gtema · gtema · Sep 11, 2025 · Sep 10, 2025
diff --git a/openstack_cli/Cargo.toml b/openstack_cli/Cargo.toml
@@ -45,6 +45,7 @@ load_balancer = ["openstack_sdk/load_balancer"]
 network = ["openstack_sdk/network"]
 object_store = ["openstack_sdk/object_store"]
 placement = ["openstack_sdk/placement"]
+keystone_ng = ["openstack_sdk/keystone_ng", "openstack_types/keystone_ng"]
 _test_admin = []
 _test_net_auto-allocated-topology = []
 _test_net_dhcp_agent_scheduler = []

diff --git a/openstack_cli/src/identity/v4/federation/identity_provider/create.rs b/openstack_cli/src/identity/v4/federation/identity_provider/create.rs
@@ -0,0 +1,209 @@
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+// WARNING: This file is automatically generated from OpenAPI schema using
+// `openstack-codegenerator`.
+
+//! Create IdentityProvider command
+//!
+//! Wraps invoking of the `v4/federation/identity_providers` with `POST` method
+
+use clap::Args;
+use tracing::info;
+
+use openstack_sdk::AsyncOpenStack;
+
+use crate::Cli;
+use crate::OpenStackCliError;
+use crate::output::OutputProcessor;
+
+use crate::common::parse_key_val;
+use openstack_sdk::api::QueryAsync;
+use openstack_sdk::api::identity::v4::federation::identity_provider::create;
+use openstack_types::identity::v4::federation::identity_provider::response::create::IdentityProviderResponse;
+use serde_json::Value;
+
+/// Create the identity provider with the specified properties.
+///
+/// It is expected that only admin user is able to create global identity
+/// providers.
+#[derive(Args)]
+#[command(about = "Create the identity provider.")]
+pub struct IdentityProviderCommand {
+    /// Request Query parameters
+    #[command(flatten)]
+    query: QueryParameters,
+
+    /// Path parameters
+    #[command(flatten)]
+    path: PathParameters,
+
+    /// Identity provider data.
+    #[command(flatten)]
+    identity_provider: IdentityProvider,
+}
+
+/// Query parameters
+#[derive(Args)]
+struct QueryParameters {}
+
+/// Path parameters
+#[derive(Args)]
+struct PathParameters {}
+/// IdentityProvider Body data
+#[derive(Args, Clone)]
+struct IdentityProvider {
+    /// The bound issuer that is verified when using the identity provider.
+    #[arg(help_heading = "Body parameters", long)]
+    bound_issuer: Option<String>,
+
+    /// Default attribute mapping name which is automatically used when no
+    /// mapping is explicitly requested. The referred attribute mapping must
+    /// exist.
+    #[arg(help_heading = "Body parameters", long)]
+    default_mapping_name: Option<String>,
+
+    /// The ID of the domain this identity provider belongs to. Empty value
+    /// identifies that the identity provider can be used by other domains as
+    /// well.
+    #[arg(help_heading = "Body parameters", long)]
+    domain_id: Option<String>,
+
+    /// Optional URL to fetch JsonWebKeySet. Must be specified for JWT
+    /// authentication when discovery for the provider is not available or not
+    /// standard compliant.
+    #[arg(help_heading = "Body parameters", long)]
+    jwks_url: Option<String>,
+
+    /// List of the jwt validation public keys.
+    ///
+    /// Parameter is an array, may be provided multiple times.
+    #[arg(action=clap::ArgAction::Append, help_heading = "Body parameters", long)]
+    jwt_validation_pubkeys: Option<Vec<String>>,
+
+    /// Identity provider name.
+    #[arg(help_heading = "Body parameters", long)]
+    name: String,
+
+    /// The oidc `client_id` to use for the private client.
+    #[arg(help_heading = "Body parameters", long)]
+    oidc_client_id: Option<String>,
+
+    /// The oidc `client_secret` to use for the private client. It is never
+    /// returned back.
+    #[arg(help_heading = "Body parameters", long)]
+    oidc_client_secret: Option<String>,
+
+    /// OIDC discovery endpoint for the identity provider.
+    #[arg(help_heading = "Body parameters", long)]
+    oidc_discovery_url: Option<String>,
+
+    /// The oidc response mode.
+    #[arg(help_heading = "Body parameters", long)]
+    oidc_response_mode: Option<String>,
+
+    /// List of supported response types.
+    ///
+    /// Parameter is an array, may be provided multiple times.
+    #[arg(action=clap::ArgAction::Append, help_heading = "Body parameters", long)]
+    oidc_response_types: Option<Vec<String>>,
+
+    /// Additional special provider specific configuration
+    #[arg(help_heading = "Body parameters", long, value_name="key=value", value_parser=parse_key_val::<String, Value>)]
+    provider_config: Option<Vec<(String, Value)>>,
+}
+
+impl IdentityProviderCommand {
+    /// Perform command action
+    pub async fn take_action(
+        &self,
+        parsed_args: &Cli,
+        client: &mut AsyncOpenStack,
+    ) -> Result<(), OpenStackCliError> {
+        info!("Create IdentityProvider");
+
+        let op = OutputProcessor::from_args(
+            parsed_args,
+            Some("identity.federation/identity_provider"),
+            Some("create"),
+        );
+        op.validate_args(parsed_args)?;
+
+        let mut ep_builder = create::Request::builder();
+
+        // Set body parameters
+        // Set Request.identity_provider data
+        let args = &self.identity_provider;
+        let mut identity_provider_builder = create::IdentityProviderBuilder::default();
+        if let Some(val) = &args.bound_issuer {
+            identity_provider_builder.bound_issuer(val);
+        }
+
+        if let Some(val) = &args.default_mapping_name {
+            identity_provider_builder.default_mapping_name(val);
+        }
+
+        if let Some(val) = &args.domain_id {
+            identity_provider_builder.domain_id(val);
+        }
+
+        if let Some(val) = &args.jwks_url {
+            identity_provider_builder.jwks_url(val);
+        }
+
+        if let Some(val) = &args.jwt_validation_pubkeys {
+            identity_provider_builder
+                .jwt_validation_pubkeys(val.iter().map(Into::into).collect::<Vec<_>>());
+        }
+
+        identity_provider_builder.name(&args.name);
+
+        if let Some(val) = &args.oidc_client_id {
+            identity_provider_builder.oidc_client_id(val);
+        }
+
+        if let Some(val) = &args.oidc_client_secret {
+            identity_provider_builder.oidc_client_secret(val);
+        }
+
+        if let Some(val) = &args.oidc_discovery_url {
+            identity_provider_builder.oidc_discovery_url(val);
+        }
+
+        if let Some(val) = &args.oidc_response_mode {
+            identity_provider_builder.oidc_response_mode(val);
+        }
+
+        if let Some(val) = &args.oidc_response_types {
+            identity_provider_builder
+                .oidc_response_types(val.iter().map(Into::into).collect::<Vec<_>>());
+        }
+
+        if let Some(val) = &args.provider_config {
+            identity_provider_builder.provider_config(val.iter().cloned());
+        }
+
+        ep_builder.identity_provider(identity_provider_builder.build().unwrap());
+
+        let ep = ep_builder
+            .build()
+            .map_err(|x| OpenStackCliError::EndpointBuild(x.to_string()))?;
+
+        let data = ep.query_async(client).await?;
+        op.output_single::<IdentityProviderResponse>(data)?;
+        // Show command specific hints
+        op.show_command_hint()?;
+        Ok(())
+    }
+}
diff --git a/openstack_cli/src/identity/v4/federation/identity_provider/delete.rs b/openstack_cli/src/identity/v4/federation/identity_provider/delete.rs
@@ -0,0 +1,94 @@
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+// WARNING: This file is automatically generated from OpenAPI schema using
+// `openstack-codegenerator`.
+
+//! Delete IdentityProvider command
+//!
+//! Wraps invoking of the `v4/federation/identity_providers/{idp_id}` with `DELETE` method
+
+use clap::Args;
+use tracing::info;
+
+use openstack_sdk::AsyncOpenStack;
+
+use crate::Cli;
+use crate::OpenStackCliError;
+use crate::output::OutputProcessor;
+
+use openstack_sdk::api::QueryAsync;
+use openstack_sdk::api::identity::v4::federation::identity_provider::delete;
+
+/// Deletes the existing identity provider.
+///
+/// It is expected that only admin user is allowed to delete the global
+/// identity provider
+#[derive(Args)]
+#[command(about = "Delete Identity provider.")]
+pub struct IdentityProviderCommand {
+    /// Request Query parameters
+    #[command(flatten)]
+    query: QueryParameters,
+
+    /// Path parameters
+    #[command(flatten)]
+    path: PathParameters,
+}
+
+/// Query parameters
+#[derive(Args)]
+struct QueryParameters {}
+
+/// Path parameters
+#[derive(Args)]
+struct PathParameters {
+    /// The ID of the identity provider
+    #[arg(
+        help_heading = "Path parameters",
+        id = "path_param_idp_id",
+        value_name = "IDP_ID"
+    )]
+    idp_id: String,
+}
+
+impl IdentityProviderCommand {
+    /// Perform command action
+    pub async fn take_action(
+        &self,
+        parsed_args: &Cli,
+        client: &mut AsyncOpenStack,
+    ) -> Result<(), OpenStackCliError> {
+        info!("Delete IdentityProvider");
+
+        let op = OutputProcessor::from_args(
+            parsed_args,
+            Some("identity.federation/identity_provider"),
+            Some("delete"),
+        );
+        op.validate_args(parsed_args)?;
+
+        let mut ep_builder = delete::Request::builder();
+
+        ep_builder.idp_id(&self.path.idp_id);
+
+        let ep = ep_builder
+            .build()
+            .map_err(|x| OpenStackCliError::EndpointBuild(x.to_string()))?;
+        openstack_sdk::api::ignore(ep).query_async(client).await?;
+        // Show command specific hints
+        op.show_command_hint()?;
+        Ok(())
+    }
+}