Inherited info/option when listing role assignment

Adds inherited information when listing role
assignments. In addition, it makes possible
to list only inherited ones by adding
--inherited option.

Change-Id: Idf889603d584716da95e2c7b4880142fbd8291c4
Closes-Bug: 1370546
This commit is contained in:
Samuel de Medeiros Queiroz 2014-09-17 12:03:19 -03:00 committed by Steve Martinelli
parent 35833c94ef
commit 94a8805a9a
3 changed files with 137 additions and 33 deletions

View File

@ -64,12 +64,12 @@ class ListRoleAssignment(lister.Lister):
help='Project to filter (name or ID)', help='Project to filter (name or ID)',
) )
common.add_project_domain_option_to_parser(parser) common.add_project_domain_option_to_parser(parser)
common.add_inherited_option_to_parser(parser)
return parser return parser
def _as_tuple(self, assignment): def _as_tuple(self, assignment):
return (assignment.role, assignment.user, assignment.group, return (assignment.role, assignment.user, assignment.group,
assignment.project, assignment.domain) assignment.project, assignment.domain, assignment.inherited)
def take_action(self, parsed_args): def take_action(self, parsed_args):
self.log.debug('take_action(%s)' % parsed_args) self.log.debug('take_action(%s)' % parsed_args)
@ -115,14 +115,17 @@ class ListRoleAssignment(lister.Lister):
effective = True if parsed_args.effective else False effective = True if parsed_args.effective else False
self.log.debug('take_action(%s)' % parsed_args) self.log.debug('take_action(%s)' % parsed_args)
columns = ('Role', 'User', 'Group', 'Project', 'Domain') columns = ('Role', 'User', 'Group', 'Project', 'Domain', 'Inherited')
inherited_to = 'projects' if parsed_args.inherited else None
data = identity_client.role_assignments.list( data = identity_client.role_assignments.list(
domain=domain, domain=domain,
user=user, user=user,
group=group, group=group,
project=project, project=project,
role=role, role=role,
effective=effective) effective=effective,
os_inherit_extension_inherited_to=inherited_to)
data_parsed = [] data_parsed = []
for assignment in data: for assignment in data:
@ -139,6 +142,9 @@ class ListRoleAssignment(lister.Lister):
assignment.domain = '' assignment.domain = ''
assignment.project = '' assignment.project = ''
inherited = scope.get('OS-INHERIT:inherited_to') == 'projects'
assignment.inherited = inherited
del assignment.scope del assignment.scope
if hasattr(assignment, 'user'): if hasattr(assignment, 'user'):

View File

@ -313,6 +313,13 @@ ASSIGNMENT_WITH_PROJECT_ID_AND_USER_ID = {
'role': {'id': role_id}, 'role': {'id': role_id},
} }
ASSIGNMENT_WITH_PROJECT_ID_AND_USER_ID_INHERITED = {
'scope': {'project': {'id': project_id},
'OS-INHERIT:inherited_to': 'projects'},
'user': {'id': user_id},
'role': {'id': role_id},
}
ASSIGNMENT_WITH_PROJECT_ID_AND_GROUP_ID = { ASSIGNMENT_WITH_PROJECT_ID_AND_GROUP_ID = {
'scope': {'project': {'id': project_id}}, 'scope': {'project': {'id': project_id}},
'group': {'id': group_id}, 'group': {'id': group_id},
@ -325,6 +332,13 @@ ASSIGNMENT_WITH_DOMAIN_ID_AND_USER_ID = {
'role': {'id': role_id}, 'role': {'id': role_id},
} }
ASSIGNMENT_WITH_DOMAIN_ID_AND_USER_ID_INHERITED = {
'scope': {'domain': {'id': domain_id},
'OS-INHERIT:inherited_to': 'projects'},
'user': {'id': user_id},
'role': {'id': role_id},
}
ASSIGNMENT_WITH_DOMAIN_ID_AND_GROUP_ID = { ASSIGNMENT_WITH_DOMAIN_ID_AND_GROUP_ID = {
'scope': {'domain': {'id': domain_id}}, 'scope': {'domain': {'id': domain_id}},
'group': {'id': group_id}, 'group': {'id': group_id},

View File

@ -86,21 +86,24 @@ class TestRoleAssignmentList(TestRoleAssignment):
effective=False, effective=False,
role=None, role=None,
user=None, user=None,
project=None) project=None,
os_inherit_extension_inherited_to=None)
collist = ('Role', 'User', 'Group', 'Project', 'Domain') collist = ('Role', 'User', 'Group', 'Project', 'Domain', 'Inherited')
self.assertEqual(collist, columns) self.assertEqual(columns, collist)
datalist = (( datalist = ((
identity_fakes.role_id, identity_fakes.role_id,
identity_fakes.user_id, identity_fakes.user_id,
'', '',
identity_fakes.project_id, identity_fakes.project_id,
'' '',
False
), (identity_fakes.role_id, ), (identity_fakes.role_id,
'', '',
identity_fakes.group_id, identity_fakes.group_id,
identity_fakes.project_id, identity_fakes.project_id,
'' '',
False
),) ),)
self.assertEqual(datalist, tuple(data)) self.assertEqual(datalist, tuple(data))
@ -131,6 +134,7 @@ class TestRoleAssignmentList(TestRoleAssignment):
('project', None), ('project', None),
('role', None), ('role', None),
('effective', False), ('effective', False),
('inherited', False),
] ]
parsed_args = self.check_parser(self.cmd, arglist, verifylist) parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@ -143,21 +147,24 @@ class TestRoleAssignmentList(TestRoleAssignment):
group=None, group=None,
project=None, project=None,
role=None, role=None,
effective=False) effective=False,
os_inherit_extension_inherited_to=None)
collist = ('Role', 'User', 'Group', 'Project', 'Domain') collist = ('Role', 'User', 'Group', 'Project', 'Domain', 'Inherited')
self.assertEqual(collist, columns) self.assertEqual(columns, collist)
datalist = (( datalist = ((
identity_fakes.role_id, identity_fakes.role_id,
identity_fakes.user_id, identity_fakes.user_id,
'', '',
'', '',
identity_fakes.domain_id identity_fakes.domain_id,
False
), (identity_fakes.role_id, ), (identity_fakes.role_id,
identity_fakes.user_id, identity_fakes.user_id,
'', '',
identity_fakes.project_id, identity_fakes.project_id,
'' '',
False
),) ),)
self.assertEqual(datalist, tuple(data)) self.assertEqual(datalist, tuple(data))
@ -188,6 +195,7 @@ class TestRoleAssignmentList(TestRoleAssignment):
('project', None), ('project', None),
('role', None), ('role', None),
('effective', False), ('effective', False),
('inherited', False),
] ]
parsed_args = self.check_parser(self.cmd, arglist, verifylist) parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@ -200,21 +208,24 @@ class TestRoleAssignmentList(TestRoleAssignment):
effective=False, effective=False,
project=None, project=None,
role=None, role=None,
user=None) user=None,
os_inherit_extension_inherited_to=None)
collist = ('Role', 'User', 'Group', 'Project', 'Domain') collist = ('Role', 'User', 'Group', 'Project', 'Domain', 'Inherited')
self.assertEqual(collist, columns) self.assertEqual(columns, collist)
datalist = (( datalist = ((
identity_fakes.role_id, identity_fakes.role_id,
'', '',
identity_fakes.group_id, identity_fakes.group_id,
'', '',
identity_fakes.domain_id identity_fakes.domain_id,
False
), (identity_fakes.role_id, ), (identity_fakes.role_id,
'', '',
identity_fakes.group_id, identity_fakes.group_id,
identity_fakes.project_id, identity_fakes.project_id,
'' '',
False
),) ),)
self.assertEqual(datalist, tuple(data)) self.assertEqual(datalist, tuple(data))
@ -245,6 +256,7 @@ class TestRoleAssignmentList(TestRoleAssignment):
('project', None), ('project', None),
('role', None), ('role', None),
('effective', False), ('effective', False),
('inherited', False),
] ]
parsed_args = self.check_parser(self.cmd, arglist, verifylist) parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@ -257,21 +269,24 @@ class TestRoleAssignmentList(TestRoleAssignment):
effective=False, effective=False,
project=None, project=None,
role=None, role=None,
user=None) user=None,
os_inherit_extension_inherited_to=None)
collist = ('Role', 'User', 'Group', 'Project', 'Domain') collist = ('Role', 'User', 'Group', 'Project', 'Domain', 'Inherited')
self.assertEqual(collist, columns) self.assertEqual(columns, collist)
datalist = (( datalist = ((
identity_fakes.role_id, identity_fakes.role_id,
identity_fakes.user_id, identity_fakes.user_id,
'', '',
'', '',
identity_fakes.domain_id identity_fakes.domain_id,
False
), (identity_fakes.role_id, ), (identity_fakes.role_id,
'', '',
identity_fakes.group_id, identity_fakes.group_id,
'', '',
identity_fakes.domain_id identity_fakes.domain_id,
False
),) ),)
self.assertEqual(datalist, tuple(data)) self.assertEqual(datalist, tuple(data))
@ -302,6 +317,7 @@ class TestRoleAssignmentList(TestRoleAssignment):
('project', identity_fakes.project_name), ('project', identity_fakes.project_name),
('role', None), ('role', None),
('effective', False), ('effective', False),
('inherited', False),
] ]
parsed_args = self.check_parser(self.cmd, arglist, verifylist) parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@ -314,21 +330,24 @@ class TestRoleAssignmentList(TestRoleAssignment):
effective=False, effective=False,
project=self.projects_mock.get(), project=self.projects_mock.get(),
role=None, role=None,
user=None) user=None,
os_inherit_extension_inherited_to=None)
collist = ('Role', 'User', 'Group', 'Project', 'Domain') collist = ('Role', 'User', 'Group', 'Project', 'Domain', 'Inherited')
self.assertEqual(collist, columns) self.assertEqual(columns, collist)
datalist = (( datalist = ((
identity_fakes.role_id, identity_fakes.role_id,
identity_fakes.user_id, identity_fakes.user_id,
'', '',
identity_fakes.project_id, identity_fakes.project_id,
'' '',
False
), (identity_fakes.role_id, ), (identity_fakes.role_id,
'', '',
identity_fakes.group_id, identity_fakes.group_id,
identity_fakes.project_id, identity_fakes.project_id,
'' '',
False
),) ),)
self.assertEqual(datalist, tuple(data)) self.assertEqual(datalist, tuple(data))
@ -357,6 +376,7 @@ class TestRoleAssignmentList(TestRoleAssignment):
('project', None), ('project', None),
('role', None), ('role', None),
('effective', True), ('effective', True),
('inherited', False),
] ]
parsed_args = self.check_parser(self.cmd, arglist, verifylist) parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@ -369,20 +389,84 @@ class TestRoleAssignmentList(TestRoleAssignment):
effective=True, effective=True,
project=None, project=None,
role=None, role=None,
user=None) user=None,
os_inherit_extension_inherited_to=None)
collist = ('Role', 'User', 'Group', 'Project', 'Domain') collist = ('Role', 'User', 'Group', 'Project', 'Domain', 'Inherited')
self.assertEqual(collist, columns) self.assertEqual(columns, collist)
datalist = (( datalist = ((
identity_fakes.role_id, identity_fakes.role_id,
identity_fakes.user_id, identity_fakes.user_id,
'', '',
identity_fakes.project_id, identity_fakes.project_id,
'' '',
False
), (identity_fakes.role_id, ), (identity_fakes.role_id,
identity_fakes.user_id, identity_fakes.user_id,
'', '',
'', '',
identity_fakes.domain_id, identity_fakes.domain_id,
False
),)
self.assertEqual(tuple(data), datalist)
def test_role_assignment_list_inherited(self):
self.role_assignments_mock.list.return_value = [
fakes.FakeResource(
None,
copy.deepcopy(
(identity_fakes.
ASSIGNMENT_WITH_PROJECT_ID_AND_USER_ID_INHERITED)),
loaded=True,
),
fakes.FakeResource(
None,
copy.deepcopy(
(identity_fakes.
ASSIGNMENT_WITH_DOMAIN_ID_AND_USER_ID_INHERITED)),
loaded=True,
),
]
arglist = ['--inherited']
verifylist = [
('user', None),
('group', None),
('domain', None),
('project', None),
('role', None),
('effective', False),
('inherited', True),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
# DisplayCommandBase.take_action() returns two tuples
columns, data = self.cmd.take_action(parsed_args)
self.role_assignments_mock.list.assert_called_with(
domain=None,
group=None,
effective=False,
project=None,
role=None,
user=None,
os_inherit_extension_inherited_to='projects')
collist = ('Role', 'User', 'Group', 'Project', 'Domain', 'Inherited')
self.assertEqual(columns, collist)
datalist = ((
identity_fakes.role_id,
identity_fakes.user_id,
'',
identity_fakes.project_id,
'',
True
), (identity_fakes.role_id,
identity_fakes.user_id,
'',
'',
identity_fakes.domain_id,
True
),) ),)
self.assertEqual(datalist, tuple(data)) self.assertEqual(datalist, tuple(data))