These are effectively identical to the osc-lib variants except they
include the attributes that the OSC shell implementation will set on
this during shell init. This helps from a typing perspective.
Change-Id: I53d9058273748ecd4d4eecec5f7291d5f38ce5ab
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
We have a few instances of this. Settle on one.
Change-Id: Id115fea1c59ad75ec8e00d665e587020f7177a55
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Fix the wrong value assignment which made the --user-domain option
ignored. Unit tests are updated to verify usage of domain options to
avoid further regressions.
Also drop the redundant look up of domain id to avoid unnecessary API
call.
Closes-Bug: #2085604
Change-Id: I5112b8e831fb26eb6544615277f0d3fe4f15dc5a
The --user-domain option and the --project-domain option may take id or
name. In case name is given it should be translated to id.
Closes-Bug: 2083390
Change-Id: Idf3f113a74452daabc80660574030cb9b24b1a15
This change is entirely automated save for the update of some mocks from
'io.open' to '__builtins__.open').
We are keeping this change separate from addition of the actual hook so
that we can ignore the commit later.
Change-Id: I0a9d8736632084473b57b57b693322447d7be519
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Black used with the '-l 79 -S' flags.
A future change will ignore this commit in git-blame history by adding a
'git-blame-ignore-revs' file.
Change-Id: I2eeade1ce6653be8e9179ecc40105182c5ff5f16
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
This commit adds the necessary bits to expose system role
assignments to openstackclient via python-keystoneclient.
bp system-scope
Depends-On: Iecbcbf020a15f2bec777334c648d4477f89f3b2c
Change-Id: I261e84700b51e8715eaebdc3f8f8bc46b68542c2
If project matches the project from access token,
we do not have to send an API request to /projects?name=...,
because the project ID is already known.
This API request may require additional permissions, so
we want to avoid it, if possible.
Change-Id: Ice1af8686bceea6b67229dcab7cf82eef821163e
Closes-Bug: #1658189
Leverage the new cliff command class attribute (_description)
to get the help of a command, this allows us to mark strings
for translation. We could not do this before since the help
was grabbed from the docstring.
This also depends on a new release of cliff and a bump to the
minimum level in osc's requirements.
Closes-Bug: 1636209
Depends-On: Id915f6aa7d95a0ff3dc6e2ceaac5decb3f3bf0da
Change-Id: I8673080bb5625e8e3c499feaefd42dfc7121e96f
The current identity role list command (both v2 and v3) is
overloaded with listing roles as well as assignments (if you
provide user, group, project or domain options). This is in
addition to the v3 assignment list command designed for this
purpose.
This overloading complicates the fact that roles can now be
domain specific (i.e. have a domain attribute), so the
command 'role list --domain <domain-name' will soon become
ambigious (this is in a follow on patch).
This patch:
- Adds a v2 assignments list, with support for pulling the
user and project from the auth credentials
- For comapability, adds the same auth support to the
existing v3 assignments list
- Deprecates the use of role list and user role list to list
assignments
Change-Id: I65bafdef4f8c89e863dab101369d0d629fa818b8
Partial-Bug: 1605774
Previously each command logs take_action parameters explicitly
by using @utils.log_method decorator or log.debug().
Some commands have no logging.
This commit calls a logger in the base class and
drops all logging definition from individual commands.
Closes-Bug: #1532294
Change-Id: I43cd0290a4353c68c075bade9571c940733da1be
Utilize the new include names functionality added to
list role assignments (GET /role_assignments?include_names=True).
Which will return the names of the entities instead of their
IDs.
Change-Id: I6dc03baf61ef9354a8a259a9f17ff47ce1665ce7
Depends-On: I4aa77c08660a0cbd021502155938a46121ca76ef
Closes-Bug: #1479569
Implements: blueprint list-assignment-with-names
Adds inherited information when listing role
assignments. In addition, it makes possible
to list only inherited ones by adding
--inherited option.
Change-Id: Idf889603d584716da95e2c7b4880142fbd8291c4
Closes-Bug: 1370546
When using Keystone's policy.v3cloudsample.json policy file, a project admin is
supposed to be able to manage role assignments. Unfortunately, a project admin
isn't allowed to perform these operations using python-openstackclient, as we
attempt to perform list operations for any of the object types specified (users,
groups, projects). This is done in an attempt to lookup the id of the object by
name, but we perform this list operation even when the user specifies everything
by id. This causes 403 errors.
This patch still attempts to look up the object id by name, but we catch the 403
and assume that the user specified an id if the list operation is not allowed.
This is similar to what we do with the --domain option for other commands.
Closes-bug: #1445528
Change-Id: Id95a8520e935c1092d5a22ecd8ea01f572334ac8
The assignments manager and its test class were created.
Some fake stubs were also added on the fakes.py module.
The "openstack role assignment list" command was created.
Change-Id: Iae94f4fee608ea3e09ff38961ad22edc38efb89c
Implements: blueprint roles-assignment-list
Closes-Bug: 1246310
