diff --git a/openstackclient/identity/v2_0/role.py b/openstackclient/identity/v2_0/role.py
new file mode 100644
index 0000000000..0f94a4be0a
--- /dev/null
+++ b/openstackclient/identity/v2_0/role.py
@@ -0,0 +1,268 @@
+# Copyright 2012 OpenStack LLC.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# vim: tabstop=4 shiftwidth=4 softtabstop=4
+
+"""
+Role action implementations
+"""
+
+import logging
+
+from cliff import lister
+from cliff import show
+
+from openstackclient.common import command
+from openstackclient.common import utils
+
+
+class AddRole(command.OpenStackCommand, show.ShowOne):
+ """Add role to tenant:user"""
+
+ api = 'identity'
+ log = logging.getLogger(__name__ + '.AddRole')
+
+ def get_parser(self, prog_name):
+ parser = super(AddRole, self).get_parser(prog_name)
+ parser.add_argument(
+ 'role',
+ metavar='<role>',
+ help='Role name or ID to add to user',
+ )
+ parser.add_argument(
+ '--tenant',
+ metavar='<tenant>',
+ required=True,
+ help='Name or ID of tenant to include',
+ )
+ parser.add_argument(
+ '--user',
+ metavar='<user>',
+ required=True,
+ help='Name or ID of user to include',
+ )
+ return parser
+
+ def get_data(self, parsed_args):
+ self.log.debug('get_data(%s)' % parsed_args)
+ identity_client = self.app.client_manager.identity
+ role = utils.find_resource(
+ identity_client.roles, parsed_args.role)
+ tenant = utils.find_resource(
+ identity_client.tenants, parsed_args.tenant)
+ user = utils.find_resource(
+ identity_client.users, parsed_args.user)
+ role = identity_client.roles.add_user_role(
+ user,
+ role,
+ tenant,
+ )
+
+ info = {}
+ info.update(role._info)
+ return zip(*sorted(info.iteritems()))
+
+
+class CreateRole(command.OpenStackCommand, show.ShowOne):
+ """Create new role"""
+
+ api = 'identity'
+ log = logging.getLogger(__name__ + '.CreateRole')
+
+ def get_parser(self, prog_name):
+ parser = super(CreateRole, self).get_parser(prog_name)
+ parser.add_argument(
+ 'role_name',
+ metavar='<role-name>',
+ help='New role name',
+ )
+ return parser
+
+ def get_data(self, parsed_args):
+ self.log.debug('get_data(%s)' % parsed_args)
+ identity_client = self.app.client_manager.identity
+ role = identity_client.roles.create(
+ parsed_args.role_name,
+ )
+
+ info = {}
+ info.update(role._info)
+ return zip(*sorted(info.iteritems()))
+
+
+class DeleteRole(command.OpenStackCommand):
+ """Delete existing role"""
+
+ api = 'identity'
+ log = logging.getLogger(__name__ + '.DeleteRole')
+
+ def get_parser(self, prog_name):
+ parser = super(DeleteRole, self).get_parser(prog_name)
+ parser.add_argument(
+ 'role',
+ metavar='<role>',
+ help='Name or ID of role to delete',
+ )
+ return parser
+
+ def run(self, parsed_args):
+ self.log.debug('run(%s)' % parsed_args)
+ identity_client = self.app.client_manager.identity
+ role = utils.find_resource(
+ identity_client.roles, parsed_args.role)
+ identity_client.roles.delete(role.id)
+ return
+
+
+class ListRole(command.OpenStackCommand, lister.Lister):
+ """List roles"""
+
+ api = 'identity'
+ log = logging.getLogger(__name__ + '.ListRole')
+
+ def get_data(self, parsed_args):
+ self.log.debug('get_data(%s)' % parsed_args)
+ columns = ('ID', 'Name')
+ data = self.app.client_manager.identity.roles.list()
+ return (columns,
+ (utils.get_item_properties(
+ s, columns,
+ formatters={},
+ ) for s in data),
+ )
+
+
+class ListUserRole(command.OpenStackCommand, lister.Lister):
+ """List user-role assignments"""
+
+ api = 'identity'
+ log = logging.getLogger(__name__ + '.ListUserRole')
+
+ def get_parser(self, prog_name):
+ parser = super(ListUserRole, self).get_parser(prog_name)
+ parser.add_argument(
+ 'user',
+ metavar='<user>',
+ nargs='?',
+ help='Name or ID of user to include',
+ )
+ parser.add_argument(
+ '--tenant',
+ metavar='<tenant>',
+ help='Name or ID of tenant to include',
+ )
+ return parser
+
+ def get_data(self, parsed_args):
+ self.log.debug('get_data(%s)' % parsed_args)
+ columns = ('ID', 'Name', 'Tenant ID', 'User ID')
+ identity_client = self.app.client_manager.identity
+
+ # user-only roles are not supported in KSL so we are
+ # required to have a user and tenant; default to the
+ # values used for authentication if not specified
+ if not parsed_args.tenant:
+ parsed_args.tenant = identity_client.auth_tenant_id
+ if not parsed_args.user:
+ parsed_args.user = identity_client.auth_user_id
+
+ tenant = utils.find_resource(
+ identity_client.tenants, parsed_args.tenant)
+ user = utils.find_resource(
+ identity_client.users, parsed_args.user)
+
+ data = identity_client.roles.roles_for_user(user.id, tenant.id)
+
+ # Add the names to the output even though they will be constant
+ for role in data:
+ role.user_id = user.name
+ role.tenant_id = tenant.name
+
+ return (columns,
+ (utils.get_item_properties(
+ s, columns,
+ formatters={},
+ ) for s in data),
+ )
+
+
+class RemoveRole(command.OpenStackCommand):
+ """Remove role from tenant:user"""
+
+ api = 'identity'
+ log = logging.getLogger(__name__ + '.RemoveRole')
+
+ def get_parser(self, prog_name):
+ parser = super(RemoveRole, self).get_parser(prog_name)
+ parser.add_argument(
+ 'role',
+ metavar='<role>',
+ help='Role name or ID to remove from user',
+ )
+ parser.add_argument(
+ '--tenant',
+ metavar='<tenant>',
+ required=True,
+ help='Name or ID of tenant',
+ )
+ parser.add_argument(
+ '--user',
+ metavar='<user>',
+ required=True,
+ help='Name or ID of user',
+ )
+ return parser
+
+ def get_data(self, parsed_args):
+ self.log.debug('get_data(%s)' % parsed_args)
+ identity_client = self.app.client_manager.identity
+ role = utils.find_resource(
+ identity_client.roles, parsed_args.role)
+ tenant = utils.find_resource(
+ identity_client.tenants, parsed_args.tenant)
+ user = utils.find_resource(
+ identity_client.users, parsed_args.user)
+ print "role: %s" % role
+ identity_client.roles.remove_user_role(
+ user.id,
+ role.id,
+ tenant.id,
+ )
+
+
+class ShowRole(command.OpenStackCommand, show.ShowOne):
+ """Show single role"""
+
+ api = 'identity'
+ log = logging.getLogger(__name__ + '.ShowRole')
+
+ def get_parser(self, prog_name):
+ parser = super(ShowRole, self).get_parser(prog_name)
+ parser.add_argument(
+ 'role',
+ metavar='<role>',
+ help='Name or ID of role to display',
+ )
+ return parser
+
+ def get_data(self, parsed_args):
+ self.log.debug('get_data(%s)' % parsed_args)
+ identity_client = self.app.client_manager.identity
+ role = utils.find_resource(
+ identity_client.roles, parsed_args.role)
+
+ info = {}
+ info.update(role._info)
+ return zip(*sorted(info.iteritems()))
diff --git a/setup.py b/setup.py
index 4cfccb0463..8e9d024c68 100644
--- a/setup.py
+++ b/setup.py
@@ -59,6 +59,16 @@ setuptools.setup(
entry_points={
'console_scripts': ['openstack=openstackclient.shell:main'],
'openstack.cli': [
+ 'add_role=' +
+ 'openstackclient.identity.v2_0.role:AddRole',
+ 'create_role=' +
+ 'openstackclient.identity.v2_0.role:CreateRole',
+ 'delete_role=' +
+ 'openstackclient.identity.v2_0.role:DeleteRole',
+ 'list_role=openstackclient.identity.v2_0.role:ListRole',
+ 'remove_role=' +
+ 'openstackclient.identity.v2_0.role:RemoveRole',
+ 'show_role=openstackclient.identity.v2_0.role:ShowRole',
'list_server=openstackclient.compute.v2.server:ListServer',
'show_server=openstackclient.compute.v2.server:ShowServer',
'create_endpoint=' +
@@ -89,6 +99,7 @@ setuptools.setup(
'list_user=openstackclient.identity.v2_0.user:ListUser',
'set_user=openstackclient.identity.v2_0.user:SetUser',
'show_user=openstackclient.identity.v2_0.user:ShowUser',
+ 'list_user-role=openstackclient.identity.v2_0.role:ListUserRole',
]
}
)