Allow --domain to be used for identity commands without lookup
Performing create, list, or set operations for users, groups, and projects with the --domain option attempts to look up the domain for name to ID conversion. In the case of an environment using Keystone domains, it is desired to allow a domain admin to perform these operations for objects in their domain without allowing them to list or show domains. The current behavior prevents the domain admin from performing these operations since they will be forbidden to perform the underlying list_domains operation. This patch makes the domain lookup error a soft failure, and falls back to using the passed in domain argument directly as a domain ID in the request that it sends to Keystone. Change-Id: I5139097f8cedc53693f6f71297518917ac72e50a Closes-Bug: #1378565
This commit is contained in:
Nathan Kinder
parent
364071a90b
commit
f0c57e17c9
@ -129,8 +129,8 @@ class CreateGroup(show.ShowOne):
|
||||
self.log.debug('take_action(%s)', parsed_args)
|
||||
identity_client = self.app.client_manager.identity
|
||||
if parsed_args.domain:
|
||||
domain = utils.find_resource(identity_client.domains,
|
||||
parsed_args.domain).id
|
||||
domain = common.find_domain(identity_client,
|
||||
parsed_args.domain).id
|
||||
else:
|
||||
domain = None
|
||||
group = identity_client.groups.create(
|
||||
@ -174,7 +174,7 @@ class ListGroup(lister.Lister):
|
||||
parser.add_argument(
|
||||
'--domain',
|
||||
metavar='<domain>',
|
||||
help='Filter group list by <domain>',
|
||||
help='Filter group list by <domain> (name or ID)',
|
||||
)
|
||||
parser.add_argument(
|
||||
'--user',
|
||||
@ -194,10 +194,8 @@ class ListGroup(lister.Lister):
|
||||
identity_client = self.app.client_manager.identity
|
||||
|
||||
if parsed_args.domain:
|
||||
domain = utils.find_resource(
|
||||
identity_client.domains,
|
||||
parsed_args.domain,
|
||||
).id
|
||||
domain = common.find_domain(identity_client,
|
||||
parsed_args.domain).id
|
||||
else:
|
||||
domain = None
|
||||
|
||||
@ -301,10 +299,8 @@ class SetGroup(command.Command):
|
||||
if parsed_args.description:
|
||||
kwargs['description'] = parsed_args.description
|
||||
if parsed_args.domain:
|
||||
domain = utils.find_resource(
|
||||
identity_client.domains, parsed_args.domain).id
|
||||
kwargs['domain'] = domain
|
||||
|
||||
kwargs['domain'] = common.find_domain(identity_client,
|
||||
parsed_args.domain).id
|
||||
if not len(kwargs):
|
||||
sys.stderr.write("Group not updated, no arguments present")
|
||||
return
|
||||
|
||||
@ -74,7 +74,8 @@ class CreateProject(show.ShowOne):
|
||||
identity_client = self.app.client_manager.identity
|
||||
|
||||
if parsed_args.domain:
|
||||
domain = common.find_domain(identity_client, parsed_args.domain).id
|
||||
domain = common.find_domain(identity_client,
|
||||
parsed_args.domain).id
|
||||
else:
|
||||
domain = None
|
||||
|
||||
@ -141,7 +142,7 @@ class ListProject(lister.Lister):
|
||||
parser.add_argument(
|
||||
'--domain',
|
||||
metavar='<project-domain>',
|
||||
help='Filter by a specific domain',
|
||||
help='Filter by a specific domain (name or ID)',
|
||||
)
|
||||
return parser
|
||||
|
||||
@ -154,8 +155,8 @@ class ListProject(lister.Lister):
|
||||
columns = ('ID', 'Name')
|
||||
kwargs = {}
|
||||
if parsed_args.domain:
|
||||
domain = common.find_domain(identity_client, parsed_args.domain)
|
||||
kwargs['domain'] = domain.id
|
||||
kwargs['domain'] = common.find_domain(identity_client,
|
||||
parsed_args.domain).id
|
||||
data = identity_client.projects.list(**kwargs)
|
||||
return (columns,
|
||||
(utils.get_item_properties(
|
||||
@ -232,8 +233,8 @@ class SetProject(command.Command):
|
||||
if parsed_args.name:
|
||||
kwargs['name'] = parsed_args.name
|
||||
if parsed_args.domain:
|
||||
domain = common.find_domain(identity_client, parsed_args.domain)
|
||||
kwargs['domain'] = domain.id
|
||||
kwargs['domain'] = common.find_domain(identity_client,
|
||||
parsed_args.domain).id
|
||||
if parsed_args.description:
|
||||
kwargs['description'] = parsed_args.description
|
||||
if parsed_args.enable:
|
||||
|
||||
@ -95,8 +95,8 @@ class CreateUser(show.ShowOne):
|
||||
project_id = None
|
||||
|
||||
if parsed_args.domain:
|
||||
domain_id = utils.find_resource(
|
||||
identity_client.domains, parsed_args.domain).id
|
||||
domain_id = common.find_domain(identity_client,
|
||||
parsed_args.domain).id
|
||||
else:
|
||||
domain_id = None
|
||||
|
||||
@ -158,7 +158,7 @@ class ListUser(lister.Lister):
|
||||
parser.add_argument(
|
||||
'--domain',
|
||||
metavar='<domain>',
|
||||
help='Filter group list by <domain>',
|
||||
help='Filter user list by <domain> (name or ID)',
|
||||
)
|
||||
parser.add_argument(
|
||||
'--group',
|
||||
@ -178,10 +178,8 @@ class ListUser(lister.Lister):
|
||||
identity_client = self.app.client_manager.identity
|
||||
|
||||
if parsed_args.domain:
|
||||
domain = utils.find_resource(
|
||||
identity_client.domains,
|
||||
parsed_args.domain,
|
||||
).id
|
||||
domain = common.find_domain(identity_client,
|
||||
parsed_args.domain).id
|
||||
else:
|
||||
domain = None
|
||||
|
||||
@ -311,9 +309,8 @@ class SetUser(command.Command):
|
||||
identity_client.projects, parsed_args.project).id
|
||||
kwargs['project'] = project_id
|
||||
if parsed_args.domain:
|
||||
domain_id = utils.find_resource(
|
||||
identity_client.domains, parsed_args.domain).id
|
||||
kwargs['domain'] = domain_id
|
||||
kwargs['domain'] = common.find_domain(identity_client,
|
||||
parsed_args.domain).id
|
||||
kwargs['enabled'] = user.enabled
|
||||
if parsed_args.enable:
|
||||
kwargs['enabled'] = True
|
||||
|
||||
Loading…
Reference in New Issue
Block a user