summaryrefslogtreecommitdiff
path: root/openstackclient/identity
diff options
Diffstat (limited to 'openstackclient/identity')
-rw-r--r--openstackclient/identity/common.py34
-rw-r--r--openstackclient/identity/v2_0/catalog.py5
-rw-r--r--openstackclient/identity/v2_0/ec2creds.py2
-rw-r--r--openstackclient/identity/v2_0/endpoint.py2
-rw-r--r--openstackclient/identity/v2_0/project.py24
-rw-r--r--openstackclient/identity/v2_0/role.py2
-rw-r--r--openstackclient/identity/v2_0/role_assignment.py6
-rw-r--r--openstackclient/identity/v2_0/service.py6
-rw-r--r--openstackclient/identity/v2_0/token.py2
-rw-r--r--openstackclient/identity/v2_0/user.py4
-rw-r--r--openstackclient/identity/v3/access_rule.py20
-rw-r--r--openstackclient/identity/v3/application_credential.py40
-rw-r--r--openstackclient/identity/v3/catalog.py6
-rw-r--r--openstackclient/identity/v3/consumer.py2
-rw-r--r--openstackclient/identity/v3/credential.py2
-rw-r--r--openstackclient/identity/v3/domain.py14
-rw-r--r--openstackclient/identity/v3/ec2creds.py2
-rw-r--r--openstackclient/identity/v3/endpoint.py45
-rw-r--r--openstackclient/identity/v3/endpoint_group.py2
-rw-r--r--openstackclient/identity/v3/federation_protocol.py81
-rw-r--r--openstackclient/identity/v3/group.py16
-rw-r--r--openstackclient/identity/v3/identity_provider.py22
-rw-r--r--openstackclient/identity/v3/implied_role.py2
-rw-r--r--openstackclient/identity/v3/limit.py171
-rw-r--r--openstackclient/identity/v3/mapping.py2
-rw-r--r--openstackclient/identity/v3/policy.py2
-rw-r--r--openstackclient/identity/v3/project.py306
-rw-r--r--openstackclient/identity/v3/region.py2
-rw-r--r--openstackclient/identity/v3/registered_limit.py206
-rw-r--r--openstackclient/identity/v3/role.py59
-rw-r--r--openstackclient/identity/v3/role_assignment.py35
-rw-r--r--openstackclient/identity/v3/service.py2
-rw-r--r--openstackclient/identity/v3/service_provider.py2
-rw-r--r--openstackclient/identity/v3/tag.py12
-rw-r--r--openstackclient/identity/v3/token.py5
-rw-r--r--openstackclient/identity/v3/trust.py6
-rw-r--r--openstackclient/identity/v3/unscoped_saml.py2
-rw-r--r--openstackclient/identity/v3/user.py35
38 files changed, 668 insertions, 520 deletions
diff --git a/openstackclient/identity/common.py b/openstackclient/identity/common.py
index c6e6cfc..f33c370 100644
--- a/openstackclient/identity/common.py
+++ b/openstackclient/identity/common.py
@@ -99,7 +99,8 @@ def find_service_sdk(identity_client, name_type_or_id):
if next(services, None):
msg = _(
- "Multiple service matches found for '%(query)s', use an ID to be more specific."
+ "Multiple service matches found for '%(query)s', "
+ "use an ID to be more specific."
) % {"query": name_type_or_id}
raise exceptions.CommandError(msg)
@@ -255,6 +256,37 @@ def find_project(identity_client, name_or_id, domain_name_or_id=None):
)
+def find_project_id_sdk(
+ identity_client,
+ name_or_id,
+ domain_name_or_id=None,
+ *,
+ validate_actor_existence=True,
+ validate_domain_actor_existence=None,
+):
+ if domain_name_or_id is None:
+ return _find_sdk_id(
+ identity_client.find_project,
+ name_or_id=name_or_id,
+ validate_actor_existence=validate_actor_existence,
+ )
+
+ if validate_domain_actor_existence is None:
+ validate_domain_actor_existence = validate_actor_existence
+
+ domain_id = find_domain_id_sdk(
+ identity_client,
+ name_or_id=domain_name_or_id,
+ validate_actor_existence=validate_domain_actor_existence,
+ )
+ return _find_sdk_id(
+ identity_client.find_project,
+ name_or_id=name_or_id,
+ validate_actor_existence=validate_actor_existence,
+ domain_id=domain_id,
+ )
+
+
def find_user(identity_client, name_or_id, domain_name_or_id=None):
if domain_name_or_id is None:
return _find_identity_resource(
diff --git a/openstackclient/identity/v2_0/catalog.py b/openstackclient/identity/v2_0/catalog.py
index ccac5d0..437cad2 100644
--- a/openstackclient/identity/v2_0/catalog.py
+++ b/openstackclient/identity/v2_0/catalog.py
@@ -14,19 +14,20 @@
"""Identity v2 Service Catalog action implementations"""
import logging
+import typing as ty
from cliff import columns as cliff_columns
-from osc_lib.command import command
from osc_lib import exceptions
from osc_lib import utils
+from openstackclient import command
from openstackclient.i18n import _
LOG = logging.getLogger(__name__)
-class EndpointsColumn(cliff_columns.FormattableColumn):
+class EndpointsColumn(cliff_columns.FormattableColumn[ty.Any]):
def human_readable(self):
if not self._value:
return ""
diff --git a/openstackclient/identity/v2_0/ec2creds.py b/openstackclient/identity/v2_0/ec2creds.py
index 25ee8a7..360a090 100644
--- a/openstackclient/identity/v2_0/ec2creds.py
+++ b/openstackclient/identity/v2_0/ec2creds.py
@@ -18,10 +18,10 @@
import logging
-from osc_lib.command import command
from osc_lib import exceptions
from osc_lib import utils
+from openstackclient import command
from openstackclient.i18n import _
diff --git a/openstackclient/identity/v2_0/endpoint.py b/openstackclient/identity/v2_0/endpoint.py
index db8efed..38f7f4e 100644
--- a/openstackclient/identity/v2_0/endpoint.py
+++ b/openstackclient/identity/v2_0/endpoint.py
@@ -17,10 +17,10 @@
import logging
-from osc_lib.command import command
from osc_lib import exceptions
from osc_lib import utils
+from openstackclient import command
from openstackclient.i18n import _
from openstackclient.identity import common
diff --git a/openstackclient/identity/v2_0/project.py b/openstackclient/identity/v2_0/project.py
index a0c3c1e..bf19d7d 100644
--- a/openstackclient/identity/v2_0/project.py
+++ b/openstackclient/identity/v2_0/project.py
@@ -20,10 +20,10 @@ import logging
from keystoneauth1 import exceptions as ks_exc
from osc_lib.cli import format_columns
from osc_lib.cli import parseractions
-from osc_lib.command import command
from osc_lib import exceptions
from osc_lib import utils
+from openstackclient import command
from openstackclient.i18n import _
@@ -59,6 +59,7 @@ class CreateProject(command.ShowOne):
parser.add_argument(
'--property',
metavar='<key=value>',
+ dest='properties',
action=parseractions.KeyValueAction,
help=_(
'Add a property to <name> '
@@ -79,8 +80,8 @@ class CreateProject(command.ShowOne):
if parsed_args.disable:
enabled = False
kwargs = {}
- if parsed_args.property:
- kwargs = parsed_args.property.copy()
+ if parsed_args.properties:
+ kwargs.update(parsed_args.properties)
try:
project = identity_client.tenants.create(
@@ -105,7 +106,14 @@ class CreateProject(command.ShowOne):
class DeleteProject(command.Command):
- _description = _("Delete project(s)")
+ _description = _(
+ "Delete project(s). This command will remove specified "
+ "existing project(s) if an active user is authorized to do "
+ "this. If there are resources managed by other services "
+ "(for example, Nova, Neutron, Cinder) associated with "
+ "specified project(s), delete operation will proceed "
+ "regardless."
+ )
def get_parser(self, prog_name):
parser = super().get_parser(prog_name)
@@ -223,6 +231,7 @@ class SetProject(command.Command):
parser.add_argument(
'--property',
metavar='<key=value>',
+ dest='properties',
action=parseractions.KeyValueAction,
help=_(
'Set a project property '
@@ -248,8 +257,8 @@ class SetProject(command.Command):
kwargs['enabled'] = True
if parsed_args.disable:
kwargs['enabled'] = False
- if parsed_args.property:
- kwargs.update(parsed_args.property)
+ if parsed_args.properties:
+ kwargs.update(parsed_args.properties)
if 'id' in kwargs:
del kwargs['id']
if 'name' in kwargs:
@@ -331,6 +340,7 @@ class UnsetProject(command.Command):
parser.add_argument(
'--property',
metavar='<key>',
+ dest='properties',
action='append',
default=[],
help=_(
@@ -347,7 +357,7 @@ class UnsetProject(command.Command):
parsed_args.project,
)
kwargs = project._info
- for key in parsed_args.property:
+ for key in parsed_args.properties:
if key in kwargs:
kwargs[key] = None
identity_client.tenants.update(project.id, **kwargs)
diff --git a/openstackclient/identity/v2_0/role.py b/openstackclient/identity/v2_0/role.py
index 1faab2e..e54c07a 100644
--- a/openstackclient/identity/v2_0/role.py
+++ b/openstackclient/identity/v2_0/role.py
@@ -18,10 +18,10 @@
import logging
from keystoneauth1 import exceptions as ks_exc
-from osc_lib.command import command
from osc_lib import exceptions
from osc_lib import utils
+from openstackclient import command
from openstackclient.i18n import _
diff --git a/openstackclient/identity/v2_0/role_assignment.py b/openstackclient/identity/v2_0/role_assignment.py
index 54d01b4..0aa800e 100644
--- a/openstackclient/identity/v2_0/role_assignment.py
+++ b/openstackclient/identity/v2_0/role_assignment.py
@@ -13,10 +13,10 @@
"""Identity v2 Assignment action implementations"""
-from osc_lib.command import command
from osc_lib import exceptions
from osc_lib import utils
+from openstackclient import command
from openstackclient.i18n import _ # noqa
@@ -68,7 +68,7 @@ class ListRoleAssignment(command.Lister):
parsed_args.user,
)
elif parsed_args.authuser:
- if auth_ref:
+ if auth_ref and auth_ref.user_id:
user = utils.find_resource(
identity_client.users, auth_ref.user_id
)
@@ -80,7 +80,7 @@ class ListRoleAssignment(command.Lister):
parsed_args.project,
)
elif parsed_args.authproject:
- if auth_ref:
+ if auth_ref and auth_ref.project_id:
project = utils.find_resource(
identity_client.projects, auth_ref.project_id
)
diff --git a/openstackclient/identity/v2_0/service.py b/openstackclient/identity/v2_0/service.py
index 978e926..a93a953 100644
--- a/openstackclient/identity/v2_0/service.py
+++ b/openstackclient/identity/v2_0/service.py
@@ -17,10 +17,10 @@
import logging
-from osc_lib.command import command
from osc_lib import exceptions
from osc_lib import utils
+from openstackclient import command
from openstackclient.i18n import _
from openstackclient.identity import common
@@ -160,7 +160,9 @@ class ShowService(command.ShowOne):
for service, service_endpoints in endpoints.items():
if service_endpoints:
info = {"type": service}
- info.update(service_endpoints[0])
+ # FIXME(stephenfin): The return type for this in ksa is
+ # wrong
+ info.update(service_endpoints[0]) # type: ignore
return zip(*sorted(info.items()))
msg = _(
diff --git a/openstackclient/identity/v2_0/token.py b/openstackclient/identity/v2_0/token.py
index fe9436d..ebb2269 100644
--- a/openstackclient/identity/v2_0/token.py
+++ b/openstackclient/identity/v2_0/token.py
@@ -15,9 +15,9 @@
"""Identity v2 Token action implementations"""
-from osc_lib.command import command
from osc_lib import exceptions
+from openstackclient import command
from openstackclient.i18n import _
diff --git a/openstackclient/identity/v2_0/user.py b/openstackclient/identity/v2_0/user.py
index c4cd52b..244b9e9 100644
--- a/openstackclient/identity/v2_0/user.py
+++ b/openstackclient/identity/v2_0/user.py
@@ -20,17 +20,17 @@ import logging
from cliff import columns as cliff_columns
from keystoneauth1 import exceptions as ks_exc
-from osc_lib.command import command
from osc_lib import exceptions
from osc_lib import utils
+from openstackclient import command
from openstackclient.i18n import _
LOG = logging.getLogger(__name__)
-class ProjectColumn(cliff_columns.FormattableColumn):
+class ProjectColumn(cliff_columns.FormattableColumn[str]):
"""Formattable column for project column.
Unlike the parent FormattableColumn class, the initializer of the
diff --git a/openstackclient/identity/v3/access_rule.py b/openstackclient/identity/v3/access_rule.py
index 367c649..1859ef6 100644
--- a/openstackclient/identity/v3/access_rule.py
+++ b/openstackclient/identity/v3/access_rule.py
@@ -17,10 +17,10 @@
import logging
-from osc_lib.command import command
from osc_lib import exceptions
from osc_lib import utils
+from openstackclient import command
from openstackclient.i18n import _
from openstackclient.identity import common
@@ -44,7 +44,11 @@ class DeleteAccessRule(command.Command):
def take_action(self, parsed_args):
identity_client = self.app.client_manager.sdk_connection.identity
conn = self.app.client_manager.sdk_connection
- user_id = conn.config.get_auth().get_user_id(conn.identity)
+ auth = conn.config.get_auth()
+ if auth is None:
+ # this will never happen
+ raise exceptions.CommandError('invalid authentication info')
+ user_id = auth.get_user_id(conn.identity)
errors = 0
for ac in parsed_args.access_rule:
@@ -87,7 +91,11 @@ class ListAccessRule(command.Lister):
).id
else:
conn = self.app.client_manager.sdk_connection
- user_id = conn.config.get_auth().get_user_id(conn.identity)
+ auth = conn.config.get_auth()
+ if auth is None:
+ # this will never happen
+ raise exceptions.CommandError('invalid authentication info')
+ user_id = auth.get_user_id(conn.identity)
columns = ('ID', 'Service', 'Method', 'Path')
data = identity_client.access_rules(user=user_id)
@@ -119,7 +127,11 @@ class ShowAccessRule(command.ShowOne):
def take_action(self, parsed_args):
identity_client = self.app.client_manager.sdk_connection.identity
conn = self.app.client_manager.sdk_connection
- user_id = conn.config.get_auth().get_user_id(conn.identity)
+ auth = conn.config.get_auth()
+ if auth is None:
+ # this will never happen
+ raise exceptions.CommandError('invalid authentication info')
+ user_id = auth.get_user_id(conn.identity)
access_rule = identity_client.get_access_rule(
user_id, parsed_args.access_rule
diff --git a/openstackclient/identity/v3/application_credential.py b/openstackclient/identity/v3/application_credential.py
index 4c4cd3f..3b38f17 100644
--- a/openstackclient/identity/v3/application_credential.py
+++ b/openstackclient/identity/v3/application_credential.py
@@ -18,24 +18,25 @@
import datetime
import json
import logging
+import typing as ty
import uuid
from cliff import columns as cliff_columns
-from osc_lib.command import command
from osc_lib import exceptions
from osc_lib import utils
+from openstackclient import command
from openstackclient.i18n import _
from openstackclient.identity import common
LOG = logging.getLogger(__name__)
-class RolesColumn(cliff_columns.FormattableColumn):
+class RolesColumn(cliff_columns.FormattableColumn[ty.Any]):
"""Generate a formatted string of role names."""
def human_readable(self):
- return utils.format_list(r['name'] for r in self._value)
+ return utils.format_list(list(r['name'] for r in self._value))
def _format_application_credential(
@@ -148,6 +149,7 @@ class CreateApplicationCredential(command.ShowOne):
parser.add_argument(
'--role',
metavar='<role>',
+ dest='roles',
action='append',
default=[],
help=_(
@@ -204,10 +206,15 @@ class CreateApplicationCredential(command.ShowOne):
def take_action(self, parsed_args):
identity_client = self.app.client_manager.sdk_connection.identity
conn = self.app.client_manager.sdk_connection
- user_id = conn.config.get_auth().get_user_id(conn.identity)
+ auth = conn.config.get_auth()
+ if auth is None:
+ # this will never happen
+ raise exceptions.CommandError('invalid authentication info')
+
+ user_id = auth.get_user_id(conn.identity)
role_ids = []
- for role in parsed_args.role:
+ for role in parsed_args.roles:
if is_uuid_like(role):
role_ids.append({'id': role})
else:
@@ -272,13 +279,18 @@ class DeleteApplicationCredential(command.Command):
def take_action(self, parsed_args):
identity_client = self.app.client_manager.sdk_connection.identity
conn = self.app.client_manager.sdk_connection
- user_id = conn.config.get_auth().get_user_id(conn.identity)
+ auth = conn.config.get_auth()
+ if auth is None:
+ # this will never happen
+ raise exceptions.CommandError('invalid authentication info')
+
+ user_id = auth.get_user_id(conn.identity)
errors = 0
for ac in parsed_args.application_credential:
try:
app_cred = identity_client.find_application_credential(
- user_id, ac
+ user_id, ac, ignore_missing=False
)
identity_client.delete_application_credential(
user_id, app_cred.id
@@ -325,7 +337,11 @@ class ListApplicationCredential(command.Lister):
)
else:
conn = self.app.client_manager.sdk_connection
- user_id = conn.config.get_auth().get_user_id(conn.identity)
+ auth = conn.config.get_auth()
+ if auth is None:
+ # this will never happen
+ raise exceptions.CommandError('invalid authentication info')
+ user_id = auth.get_user_id(conn.identity)
application_credentials = identity_client.application_credentials(
user=user_id
@@ -349,10 +365,14 @@ class ShowApplicationCredential(command.ShowOne):
def take_action(self, parsed_args):
identity_client = self.app.client_manager.sdk_connection.identity
conn = self.app.client_manager.sdk_connection
- user_id = conn.config.get_auth().get_user_id(conn.identity)
+ auth = conn.config.get_auth()
+ if auth is None:
+ # this will never happen
+ raise exceptions.CommandError('invalid authentication info')
+ user_id = auth.get_user_id(conn.identity)
application_credential = identity_client.find_application_credential(
- user_id, parsed_args.application_credential
+ user_id, parsed_args.application_credential, ignore_missing=False
)
return _format_application_credential(application_credential)
diff --git a/openstackclient/identity/v3/catalog.py b/openstackclient/identity/v3/catalog.py
index a161461..7d37e6c 100644
--- a/openstackclient/identity/v3/catalog.py
+++ b/openstackclient/identity/v3/catalog.py
@@ -9,24 +9,24 @@
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
-#
"""Identity v3 Service Catalog action implementations"""
import logging
+import typing as ty
from cliff import columns as cliff_columns
-from osc_lib.command import command
from osc_lib import exceptions
from osc_lib import utils
+from openstackclient import command
from openstackclient.i18n import _
LOG = logging.getLogger(__name__)
-class EndpointsColumn(cliff_columns.FormattableColumn):
+class EndpointsColumn(cliff_columns.FormattableColumn[ty.Any]):
def human_readable(self):
if not self._value:
return ""
diff --git a/openstackclient/identity/v3/consumer.py b/openstackclient/identity/v3/consumer.py
index 933f48a..c58441c 100644
--- a/openstackclient/identity/v3/consumer.py
+++ b/openstackclient/identity/v3/consumer.py
@@ -17,10 +17,10 @@
import logging
-from osc_lib.command import command
from osc_lib import exceptions
from osc_lib import utils
+from openstackclient import command
from openstackclient.i18n import _
diff --git a/openstackclient/identity/v3/credential.py b/openstackclient/identity/v3/credential.py
index 7d9c7c4..02eef64 100644
--- a/openstackclient/identity/v3/credential.py
+++ b/openstackclient/identity/v3/credential.py
@@ -17,10 +17,10 @@
import logging
-from osc_lib.command import command
from osc_lib import exceptions
from osc_lib import utils
+from openstackclient import command
from openstackclient.i18n import _
from openstackclient.identity import common
diff --git a/openstackclient/identity/v3/domain.py b/openstackclient/identity/v3/domain.py
index 536243a..28481c0 100644
--- a/openstackclient/identity/v3/domain.py
+++ b/openstackclient/identity/v3/domain.py
@@ -18,10 +18,10 @@
import logging
from openstack import exceptions as sdk_exceptions
-from osc_lib.command import command
from osc_lib import exceptions
from osc_lib import utils
+from openstackclient import command
from openstackclient.i18n import _
from openstackclient.identity import common
@@ -107,7 +107,9 @@ class CreateDomain(command.ShowOne):
)
except sdk_exceptions.ConflictException:
if parsed_args.or_show:
- domain = identity_client.find_domain(parsed_args.name)
+ domain = identity_client.find_domain(
+ parsed_args.name, ignore_missing=False
+ )
LOG.info(_('Returning existing domain %s'), domain.name)
else:
raise
@@ -238,7 +240,9 @@ class SetDomain(command.Command):
def take_action(self, parsed_args):
identity_client = self.app.client_manager.sdk_connection.identity
- domain = identity_client.find_domain(parsed_args.domain)
+ domain = identity_client.find_domain(
+ parsed_args.domain, ignore_missing=False
+ )
kwargs = {}
if parsed_args.name:
kwargs['name'] = parsed_args.name
@@ -266,6 +270,8 @@ class ShowDomain(command.ShowOne):
def take_action(self, parsed_args):
identity_client = self.app.client_manager.sdk_connection.identity
- domain = identity_client.find_domain(parsed_args.domain)
+ domain = identity_client.find_domain(
+ parsed_args.domain, ignore_missing=False
+ )
return _format_domain(domain)
diff --git a/openstackclient/identity/v3/ec2creds.py b/openstackclient/identity/v3/ec2creds.py
index 84700f4..dbbf7a2 100644
--- a/openstackclient/identity/v3/ec2creds.py
+++ b/openstackclient/identity/v3/ec2creds.py
@@ -14,10 +14,10 @@
import logging
-from osc_lib.command import command
from osc_lib import exceptions
from osc_lib import utils
+from openstackclient import command
from openstackclient.i18n import _
from openstackclient.identity import common
diff --git a/openstackclient/identity/v3/endpoint.py b/openstackclient/identity/v3/endpoint.py
index 1dfa881..9083fdc 100644
--- a/openstackclient/identity/v3/endpoint.py
+++ b/openstackclient/identity/v3/endpoint.py
@@ -17,10 +17,10 @@
import logging
-from osc_lib.command import command
from osc_lib import exceptions
from osc_lib import utils
+from openstackclient import command
from openstackclient.i18n import _
from openstackclient.identity import common
@@ -169,7 +169,9 @@ class DeleteEndpoint(command.Command):
result = 0
for i in parsed_args.endpoint:
try:
- endpoint_id = identity_client.find_endpoint(i).id
+ endpoint_id = identity_client.find_endpoint(
+ i, ignore_missing=False
+ ).id
identity_client.delete_endpoint(endpoint_id)
except Exception as e:
result += 1
@@ -230,12 +232,25 @@ class ListEndpoint(command.Lister):
endpoint = None
if parsed_args.endpoint:
- endpoint = identity_client.find_endpoint(parsed_args.endpoint)
- project = None
+ endpoint = identity_client.find_endpoint(
+ parsed_args.endpoint, ignore_missing=False
+ )
+
+ project_domain_id = None
+ if parsed_args.project_domain:
+ project_domain_id = common._find_sdk_id(
+ identity_client.find_domain,
+ name_or_id=parsed_args.project_domain,
+ )
+
+ project_id = None
if parsed_args.project:
- project = identity_client.find_project(
- parsed_args.project,
- parsed_args.project_domain,
+ project_id = common._find_sdk_id(
+ identity_client.find_project,
+ name_or_id=common._get_token_resource(
+ identity_client, 'project', parsed_args.project
+ ),
+ domain_id=project_domain_id,
)
if endpoint:
@@ -273,15 +288,17 @@ class ListEndpoint(command.Lister):
region = identity_client.get_region(parsed_args.region)
kwargs['region_id'] = region.id
- if project:
+ if project_id:
data = list(
- identity_client.project_endpoints(project=project.id)
+ identity_client.project_endpoints(project=project_id)
)
else:
data = list(identity_client.endpoints(**kwargs))
for ep in data:
- service = identity_client.find_service(ep.service_id)
+ service = identity_client.find_service(
+ ep.service_id, ignore_missing=False
+ )
ep.service_name = getattr(service, 'name', '')
ep.service_type = service.type
@@ -382,7 +399,9 @@ class SetEndpoint(command.Command):
def take_action(self, parsed_args):
identity_client = self.app.client_manager.sdk_connection.identity
- endpoint = identity_client.find_endpoint(parsed_args.endpoint)
+ endpoint = identity_client.find_endpoint(
+ parsed_args.endpoint, ignore_missing=False
+ )
kwargs = {}
@@ -429,7 +448,9 @@ class ShowEndpoint(command.ShowOne):
def take_action(self, parsed_args):
identity_client = self.app.client_manager.sdk_connection.identity
- endpoint = identity_client.find_endpoint(parsed_args.endpoint)
+ endpoint = identity_client.find_endpoint(
+ parsed_args.endpoint, ignore_missing=False
+ )
service = common.find_service_sdk(identity_client, endpoint.service_id)
diff --git a/openstackclient/identity/v3/endpoint_group.py b/openstackclient/identity/v3/endpoint_group.py
index e4611a1..3965f31 100644
--- a/openstackclient/identity/v3/endpoint_group.py
+++ b/openstackclient/identity/v3/endpoint_group.py
@@ -16,10 +16,10 @@
import json
import logging
-from osc_lib.command import command
from osc_lib import exceptions
from osc_lib import utils
+from openstackclient import command
from openstackclient.i18n import _
from openstackclient.identity import common
diff --git a/openstackclient/identity/v3/federation_protocol.py b/openstackclient/identity/v3/federation_protocol.py
index 4e98086..3e1dea1 100644
--- a/openstackclient/identity/v3/federation_protocol.py
+++ b/openstackclient/identity/v3/federation_protocol.py
@@ -16,16 +16,25 @@
import logging
-from osc_lib.command import command
from osc_lib import exceptions
from osc_lib import utils
+from openstackclient import command
from openstackclient.i18n import _
LOG = logging.getLogger(__name__)
+def _format_protocol(protocol):
+ columns = ('name', 'idp_id', 'mapping_id')
+ column_headers = ('id', 'identity_provider', 'mapping')
+ return (
+ column_headers,
+ utils.get_item_properties(protocol, columns),
+ )
+
+
class CreateProtocol(command.ShowOne):
_description = _("Create new federation protocol")
@@ -58,21 +67,15 @@ class CreateProtocol(command.ShowOne):
return parser
def take_action(self, parsed_args):
- identity_client = self.app.client_manager.identity
- protocol = identity_client.federation.protocols.create(
- protocol_id=parsed_args.federation_protocol,
- identity_provider=parsed_args.identity_provider,
- mapping=parsed_args.mapping,
+ identity_client = self.app.client_manager.sdk_connection.identity
+
+ protocol = identity_client.create_federation_protocol(
+ name=parsed_args.federation_protocol,
+ idp_id=parsed_args.identity_provider,
+ mapping_id=parsed_args.mapping,
)
- info = dict(protocol._info)
- # NOTE(marek-denis): Identity provider is not included in a response
- # from Keystone, however it should be listed to the user. Add it
- # manually to the output list, simply reusing value provided by the
- # user.
- info['identity_provider'] = parsed_args.identity_provider
- info['mapping'] = info.pop('mapping_id')
- info.pop('links', None)
- return zip(*sorted(info.items()))
+
+ return _format_protocol(protocol)
class DeleteProtocol(command.Command):
@@ -99,12 +102,15 @@ class DeleteProtocol(command.Command):
return parser
def take_action(self, parsed_args):
- identity_client = self.app.client_manager.identity
+ identity_client = self.app.client_manager.sdk_connection.identity
+
result = 0
for i in parsed_args.federation_protocol:
try:
- identity_client.federation.protocols.delete(
- parsed_args.identity_provider, i
+ identity_client.delete_federation_protocol(
+ idp_id=parsed_args.identity_provider,
+ protocol=i,
+ ignore_missing=False,
)
except Exception as e:
result += 1
@@ -140,9 +146,9 @@ class ListProtocols(command.Lister):
return parser
def take_action(self, parsed_args):
- identity_client = self.app.client_manager.identity
+ identity_client = self.app.client_manager.sdk_connection.identity
- protocols = identity_client.federation.protocols.list(
+ protocols = identity_client.federation_protocols(
parsed_args.identity_provider
)
columns = ('id', 'mapping')
@@ -181,21 +187,16 @@ class SetProtocol(command.Command):
return parser
def take_action(self, parsed_args):
- identity_client = self.app.client_manager.identity
+ identity_client = self.app.client_manager.sdk_connection.identity
- protocol = identity_client.federation.protocols.update(
- parsed_args.identity_provider,
- parsed_args.federation_protocol,
- parsed_args.mapping,
- )
- info = dict(protocol._info)
- # NOTE(marek-denis): Identity provider is not included in a response
- # from Keystone, however it should be listed to the user. Add it
- # manually to the output list, simply reusing value provided by the
- # user.
- info['identity_provider'] = parsed_args.identity_provider
- info['mapping'] = info.pop('mapping_id')
- return zip(*sorted(info.items()))
+ kwargs = {'idp_id': parsed_args.identity_provider}
+ if parsed_args.federation_protocol:
+ kwargs['name'] = parsed_args.federation_protocol
+ if parsed_args.mapping:
+ kwargs['mapping_id'] = parsed_args.mapping
+
+ protocol = identity_client.update_federation_protocol(**kwargs)
+ return _format_protocol(protocol)
class ShowProtocol(command.ShowOne):
@@ -220,12 +221,10 @@ class ShowProtocol(command.ShowOne):
return parser
def take_action(self, parsed_args):
- identity_client = self.app.client_manager.identity
+ identity_client = self.app.client_manager.sdk_connection.identity
- protocol = identity_client.federation.protocols.get(
- parsed_args.identity_provider, parsed_args.federation_protocol
+ protocol = identity_client.get_federation_protocol(
+ idp_id=parsed_args.identity_provider,
+ protocol=parsed_args.federation_protocol,
)
- info = dict(protocol._info)
- info['mapping'] = info.pop('mapping_id')
- info.pop('links', None)
- return zip(*sorted(info.items()))
+ return _format_protocol(protocol)
diff --git a/openstackclient/identity/v3/group.py b/openstackclient/identity/v3/group.py
index 92980ac..a2c2fd3 100644
--- a/openstackclient/identity/v3/group.py
+++ b/openstackclient/identity/v3/group.py
@@ -18,10 +18,10 @@
import logging
from openstack import exceptions as sdk_exc
-from osc_lib.command import command
from osc_lib import exceptions
from osc_lib import utils
+from openstackclient import command
from openstackclient.i18n import _
from openstackclient.identity import common
@@ -211,10 +211,15 @@ class CreateGroup(command.ShowOne):
if parsed_args.or_show:
if parsed_args.domain:
group = identity_client.find_group(
- parsed_args.name, domain_id=parsed_args.domain
+ parsed_args.name,
+ domain_id=parsed_args.domain,
+ ignore_missing=False,
)
else:
- group = identity_client.find_group(parsed_args.name)
+ group = identity_client.find_group(
+ parsed_args.name,
+ ignore_missing=False,
+ )
LOG.info(_('Returning existing group %s'), group.name)
else:
raise
@@ -310,8 +315,9 @@ class ListGroup(command.Lister):
parsed_args.user_domain,
)
if domain:
- # NOTE(0weng): The API doesn't actually support filtering additionally by domain_id,
- # so this doesn't really do anything.
+ # NOTE(0weng): The API doesn't actually support filtering
+ # additionally by domain_id, so this doesn't really do
+ # anything.
data = identity_client.user_groups(user, domain_id=domain)
else:
data = identity_client.user_groups(user)
diff --git a/openstackclient/identity/v3/identity_provider.py b/openstackclient/identity/v3/identity_provider.py
index d0c3243..f1af03f 100644
--- a/openstackclient/identity/v3/identity_provider.py
+++ b/openstackclient/identity/v3/identity_provider.py
@@ -16,10 +16,10 @@
import logging
from osc_lib.cli import format_columns
-from osc_lib.command import command
from osc_lib import exceptions
from osc_lib import utils
+from openstackclient import command
from openstackclient.i18n import _
from openstackclient.identity import common
@@ -41,6 +41,7 @@ class CreateIdentityProvider(command.ShowOne):
identity_remote_id_provider.add_argument(
'--remote-id',
metavar='<remote-id>',
+ dest='remote_ids',
action='append',
help=_(
'Remote IDs to associate with the Identity Provider '
@@ -99,16 +100,15 @@ class CreateIdentityProvider(command.ShowOne):
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
+ remote_ids: list[str] | None = None
if parsed_args.remote_id_file:
file_content = utils.read_blob_file_contents(
parsed_args.remote_id_file
)
remote_ids = file_content.splitlines()
remote_ids = list(map(str.strip, remote_ids))
- else:
- remote_ids = (
- parsed_args.remote_id if parsed_args.remote_id else None
- )
+ elif parsed_args.remote_ids:
+ remote_ids = parsed_args.remote_ids
domain_id = None
if parsed_args.domain:
@@ -137,8 +137,9 @@ class CreateIdentityProvider(command.ShowOne):
)
idp._info.pop('links', None)
- remote_ids = format_columns.ListColumn(idp._info.pop('remote_ids', []))
- idp._info['remote_ids'] = remote_ids
+ idp._info['remote_ids'] = format_columns.ListColumn(
+ idp._info.pop('remote_ids', [])
+ )
return zip(*sorted(idp._info.items()))
@@ -240,6 +241,7 @@ class SetIdentityProvider(command.Command):
identity_remote_id_provider.add_argument(
'--remote-id',
metavar='<remote-id>',
+ dest='remote_ids',
action='append',
help=_(
'Remote IDs to associate with the Identity Provider '
@@ -287,8 +289,8 @@ class SetIdentityProvider(command.Command):
)
remote_ids = file_content.splitlines()
remote_ids = list(map(str.strip, remote_ids))
- elif parsed_args.remote_id:
- remote_ids = parsed_args.remote_id
+ elif parsed_args.remote_ids:
+ remote_ids = parsed_args.remote_ids
# Setup keyword args for the client
kwargs = {}
@@ -298,7 +300,7 @@ class SetIdentityProvider(command.Command):
kwargs['enabled'] = True
if parsed_args.disable:
kwargs['enabled'] = False
- if parsed_args.remote_id_file or parsed_args.remote_id:
+ if parsed_args.remote_id_file or parsed_args.remote_ids:
kwargs['remote_ids'] = remote_ids
# TODO(pas-ha) actually check for 3.14 microversion
diff --git a/openstackclient/identity/v3/implied_role.py b/openstackclient/identity/v3/implied_role.py
index 3958896..c1236ad 100644
--- a/openstackclient/identity/v3/implied_role.py
+++ b/openstackclient/identity/v3/implied_role.py
@@ -17,8 +17,8 @@
import logging
-from osc_lib.command import command
+from openstackclient import command
from openstackclient.i18n import _
diff --git a/openstackclient/identity/v3/limit.py b/openstackclient/identity/v3/limit.py
index 7f2fe88..94f6bca 100644
--- a/openstackclient/identity/v3/limit.py
+++ b/openstackclient/identity/v3/limit.py
@@ -15,16 +15,38 @@
import logging
-from osc_lib.command import command
from osc_lib import exceptions
from osc_lib import utils
+from openstackclient import command
from openstackclient.i18n import _
from openstackclient.identity import common as common_utils
LOG = logging.getLogger(__name__)
+def _format_limit(limit):
+ columns = (
+ "description",
+ "id",
+ "project_id",
+ "region_id",
+ "resource_limit",
+ "resource_name",
+ "service_id",
+ )
+ column_headers = (
+ "description",
+ "id",
+ "project_id",
+ "region_id",
+ "resource_limit",
+ "resource_name",
+ "service_id",
+ )
+ return (column_headers, utils.get_item_properties(limit, columns))
+
+
class CreateLimit(command.ShowOne):
_description = _("Create a limit")
@@ -46,6 +68,7 @@ class CreateLimit(command.ShowOne):
required=True,
help=_('Project to associate the resource limit to'),
)
+ common_utils.add_project_domain_option_to_parser(parser)
parser.add_argument(
'--service',
metavar='<service>',
@@ -67,47 +90,33 @@ class CreateLimit(command.ShowOne):
return parser
def take_action(self, parsed_args):
- identity_client = self.app.client_manager.identity
-
- project = common_utils.find_project(
- identity_client, parsed_args.project
+ identity_client = self.app.client_manager.sdk_connection.identity
+
+ kwargs = {
+ "resource_name": parsed_args.resource_name,
+ "resource_limit": parsed_args.resource_limit,
+ }
+ if parsed_args.description:
+ kwargs["description"] = parsed_args.description
+
+ kwargs["project_id"] = common_utils.find_project_id_sdk(
+ identity_client,
+ parsed_args.project,
+ domain_name_or_id=parsed_args.project_domain,
)
- service = common_utils.find_service(
+
+ kwargs["service_id"] = common_utils.find_service_sdk(
identity_client, parsed_args.service
- )
- region = None
+ ).id
+
if parsed_args.region:
- if 'None' not in parsed_args.region:
- # NOTE (vishakha): Due to bug #1799153 and for any another
- # related case where GET resource API does not support the
- # filter by name, osc_lib.utils.find_resource() method cannot
- # be used because that method try to fall back to list all the
- # resource if requested resource cannot be get via name. Which
- # ends up with NoUniqueMatch error.
- # So osc_lib.utils.find_resource() function cannot be used for
- # 'regions', using common_utils.get_resource() instead.
- region = common_utils.get_resource(
- identity_client.regions, parsed_args.region
- )
- else:
- self.log.warning(
- _(
- "Passing 'None' to indicate no region is deprecated. "
- "Instead, don't pass --region."
- )
- )
+ kwargs["region_id"] = identity_client.get_region(
+ parsed_args.region
+ ).id
- limit = identity_client.limits.create(
- project,
- service,
- parsed_args.resource_name,
- parsed_args.resource_limit,
- description=parsed_args.description,
- region=region,
- )
+ limit = identity_client.create_limit(**kwargs)
- limit._info.pop('links', None)
- return zip(*sorted(limit._info.items()))
+ return _format_limit(limit)
class ListLimit(command.Lister):
@@ -136,50 +145,41 @@ class ListLimit(command.Lister):
metavar='<project>',
help=_('List resource limits associated with project'),
)
+ common_utils.add_project_domain_option_to_parser(parser)
+
return parser
def take_action(self, parsed_args):
- identity_client = self.app.client_manager.identity
+ identity_client = self.app.client_manager.sdk_connection.identity
- service = None
+ kwargs = {}
if parsed_args.service:
- service = common_utils.find_service(
+ kwargs["service_id"] = common_utils.find_service_sdk(
identity_client, parsed_args.service
)
- region = None
+
if parsed_args.region:
- if 'None' not in parsed_args.region:
- # NOTE (vishakha): Due to bug #1799153 and for any another
- # related case where GET resource API does not support the
- # filter by name, osc_lib.utils.find_resource() method cannot
- # be used because that method try to fall back to list all the
- # resource if requested resource cannot be get via name. Which
- # ends up with NoUniqueMatch error.
- # So osc_lib.utils.find_resource() function cannot be used for
- # 'regions', using common_utils.get_resource() instead.
- region = common_utils.get_resource(
- identity_client.regions, parsed_args.region
- )
- else:
- self.log.warning(
- _(
- "Passing 'None' to indicate no region is deprecated. "
- "Instead, don't pass --region."
- )
- )
+ kwargs["region_id"] = identity_client.get_region(
+ parsed_args.region
+ ).id
- project = None
if parsed_args.project:
- project = utils.find_resource(
- identity_client.projects, parsed_args.project
+ project_domain_id = None
+ if parsed_args.project_domain:
+ project_domain_id = common_utils.find_domain_id_sdk(
+ identity_client, parsed_args.project_domain
+ )
+
+ kwargs["project_id"] = common_utils._find_sdk_id(
+ identity_client.find_project,
+ name_or_id=parsed_args.project,
+ domain_id=project_domain_id,
)
- limits = identity_client.limits.list(
- service=service,
- resource_name=parsed_args.resource_name,
- region=region,
- project=project,
- )
+ if parsed_args.resource_name:
+ kwargs["resource_name"] = parsed_args.resource_name
+
+ limits = identity_client.limits(**kwargs)
columns = (
'ID',
@@ -209,10 +209,9 @@ class ShowLimit(command.ShowOne):
return parser
def take_action(self, parsed_args):
- identity_client = self.app.client_manager.identity
- limit = identity_client.limits.get(parsed_args.limit_id)
- limit._info.pop('links', None)
- return zip(*sorted(limit._info.items()))
+ identity_client = self.app.client_manager.sdk_connection.identity
+ limit = identity_client.get_limit(parsed_args.limit_id)
+ return _format_limit(limit)
class SetLimit(command.ShowOne):
@@ -240,17 +239,16 @@ class SetLimit(command.ShowOne):
return parser
def take_action(self, parsed_args):
- identity_client = self.app.client_manager.identity
-
- limit = identity_client.limits.update(
- parsed_args.limit_id,
- description=parsed_args.description,
- resource_limit=parsed_args.resource_limit,
- )
+ identity_client = self.app.client_manager.sdk_connection.identity
- limit._info.pop('links', None)
+ kwargs = {}
+ if parsed_args.description:
+ kwargs["description"] = parsed_args.description
+ if parsed_args.resource_limit:
+ kwargs["resource_limit"] = parsed_args.resource_limit
+ limit = identity_client.update_limit(parsed_args.limit_id, **kwargs)
- return zip(*sorted(limit._info.items()))
+ return _format_limit(limit)
class DeleteLimit(command.Command):
@@ -262,17 +260,20 @@ class DeleteLimit(command.Command):
'limit_id',
metavar='<limit-id>',
nargs="+",
- help=_('Limit to delete (ID)'),
+ help=_(
+ 'Limit to delete (ID) '
+ '(repeat option to remove multiple limits)'
+ ),
)
return parser
def take_action(self, parsed_args):
- identity_client = self.app.client_manager.identity
+ identity_client = self.app.client_manager.sdk_connection.identity
errors = 0
for limit_id in parsed_args.limit_id:
try:
- identity_client.limits.delete(limit_id)
+ identity_client.delete_limit(limit_id)
except Exception as e:
errors += 1
LOG.error(
diff --git a/openstackclient/identity/v3/mapping.py b/openstackclient/identity/v3/mapping.py
index 8c2d0bf..a041f19 100644
--- a/openstackclient/identity/v3/mapping.py
+++ b/openstackclient/identity/v3/mapping.py
@@ -18,10 +18,10 @@
import json
import logging
-from osc_lib.command import command
from osc_lib import exceptions
from osc_lib import utils
+from openstackclient import command
from openstackclient.i18n import _
diff --git a/openstackclient/identity/v3/policy.py b/openstackclient/identity/v3/policy.py
index d5b8fec..3554903 100644
--- a/openstackclient/identity/v3/policy.py
+++ b/openstackclient/identity/v3/policy.py
@@ -17,10 +17,10 @@
import logging
-from osc_lib.command import command
from osc_lib import exceptions
from osc_lib import utils
+from openstackclient import command
from openstackclient.i18n import _
diff --git a/openstackclient/identity/v3/project.py b/openstackclient/identity/v3/project.py
index 3832154..9924239 100644
--- a/openstackclient/identity/v3/project.py
+++ b/openstackclient/identity/v3/project.py
@@ -17,12 +17,12 @@
import logging
-from keystoneauth1 import exceptions as ks_exc
+from openstack import exceptions as sdk_exc
from osc_lib.cli import parseractions
-from osc_lib.command import command
from osc_lib import exceptions
from osc_lib import utils
+from openstackclient import command
from openstackclient.i18n import _
from openstackclient.identity import common
from openstackclient.identity.v3 import tag
@@ -30,6 +30,21 @@ from openstackclient.identity.v3 import tag
LOG = logging.getLogger(__name__)
+def _format_project(project):
+ # NOTE(0weng): Projects allow unknown attributes in the body, so extract
+ # the column names separately.
+ (column_headers, columns) = utils.get_osc_show_columns_for_sdk_resource(
+ project,
+ {'is_enabled': 'enabled'},
+ ['links', 'location', 'parents_as_ids', 'subtree_as_ids'],
+ )
+
+ return (
+ column_headers,
+ utils.get_item_properties(project, columns),
+ )
+
+
class CreateProject(command.ShowOne):
_description = _("Create new project")
@@ -73,8 +88,8 @@ class CreateProject(command.ShowOne):
parser.add_argument(
'--property',
metavar='<key=value>',
- action=parseractions.KeyValueAction,
dest='properties',
+ action=parseractions.KeyValueAction,
help=_(
'Add a property to <name> '
'(repeat option to set multiple properties)'
@@ -90,22 +105,13 @@ class CreateProject(command.ShowOne):
return parser
def take_action(self, parsed_args):
- identity_client = self.app.client_manager.identity
-
- domain = None
- if parsed_args.domain:
- domain = common.find_domain(identity_client, parsed_args.domain).id
-
- parent = None
- if parsed_args.parent:
- parent = utils.find_resource(
- identity_client.projects,
- parsed_args.parent,
- ).id
+ identity_client = self.app.client_manager.sdk_connection.identity
kwargs = {}
+
if parsed_args.properties:
kwargs = parsed_args.properties.copy()
+
if 'is_domain' in kwargs.keys():
if kwargs['is_domain'].lower() == "true":
kwargs['is_domain'] = True
@@ -114,39 +120,66 @@ class CreateProject(command.ShowOne):
elif kwargs['is_domain'].lower() == "none":
kwargs['is_domain'] = None
- kwargs['tags'] = list(set(parsed_args.tags))
+ if parsed_args.description:
+ kwargs['description'] = parsed_args.description
+
+ if parsed_args.name:
+ kwargs['name'] = parsed_args.name
+
+ domain = None
+ if parsed_args.domain:
+ domain = common.find_domain_id_sdk(
+ identity_client, parsed_args.domain
+ )
+ kwargs['domain_id'] = domain
+
+ if parsed_args.parent:
+ kwargs['parent_id'] = common.find_project_id_sdk(
+ identity_client,
+ parsed_args.parent,
+ domain_name_or_id=domain,
+ )
+
+ kwargs['is_enabled'] = parsed_args.enabled
+
+ if parsed_args.tags:
+ kwargs['tags'] = list(set(parsed_args.tags))
- options = {}
if parsed_args.immutable is not None:
- options['immutable'] = parsed_args.immutable
+ kwargs['options'] = {'immutable': parsed_args.immutable}
try:
- project = identity_client.projects.create(
- name=parsed_args.name,
- domain=domain,
- parent=parent,
- description=parsed_args.description,
- enabled=parsed_args.enabled,
- options=options,
+ project = identity_client.create_project(
**kwargs,
)
- except ks_exc.Conflict:
+ except sdk_exc.ConflictException:
if parsed_args.or_show:
- project = utils.find_resource(
- identity_client.projects,
- parsed_args.name,
- domain_id=domain,
- )
+ if parsed_args.domain:
+ project = identity_client.find_project(
+ parsed_args.name,
+ domain_id=domain,
+ ignore_missing=False,
+ )
+ else:
+ project = identity_client.find_project(
+ parsed_args.name, ignore_missing=False
+ )
LOG.info(_('Returning existing project %s'), project.name)
else:
raise
- project._info.pop('links')
- return zip(*sorted(project._info.items()))
+ return _format_project(project)
class DeleteProject(command.Command):
- _description = _("Delete project(s)")
+ _description = _(
+ "Delete project(s). This command will remove specified "
+ "existing project(s) if an active user is authorized to do "
+ "this. If there are resources managed by other services "
+ "(for example, Nova, Neutron, Cinder) associated with "
+ "specified project(s), delete operation will proceed "
+ "regardless."
+ )
def get_parser(self, prog_name):
parser = super().get_parser(prog_name)
@@ -164,23 +197,19 @@ class DeleteProject(command.Command):
return parser
def take_action(self, parsed_args):
- identity_client = self.app.client_manager.identity
+ identity_client = self.app.client_manager.sdk_connection.identity
- domain = None
- if parsed_args.domain:
- domain = common.find_domain(identity_client, parsed_args.domain)
errors = 0
for project in parsed_args.projects:
try:
- if domain is not None:
- project_obj = utils.find_resource(
- identity_client.projects, project, domain_id=domain.id
- )
- else:
- project_obj = utils.find_resource(
- identity_client.projects, project
- )
- identity_client.projects.delete(project_obj.id)
+ project = common.find_project_id_sdk(
+ identity_client,
+ project,
+ domain_name_or_id=parsed_args.domain,
+ validate_actor_existence=True,
+ validate_domain_actor_existence=False,
+ )
+ identity_client.delete_project(project)
except Exception as e:
errors += 1
LOG.error(
@@ -261,38 +290,46 @@ class ListProject(command.Lister):
return parser
def take_action(self, parsed_args):
- identity_client = self.app.client_manager.identity
- columns: tuple[str, ...] = ('ID', 'Name')
+ identity_client = self.app.client_manager.sdk_connection.identity
+
+ column_headers: tuple[str, ...] = ('ID', 'Name')
+ if parsed_args.long:
+ column_headers += ('Domain ID', 'Description', 'Enabled')
+
+ columns: tuple[str, ...] = ('id', 'name')
if parsed_args.long:
- columns += ('Domain ID', 'Description', 'Enabled')
+ columns += ('domain_id', 'description', 'is_enabled')
+
kwargs = {}
domain_id = None
if parsed_args.domain:
- domain_id = common.find_domain(
+ domain_id = common.find_domain_id_sdk(
identity_client, parsed_args.domain
- ).id
- kwargs['domain'] = domain_id
+ )
+ kwargs['domain_id'] = domain_id
if parsed_args.parent:
- parent_id = common.find_project(
- identity_client, parsed_args.parent
- ).id
- kwargs['parent'] = parent_id
+ parent_id = common.find_project_id_sdk(
+ identity_client,
+ parsed_args.parent,
+ domain_name_or_id=domain_id,
+ )
+ kwargs['parent_id'] = parent_id
+ user = None
if parsed_args.user:
if parsed_args.domain:
- user_id = utils.find_resource(
- identity_client.users,
+ user = common.find_user_id_sdk(
+ identity_client,
parsed_args.user,
- domain_id=domain_id,
- ).id
+ domain_name_or_id=domain_id,
+ )
else:
- user_id = utils.find_resource(
- identity_client.users, parsed_args.user
- ).id
-
- kwargs['user'] = user_id
+ user = common.find_user_id_sdk(
+ identity_client,
+ parsed_args.user,
+ )
if parsed_args.is_enabled is not None:
kwargs['is_enabled'] = parsed_args.is_enabled
@@ -301,32 +338,29 @@ class ListProject(command.Lister):
if parsed_args.my_projects:
# NOTE(adriant): my-projects supersedes all the other filters.
- kwargs = {'user': self.app.client_manager.auth_ref.user_id}
+ kwargs = {}
+ user = self.app.client_manager.auth_ref.user_id
- try:
- data = identity_client.projects.list(**kwargs)
- except ks_exc.Forbidden:
- # NOTE(adriant): if no filters, assume a forbidden is non-admin
- # wanting their own project list.
- if not kwargs:
- user = self.app.client_manager.auth_ref.user_id
- data = identity_client.projects.list(user=user)
- else:
- raise
+ if user:
+ data = identity_client.user_projects(user, **kwargs)
+ else:
+ try:
+ data = identity_client.projects(**kwargs)
+ except sdk_exc.ForbiddenException:
+ # NOTE(adriant): if no filters, assume a forbidden is non-admin
+ # wanting their own project list.
+ if not kwargs:
+ user = self.app.client_manager.auth_ref.user_id
+ data = identity_client.user_projects(user)
+ else:
+ raise
if parsed_args.sort:
data = utils.sort_items(data, parsed_args.sort)
return (
- columns,
- (
- utils.get_item_properties(
- s,
- columns,
- formatters={},
- )
- for s in data
- ),
+ column_headers,
+ (utils.get_item_properties(s, columns) for s in data),
)
@@ -385,11 +419,7 @@ class SetProject(command.Command):
return parser
def take_action(self, parsed_args):
- identity_client = self.app.client_manager.identity
-
- project = common.find_project(
- identity_client, parsed_args.project, parsed_args.domain
- )
+ identity_client = self.app.client_manager.sdk_connection.identity
kwargs = {}
if parsed_args.name:
@@ -402,9 +432,50 @@ class SetProject(command.Command):
kwargs['options'] = {'immutable': parsed_args.immutable}
if parsed_args.properties:
kwargs.update(parsed_args.properties)
- tag.update_tags_in_args(parsed_args, project, kwargs)
- identity_client.projects.update(project.id, **kwargs)
+ if parsed_args.domain:
+ domain = common.find_domain_id_sdk(
+ identity_client,
+ parsed_args.domain,
+ validate_actor_existence=False,
+ )
+ project = identity_client.find_project(
+ parsed_args.project,
+ domain_id=domain,
+ ignore_missing=True,
+ )
+ else:
+ project = identity_client.find_project(
+ parsed_args.project,
+ ignore_missing=True,
+ )
+
+ if (
+ parsed_args.tags
+ or parsed_args.remove_tags
+ or parsed_args.clear_tags
+ ):
+ existing_tags = []
+ if project:
+ existing_tags = project.tags
+
+ if parsed_args.clear_tags:
+ kwargs['tags'] = []
+ else:
+ existing_tags_set = set(existing_tags)
+ if parsed_args.remove_tags:
+ tags = sorted(
+ existing_tags_set - set(parsed_args.remove_tags)
+ )
+ if parsed_args.tags:
+ tags = sorted(
+ existing_tags_set.union(set(parsed_args.tags))
+ )
+ kwargs['tags'] = tags
+
+ project_id = project.id if project else parsed_args.project
+
+ identity_client.update_project(project_id, **kwargs)
class ShowProject(command.ShowOne):
@@ -437,31 +508,36 @@ class ShowProject(command.ShowOne):
return parser
def take_action(self, parsed_args):
- identity_client = self.app.client_manager.identity
+ identity_client = self.app.client_manager.sdk_connection.identity
- project_str = common._get_token_resource(
- identity_client, 'project', parsed_args.project, parsed_args.domain
- )
+ kwargs = {}
+ domain = None
if parsed_args.domain:
- domain = common.find_domain(identity_client, parsed_args.domain)
- project = utils.find_resource(
- identity_client.projects, project_str, domain_id=domain.id
- )
- else:
- project = utils.find_resource(
- identity_client.projects, project_str
+ domain = common.find_domain_id_sdk(
+ identity_client, parsed_args.domain
)
- if parsed_args.parents or parsed_args.children:
- # NOTE(RuiChen): utils.find_resource() can't pass kwargs,
- # if id query hit the result at first, so call
- # identity manager.get() with kwargs directly.
- project = identity_client.projects.get(
- project.id,
- parents_as_ids=parsed_args.parents,
- subtree_as_ids=parsed_args.children,
- )
+ kwargs['domain_id'] = domain
+
+ # Get project id first; otherwise, find_project() can't find
+ # parents/children if only project name was given
+ project = common.find_project_id_sdk(
+ identity_client,
+ parsed_args.project,
+ domain_name_or_id=domain,
+ validate_actor_existence=False,
+ validate_domain_actor_existence=False,
+ )
+
+ # Include these options as query parameters if they are provided
+ if parsed_args.parents:
+ kwargs['parents_as_ids'] = True
+ if parsed_args.children:
+ kwargs['subtree_as_ids'] = True
+
+ project = identity_client.find_project(
+ project, **kwargs, ignore_missing=False
+ )
- project._info.pop('links')
- return zip(*sorted(project._info.items()))
+ return _format_project(project)
diff --git a/openstackclient/identity/v3/region.py b/openstackclient/identity/v3/region.py
index 40d3819..4882c9e 100644
--- a/openstackclient/identity/v3/region.py
+++ b/openstackclient/identity/v3/region.py
@@ -15,10 +15,10 @@
import logging
-from osc_lib.command import command
from osc_lib import exceptions
from osc_lib import utils
+from openstackclient import command
from openstackclient.i18n import _
diff --git a/openstackclient/identity/v3/registered_limit.py b/openstackclient/identity/v3/registered_limit.py
index 34ce210..4be829b 100644
--- a/openstackclient/identity/v3/registered_limit.py
+++ b/openstackclient/identity/v3/registered_limit.py
@@ -15,16 +15,39 @@
import logging
-from osc_lib.command import command
from osc_lib import exceptions
from osc_lib import utils
+from openstackclient import command
from openstackclient.i18n import _
from openstackclient.identity import common as common_utils
LOG = logging.getLogger(__name__)
+def _format_registered_limit(registered_limit):
+ columns = (
+ 'default_limit',
+ 'description',
+ 'id',
+ 'region_id',
+ 'resource_name',
+ 'service_id',
+ )
+ column_headers = (
+ 'default_limit',
+ 'description',
+ 'id',
+ 'region_id',
+ 'resource_name',
+ 'service_id',
+ )
+ return (
+ column_headers,
+ utils.get_item_properties(registered_limit, columns),
+ )
+
+
class CreateRegisteredLimit(command.ShowOne):
_description = _("Create a registered limit")
@@ -44,7 +67,10 @@ class CreateRegisteredLimit(command.ShowOne):
'--service',
metavar='<service>',
required=True,
- help=_('Service responsible for the resource to limit (required)'),
+ help=_(
+ 'Service responsible for the resource to limit (required) '
+ '(name or ID)'
+ ),
)
parser.add_argument(
'--default-limit',
@@ -61,43 +87,28 @@ class CreateRegisteredLimit(command.ShowOne):
return parser
def take_action(self, parsed_args):
- identity_client = self.app.client_manager.identity
+ identity_client = self.app.client_manager.sdk_connection.identity
+
+ kwargs = {}
+
+ if parsed_args.description:
+ kwargs["description"] = parsed_args.description
+
+ kwargs["service_id"] = common_utils.find_service_sdk(
+ identity_client, parsed_args.service
+ ).id
- service = utils.find_resource(
- identity_client.services, parsed_args.service
- )
- region = None
if parsed_args.region:
- if 'None' not in parsed_args.region:
- # NOTE (vishakha): Due to bug #1799153 and for any another
- # related case where GET resource API does not support the
- # filter by name, osc_lib.utils.find_resource() method cannot
- # be used because that method try to fall back to list all the
- # resource if requested resource cannot be get via name. Which
- # ends up with NoUniqueMatch error.
- # So osc_lib.utils.find_resource() function cannot be used for
- # 'regions', using common_utils.get_resource() instead.
- region = common_utils.get_resource(
- identity_client.regions, parsed_args.region
- )
- else:
- self.log.warning(
- _(
- "Passing 'None' to indicate no region is deprecated. "
- "Instead, don't pass --region."
- )
- )
+ kwargs["region_id"] = identity_client.get_region(
+ parsed_args.region
+ ).id
- registered_limit = identity_client.registered_limits.create(
- service,
- parsed_args.resource_name,
- parsed_args.default_limit,
- description=parsed_args.description,
- region=region,
- )
+ kwargs["resource_name"] = parsed_args.resource_name
+ kwargs["default_limit"] = parsed_args.default_limit
- registered_limit._info.pop('links', None)
- return zip(*sorted(registered_limit._info.items()))
+ registered_limit = identity_client.create_registered_limit(**kwargs)
+
+ return _format_registered_limit(registered_limit)
class DeleteRegisteredLimit(command.Command):
@@ -106,20 +117,25 @@ class DeleteRegisteredLimit(command.Command):
def get_parser(self, prog_name):
parser = super().get_parser(prog_name)
parser.add_argument(
- 'registered_limit_id',
- metavar='<registered-limit-id>',
+ 'registered_limits',
+ metavar='<registered-limits>',
nargs="+",
- help=_('Registered limit to delete (ID)'),
+ help=_(
+ 'Registered limit(s) to delete (ID) '
+ '(repeat option to remove multiple registered limits)'
+ ),
)
return parser
def take_action(self, parsed_args):
- identity_client = self.app.client_manager.identity
+ identity_client = self.app.client_manager.sdk_connection.identity
errors = 0
- for registered_limit_id in parsed_args.registered_limit_id:
+ for registered_limit_id in parsed_args.registered_limits:
try:
- identity_client.registered_limits.delete(registered_limit_id)
+ identity_client.delete_registered_limit(
+ registered_limit_id, ignore_missing=False
+ )
except Exception as e:
errors += 1
from pprint import pprint
@@ -134,7 +150,7 @@ class DeleteRegisteredLimit(command.Command):
)
if errors > 0:
- total = len(parsed_args.registered_limit_id)
+ total = len(parsed_args.registered_limits)
msg = _(
"%(errors)s of %(total)s registered limits failed to delete."
) % {'errors': errors, 'total': total}
@@ -149,7 +165,9 @@ class ListRegisteredLimit(command.Lister):
parser.add_argument(
'--service',
metavar='<service>',
- help=_('Service responsible for the resource to limit'),
+ help=_(
+ 'Service responsible for the resource to limit (name or ID)'
+ ),
)
parser.add_argument(
'--resource-name',
@@ -165,40 +183,22 @@ class ListRegisteredLimit(command.Lister):
return parser
def take_action(self, parsed_args):
- identity_client = self.app.client_manager.identity
+ identity_client = self.app.client_manager.sdk_connection.identity
- service = None
+ kwargs = {}
if parsed_args.service:
- service = common_utils.find_service(
+ kwargs["service_id"] = common_utils.find_service_sdk(
identity_client, parsed_args.service
- )
- region = None
+ ).id
if parsed_args.region:
- if 'None' not in parsed_args.region:
- # NOTE (vishakha): Due to bug #1799153 and for any another
- # related case where GET resource API does not support the
- # filter by name, osc_lib.utils.find_resource() method cannot
- # be used because that method try to fall back to list all the
- # resource if requested resource cannot be get via name. Which
- # ends up with NoUniqueMatch error.
- # So osc_lib.utils.find_resource() function cannot be used for
- # 'regions', using common_utils.get_resource() instead.
- region = common_utils.get_resource(
- identity_client.regions, parsed_args.region
- )
- else:
- self.log.warning(
- _(
- "Passing 'None' to indicate no region is deprecated. "
- "Instead, don't pass --region."
- )
- )
+ kwargs["region_id"] = identity_client.get_region(
+ parsed_args.region
+ ).id
- registered_limits = identity_client.registered_limits.list(
- service=service,
- resource_name=parsed_args.resource_name,
- region=region,
- )
+ if parsed_args.resource_name:
+ kwargs["resource_name"] = parsed_args.resource_name
+
+ registered_limits = identity_client.registered_limits(**kwargs)
columns = (
'ID',
@@ -228,9 +228,9 @@ class SetRegisteredLimit(command.ShowOne):
'--service',
metavar='<service>',
help=_(
- 'Service to be updated responsible for the resource to '
- 'limit. Either --service, --resource-name or --region must '
- 'be different than existing value otherwise it will be '
+ 'Service to be updated responsible for the resource to limit '
+ '(name or ID). Either --service, --resource-name or --region '
+ 'must be different than existing value otherwise it will be '
'duplicate entry'
),
)
@@ -268,44 +268,33 @@ class SetRegisteredLimit(command.ShowOne):
return parser
def take_action(self, parsed_args):
- identity_client = self.app.client_manager.identity
+ identity_client = self.app.client_manager.sdk_connection.identity
- service = None
+ kwargs = {}
if parsed_args.service:
- service = common_utils.find_service(
+ kwargs["service_id"] = common_utils.find_service_sdk(
identity_client, parsed_args.service
- )
+ ).id
+
+ if parsed_args.resource_name:
+ kwargs["resource_name"] = parsed_args.resource_name
+
+ if parsed_args.default_limit:
+ kwargs["default_limit"] = parsed_args.default_limit
+
+ if parsed_args.description:
+ kwargs["description"] = parsed_args.description
- region = None
if parsed_args.region:
- if 'None' not in parsed_args.region:
- # NOTE (vishakha): Due to bug #1799153 and for any another
- # related case where GET resource API does not support the
- # filter by name, osc_lib.utils.find_resource() method cannot
- # be used because that method try to fall back to list all the
- # resource if requested resource cannot be get via name. Which
- # ends up with NoUniqueMatch error.
- # So osc_lib.utils.find_resource() function cannot be used for
- # 'regions', using common_utils.get_resource() instead.
- region = common_utils.get_resource(
- identity_client.regions, parsed_args.region
- )
- else:
- self.log.warning(
- _("Passing 'None' to indicate no region is deprecated.")
- )
+ kwargs["region_id"] = identity_client.get_region(
+ parsed_args.region
+ ).id
- registered_limit = identity_client.registered_limits.update(
- parsed_args.registered_limit_id,
- service=service,
- resource_name=parsed_args.resource_name,
- default_limit=parsed_args.default_limit,
- description=parsed_args.description,
- region=region,
+ registered_limit = identity_client.update_registered_limit(
+ parsed_args.registered_limit_id, **kwargs
)
- registered_limit._info.pop('links', None)
- return zip(*sorted(registered_limit._info.items()))
+ return _format_registered_limit(registered_limit)
class ShowRegisteredLimit(command.ShowOne):
@@ -321,9 +310,8 @@ class ShowRegisteredLimit(command.ShowOne):
return parser
def take_action(self, parsed_args):
- identity_client = self.app.client_manager.identity
- registered_limit = identity_client.registered_limits.get(
+ identity_client = self.app.client_manager.sdk_connection.identity
+ registered_limit = identity_client.get_registered_limit(
parsed_args.registered_limit_id
)
- registered_limit._info.pop('links', None)
- return zip(*sorted(registered_limit._info.items()))
+ return _format_registered_limit(registered_limit)
diff --git a/openstackclient/identity/v3/role.py b/openstackclient/identity/v3/role.py
index 3301c3f..3c580d6 100644
--- a/openstackclient/identity/v3/role.py
+++ b/openstackclient/identity/v3/role.py
@@ -18,10 +18,10 @@
import logging
from openstack import exceptions as sdk_exc
-from osc_lib.command import command
from osc_lib import exceptions
from osc_lib import utils
+from openstackclient import command
from openstackclient.i18n import _
from openstackclient.identity import common
@@ -82,32 +82,12 @@ def _add_identity_and_resource_options_to_parser(parser):
common.add_inherited_option_to_parser(parser)
-def _find_sdk_id(
- find_command, name_or_id, validate_actor_existence=True, **kwargs
-):
- try:
- resource = find_command(
- name_or_id=name_or_id, ignore_missing=False, **kwargs
- )
-
- # Mimic the behavior of
- # openstackclient.identity.common._find_identity_resource()
- # and ignore if we don't have permission to find a resource.
- except sdk_exc.ForbiddenException:
- return name_or_id
- except sdk_exc.ResourceNotFound as exc:
- if not validate_actor_existence:
- return name_or_id
- raise exceptions.CommandError from exc
- return resource.id
-
-
def _process_identity_and_resource_options(
parsed_args, identity_client, validate_actor_existence=True
):
def _find_user():
domain_id = (
- _find_sdk_id(
+ common._find_sdk_id(
identity_client.find_domain,
name_or_id=parsed_args.user_domain,
validate_actor_existence=validate_actor_existence,
@@ -115,7 +95,7 @@ def _process_identity_and_resource_options(
if parsed_args.user_domain
else None
)
- return _find_sdk_id(
+ return common._find_sdk_id(
identity_client.find_user,
name_or_id=parsed_args.user,
validate_actor_existence=validate_actor_existence,
@@ -124,7 +104,7 @@ def _process_identity_and_resource_options(
def _find_group():
domain_id = (
- _find_sdk_id(
+ common._find_sdk_id(
identity_client.find_domain,
name_or_id=parsed_args.group_domain,
validate_actor_existence=validate_actor_existence,
@@ -132,7 +112,7 @@ def _process_identity_and_resource_options(
if parsed_args.group_domain
else None
)
- return _find_sdk_id(
+ return common._find_sdk_id(
identity_client.find_group,
name_or_id=parsed_args.group,
validate_actor_existence=validate_actor_existence,
@@ -141,7 +121,7 @@ def _process_identity_and_resource_options(
def _find_project():
domain_id = (
- _find_sdk_id(
+ common._find_sdk_id(
identity_client.find_domain,
name_or_id=parsed_args.project_domain,
validate_actor_existence=validate_actor_existence,
@@ -149,7 +129,7 @@ def _process_identity_and_resource_options(
if parsed_args.project_domain
else None
)
- return _find_sdk_id(
+ return common._find_sdk_id(
identity_client.find_project,
name_or_id=parsed_args.project,
validate_actor_existence=validate_actor_existence,
@@ -162,7 +142,7 @@ def _process_identity_and_resource_options(
kwargs['system'] = parsed_args.system
elif parsed_args.user and parsed_args.domain:
kwargs['user'] = _find_user()
- kwargs['domain'] = _find_sdk_id(
+ kwargs['domain'] = common._find_sdk_id(
identity_client.find_domain,
name_or_id=parsed_args.domain,
validate_actor_existence=validate_actor_existence,
@@ -175,7 +155,7 @@ def _process_identity_and_resource_options(
kwargs['system'] = parsed_args.system
elif parsed_args.group and parsed_args.domain:
kwargs['group'] = _find_group()
- kwargs['domain'] = _find_sdk_id(
+ kwargs['domain'] = common._find_sdk_id(
identity_client.find_domain,
name_or_id=parsed_args.domain,
validate_actor_existence=validate_actor_existence,
@@ -228,10 +208,10 @@ class AddRole(command.Command):
domain_id = None
if parsed_args.role_domain:
- domain_id = _find_sdk_id(
+ domain_id = common._find_sdk_id(
identity_client.find_domain, name_or_id=parsed_args.role_domain
)
- role = _find_sdk_id(
+ role = common._find_sdk_id(
identity_client.find_role,
name_or_id=parsed_args.role,
domain_id=domain_id,
@@ -328,7 +308,7 @@ class CreateRole(command.ShowOne):
create_kwargs = {}
if parsed_args.domain:
- create_kwargs['domain_id'] = _find_sdk_id(
+ create_kwargs['domain_id'] = common._find_sdk_id(
identity_client.find_domain, name_or_id=parsed_args.domain
)
@@ -381,13 +361,13 @@ class DeleteRole(command.Command):
domain_id = None
if parsed_args.domain:
- domain_id = _find_sdk_id(
+ domain_id = common._find_sdk_id(
identity_client.find_domain, parsed_args.domain
)
errors = 0
for role in parsed_args.roles:
try:
- role_id = _find_sdk_id(
+ role_id = common._find_sdk_id(
identity_client.find_role,
name_or_id=role,
domain_id=domain_id,
@@ -430,6 +410,7 @@ class ListRole(command.Lister):
if parsed_args.domain:
domain = identity_client.find_domain(
name_or_id=parsed_args.domain,
+ ignore_missing=False,
)
data = identity_client.roles(domain_id=domain.id)
return (
@@ -482,11 +463,11 @@ class RemoveRole(command.Command):
domain_id = None
if parsed_args.role_domain:
- domain_id = _find_sdk_id(
+ domain_id = common._find_sdk_id(
identity_client.find_domain,
name_or_id=parsed_args.role_domain,
)
- role = _find_sdk_id(
+ role = common._find_sdk_id(
identity_client.find_role,
name_or_id=parsed_args.role,
domain_id=domain_id,
@@ -582,7 +563,7 @@ class SetRole(command.Command):
domain_id = None
if parsed_args.domain:
- domain_id = _find_sdk_id(
+ domain_id = common._find_sdk_id(
identity_client.find_domain,
name_or_id=parsed_args.domain,
)
@@ -591,7 +572,7 @@ class SetRole(command.Command):
if parsed_args.immutable is not None:
update_kwargs["options"] = {"immutable": parsed_args.immutable}
- role = _find_sdk_id(
+ role = common._find_sdk_id(
identity_client.find_role,
name_or_id=parsed_args.role,
domain_id=domain_id,
@@ -623,7 +604,7 @@ class ShowRole(command.ShowOne):
domain_id = None
if parsed_args.domain:
- domain_id = _find_sdk_id(
+ domain_id = common._find_sdk_id(
identity_client.find_domain,
name_or_id=parsed_args.domain,
)
diff --git a/openstackclient/identity/v3/role_assignment.py b/openstackclient/identity/v3/role_assignment.py
index 12e1527..78c010f 100644
--- a/openstackclient/identity/v3/role_assignment.py
+++ b/openstackclient/identity/v3/role_assignment.py
@@ -13,9 +13,7 @@
"""Identity v3 Assignment action implementations"""
-from openstack import exceptions as sdk_exceptions
-from osc_lib.command import command
-
+from openstackclient import command
from openstackclient.i18n import _
from openstackclient.identity import common
@@ -51,15 +49,6 @@ def _format_role_assignment_(assignment, include_names):
)
-def _find_sdk_id(find_command, name_or_id, **kwargs):
- try:
- return find_command(
- name_or_id=name_or_id, ignore_missing=False, **kwargs
- ).id
- except sdk_exceptions.ForbiddenException:
- return name_or_id
-
-
class ListRoleAssignment(command.Lister):
_description = _("List role assignments")
@@ -135,12 +124,12 @@ class ListRoleAssignment(command.Lister):
role_id = None
role_domain_id = None
if parsed_args.role_domain:
- role_domain_id = _find_sdk_id(
+ role_domain_id = common._find_sdk_id(
identity_client.find_domain,
name_or_id=parsed_args.role_domain,
)
if parsed_args.role:
- role_id = _find_sdk_id(
+ role_id = common._find_sdk_id(
identity_client.find_role,
name_or_id=parsed_args.role,
domain_id=role_domain_id,
@@ -148,21 +137,21 @@ class ListRoleAssignment(command.Lister):
user_domain_id = None
if parsed_args.user_domain:
- user_domain_id = _find_sdk_id(
+ user_domain_id = common._find_sdk_id(
identity_client.find_domain,
name_or_id=parsed_args.user_domain,
)
user_id = None
if parsed_args.user:
- user_id = _find_sdk_id(
+ user_id = common._find_sdk_id(
identity_client.find_user,
name_or_id=parsed_args.user,
domain_id=user_domain_id,
)
elif parsed_args.authuser:
if auth_ref:
- user_id = _find_sdk_id(
+ user_id = common._find_sdk_id(
identity_client.find_user,
name_or_id=auth_ref.user_id,
)
@@ -173,21 +162,21 @@ class ListRoleAssignment(command.Lister):
domain_id = None
if parsed_args.domain:
- domain_id = _find_sdk_id(
+ domain_id = common._find_sdk_id(
identity_client.find_domain,
name_or_id=parsed_args.domain,
)
project_domain_id = None
if parsed_args.project_domain:
- project_domain_id = _find_sdk_id(
+ project_domain_id = common._find_sdk_id(
identity_client.find_domain,
name_or_id=parsed_args.project_domain,
)
project_id = None
if parsed_args.project:
- project_id = _find_sdk_id(
+ project_id = common._find_sdk_id(
identity_client.find_project,
name_or_id=common._get_token_resource(
identity_client, 'project', parsed_args.project
@@ -196,21 +185,21 @@ class ListRoleAssignment(command.Lister):
)
elif parsed_args.authproject:
if auth_ref:
- project_id = _find_sdk_id(
+ project_id = common._find_sdk_id(
identity_client.find_project,
name_or_id=auth_ref.project_id,
)
group_domain_id = None
if parsed_args.group_domain:
- group_domain_id = _find_sdk_id(
+ group_domain_id = common._find_sdk_id(
identity_client.find_domain,
name_or_id=parsed_args.group_domain,
)
group_id = None
if parsed_args.group:
- group_id = _find_sdk_id(
+ group_id = common._find_sdk_id(
identity_client.find_group,
name_or_id=parsed_args.group,
domain_id=group_domain_id,
diff --git a/openstackclient/identity/v3/service.py b/openstackclient/identity/v3/service.py
index e8f4832..53a7062 100644
--- a/openstackclient/identity/v3/service.py
+++ b/openstackclient/identity/v3/service.py
@@ -17,10 +17,10 @@
import logging
-from osc_lib.command import command
from osc_lib import exceptions
from osc_lib import utils
+from openstackclient import command
from openstackclient.i18n import _
from openstackclient.identity import common
diff --git a/openstackclient/identity/v3/service_provider.py b/openstackclient/identity/v3/service_provider.py
index 5b49cff..02aae66 100644
--- a/openstackclient/identity/v3/service_provider.py
+++ b/openstackclient/identity/v3/service_provider.py
@@ -15,10 +15,10 @@
import logging
-from osc_lib.command import command
from osc_lib import exceptions
from osc_lib import utils
+from openstackclient import command
from openstackclient.i18n import _
diff --git a/openstackclient/identity/v3/tag.py b/openstackclient/identity/v3/tag.py
index 0909fd1..f49a1ca 100644
--- a/openstackclient/identity/v3/tag.py
+++ b/openstackclient/identity/v3/tag.py
@@ -114,6 +114,7 @@ def add_tag_option_to_parser_for_set(parser, resource_name):
parser.add_argument(
'--remove-tag',
action='append',
+ dest='remove_tags',
metavar='<tag>',
default=[],
help=_(
@@ -122,14 +123,3 @@ def add_tag_option_to_parser_for_set(parser, resource_name):
)
% resource_name,
)
-
-
-def update_tags_in_args(parsed_args, obj, args):
- if parsed_args.clear_tags:
- args['tags'] = []
- obj.tags = []
- if parsed_args.remove_tag:
- args['tags'] = sorted(set(obj.tags) - set(parsed_args.remove_tag))
- return
- if parsed_args.tags:
- args['tags'] = sorted(set(obj.tags).union(set(parsed_args.tags)))
diff --git a/openstackclient/identity/v3/token.py b/openstackclient/identity/v3/token.py
index 5500ce1..05e374c 100644
--- a/openstackclient/identity/v3/token.py
+++ b/openstackclient/identity/v3/token.py
@@ -15,10 +15,10 @@
"""Identity v3 Token action implementations"""
-from osc_lib.command import command
from osc_lib import exceptions
from osc_lib import utils
+from openstackclient import command
from openstackclient.i18n import _
from openstackclient.identity import common
@@ -37,6 +37,7 @@ class AuthorizeRequestToken(command.ShowOne):
parser.add_argument(
'--role',
metavar='<role>',
+ dest='roles',
action='append',
default=[],
required=True,
@@ -52,7 +53,7 @@ class AuthorizeRequestToken(command.ShowOne):
# NOTE(stevemar): We want a list of role ids
roles = []
- for role in parsed_args.role:
+ for role in parsed_args.roles:
role_id = utils.find_resource(
identity_client.roles,
role,
diff --git a/openstackclient/identity/v3/trust.py b/openstackclient/identity/v3/trust.py
index df8e2f4..80808aa 100644
--- a/openstackclient/identity/v3/trust.py
+++ b/openstackclient/identity/v3/trust.py
@@ -18,10 +18,10 @@ import itertools
import logging
from openstack import exceptions as sdk_exceptions
-from osc_lib.command import command
from osc_lib import exceptions
from osc_lib import utils
+from openstackclient import command
from openstackclient.i18n import _
from openstackclient.identity import common
@@ -179,7 +179,9 @@ class CreateTrust(command.ShowOne):
roles = []
for role in parsed_args.roles:
try:
- role_id = identity_client.find_role(role).id
+ role_id = identity_client.find_role(
+ role, ignore_missing=False
+ ).id
except sdk_exceptions.ForbiddenException:
role_id = role
roles.append({"id": role_id})
diff --git a/openstackclient/identity/v3/unscoped_saml.py b/openstackclient/identity/v3/unscoped_saml.py
index d26035d..e1efc15 100644
--- a/openstackclient/identity/v3/unscoped_saml.py
+++ b/openstackclient/identity/v3/unscoped_saml.py
@@ -17,9 +17,9 @@ The first step of federated auth is to fetch an unscoped token. From there,
the user can list domains and projects they are allowed to access, and request
a scoped token."""
-from osc_lib.command import command
from osc_lib import utils
+from openstackclient import command
from openstackclient.i18n import _
diff --git a/openstackclient/identity/v3/user.py b/openstackclient/identity/v3/user.py
index fee7dbe..bec1c62 100644
--- a/openstackclient/identity/v3/user.py
+++ b/openstackclient/identity/v3/user.py
@@ -20,10 +20,10 @@ import logging
import typing as ty
from openstack import exceptions as sdk_exc
-from osc_lib.command import command
from osc_lib import exceptions
from osc_lib import utils
+from openstackclient import command
from openstackclient.i18n import _
from openstackclient.identity import common
@@ -82,9 +82,9 @@ def _get_options_for_user(identity_client, parsed_args):
options['multi_factor_auth_enabled'] = True
if parsed_args.disable_multi_factor_auth:
options['multi_factor_auth_enabled'] = False
- if parsed_args.multi_factor_auth_rule:
+ if parsed_args.multi_factor_auth_rules:
auth_rules = [
- rule.split(",") for rule in parsed_args.multi_factor_auth_rule
+ rule.split(",") for rule in parsed_args.multi_factor_auth_rules
]
if auth_rules:
options['multi_factor_auth_rules'] = auth_rules
@@ -175,7 +175,8 @@ def _add_user_options(parser):
parser.add_argument(
'--multi-factor-auth-rule',
metavar='<rule>',
- action="append",
+ dest='multi_factor_auth_rules',
+ action='append',
default=[],
help=_(
'Set multi-factor auth rules. For example, to set a rule '
@@ -298,6 +299,9 @@ class CreateUser(command.ShowOne):
"when a user does not have a password."
)
)
+ else:
+ kwargs['password'] = password
+
options = _get_options_for_user(identity_client, parsed_args)
if options:
kwargs['options'] = options
@@ -306,7 +310,6 @@ class CreateUser(command.ShowOne):
user = identity_client.create_user(
is_enabled=is_enabled,
name=parsed_args.name,
- password=password,
**kwargs,
)
except sdk_exc.ConflictException:
@@ -420,7 +423,8 @@ class ListUser(command.Lister):
dest='is_enabled',
default=None,
help=_(
- 'List only enabled users, does nothing with --project and --group'
+ 'List only enabled users, does nothing with '
+ '--project and --group'
),
)
parser.add_argument(
@@ -429,7 +433,8 @@ class ListUser(command.Lister):
dest='is_enabled',
default=None,
help=_(
- 'List only disabled users, does nothing with --project and --group'
+ 'List only disabled users, does nothing with '
+ '--project and --group'
),
)
return parser
@@ -441,6 +446,7 @@ class ListUser(command.Lister):
if parsed_args.domain:
domain = identity_client.find_domain(
name_or_id=parsed_args.domain,
+ ignore_missing=False,
).id
group = None
@@ -467,15 +473,13 @@ class ListUser(command.Lister):
ignore_missing=False,
).id
- assignments = identity_client.role_assignments_filter(
- project=project
- )
-
# NOTE(stevemar): If a user has more than one role on a project
# then they will have two entries in the returned data. Since we
# are looking for any role, let's just track unique user IDs.
user_ids = set()
- for assignment in assignments:
+ for assignment in identity_client.role_assignments(
+ scope_project_id=project
+ ):
if assignment.user:
user_ids.add(assignment.user['id'])
@@ -689,7 +693,12 @@ class SetPasswordUser(command.Command):
def take_action(self, parsed_args):
identity_client = self.app.client_manager.sdk_connection.identity
conn = self.app.client_manager.sdk_connection
- user_id = conn.config.get_auth().get_user_id(conn.identity)
+ auth = conn.config.get_auth()
+ if auth is None:
+ # this will never happen
+ raise exceptions.CommandError('invalid authentication info')
+
+ user_id = auth.get_user_id(conn.identity)
# FIXME(gyee): there are two scenarios:
#