Skip to content

Commit 3ca96ef

Browse files
author
Juan Antonio Osorio Robles
committed
Enable specifing domains in "role add"
If users, projects or groups are provided by name, there is a possibility of the existence other users/projects/groups with the same name in other domain. Even though this is not a problem if the actual ID is given instead of a name; this is mostly a usability enhancement. So, three options were added, one for specifying the domain where the user belongs, another one to specify the project's domain, and finally one to specify the group's domain. Change-Id: Iab04b0e04fa75ea5aa3723b8ea42a45f58a6cdb2 Closes-Bug: #1421328
1 parent a6deef6 commit 3ca96ef

3 files changed

Lines changed: 95 additions & 44 deletions

File tree

doc/source/command-objects/role.rst

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,27 @@ Add role to a user or group in a project or domain
3737

3838
.. versionadded:: 3
3939

40+
.. option:: --user-domain <user-domain>
41+
42+
Domain the user belongs to (name or ID).
43+
This can be used in case collisions between user names exist.
44+
45+
.. versionadded:: 3
46+
47+
.. option:: --group-domain <group-domain>
48+
49+
Domain the group belongs to (name or ID).
50+
This can be used in case collisions between group names exist.
51+
52+
.. versionadded:: 3
53+
54+
.. option:: --project-domain <project-domain>
55+
56+
Domain the project belongs to (name or ID).
57+
This can be used in case collisions between project names exist.
58+
59+
.. versionadded:: 3
60+
4061
.. describe:: <role>
4162

4263
Role to add to `<project>`:`<user>` (name or ID)

openstackclient/identity/common.py

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -48,23 +48,23 @@ def find_domain(identity_client, name_or_id):
4848
domains.Domain)
4949

5050

51-
def find_group(identity_client, name_or_id):
51+
def find_group(identity_client, name_or_id, domain_id=None):
5252
return _find_identity_resource(identity_client.groups, name_or_id,
53-
groups.Group)
53+
groups.Group, domain_id=domain_id)
5454

5555

56-
def find_project(identity_client, name_or_id):
56+
def find_project(identity_client, name_or_id, domain_id=None):
5757
return _find_identity_resource(identity_client.projects, name_or_id,
58-
projects.Project)
58+
projects.Project, domain_id=domain_id)
5959

6060

61-
def find_user(identity_client, name_or_id):
61+
def find_user(identity_client, name_or_id, domain_id=None):
6262
return _find_identity_resource(identity_client.users, name_or_id,
63-
users.User)
63+
users.User, domain_id=domain_id)
6464

6565

6666
def _find_identity_resource(identity_client_manager, name_or_id,
67-
resource_type):
67+
resource_type, **kwargs):
6868
"""Find a specific identity resource.
6969
7070
Using keystoneclient's manager, attempt to find a specific resource by its
@@ -92,7 +92,7 @@ def _find_identity_resource(identity_client_manager, name_or_id,
9292

9393
try:
9494
identity_resource = utils.find_resource(identity_client_manager,
95-
name_or_id)
95+
name_or_id, **kwargs)
9696
if identity_resource is not None:
9797
return identity_resource
9898
except identity_exc.Forbidden:

openstackclient/identity/v3/role.py

Lines changed: 66 additions & 36 deletions
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,27 @@ def get_parser(self, prog_name):
6363
metavar='<group>',
6464
help='Include <group> (name or ID)',
6565
)
66+
parser.add_argument(
67+
'--user-domain',
68+
metavar='<user-domain>',
69+
help=('Domain the user belongs to (name or ID). '
70+
'This can be used in case collisions between user names '
71+
'exist.')
72+
)
73+
parser.add_argument(
74+
'--group-domain',
75+
metavar='<group-domain>',
76+
help=('Domain the group belongs to (name or ID). '
77+
'This can be used in case collisions between group names '
78+
'exist.')
79+
)
80+
parser.add_argument(
81+
'--project-domain',
82+
metavar='<project-domain>',
83+
help=('Domain the project belongs to (name or ID). '
84+
'This can be used in case collisions between project names '
85+
'exist.')
86+
)
6687
return parser
6788

6889
def take_action(self, parsed_args):
@@ -78,67 +99,76 @@ def take_action(self, parsed_args):
7899
parsed_args.role,
79100
)
80101

102+
kwargs = {}
81103
if parsed_args.user and parsed_args.domain:
82-
user = common.find_user(
104+
user_domain_id = self._get_domain_id_if_requested(
105+
parsed_args.user_domain)
106+
kwargs['user'] = common.find_user(
83107
identity_client,
84108
parsed_args.user,
85-
)
86-
domain = common.find_domain(
109+
user_domain_id,
110+
).id
111+
kwargs['domain'] = common.find_domain(
87112
identity_client,
88113
parsed_args.domain,
89-
)
90-
identity_client.roles.grant(
91-
role.id,
92-
user=user.id,
93-
domain=domain.id,
94-
)
114+
).id
95115
elif parsed_args.user and parsed_args.project:
96-
user = common.find_user(
116+
user_domain_id = self._get_domain_id_if_requested(
117+
parsed_args.user_domain)
118+
kwargs['user'] = common.find_user(
97119
identity_client,
98120
parsed_args.user,
99-
)
100-
project = common.find_project(
121+
user_domain_id,
122+
).id
123+
project_domain_id = self._get_domain_id_if_requested(
124+
parsed_args.project_domain)
125+
kwargs['project'] = common.find_project(
101126
identity_client,
102127
parsed_args.project,
103-
)
104-
identity_client.roles.grant(
105-
role.id,
106-
user=user.id,
107-
project=project.id,
108-
)
128+
project_domain_id,
129+
).id
109130
elif parsed_args.group and parsed_args.domain:
110-
group = common.find_group(
131+
group_domain_id = self._get_domain_id_if_requested(
132+
parsed_args.group_domain)
133+
kwargs['group'] = common.find_group(
111134
identity_client,
112135
parsed_args.group,
113-
)
114-
domain = common.find_domain(
136+
group_domain_id,
137+
).id
138+
kwargs['domain'] = common.find_domain(
115139
identity_client,
116140
parsed_args.domain,
117-
)
118-
identity_client.roles.grant(
119-
role.id,
120-
group=group.id,
121-
domain=domain.id,
122-
)
141+
).id
123142
elif parsed_args.group and parsed_args.project:
124-
group = common.find_group(
143+
group_domain_id = self._get_domain_id_if_requested(
144+
parsed_args.group_domain)
145+
kwargs['group'] = common.find_group(
125146
identity_client,
126147
parsed_args.group,
127-
)
128-
project = common.find_project(
148+
group_domain_id,
149+
).id
150+
project_domain_id = self._get_domain_id_if_requested(
151+
parsed_args.project_domain)
152+
kwargs['project'] = common.find_project(
129153
identity_client,
130154
parsed_args.project,
131-
)
132-
identity_client.roles.grant(
133-
role.id,
134-
group=group.id,
135-
project=project.id,
136-
)
155+
project_domain_id,
156+
).id
137157
else:
138158
sys.stderr.write("Role not added, incorrect set of arguments \
139159
provided. See openstack --help for more details\n")
160+
return
161+
162+
identity_client.roles.grant(role.id, **kwargs)
140163
return
141164

165+
def _get_domain_id_if_requested(self, domain_name_or_id):
166+
if domain_name_or_id is None:
167+
return None
168+
domain = common.find_domain(self.app.client_manager.identity,
169+
domain_name_or_id)
170+
return domain.id
171+
142172

143173
class CreateRole(show.ShowOne):
144174
"""Create new role"""

0 commit comments

Comments
 (0)