$namespace = openstack.identity.v{2|3}
The subcommand documents for $namespace were hardcoded and thus prone to
drift over time. This commit removes the hardcoded content and uses the
autoprogram-cliff directive to generate them automatically from the
subcommand configuration classes.
Special things:
- Some reorganization happened here. Certain subcommand names, such as
`endpoint` and `project`, are shared by identify v2 and v3. Previously
the hardcoded documents had them combined and interleaved. Attempting
to preserve this with autoprogram-cliff would have required
significant additional infrastructure. However, since most readers
care completely about one and not at all about the other, we instead
split the v2 and v3 versions of these commands into separate pages. In
case links to the old pages exist in the wild, they are preserved, but
moved (with redirects) to a hidden directory, and populated simply
with links to the new version-specific generated documents.
- The `federation domain` and `federation project` subcommands were
previously absent from the docs. They are added. These are such small
commands and they seem related, so they're put into a single document.
- Some pages were already being generated but were listing operations
individually instead of using wildcards (possibly because they were
created before wildcarding was supported by cliff). These are changed
to use wildcarding. (We want to do this wherever possible as it is
more future-proof in the event that more operations are added to a
subcommand later.)
- The `service provider` document was incorrectly titled `identity
provider`. Fixed.
Change-Id: I2030f9fe370038c5908b6eb6bed9692a73fe5067
This commit introduces the --access-rules option for 'application
credential create' as well as new 'access rule' commands for listing,
showing, and deleting access rules.
bp whitelist-extension-for-app-creds
Change-Id: I04834b2874ec2a70da456a380b5bef03a392effa
There is a --restricted flag to counter the --unrestricted flag. It was
documented, but the usage example had missed it. Add it for
completeness.
Change-Id: Ib4cdcacdd16bfb59e9d18714106ecda99e418812
Add support for creating, retrieving, and deleting application
credentials. Application credentials do not support updates.
In order to provide a positive user experience for the `--role` option,
this patch also includes an improvement to the
`identity.common._get_token_resource()` function that allows it to
introspect the roles list within a token. This way there is no need to
make a request to keystone to retrieve a role object, which would fail
most of the time anyway due to keystone's default policy prohibiting
unprivileged users from retrieving roles.
bp application-credentials
Change-Id: I29e03b72acd931305cbdac5a9ff666854d05c6d7