
Neutron calls the field 'tenant_id', but this change exposes the
parameter as '--project' to support the newer terminology.
If no project is specified, the client defaults to the previous
behavior of using the auth project.
Change-Id: Ia33ff7d599542c5b88baf2a69b063a23089a3cc4
Similar to projects, we shouldn't allow users and groups to
change domains. The server side tosses up an error but osc
should restrict that behaviour in the first place.
Related-Bug: #1418384
Change-Id: I860291a5859c576021b18e35d1a12c32abfb6ca5
Added new module in identity v3 api to handle create, read, and delete
operations of trust resources.
Co-Authored-By: Lance Bragstad <lbragstad@gmail.com>
Co-Authored-By: Steve Martinelli <stevemar@ca.ibm.com>
Closes-Bug: #1413718
Change-Id: I2b360b141ff70d4f396466abede859a3db6644f4
Changes to the 'service list' commands for Identity v2 and v3:
* Document support for --long
* Add Description to v3 output with --long
* v3 output is now (ID, Name, Type), with (Description, Enabled) added with --long
* Change v2 output to match v3 output, with the absense of Enabled.
* Update doc to match
Closes-Bug: #1411337
Change-Id: I999e3df22f61350cdeba63bbb7d01145c2ffeeaf
Added command docs, and changed request token to take in name or
id of a project, and also support a domain option.
Change-Id: I87363274e5b7a0c687e234f5a4bcaaf166d28840
Adds a --project filter to `os user list`, which really
calls the role assignment manager behind the scenes.
Change-Id: I57a75018f12ed3acdf8f6611b6b58bd974f91da2
Closes-Bug: #1397251
Currently v3 endpoint commands access service.name directly, while
name is not a required attribute of service. So if we associate an
endpoint to a service without name, we will get an AttributeError
executing v3 endpoint commands later. This patch addresses this
issue by checking if service.name is available before accessing it.
Change-Id: I3dd686ef02a2e21e2049a49cb55634385c2ecfaf
Closes-Bug: #1406737
Previously this column was coming up as empty, since user's
have a `default project id`, not just `project id`.
Change-Id: I3d7f7eb600e9526b9c6cc2a8c5d6009b9100b1f5
Change the implementation of --enable|--disable on domain create
and set commands to our usual style.
Change-Id: I10f2b96281a114fa3cf3b001394844770b2a8632
Updated the service name to be optional, mostly matching the cli arguments
with v3 service create.
Implemented the following changes on service create:
- if only a single positional is present, it's a <type>.
This is not currently legal so it is considered a new case.
- if --type option is present the positional is handled as <name>;
display deprecation message
- if --name option is present the positional is handled as <type>.
Making --type optional is new, but back-compatible
- Made --name and --type mutually exclusive.
- only '--name <service-name> <type>' shall appear in the help output
Change-Id: I8fd4adba3d8cd00d5a8cacc2c494d99d492c45a3
Closes-Bug: #1404073
This is part2. Add support for these objects:
identity.project(v2.0)
identity.role(v2.0)
identity.user(v2.0)
identity.project(v3)
identity.role(v3)
identity.user(v3)
identity.group(v3)
Closes-Bug: #1400597
Change-Id: I270434d657cf4ddc23c3aba2c704d6ef184b0dbc
The keystoneclient.openstack.common directory is where we sync files
from oslo incubator. It is not a public directory and should not be
being consumed by openstackclient.
Change-Id: I011bb95c2c824e2dbc4b822ca922ae77b8d9b955
