diff --git a/openstackclient/identity/v3/role_assignment.py b/openstackclient/identity/v3/role_assignment.py index 0be6aafb6..64aa07c88 100644 --- a/openstackclient/identity/v3/role_assignment.py +++ b/openstackclient/identity/v3/role_assignment.py @@ -14,7 +14,6 @@ """Identity v3 Assignment action implementations""" from osc_lib.command import command -from osc_lib import utils from openstackclient.i18n import _ from openstackclient.identity import common @@ -100,69 +99,81 @@ class ListRoleAssignment(command.Lister): ) def take_action(self, parsed_args): - identity_client = self.app.client_manager.identity + identity_client = self.app.client_manager.sdk_connection.identity auth_ref = self.app.client_manager.auth_ref - role = None + call_kwargs = {} + + role_id = None role_domain_id = None if parsed_args.role_domain: - role_domain_id = common.find_domain( - identity_client, parsed_args.role_domain + role_domain_id = identity_client.find_domain( + name_or_id=parsed_args.role_domain, ignore_missing=False ).id if parsed_args.role: - role = utils.find_resource( - identity_client.roles, - parsed_args.role, + role_id = identity_client.find_role( + name_or_id=parsed_args.role, + ignore_missing=False, domain_id=role_domain_id, - ) + ).id + call_kwargs['role_id'] = role_id - user = None + user_id = None if parsed_args.user: - user = common.find_user( - identity_client, - parsed_args.user, - parsed_args.user_domain, - ) + user_id = identity_client.find_user( + name_or_id=parsed_args.user, + ignore_missing=False, + domain_id=parsed_args.user_domain, + ).id + call_kwargs['user_id'] = user_id elif parsed_args.authuser: if auth_ref: - user = common.find_user(identity_client, auth_ref.user_id) + user_id = identity_client.find_user( + name_or_id=auth_ref.user_id, + ignore_missing=False, + ).id + call_kwargs['user_id'] = user_id system = None if parsed_args.system: system = parsed_args.system + call_kwargs['scope_system'] = system - domain = None + domain_id = None if parsed_args.domain: - domain = common.find_domain( - identity_client, - parsed_args.domain, - ) + domain_id = identity_client.find_domain( + name_or_id=parsed_args.domain, + ignore_missing=False, + ).id + call_kwargs['scope_domain_id'] = domain_id - project = None + project_id = None if parsed_args.project: - project = common.find_project( - identity_client, - common._get_token_resource( + project_id = identity_client.find_project( + name_or_id=common._get_token_resource( identity_client, 'project', parsed_args.project ), - parsed_args.project_domain, - ) + ignore_missing=False, + domain_id=parsed_args.project_domain, + ).id + call_kwargs['scope_project_id'] = project_id elif parsed_args.authproject: if auth_ref: - project = common.find_project( - identity_client, auth_ref.project_id - ) + project_id = identity_client.find_project( + name_or_id=auth_ref.project_id, ignore_missing=False + ).id + call_kwargs['scope_project_id'] = project_id - group = None + group_id = None if parsed_args.group: - group = common.find_group( - identity_client, - parsed_args.group, - parsed_args.group_domain, - ) + group_id = identity_client.find_group( + name_or_id=parsed_args.group, + ignore_missing=False, + domain_id=parsed_args.group_domain, + ).id + call_kwargs['group_id'] = group_id include_names = True if parsed_args.names else False - effective = True if parsed_args.effective else False columns = ( 'Role', 'User', @@ -174,17 +185,15 @@ class ListRoleAssignment(command.Lister): ) inherited_to = 'projects' if parsed_args.inherited else None - data = identity_client.role_assignments.list( - domain=domain, - user=user, - group=group, - project=project, - system=system, - role=role, - effective=effective, - os_inherit_extension_inherited_to=inherited_to, - include_names=include_names, - ) + + if parsed_args.effective: + call_kwargs['effective'] = True + if include_names: + call_kwargs['include_names'] = True + if inherited_to: + call_kwargs['inherited_to'] = inherited_to + + data = identity_client.role_assignments(**call_kwargs) data_parsed = [] for assignment in data: @@ -223,12 +232,15 @@ class ListRoleAssignment(command.Lister): assignment.domain = '' assignment.project = '' - inherited = scope.get('OS-INHERIT:inherited_to') == 'projects' - assignment.inherited = inherited + if 'OS-INHERIT:inherited_to' in scope: + is_inherited = scope['OS-INHERIT:inherited_to'] == 'projects' + assignment.inherited = is_inherited + else: + assignment.inherited = False del assignment.scope - if hasattr(assignment, 'user'): + if hasattr(assignment, 'user') and assignment.user: if include_names: usr = '@'.join( [ diff --git a/openstackclient/tests/functional/identity/v3/common.py b/openstackclient/tests/functional/identity/v3/common.py index b3d55e654..99750834e 100644 --- a/openstackclient/tests/functional/identity/v3/common.py +++ b/openstackclient/tests/functional/identity/v3/common.py @@ -103,6 +103,14 @@ class IdentityTests(base.TestCase): 'Implied Role ID', 'Implied Role Name', ] + ROLE_ASSIGNMENT_LIST_HEADERS = [ + 'Role', + 'User', + 'Group', + 'Project', + 'Domain', + 'Inherited', + ] REGISTERED_LIMIT_FIELDS = [ 'id', 'service_id', diff --git a/openstackclient/tests/functional/identity/v3/test_role_assignment.py b/openstackclient/tests/functional/identity/v3/test_role_assignment.py new file mode 100644 index 000000000..a3927e7e1 --- /dev/null +++ b/openstackclient/tests/functional/identity/v3/test_role_assignment.py @@ -0,0 +1,210 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from openstackclient.tests.functional.identity.v3 import common + + +class RoleAssignmentTests(common.IdentityTests): + def test_role_assignment_list_no_filters(self): + raw_output = self.openstack('role assignment list') + items = self.parse_listing(raw_output) + self.assert_table_structure(items, self.ROLE_ASSIGNMENT_LIST_HEADERS) + + def test_role_assignment_list_user_role_system(self): + role_name = self._create_dummy_role() + username = self._create_dummy_user() + system = 'all' + raw_output = self.openstack( + 'role add ' + '--user %(user)s ' + '--system %(system)s ' + '%(role)s' + % { + 'user': username, + 'system': system, + 'role': role_name, + } + ) + self.addCleanup( + self.openstack, + 'role remove ' + '--user %(user)s ' + '--system %(system)s ' + '%(role)s' + % { + 'user': username, + 'system': system, + 'role': role_name, + }, + ) + self.assertEqual(0, len(raw_output)) + + raw_output = self.openstack( + 'role assignment list ' '--user %(user)s ' % {'user': username} + ) + items = self.parse_listing(raw_output) + self.assert_table_structure(items, self.ROLE_ASSIGNMENT_LIST_HEADERS) + + raw_output = self.openstack( + 'role assignment list ' '--role %(role)s ' % {'role': role_name} + ) + items = self.parse_listing(raw_output) + self.assert_table_structure(items, self.ROLE_ASSIGNMENT_LIST_HEADERS) + + raw_output = self.openstack( + 'role assignment list ' '--system %(system)s ' % {'system': system} + ) + items = self.parse_listing(raw_output) + self.assert_table_structure(items, self.ROLE_ASSIGNMENT_LIST_HEADERS) + + def test_role_assignment_list_group(self): + role_name = self._create_dummy_role() + group = self._create_dummy_group() + system = 'all' + raw_output = self.openstack( + 'role add ' + '--group %(group)s ' + '--system %(system)s ' + '%(role)s' + % { + 'group': group, + 'system': system, + 'role': role_name, + } + ) + self.addCleanup( + self.openstack, + 'role remove ' + '--group %(group)s ' + '--system %(system)s ' + '%(role)s' + % { + 'group': group, + 'system': system, + 'role': role_name, + }, + ) + self.assertEqual(0, len(raw_output)) + raw_output = self.openstack( + 'role assignment list ' '--group %(group)s ' % {'group': group} + ) + items = self.parse_listing(raw_output) + self.assert_table_structure(items, self.ROLE_ASSIGNMENT_LIST_HEADERS) + + def test_role_assignment_list_domain(self): + role_name = self._create_dummy_role() + username = self._create_dummy_user() + raw_output = self.openstack( + 'role add ' + '--domain %(domain)s ' + '--user %(user)s ' + '%(role)s' + % { + 'domain': self.domain_name, + 'user': username, + 'role': role_name, + } + ) + self.addCleanup( + self.openstack, + 'role remove ' + '--domain %(domain)s ' + '--user %(user)s ' + '%(role)s' + % { + 'domain': self.domain_name, + 'user': username, + 'role': role_name, + }, + ) + self.assertEqual(0, len(raw_output)) + raw_output = self.openstack( + 'role assignment list ' + '--domain %(domain)s ' % {'domain': self.domain_name} + ) + items = self.parse_listing(raw_output) + self.assert_table_structure(items, self.ROLE_ASSIGNMENT_LIST_HEADERS) + + def test_role_assignment_list_project(self): + role_name = self._create_dummy_role() + username = self._create_dummy_user() + raw_output = self.openstack( + 'role add ' + '--project %(project)s ' + '--user %(user)s ' + '%(role)s' + % { + 'project': self.project_name, + 'user': username, + 'role': role_name, + } + ) + self.addCleanup( + self.openstack, + 'role remove ' + '--project %(project)s ' + '--user %(user)s ' + '%(role)s' + % { + 'project': self.project_name, + 'user': username, + 'role': role_name, + }, + ) + self.assertEqual(0, len(raw_output)) + raw_output = self.openstack( + 'role assignment list ' + '--project %(project)s ' % {'project': self.project_name} + ) + items = self.parse_listing(raw_output) + self.assert_table_structure(items, self.ROLE_ASSIGNMENT_LIST_HEADERS) + + def test_role_assignment_list_effective(self): + raw_output = self.openstack('role assignment list ' '--effective') + items = self.parse_listing(raw_output) + self.assert_table_structure(items, self.ROLE_ASSIGNMENT_LIST_HEADERS) + + def test_role_assignment_list_auth_user(self): + raw_output = self.openstack('role assignment list ' '--auth-user') + items = self.parse_listing(raw_output) + self.assert_table_structure(items, self.ROLE_ASSIGNMENT_LIST_HEADERS) + + def test_role_assignment_list_auth_project(self): + raw_output = self.openstack('role assignment list ' '--auth-project') + items = self.parse_listing(raw_output) + self.assert_table_structure(items, self.ROLE_ASSIGNMENT_LIST_HEADERS) + + def test_role_assignment_list_inherited(self): + role_name = self._create_dummy_role() + username = self._create_dummy_user() + raw_output = self.openstack( + 'role add ' + '--project %(project)s ' + '--user %(user)s ' + '--inherited ' + '%(role)s' + % { + 'project': self.project_name, + 'user': username, + 'role': role_name, + } + ) + self.assertEqual(0, len(raw_output)) + + raw_output = self.openstack('role assignment list --inherited') + items = self.parse_listing(raw_output) + self.assert_table_structure(items, self.ROLE_ASSIGNMENT_LIST_HEADERS) + + def test_role_assignment_list_names(self): + raw_output = self.openstack('role assignment list --names') + items = self.parse_listing(raw_output) + self.assert_table_structure(items, self.ROLE_ASSIGNMENT_LIST_HEADERS) diff --git a/openstackclient/tests/unit/identity/v3/test_role_assignment.py b/openstackclient/tests/unit/identity/v3/test_role_assignment.py index 04cb68cb2..6f919b261 100644 --- a/openstackclient/tests/unit/identity/v3/test_role_assignment.py +++ b/openstackclient/tests/unit/identity/v3/test_role_assignment.py @@ -19,12 +19,7 @@ from openstackclient.tests.unit import fakes from openstackclient.tests.unit.identity.v3 import fakes as identity_fakes -class TestRoleAssignment(identity_fakes.TestIdentityv3): - def setUp(self): - super(TestRoleAssignment, self).setUp() - - -class TestRoleAssignmentList(TestRoleAssignment): +class TestRoleAssignmentList(identity_fakes.TestIdentityv3): columns = ( 'Role', 'User', @@ -36,38 +31,9 @@ class TestRoleAssignmentList(TestRoleAssignment): ) def setUp(self): - super(TestRoleAssignment, self).setUp() + super().setUp() - # Get a shortcut to the UserManager Mock - self.users_mock = self.app.client_manager.identity.users - self.users_mock.reset_mock() - - # Get a shortcut to the GroupManager Mock - self.groups_mock = self.app.client_manager.identity.groups - self.groups_mock.reset_mock() - - # Get a shortcut to the DomainManager Mock - self.domains_mock = self.app.client_manager.identity.domains - self.domains_mock.reset_mock() - - # Get a shortcut to the ProjectManager Mock - self.projects_mock = self.app.client_manager.identity.projects - self.projects_mock.reset_mock() - - # Get a shortcut to the RoleManager Mock - self.roles_mock = self.app.client_manager.identity.roles - self.roles_mock.reset_mock() - - self.role_assignments_mock = ( - self.app.client_manager.identity.role_assignments - ) - self.role_assignments_mock.reset_mock() - - # Get the command object to test - self.cmd = role_assignment.ListRoleAssignment(self.app, None) - - def test_role_assignment_list_no_filters(self): - self.role_assignments_mock.list.return_value = [ + self.identity_sdk_client.role_assignments.return_value = [ fakes.FakeResource( None, copy.deepcopy( @@ -84,6 +50,10 @@ class TestRoleAssignmentList(TestRoleAssignment): ), ] + # Get the command object to test + self.cmd = role_assignment.ListRoleAssignment(self.app, None) + + def test_role_assignment_list_no_filters(self): arglist = [] verifylist = [] parsed_args = self.check_parser(self.cmd, arglist, verifylist) @@ -93,17 +63,7 @@ class TestRoleAssignmentList(TestRoleAssignment): # containing the data to be listed. columns, data = self.cmd.take_action(parsed_args) - self.role_assignments_mock.list.assert_called_with( - domain=None, - system=None, - group=None, - effective=False, - role=None, - user=None, - project=None, - os_inherit_extension_inherited_to=None, - include_names=False, - ) + self.identity_sdk_client.role_assignments.assert_called_with() self.assertEqual(self.columns, columns) datalist = ( @@ -129,7 +89,7 @@ class TestRoleAssignmentList(TestRoleAssignment): self.assertEqual(datalist, tuple(data)) def test_role_assignment_list_user(self): - self.role_assignments_mock.list.return_value = [ + self.identity_sdk_client.role_assignments.return_value = [ fakes.FakeResource( None, copy.deepcopy( @@ -165,16 +125,8 @@ class TestRoleAssignmentList(TestRoleAssignment): # containing the data to be listed. columns, data = self.cmd.take_action(parsed_args) - self.role_assignments_mock.list.assert_called_with( - domain=None, - system=None, - user=self.users_mock.get(), - group=None, - project=None, - role=None, - effective=False, - os_inherit_extension_inherited_to=None, - include_names=False, + self.identity_sdk_client.role_assignments.assert_called_with( + user_id=self.identity_sdk_client.find_user().id, ) self.assertEqual(self.columns, columns) @@ -201,7 +153,7 @@ class TestRoleAssignmentList(TestRoleAssignment): self.assertEqual(datalist, tuple(data)) def test_role_assignment_list_group(self): - self.role_assignments_mock.list.return_value = [ + self.identity_sdk_client.role_assignments.return_value = [ fakes.FakeResource( None, copy.deepcopy( @@ -237,16 +189,8 @@ class TestRoleAssignmentList(TestRoleAssignment): # containing the data to be listed. columns, data = self.cmd.take_action(parsed_args) - self.role_assignments_mock.list.assert_called_with( - domain=None, - system=None, - group=self.groups_mock.get(), - effective=False, - project=None, - role=None, - user=None, - os_inherit_extension_inherited_to=None, - include_names=False, + self.identity_sdk_client.role_assignments.assert_called_with( + group_id=self.identity_sdk_client.find_group().id, ) self.assertEqual(self.columns, columns) @@ -273,7 +217,7 @@ class TestRoleAssignmentList(TestRoleAssignment): self.assertEqual(datalist, tuple(data)) def test_role_assignment_list_domain(self): - self.role_assignments_mock.list.return_value = [ + self.identity_sdk_client.role_assignments.return_value = [ fakes.FakeResource( None, copy.deepcopy( @@ -309,16 +253,8 @@ class TestRoleAssignmentList(TestRoleAssignment): # containing the data to be listed. columns, data = self.cmd.take_action(parsed_args) - self.role_assignments_mock.list.assert_called_with( - domain=self.domains_mock.get(), - system=None, - group=None, - effective=False, - project=None, - role=None, - user=None, - os_inherit_extension_inherited_to=None, - include_names=False, + self.identity_sdk_client.role_assignments.assert_called_with( + scope_domain_id=self.identity_sdk_client.find_domain().id, ) self.assertEqual(self.columns, columns) @@ -345,7 +281,7 @@ class TestRoleAssignmentList(TestRoleAssignment): self.assertEqual(datalist, tuple(data)) def test_role_assignment_list_project(self): - self.role_assignments_mock.list.return_value = [ + self.identity_sdk_client.role_assignments.return_value = [ fakes.FakeResource( None, copy.deepcopy( @@ -381,16 +317,8 @@ class TestRoleAssignmentList(TestRoleAssignment): # containing the data to be listed. columns, data = self.cmd.take_action(parsed_args) - self.role_assignments_mock.list.assert_called_with( - domain=None, - system=None, - group=None, - effective=False, - project=self.projects_mock.get(), - role=None, - user=None, - os_inherit_extension_inherited_to=None, - include_names=False, + self.identity_sdk_client.role_assignments.assert_called_with( + scope_project_id=self.identity_sdk_client.find_project().id, ) self.assertEqual(self.columns, columns) @@ -421,7 +349,7 @@ class TestRoleAssignmentList(TestRoleAssignment): auth_ref.project_id.return_value = identity_fakes.project_id auth_ref.user_id.return_value = identity_fakes.user_id - self.role_assignments_mock.list.return_value = [ + self.identity_sdk_client.role_assignments.return_value = [ fakes.FakeResource( None, copy.deepcopy( @@ -455,16 +383,9 @@ class TestRoleAssignmentList(TestRoleAssignment): # containing the data to be listed. columns, data = self.cmd.take_action(parsed_args) - self.role_assignments_mock.list.assert_called_with( - domain=None, - system=None, - user=self.users_mock.get(), - group=None, - project=self.projects_mock.get(), - role=None, - effective=False, - os_inherit_extension_inherited_to=None, - include_names=False, + self.identity_sdk_client.role_assignments.assert_called_with( + user_id=self.identity_sdk_client.find_user().id, + scope_project_id=self.identity_sdk_client.find_project().id, ) self.assertEqual(self.columns, columns) @@ -482,7 +403,7 @@ class TestRoleAssignmentList(TestRoleAssignment): self.assertEqual(datalist, tuple(data)) def test_role_assignment_list_effective(self): - self.role_assignments_mock.list.return_value = [ + self.identity_sdk_client.role_assignments.return_value = [ fakes.FakeResource( None, copy.deepcopy( @@ -518,16 +439,8 @@ class TestRoleAssignmentList(TestRoleAssignment): # containing the data to be listed. columns, data = self.cmd.take_action(parsed_args) - self.role_assignments_mock.list.assert_called_with( - domain=None, - system=None, - group=None, - effective=True, - project=None, - role=None, - user=None, - os_inherit_extension_inherited_to=None, - include_names=False, + self.identity_sdk_client.role_assignments.assert_called_with( + effective=True ) self.assertEqual(self.columns, columns) @@ -560,7 +473,7 @@ class TestRoleAssignmentList(TestRoleAssignment): fake_assignment_b = copy.deepcopy( identity_fakes.ASSIGNMENT_WITH_DOMAIN_ID_AND_USER_ID_INHERITED ) - self.role_assignments_mock.list.return_value = [ + self.identity_sdk_client.role_assignments.return_value = [ fakes.FakeResource(None, fake_assignment_a, loaded=True), fakes.FakeResource(None, fake_assignment_b, loaded=True), ] @@ -584,16 +497,8 @@ class TestRoleAssignmentList(TestRoleAssignment): # containing the data to be listed. columns, data = self.cmd.take_action(parsed_args) - self.role_assignments_mock.list.assert_called_with( - domain=None, - system=None, - group=None, - effective=False, - project=None, - role=None, - user=None, - os_inherit_extension_inherited_to='projects', - include_names=False, + self.identity_sdk_client.role_assignments.assert_called_with( + inherited_to='projects', ) self.assertEqual(self.columns, columns) @@ -626,7 +531,7 @@ class TestRoleAssignmentList(TestRoleAssignment): fake_role_assignment_b = copy.deepcopy( identity_fakes.ASSIGNMENT_WITH_DOMAIN_ID_AND_USER_ID_INCLUDE_NAMES ) - self.role_assignments_mock.list.return_value = [ + self.identity_sdk_client.role_assignments.return_value = [ fakes.FakeResource(None, fake_role_assignment_a, loaded=True), fakes.FakeResource(None, fake_role_assignment_b, loaded=True), ] @@ -652,16 +557,8 @@ class TestRoleAssignmentList(TestRoleAssignment): # correct information columns, data = self.cmd.take_action(parsed_args) - self.role_assignments_mock.list.assert_called_with( - domain=None, - system=None, - group=None, - effective=False, - project=None, - role=None, - user=None, - os_inherit_extension_inherited_to=None, - include_names=True, + self.identity_sdk_client.role_assignments.assert_called_with( + include_names=True ) collist = ( @@ -704,7 +601,7 @@ class TestRoleAssignmentList(TestRoleAssignment): self.assertEqual(tuple(data), datalist1) def test_role_assignment_list_domain_role(self): - self.role_assignments_mock.list.return_value = [ + self.identity_sdk_client.role_assignments.return_value = [ fakes.FakeResource( None, copy.deepcopy(identity_fakes.ASSIGNMENT_WITH_DOMAIN_ROLE), @@ -736,16 +633,8 @@ class TestRoleAssignmentList(TestRoleAssignment): # containing the data to be listed. columns, data = self.cmd.take_action(parsed_args) - self.role_assignments_mock.list.assert_called_with( - domain=None, - system=None, - user=None, - group=None, - project=None, - role=self.roles_mock.get(), - effective=False, - os_inherit_extension_inherited_to=None, - include_names=False, + self.identity_sdk_client.role_assignments.assert_called_with( + role_id=self.identity_sdk_client.find_role().id, ) self.assertEqual(self.columns, columns)