1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
# Copyright 2012-2013 OpenStack Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
"""Identity v3 Implied Role action implementations"""
import logging
from osc_lib.command import command
import six
from openstackclient.i18n import _
LOG = logging.getLogger(__name__)
def _get_role_ids(identity_client, parsed_args):
"""Return prior and implied role id(s)
If prior and implied role id(s) are retrievable from identity
client, return tuple containing them.
"""
role_id = None
implied_role_id = None
roles = identity_client.roles.list()
for role in roles:
role_id_or_name = (role.name, role.id)
if parsed_args.role in role_id_or_name:
role_id = role.id
elif parsed_args.implied_role in role_id_or_name:
implied_role_id = role.id
return (role_id, implied_role_id)
class CreateImpliedRole(command.ShowOne):
_description = _("Creates an association between prior and implied roles")
def get_parser(self, prog_name):
parser = super(CreateImpliedRole, self).get_parser(prog_name)
parser.add_argument(
'role',
metavar='<role>',
help=_('Role (name or ID) that implies another role'),
)
parser.add_argument(
'--implied-role',
metavar='<role>',
help='<role> (name or ID) implied by another role',
required=True,
)
return parser
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
(prior_role_id, implied_role_id) = _get_role_ids(
identity_client, parsed_args)
response = identity_client.roles.create_implied(
prior_role_id, implied_role_id)
response._info.pop('links', None)
return zip(*sorted([(k, v['id'])
for k, v in six.iteritems(response._info)]))
class DeleteImpliedRole(command.Command):
_description = _("Deletes an association between prior and implied roles")
def get_parser(self, prog_name):
parser = super(DeleteImpliedRole, self).get_parser(prog_name)
parser.add_argument(
'role',
metavar='<role>',
help=_('Role (name or ID) that implies another role'),
)
parser.add_argument(
'--implied-role',
metavar='<role>',
help='<role> (name or ID) implied by another role',
required=True,
)
return parser
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
(prior_role_id, implied_role_id) = _get_role_ids(
identity_client, parsed_args)
identity_client.roles.delete_implied(
prior_role_id, implied_role_id)
class ListImpliedRole(command.Lister):
_description = _("List implied roles")
_COLUMNS = ['Prior Role ID', 'Prior Role Name',
'Implied Role ID', 'Implied Role Name']
def get_parser(self, prog_name):
parser = super(ListImpliedRole, self).get_parser(prog_name)
return parser
def take_action(self, parsed_args):
def _list_implied(response):
for rule in response:
for implies in rule.implies:
yield (rule.prior_role['id'],
rule.prior_role['name'],
implies['id'],
implies['name'])
identity_client = self.app.client_manager.identity
response = identity_client.roles.list_inference_roles()
return (self._COLUMNS, _list_implied(response))
|
