Skip to content

Commit 6ce1f77

Browse files
Zuulopenstack-gerrit
Zuul
authored and
openstack-gerrit
committed
Merge "identity: Migrate 'trust' commands to SDK"
2 parents a631014 + 769bf87 commit 6ce1f77

3 files changed

Lines changed: 258 additions & 229 deletions

File tree

openstackclient/identity/v3/trust.py

Lines changed: 114 additions & 75 deletions
Original file line numberDiff line numberDiff line change
@@ -14,9 +14,10 @@
1414
"""Identity v3 Trust action implementations"""
1515

1616
import datetime
17+
import itertools
1718
import logging
1819

19-
from keystoneclient import exceptions as identity_exc
20+
from openstack import exceptions as sdk_exceptions
2021
from osc_lib.command import command
2122
from osc_lib import exceptions
2223
from osc_lib import utils
@@ -28,6 +29,25 @@
2829
LOG = logging.getLogger(__name__)
2930

3031

32+
def _format_trust(trust):
33+
columns = (
34+
'expires_at',
35+
'id',
36+
'is_impersonation',
37+
'project_id',
38+
'redelegated_trust_id',
39+
'redelegation_count',
40+
'remaining_uses',
41+
'roles',
42+
'trustee_user_id',
43+
'trustor_user_id',
44+
)
45+
return (
46+
columns,
47+
utils.get_item_properties(trust, columns),
48+
)
49+
50+
3151
class CreateTrust(command.ShowOne):
3252
_description = _("Create new trust")
3353

@@ -52,6 +72,7 @@ def get_parser(self, prog_name):
5272
parser.add_argument(
5373
'--role',
5474
metavar='<role>',
75+
dest='roles',
5576
action='append',
5677
default=[],
5778
help=_(
@@ -62,7 +83,7 @@ def get_parser(self, prog_name):
6283
)
6384
parser.add_argument(
6485
'--impersonate',
65-
dest='impersonate',
86+
dest='is_impersonation',
6687
action='store_true',
6788
default=False,
6889
help=_(
@@ -92,58 +113,60 @@ def get_parser(self, prog_name):
92113
return parser
93114

94115
def take_action(self, parsed_args):
95-
identity_client = self.app.client_manager.identity
116+
identity_client = self.app.client_manager.sdk_connection.identity
117+
118+
kwargs = {}
96119

97120
# NOTE(stevemar): Find the two users, project and roles that
98121
# are necessary for making a trust usable, the API dictates that
99122
# trustee, project and role are optional, but that makes the trust
100123
# pointless, and trusts are immutable, so let's enforce it at the
101124
# client level.
102-
trustor_id = common.find_user(
103-
identity_client, parsed_args.trustor, parsed_args.trustor_domain
104-
).id
105-
trustee_id = common.find_user(
106-
identity_client, parsed_args.trustee, parsed_args.trustee_domain
107-
).id
108-
project_id = common.find_project(
109-
identity_client, parsed_args.project, parsed_args.project_domain
110-
).id
125+
try:
126+
trustor_id = identity_client.find_user(
127+
parsed_args.trustor, parsed_args.trustor_domain
128+
).id
129+
kwargs['trustor_id'] = trustor_id
130+
except sdk_exceptions.ForbiddenException:
131+
kwargs['trustor_id'] = parsed_args.trustor
132+
133+
try:
134+
trustee_id = identity_client.find_user(
135+
parsed_args.trustee, parsed_args.trustee_domain
136+
).id
137+
kwargs['trustee_id'] = trustee_id
138+
except sdk_exceptions.ForbiddenException:
139+
kwargs['trustee_id'] = parsed_args.trustee
140+
141+
try:
142+
project_id = identity_client.find_project(
143+
parsed_args.project, parsed_args.project_domain
144+
).id
145+
kwargs['project_id'] = project_id
146+
except sdk_exceptions.ForbiddenException:
147+
kwargs['project_id'] = parsed_args.project
111148

112149
role_ids = []
113-
for role in parsed_args.role:
150+
for role in parsed_args.roles:
114151
try:
115-
role_id = utils.find_resource(
116-
identity_client.roles,
117-
role,
118-
).id
119-
except identity_exc.Forbidden:
152+
role_id = identity_client.find_role(role).id
153+
except sdk_exceptions.ForbiddenException:
120154
role_id = role
121155
role_ids.append(role_id)
156+
kwargs['roles'] = role_ids
122157

123-
expires_at = None
124158
if parsed_args.expiration:
125159
expires_at = datetime.datetime.strptime(
126160
parsed_args.expiration, '%Y-%m-%dT%H:%M:%S'
127161
)
162+
kwargs['expires_at'] = expires_at
128163

129-
trust = identity_client.trusts.create(
130-
trustee_id,
131-
trustor_id,
132-
impersonation=parsed_args.impersonate,
133-
project=project_id,
134-
role_ids=role_ids,
135-
expires_at=expires_at,
136-
)
137-
138-
trust._info.pop('roles_links', None)
139-
trust._info.pop('links', None)
164+
if parsed_args.is_impersonation:
165+
kwargs['is_impersonation'] = parsed_args.is_impersonation
140166

141-
# Format roles into something sensible
142-
roles = trust._info.pop('roles')
143-
msg = ' '.join(r['name'] for r in roles)
144-
trust._info['roles'] = msg
167+
trust = identity_client.create_trust(**kwargs)
145168

146-
return zip(*sorted(trust._info.items()))
169+
return _format_trust(trust)
147170

148171

149172
class DeleteTrust(command.Command):
@@ -160,13 +183,15 @@ def get_parser(self, prog_name):
160183
return parser
161184

162185
def take_action(self, parsed_args):
163-
identity_client = self.app.client_manager.identity
186+
identity_client = self.app.client_manager.sdk_connection.identity
164187

165188
errors = 0
166189
for trust in parsed_args.trust:
167190
try:
168-
trust_obj = utils.find_resource(identity_client.trusts, trust)
169-
identity_client.trusts.delete(trust_obj.id)
191+
trust_obj = identity_client.find_trust(
192+
trust, ignore_missing=False
193+
)
194+
identity_client.delete_trust(trust_obj.id)
170195
except Exception as e:
171196
errors += 1
172197
LOG.error(
@@ -220,7 +245,7 @@ def get_parser(self, prog_name):
220245
return parser
221246

222247
def take_action(self, parsed_args):
223-
identity_client = self.app.client_manager.identity
248+
identity_client = self.app.client_manager.sdk_connection.identity
224249
auth_ref = self.app.client_manager.auth_ref
225250

226251
if parsed_args.authuser and any(
@@ -243,48 +268,68 @@ def take_action(self, parsed_args):
243268
raise exceptions.CommandError(msg)
244269

245270
if parsed_args.authuser:
246-
if auth_ref:
247-
user = common.find_user(identity_client, auth_ref.user_id)
248-
# We need two calls here as we want trusts with
249-
# either the trustor or the trustee set to current user
250-
# using a single call would give us trusts with both
251-
# trustee and trustor set to current user
252-
data1 = identity_client.trusts.list(trustor_user=user)
253-
data2 = identity_client.trusts.list(trustee_user=user)
254-
data = set(data1 + data2)
271+
# We need two calls here as we want trusts with
272+
# either the trustor or the trustee set to current user
273+
# using a single call would give us trusts with both
274+
# trustee and trustor set to current user
275+
data = list(
276+
{
277+
x.id: x
278+
for x in itertools.chain(
279+
identity_client.trusts(
280+
trustor_user_id=auth_ref.user_id
281+
),
282+
identity_client.trusts(
283+
trustee_user_id=auth_ref.user_id
284+
),
285+
)
286+
}.values()
287+
)
255288
else:
256289
trustor = None
257290
if parsed_args.trustor:
258-
trustor = common.find_user(
259-
identity_client,
260-
parsed_args.trustor,
261-
parsed_args.trustor_domain,
262-
)
291+
try:
292+
trustor_id = identity_client.find_user(
293+
parsed_args.trustor, parsed_args.trustor_domain
294+
).id
295+
trustor = trustor_id
296+
except sdk_exceptions.ForbiddenException:
297+
trustor = parsed_args.trustor
263298

264299
trustee = None
265300
if parsed_args.trustee:
266-
trustee = common.find_user(
267-
identity_client,
268-
parsed_args.trustor,
269-
parsed_args.trustor_domain,
270-
)
271-
272-
data = self.app.client_manager.identity.trusts.list(
273-
trustor_user=trustor,
274-
trustee_user=trustee,
301+
try:
302+
trustee_id = identity_client.find_user(
303+
parsed_args.trustee, parsed_args.trustee_domain
304+
).id
305+
trustee = trustee_id
306+
except sdk_exceptions.ForbiddenException:
307+
trustee = parsed_args.trustee
308+
309+
data = identity_client.trusts(
310+
trustor_user_id=trustor,
311+
trustee_user_id=trustee,
275312
)
276313

277-
columns = (
314+
column_headers = (
278315
'ID',
279316
'Expires At',
280317
'Impersonation',
281318
'Project ID',
282319
'Trustee User ID',
283320
'Trustor User ID',
284321
)
322+
columns = (
323+
'id',
324+
'expires_at',
325+
'is_impersonation',
326+
'project_id',
327+
'trustee_user_id',
328+
'trustor_user_id',
329+
)
285330

286331
return (
287-
columns,
332+
column_headers,
288333
(
289334
utils.get_item_properties(
290335
s,
@@ -309,15 +354,9 @@ def get_parser(self, prog_name):
309354
return parser
310355

311356
def take_action(self, parsed_args):
312-
identity_client = self.app.client_manager.identity
313-
trust = utils.find_resource(identity_client.trusts, parsed_args.trust)
314-
315-
trust._info.pop('roles_links', None)
316-
trust._info.pop('links', None)
317-
318-
# Format roles into something sensible
319-
roles = trust._info.pop('roles')
320-
msg = ' '.join(r['name'] for r in roles)
321-
trust._info['roles'] = msg
357+
identity_client = self.app.client_manager.sdk_connection.identity
358+
trust = identity_client.find_trust(
359+
parsed_args.trust, ignore_missing=False
360+
)
322361

323-
return zip(*sorted(trust._info.items()))
362+
return _format_trust(trust)

0 commit comments

Comments
 (0)