make create_tenant work for keystone api
This commit is contained in:
parent
29e13366ea
commit
82f6445a24
|
@ -1,4 +1,4 @@
|
||||||
|
import logging
|
||||||
|
|
||||||
class TrivialTrue(object):
|
class TrivialTrue(object):
|
||||||
def __init__(self, options):
|
def __init__(self, options):
|
||||||
|
@ -21,3 +21,4 @@ class SimpleMatch(object):
|
||||||
check = credentials.get(key)
|
check = credentials.get(key)
|
||||||
if check == match:
|
if check == match:
|
||||||
return True
|
return True
|
||||||
|
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
|
|
||||||
# this is the web service frontend that emulates keystone
|
# this is the web service frontend that emulates keystone
|
||||||
import logging
|
import logging
|
||||||
|
import uuid
|
||||||
|
|
||||||
import routes
|
import routes
|
||||||
|
|
||||||
|
@ -34,6 +35,10 @@ class KeystoneRouter(wsgi.Router):
|
||||||
controller=self.keystone_controller,
|
controller=self.keystone_controller,
|
||||||
action='tenants_for_token',
|
action='tenants_for_token',
|
||||||
conditions=dict(method=['GET']))
|
conditions=dict(method=['GET']))
|
||||||
|
mapper.connect('/tenants',
|
||||||
|
controller=self.keystone_controller,
|
||||||
|
action='create_tenant',
|
||||||
|
conditions=dict(method=['POST']))
|
||||||
super(KeystoneRouter, self).__init__(mapper)
|
super(KeystoneRouter, self).__init__(mapper)
|
||||||
|
|
||||||
|
|
||||||
|
@ -156,12 +161,14 @@ class KeystoneController(service.BaseApplication):
|
||||||
"""
|
"""
|
||||||
# TODO(termie): this stuff should probably be moved to middleware
|
# TODO(termie): this stuff should probably be moved to middleware
|
||||||
if not context['is_admin']:
|
if not context['is_admin']:
|
||||||
user_token_ref = self.token_api.get_token(context['token_id'])
|
user_token_ref = self.token_api.get_token(
|
||||||
|
context=context, token_id=context['token_id'])
|
||||||
creds = user_token_ref['extras'].copy()
|
creds = user_token_ref['extras'].copy()
|
||||||
creds['user_id'] = user_token_ref['user'].get('id')
|
creds['user_id'] = user_token_ref['user'].get('id')
|
||||||
creds['tenant_id'] = user_token_ref['tenant'].get('id')
|
creds['tenant_id'] = user_token_ref['tenant'].get('id')
|
||||||
# Accept either is_admin or the admin role
|
# Accept either is_admin or the admin role
|
||||||
assert self.policy_api.can_haz(('is_admin:1', 'roles:admin'),
|
assert self.policy_api.can_haz(context,
|
||||||
|
('is_admin:1', 'roles:admin'),
|
||||||
creds)
|
creds)
|
||||||
|
|
||||||
token_ref = self.token_api.get_token(context=context,
|
token_ref = self.token_api.get_token(context=context,
|
||||||
|
@ -191,6 +198,28 @@ class KeystoneController(service.BaseApplication):
|
||||||
tenant_id=tenant_id))
|
tenant_id=tenant_id))
|
||||||
return self._format_tenants_for_token(tenant_refs)
|
return self._format_tenants_for_token(tenant_refs)
|
||||||
|
|
||||||
|
def create_tenant(self, context, **kw):
|
||||||
|
# TODO(termie): this stuff should probably be moved to middleware
|
||||||
|
if not context['is_admin']:
|
||||||
|
user_token_ref = self.token_api.get_token(
|
||||||
|
context=context, token_id=context['token_id'])
|
||||||
|
creds = user_token_ref['extras'].copy()
|
||||||
|
creds['user_id'] = user_token_ref['user'].get('id')
|
||||||
|
creds['tenant_id'] = user_token_ref['tenant'].get('id')
|
||||||
|
# Accept either is_admin or the admin role
|
||||||
|
assert self.policy_api.can_haz(context,
|
||||||
|
('is_admin:1', 'roles:admin'),
|
||||||
|
creds)
|
||||||
|
tenant_ref = kw.get('tenant')
|
||||||
|
tenant_id = (tenant_ref.get('id')
|
||||||
|
and tenant_ref.get('id')
|
||||||
|
or uuid.uuid4().hex)
|
||||||
|
tenant_ref['id'] = tenant_id
|
||||||
|
|
||||||
|
tenant = self.identity_api.create_tenant(
|
||||||
|
context, tenant_id=tenant_id, data=tenant_ref)
|
||||||
|
return {'tenant': tenant}
|
||||||
|
|
||||||
def _format_token(self, token_ref):
|
def _format_token(self, token_ref):
|
||||||
user_ref = token_ref['user']
|
user_ref = token_ref['user']
|
||||||
extras_ref = token_ref['extras']
|
extras_ref = token_ref['extras']
|
||||||
|
|
|
@ -61,6 +61,7 @@ class MasterCompatTestCase(CompatTestCase):
|
||||||
self.extras_bar_foo = self.identity_backend.create_extras(
|
self.extras_bar_foo = self.identity_backend.create_extras(
|
||||||
self.user_foo['id'], self.tenant_bar['id'],
|
self.user_foo['id'], self.tenant_bar['id'],
|
||||||
dict(roles=[],
|
dict(roles=[],
|
||||||
|
is_admin='1',
|
||||||
roles_links=[]))
|
roles_links=[]))
|
||||||
|
|
||||||
# def test_authenticate(self):
|
# def test_authenticate(self):
|
||||||
|
|
Loading…
Reference in New Issue