1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
|
# Copyright 2019 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
"""Identity v3 Access Rule action implementations"""
import logging
from osc_lib.command import command
from osc_lib import exceptions
from osc_lib import utils
from openstackclient.i18n import _
from openstackclient.identity import common
LOG = logging.getLogger(__name__)
class DeleteAccessRule(command.Command):
_description = _("Delete access rule(s)")
def get_parser(self, prog_name):
parser = super().get_parser(prog_name)
parser.add_argument(
'access_rule',
metavar='<access-rule>',
nargs="+",
help=_('Access rule ID(s) to delete'),
)
return parser
def take_action(self, parsed_args):
identity_client = self.app.client_manager.sdk_connection.identity
conn = self.app.client_manager.sdk_connection
user_id = conn.config.get_auth().get_user_id(conn.identity)
errors = 0
for ac in parsed_args.access_rule:
try:
access_rule = identity_client.get_access_rule(user_id, ac)
identity_client.delete_access_rule(user_id, access_rule.id)
except Exception as e:
errors += 1
LOG.error(
_("Failed to delete access rule with ID '%(ac)s': %(e)s"),
{'ac': ac, 'e': e},
)
if errors > 0:
total = len(parsed_args.access_rule)
msg = _(
"%(errors)s of %(total)s access rules failed to delete."
) % {'errors': errors, 'total': total}
raise exceptions.CommandError(msg)
class ListAccessRule(command.Lister):
_description = _("List access rules")
def get_parser(self, prog_name):
parser = super().get_parser(prog_name)
parser.add_argument(
'--user',
metavar='<user>',
help=_('User whose access rules to list (name or ID)'),
)
common.add_user_domain_option_to_parser(parser)
return parser
def take_action(self, parsed_args):
identity_client = self.app.client_manager.sdk_connection.identity
if parsed_args.user:
user_id = common.find_user(
identity_client, parsed_args.user, parsed_args.user_domain
).id
else:
conn = self.app.client_manager.sdk_connection
user_id = conn.config.get_auth().get_user_id(conn.identity)
columns = ('ID', 'Service', 'Method', 'Path')
data = identity_client.access_rules(user=user_id)
return (
columns,
(
utils.get_item_properties(
s,
columns,
formatters={},
)
for s in data
),
)
class ShowAccessRule(command.ShowOne):
_description = _("Display access rule details")
def get_parser(self, prog_name):
parser = super().get_parser(prog_name)
parser.add_argument(
'access_rule',
metavar='<access-rule>',
help=_('Access rule ID to display'),
)
return parser
def take_action(self, parsed_args):
identity_client = self.app.client_manager.sdk_connection.identity
conn = self.app.client_manager.sdk_connection
user_id = conn.config.get_auth().get_user_id(conn.identity)
access_rule = identity_client.get_access_rule(
user_id, parsed_args.access_rule
)
columns = ('ID', 'Method', 'Path', 'Service')
return (
columns,
(
utils.get_item_properties(
access_rule,
columns,
formatters={},
)
),
)
|
