diff --git a/doc/source/command-objects/role_assignment.rst b/doc/source/command-objects/role_assignment.rst index 749d883e54..cfb1079cf3 100644 --- a/doc/source/command-objects/role_assignment.rst +++ b/doc/source/command-objects/role_assignment.rst @@ -19,6 +19,7 @@ List role assignments [--domain ] [--project ] [--effective] + [--inherited] .. option:: --role @@ -43,3 +44,7 @@ List role assignments .. option:: --effective Returns only effective role assignments (defaults to False) + +.. option:: --inherited + + Specifies if the role grant is inheritable to the sub projects diff --git a/openstackclient/identity/common.py b/openstackclient/identity/common.py index 6eca02bad8..2638b7976e 100644 --- a/openstackclient/identity/common.py +++ b/openstackclient/identity/common.py @@ -139,3 +139,12 @@ def add_project_domain_option_to_parser(parser): 'This can be used in case collisions between project names ' 'exist.') ) + + +def add_inherited_option_to_parser(parser): + parser.add_argument( + '--inherited', + action='store_true', + default=False, + help=('Specifies if the role grant is inheritable to the sub projects') + ) diff --git a/openstackclient/identity/v3/role.py b/openstackclient/identity/v3/role.py index 17f47ffd63..199b7dcaa1 100644 --- a/openstackclient/identity/v3/role.py +++ b/openstackclient/identity/v3/role.py @@ -55,6 +55,7 @@ def _add_identity_and_resource_options_to_parser(parser): common.add_group_domain_option_to_parser(parser) common.add_project_domain_option_to_parser(parser) common.add_user_domain_option_to_parser(parser) + common.add_inherited_option_to_parser(parser) def _process_identity_and_resource_options(parsed_args, @@ -102,6 +103,7 @@ def _process_identity_and_resource_options(parsed_args, parsed_args.project, parsed_args.group_domain, ).id + kwargs['inherited'] = parsed_args.inherited return kwargs diff --git a/openstackclient/tests/identity/v3/test_role.py b/openstackclient/tests/identity/v3/test_role.py index 84cf07a185..4ff3b95f63 100644 --- a/openstackclient/tests/identity/v3/test_role.py +++ b/openstackclient/tests/identity/v3/test_role.py @@ -45,6 +45,15 @@ class TestRole(identity_fakes.TestIdentityv3): self.roles_mock = self.app.client_manager.identity.roles self.roles_mock.reset_mock() + def _is_inheritance_testcase(self): + return False + + +class TestRoleInherited(TestRole): + + def _is_inheritance_testcase(self): + return True + class TestRoleAdd(TestRole): @@ -95,12 +104,15 @@ class TestRoleAdd(TestRole): '--domain', identity_fakes.domain_name, identity_fakes.role_name, ] + if self._is_inheritance_testcase(): + arglist.append('--inherited') verifylist = [ ('user', identity_fakes.user_name), ('group', None), ('domain', identity_fakes.domain_name), ('project', None), ('role', identity_fakes.role_name), + ('inherited', self._is_inheritance_testcase()), ] parsed_args = self.check_parser(self.cmd, arglist, verifylist) @@ -111,6 +123,7 @@ class TestRoleAdd(TestRole): kwargs = { 'user': identity_fakes.user_id, 'domain': identity_fakes.domain_id, + 'inherited': self._is_inheritance_testcase(), } # RoleManager.grant(role, user=, group=, domain=, project=) self.roles_mock.grant.assert_called_with( @@ -124,12 +137,15 @@ class TestRoleAdd(TestRole): '--project', identity_fakes.project_name, identity_fakes.role_name, ] + if self._is_inheritance_testcase(): + arglist.append('--inherited') verifylist = [ ('user', identity_fakes.user_name), ('group', None), ('domain', None), ('project', identity_fakes.project_name), ('role', identity_fakes.role_name), + ('inherited', self._is_inheritance_testcase()), ] parsed_args = self.check_parser(self.cmd, arglist, verifylist) @@ -140,6 +156,7 @@ class TestRoleAdd(TestRole): kwargs = { 'user': identity_fakes.user_id, 'project': identity_fakes.project_id, + 'inherited': self._is_inheritance_testcase(), } # RoleManager.grant(role, user=, group=, domain=, project=) self.roles_mock.grant.assert_called_with( @@ -153,12 +170,15 @@ class TestRoleAdd(TestRole): '--domain', identity_fakes.domain_name, identity_fakes.role_name, ] + if self._is_inheritance_testcase(): + arglist.append('--inherited') verifylist = [ ('user', None), ('group', identity_fakes.group_name), ('domain', identity_fakes.domain_name), ('project', None), ('role', identity_fakes.role_name), + ('inherited', self._is_inheritance_testcase()), ] parsed_args = self.check_parser(self.cmd, arglist, verifylist) @@ -169,6 +189,7 @@ class TestRoleAdd(TestRole): kwargs = { 'group': identity_fakes.group_id, 'domain': identity_fakes.domain_id, + 'inherited': self._is_inheritance_testcase(), } # RoleManager.grant(role, user=, group=, domain=, project=) self.roles_mock.grant.assert_called_with( @@ -182,12 +203,15 @@ class TestRoleAdd(TestRole): '--project', identity_fakes.project_name, identity_fakes.role_name, ] + if self._is_inheritance_testcase(): + arglist.append('--inherited') verifylist = [ ('user', None), ('group', identity_fakes.group_name), ('domain', None), ('project', identity_fakes.project_name), ('role', identity_fakes.role_name), + ('inherited', self._is_inheritance_testcase()), ] parsed_args = self.check_parser(self.cmd, arglist, verifylist) @@ -198,6 +222,7 @@ class TestRoleAdd(TestRole): kwargs = { 'group': identity_fakes.group_id, 'project': identity_fakes.project_id, + 'inherited': self._is_inheritance_testcase(), } # RoleManager.grant(role, user=, group=, domain=, project=) self.roles_mock.grant.assert_called_with( @@ -206,6 +231,10 @@ class TestRoleAdd(TestRole): ) +class TestRoleAddInherited(TestRoleAdd, TestRoleInherited): + pass + + class TestRoleCreate(TestRole): def setUp(self): @@ -550,12 +579,15 @@ class TestRoleRemove(TestRole): '--domain', identity_fakes.domain_name, identity_fakes.role_name, ] + if self._is_inheritance_testcase(): + arglist.append('--inherited') verifylist = [ ('user', identity_fakes.user_name), ('group', None), ('domain', identity_fakes.domain_name), ('project', None), ('role', identity_fakes.role_name), + ('inherited', self._is_inheritance_testcase()), ] parsed_args = self.check_parser(self.cmd, arglist, verifylist) @@ -566,6 +598,7 @@ class TestRoleRemove(TestRole): kwargs = { 'user': identity_fakes.user_id, 'domain': identity_fakes.domain_id, + 'inherited': self._is_inheritance_testcase(), } # RoleManager.revoke(role, user=, group=, domain=, project=) self.roles_mock.revoke.assert_called_with( @@ -579,12 +612,15 @@ class TestRoleRemove(TestRole): '--project', identity_fakes.project_name, identity_fakes.role_name, ] + if self._is_inheritance_testcase(): + arglist.append('--inherited') verifylist = [ ('user', identity_fakes.user_name), ('group', None), ('domain', None), ('project', identity_fakes.project_name), ('role', identity_fakes.role_name), + ('inherited', self._is_inheritance_testcase()), ] parsed_args = self.check_parser(self.cmd, arglist, verifylist) @@ -595,6 +631,7 @@ class TestRoleRemove(TestRole): kwargs = { 'user': identity_fakes.user_id, 'project': identity_fakes.project_id, + 'inherited': self._is_inheritance_testcase(), } # RoleManager.revoke(role, user=, group=, domain=, project=) self.roles_mock.revoke.assert_called_with( @@ -608,12 +645,16 @@ class TestRoleRemove(TestRole): '--domain', identity_fakes.domain_name, identity_fakes.role_name, ] + if self._is_inheritance_testcase(): + arglist.append('--inherited') verifylist = [ ('user', None), ('group', identity_fakes.group_name), ('domain', identity_fakes.domain_name), ('project', None), ('role', identity_fakes.role_name), + ('role', identity_fakes.role_name), + ('inherited', self._is_inheritance_testcase()), ] parsed_args = self.check_parser(self.cmd, arglist, verifylist) @@ -624,6 +665,7 @@ class TestRoleRemove(TestRole): kwargs = { 'group': identity_fakes.group_id, 'domain': identity_fakes.domain_id, + 'inherited': self._is_inheritance_testcase(), } # RoleManager.revoke(role, user=, group=, domain=, project=) self.roles_mock.revoke.assert_called_with( @@ -637,12 +679,15 @@ class TestRoleRemove(TestRole): '--project', identity_fakes.project_name, identity_fakes.role_name, ] + if self._is_inheritance_testcase(): + arglist.append('--inherited') verifylist = [ ('user', None), ('group', identity_fakes.group_name), ('domain', None), ('project', identity_fakes.project_name), ('role', identity_fakes.role_name), + ('inherited', self._is_inheritance_testcase()), ] parsed_args = self.check_parser(self.cmd, arglist, verifylist) @@ -653,6 +698,7 @@ class TestRoleRemove(TestRole): kwargs = { 'group': identity_fakes.group_id, 'project': identity_fakes.project_id, + 'inherited': self._is_inheritance_testcase(), } # RoleManager.revoke(role, user=, group=, domain=, project=) self.roles_mock.revoke.assert_called_with(