New model working with echo_client.py
This commit is contained in:
parent
656517632d
commit
888b18e3f4
13
README.md
13
README.md
|
@ -84,15 +84,14 @@ A sample client that gets a token from Keystone and then uses it to call Echo (a
|
|||
|
||||
TESTING:
|
||||
--------
|
||||
After starting keystone a keystone.db sqlite database should be created in the keystone folder.
|
||||
A set of sample data can be added by running a shell script:
|
||||
|
||||
Add test data to the database:
|
||||
$ ./bin/sampledata.sh
|
||||
|
||||
$ sqlite3 keystone/keystone.db < test/test_setup.sql
|
||||
The script calls keystone-manage to create the sample data
|
||||
|
||||
To clean the test database
|
||||
After starting keystone or runnign keystone-manage a keystone.db sqlite database should be created in the keystone folder.
|
||||
|
||||
$ sqlite3 keystone/keystone.db < test/kill.sql
|
||||
|
||||
To run client demo (with all auth middleware running locally on sample service):
|
||||
|
||||
|
@ -142,3 +141,7 @@ in troubleshooting:
|
|||
1. config.py takes the config file from <topdir>/etc/keystone.conf
|
||||
2. If the keystone package is also intalled on the system,
|
||||
/etc/keystone.conf or /etc/keystone/keystone.conf have higher priority than <top_dir>/etc/keystone.conf.
|
||||
|
||||
CURL commands:
|
||||
curl -d '{"passwordCredentials": {"username": "joeuser", "password": "secrete"}}' -H "Content-type: application/json" http://localhost:8081/v2.0/token
|
||||
curl -d '{"passwordCredentials": {"username": "joeuser", "password": "secrete", "tenant": "1234"}}' -H "Content-type: application/json" http://localhost:8081/v2.0/token
|
||||
|
|
14
bin/keystone
14
bin/keystone
|
@ -22,10 +22,10 @@
|
|||
Keystone Identity Server - Admin and Service API
|
||||
"""
|
||||
|
||||
import eventlet
|
||||
import optparse
|
||||
import os
|
||||
import sys
|
||||
import tools.tracer #load this first
|
||||
|
||||
# If ../../keystone/__init__.py exists, add ../ to Python search path, so that
|
||||
# it will override what happens to be installed in /usr/(local/)lib/python...
|
||||
|
@ -35,25 +35,29 @@ possible_topdir = os.path.normpath(os.path.join(os.path.abspath(sys.argv[0]),
|
|||
if os.path.exists(os.path.join(possible_topdir, 'keystone', '__init__.py')):
|
||||
sys.path.insert(0, possible_topdir)
|
||||
|
||||
import keystone
|
||||
from keystone.common import config
|
||||
from keystone.common import wsgi
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
# Parse options (command-line arguments and config file)
|
||||
parser = optparse.OptionParser(version='%%prog %s'
|
||||
% version.version_string())
|
||||
# Initialize a parser for our configuration paramaters
|
||||
parser = optparse.OptionParser(version='%%prog %s' % keystone.version)
|
||||
common_group = config.add_common_options(parser)
|
||||
config.add_log_options(parser)
|
||||
|
||||
# Handle a special argument to support starting two endpoints
|
||||
common_group.add_option('-a', '--admin-port', default=8081,
|
||||
dest="admin_port", metavar="PORT",
|
||||
help = "specifies port for Admin API to listen"
|
||||
"on (default is 8080)")
|
||||
|
||||
# Parse arguments and load config
|
||||
(options, args) = config.parse_options(parser)
|
||||
config_file = config.find_config_file(options, args)
|
||||
print "Using config file:", config_file
|
||||
|
||||
# Start services
|
||||
print "Using config file:", config.find_config_file(options, args)
|
||||
try:
|
||||
# Load Service API server
|
||||
conf, app = config.load_paste_app('server', options, args)
|
||||
|
|
|
@ -46,12 +46,6 @@ if __name__ == '__main__':
|
|||
common_group = config.add_common_options(parser)
|
||||
config.add_log_options(parser)
|
||||
|
||||
# Handle a special argument to support starting two endpoints
|
||||
common_group.add_option('-a', '--admin-port', default=8081,
|
||||
dest="admin_port", metavar="PORT",
|
||||
help = "specifies port for Admin API to listen" \
|
||||
"on (default is 8080)")
|
||||
|
||||
# Parse arguments and load config
|
||||
(options, args) = config.parse_options(parser)
|
||||
config_file = config.find_config_file(options, args)
|
||||
|
|
|
@ -25,6 +25,7 @@ Keystone Identity Server - Service API
|
|||
import optparse
|
||||
import os
|
||||
import sys
|
||||
import tools.tracer #load this first
|
||||
|
||||
# If ../../keystone/__init__.py exists, add ../ to Python search path, so that
|
||||
# it will override what happens to be installed in /usr/(local/)lib/python...
|
||||
|
@ -34,21 +35,23 @@ possible_topdir = os.path.normpath(os.path.join(os.path.abspath(sys.argv[0]),
|
|||
if os.path.exists(os.path.join(possible_topdir, 'keystone', '__init__.py')):
|
||||
sys.path.insert(0, possible_topdir)
|
||||
|
||||
import keystone
|
||||
from keystone.common import config
|
||||
from keystone.common import wsgi
|
||||
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
# Parse options (command-line arguments and config file)
|
||||
parser = optparse.OptionParser(version='%%prog %s'
|
||||
% version.version_string())
|
||||
# Initialize a parser for our configuration paramaters
|
||||
parser = optparse.OptionParser(version='%%prog %s' % keystone.version)
|
||||
common_group = config.add_common_options(parser)
|
||||
config.add_log_options(parser)
|
||||
|
||||
# Parse arguments and load config
|
||||
(options, args) = config.parse_options(parser)
|
||||
config_file = config.find_config_file(options, args)
|
||||
print "Using config file:", config_file
|
||||
|
||||
# Start services
|
||||
print "Using config file:", config.find_config_file(options, args)
|
||||
try:
|
||||
# Load Service API server
|
||||
conf, app = config.load_paste_app('server', options, args)
|
||||
|
|
|
@ -22,9 +22,11 @@
|
|||
Keystone Identity Server - CLI Management Interface
|
||||
"""
|
||||
|
||||
import datetime
|
||||
import optparse
|
||||
import os
|
||||
import sys
|
||||
import tools.tracer
|
||||
|
||||
# If ../../keystone/__init__.py exists, add ../ to Python search path, so that
|
||||
# it will override what happens to be installed in /usr/(local/)lib/python...
|
||||
|
@ -34,56 +36,244 @@ possible_topdir = os.path.normpath(os.path.join(os.path.abspath(sys.argv[0]),
|
|||
if os.path.exists(os.path.join(possible_topdir, 'keystone', '__init__.py')):
|
||||
sys.path.insert(0, possible_topdir)
|
||||
|
||||
import keystone
|
||||
from keystone.common import config
|
||||
import keystone.db.sqlalchemy.api as db_api
|
||||
import keystone.db.sqlalchemy.models as db_models
|
||||
|
||||
|
||||
def Main():
|
||||
# Parse options (command-line arguments and config file)
|
||||
parser = optparse.OptionParser(version='%%prog %s'
|
||||
% version.version_string())
|
||||
"""
|
||||
Usage: keystone-manage [options] type command [id [attributes]]
|
||||
type : role, tenant, user, token (more to come)
|
||||
command : add, list, disable (more to come)
|
||||
id : name or id
|
||||
attributes : depending on type...
|
||||
users : password, tenant
|
||||
tokens : user, tenant, expiration
|
||||
|
||||
options
|
||||
-c | --config-file : config file to use
|
||||
-d | --debug : debug mode
|
||||
|
||||
Example: keystone-manage add user Admin P@ssw0rd
|
||||
"""
|
||||
usage = "usage: %prog [options] type command [id [attributes]]"
|
||||
|
||||
# Initialize a parser for our configuration paramaters
|
||||
parser = optparse.OptionParser(usage, version='%%prog %s'
|
||||
% keystone.version())
|
||||
common_group = config.add_common_options(parser)
|
||||
config.add_log_options(parser)
|
||||
|
||||
# Parse command-line and load config
|
||||
(options, args) = config.parse_options(parser)
|
||||
|
||||
if len(args) <> 4:
|
||||
print "Usage: keystone-manage [options] type command id [attributes]"
|
||||
print " type : user (more to come)"
|
||||
print " command : add (more to come)"
|
||||
print " id : name (user or tenant name)"
|
||||
print " attributes : password, tenant"
|
||||
print "\noptions"
|
||||
print " -c | --config-file : config file to use"
|
||||
print " -d | --debug : debug mode"
|
||||
print "\nExample: keystone-manage add user Admin P@ssw0rd"
|
||||
return
|
||||
config_file, conf = config.load_paste_config('admin', options, args)
|
||||
|
||||
# Check arguments
|
||||
if len(args) == 0:
|
||||
parser.error('No object type specified for first argument')
|
||||
|
||||
object_type = args[0]
|
||||
command = args[1]
|
||||
object_id = args[2]
|
||||
password = args[3]
|
||||
|
||||
if command == "add" and object_type == "user":
|
||||
try:
|
||||
config_file, conf = config.load_paste_config('admin', options, args)
|
||||
print "Config file in use: %s" % config_file
|
||||
config.setup_logging(options, conf)
|
||||
|
||||
db_api.configure_db(conf)
|
||||
|
||||
duser = db_models.User()
|
||||
duser.id = object_id
|
||||
duser.password = password
|
||||
duser.enabled = True
|
||||
db_api.user_create(duser)
|
||||
print "User created successfully. ID=%s" % duser.id
|
||||
except Exception as exc:
|
||||
print "ERROR: Failed to create user: %s" % exc
|
||||
|
||||
if object_type in ['user', 'tenant', 'role', 'token']:
|
||||
pass
|
||||
else:
|
||||
print ("Fail: only user add supported right now."
|
||||
"You entered %s %s" % (object_type, command))
|
||||
parser.error('%s is not a supported object type' % object_type)
|
||||
|
||||
if len(args) == 1:
|
||||
parser.error('No command specified for second argument')
|
||||
command = args[1]
|
||||
if command in ['add', 'list', 'disable', 'delete', 'grant', 'revoke']:
|
||||
pass
|
||||
else:
|
||||
parser.error('add, disable, delete, and list are the only supported"\
|
||||
" commands (right now)')
|
||||
|
||||
if len(args) == 2:
|
||||
if command != 'list':
|
||||
parser.error('No id specified for third argument')
|
||||
if len(args) > 2:
|
||||
object_id = args[2]
|
||||
|
||||
# Set things up to run the command
|
||||
print "Config file in use: %s" % config_file
|
||||
config.setup_logging(options, conf)
|
||||
|
||||
db_api.configure_db(conf)
|
||||
|
||||
if object_type == "user":
|
||||
if command == "add":
|
||||
if len(args) < 4:
|
||||
parser.error('No password specified for fourth argument')
|
||||
password = args[3]
|
||||
|
||||
try:
|
||||
object = db_models.User()
|
||||
object.id = object_id
|
||||
object.password = password
|
||||
object.enabled = True
|
||||
if len(args) > 4:
|
||||
tenant = args[4]
|
||||
object.tenant_id = tenant
|
||||
db_api.user_create(object)
|
||||
print "User created successfully. ID=%s" % object.id
|
||||
except Exception as exc:
|
||||
print "ERROR: Failed to create user: %s" % exc
|
||||
return
|
||||
elif command == "disable":
|
||||
try:
|
||||
object = db_api.user_get(object_id)
|
||||
if object == None:
|
||||
raise IndexError("User %s not found" % object_id)
|
||||
object.enabled = False
|
||||
db_api.user_update(object_id, object)
|
||||
print "User disabled: %s" % object.id
|
||||
except Exception as exc:
|
||||
print "ERROR: Failed to disable user: %s" % exc
|
||||
return
|
||||
elif command == "list":
|
||||
try:
|
||||
if len(args) > 2:
|
||||
tenant = args[2]
|
||||
objects = db_api.user_get_by_tenant(tenant)
|
||||
if objects == None:
|
||||
raise IndexError("Users not found")
|
||||
print 'id', 'enabled'
|
||||
print '-' * 20
|
||||
for row in objects:
|
||||
print row.id, row.enabled
|
||||
else:
|
||||
objects = db_api.user_get_all()
|
||||
if objects == None:
|
||||
raise IndexError("Users not found")
|
||||
print 'id', 'enabled', 'tenant'
|
||||
print '-' * 20
|
||||
for row in objects:
|
||||
print row.id, row.enabled, row.tenant_id
|
||||
except Exception, e:
|
||||
print 'Error getting all users:', str(e)
|
||||
return
|
||||
elif object_type == "tenant":
|
||||
if command == "add":
|
||||
try:
|
||||
object = db_models.Tenant()
|
||||
object.id = object_id
|
||||
object.enabled = True
|
||||
db_api.tenant_create(object)
|
||||
print "Tenant created successfully. ID=%s" % object.id
|
||||
return
|
||||
except Exception as exc:
|
||||
print "ERROR: Failed to create tenant: %s" % exc
|
||||
return
|
||||
elif command == "list":
|
||||
try:
|
||||
objects = db_api.tenant_get_all()
|
||||
if objects == None:
|
||||
raise IndexError("Tenants not found")
|
||||
print 'tenant', 'enabled'
|
||||
print '-' * 20
|
||||
for row in objects:
|
||||
print row.id, row.enabled
|
||||
except Exception, e:
|
||||
print 'Error getting all users:', str(e)
|
||||
return
|
||||
elif command == "disable":
|
||||
try:
|
||||
object = db_api.tenant_get(object_id)
|
||||
if object == None:
|
||||
raise IndexError("Tenant %s not found" % object_id)
|
||||
object.enabled = False
|
||||
db_api.tenant_update(object_id, object)
|
||||
print "Tenant disabled: %s" % object.id
|
||||
except Exception as exc:
|
||||
print "ERROR: Failed to disable tenant: %s" % exc
|
||||
return
|
||||
elif object_type == "role":
|
||||
if command == "add":
|
||||
try:
|
||||
object = db_models.Role()
|
||||
object.id = object_id
|
||||
db_api.role_create(object)
|
||||
print "Role created successfully. ID=%s" % object.id
|
||||
return
|
||||
except Exception as exc:
|
||||
print "ERROR: Failed to create role: %s" % exc
|
||||
return
|
||||
elif command == "list":
|
||||
try:
|
||||
objects = db_api.role_get_all()
|
||||
if objects == None:
|
||||
raise IndexError("Roles not found")
|
||||
print 'role'
|
||||
print '-' * 20
|
||||
for row in objects:
|
||||
print row.id
|
||||
except Exception, e:
|
||||
print 'Error getting all roles:', str(e)
|
||||
return
|
||||
elif command == "grant":
|
||||
if len(args) < 5:
|
||||
parser.error("Missing arguments: role grant 'role' 'user'"\
|
||||
"'tenant'")
|
||||
user = args[3]
|
||||
tenant = args[4]
|
||||
try:
|
||||
object = db_models.UserRoleAssociation()
|
||||
object.role_id = object_id
|
||||
object.user_id = user
|
||||
object.tenant_id = tenant
|
||||
db_api.user_role_add(object)
|
||||
print "Successfully granted %s the %s role on %s" %\
|
||||
(object.user_id, object.role_id, object.tenant_id)
|
||||
except Exception as exc:
|
||||
print "ERROR: Failed to grant role: %s" % exc
|
||||
return
|
||||
elif object_type == "token":
|
||||
if command == "add":
|
||||
if len(args) < 6:
|
||||
parser.error('Creating a token requires a token id, user'\
|
||||
', tenant, and expiration')
|
||||
try:
|
||||
object = db_models.Token()
|
||||
object.token_id = object_id
|
||||
object.user_id = args[3]
|
||||
object.tenant_id = args[4]
|
||||
tuple_time = datetime.datetime.strptime(args[5]
|
||||
.replace("-", ""),
|
||||
"%Y%m%dT%H:%M")
|
||||
object.expires = tuple_time
|
||||
db_api.token_create(object)
|
||||
print "Token created successfully. ID=%s" % object.token_id
|
||||
return
|
||||
except Exception as exc:
|
||||
print "ERROR: Failed to create token: %s" % exc
|
||||
return
|
||||
elif command == "list":
|
||||
try:
|
||||
objects = db_api.token_get_all()
|
||||
if objects == None:
|
||||
raise IndexError("Tokens not found")
|
||||
print 'token', 'user', 'expiration', 'tenant'
|
||||
print '-' * 20
|
||||
for row in objects:
|
||||
print row.token_id, row.user_id, row.expires, row.tenant_id
|
||||
except Exception, e:
|
||||
print 'Error getting all tokens:', str(e)
|
||||
return
|
||||
elif command == "delete":
|
||||
try:
|
||||
object = db_api.token_get(object_id)
|
||||
if object == None:
|
||||
raise IndexError("Token %s not found" % object_id)
|
||||
else:
|
||||
db_api.token_delete(object_id)
|
||||
print 'Token %s deleted' % object_id
|
||||
except Exception, e:
|
||||
print 'Error deleting token %s:' % object_id, str(e)
|
||||
return
|
||||
|
||||
# Command not handled
|
||||
print ("Fail: %s %s not yet supported" % (object_type, command))
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
|
|
|
@ -0,0 +1,51 @@
|
|||
#!/bin/bash
|
||||
# vim: tabstop=4 shiftwidth=4 softtabstop=4
|
||||
|
||||
# Copyright 2010 United States Government as represented by the
|
||||
# Administrator of the National Aeronautics and Space Administration.
|
||||
# Copyright 2011 OpenStack LLC.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
# Tenants
|
||||
./keystone-manage tenant add 1234
|
||||
./keystone-manage tenant add 0000
|
||||
./keystone-manage tenant disable 0000
|
||||
|
||||
# Users
|
||||
./keystone-manage user add joeuser secrete 1234
|
||||
./keystone-manage user add admin secrete 1234
|
||||
./keystone-manage user add disabled secrete 1234
|
||||
./keystone-manage user disable disabled
|
||||
|
||||
# Roles
|
||||
./keystone-manage role add Admin
|
||||
./keystone-manage role add Admin admin 1234
|
||||
|
||||
|
||||
# Groups
|
||||
#./keystone-manage group add Admin 1234
|
||||
#./keystone-manage group add Default 1234
|
||||
#./keystone-manage group add Empty 0000
|
||||
|
||||
# User Group Associations
|
||||
#./keystone-manage user joeuser join Default
|
||||
#./keystone-manage user disabled join Default
|
||||
#./keystone-manage user admin join Admin
|
||||
|
||||
# Tokens
|
||||
./keystone-manage token add 887665443383838 joeuser 1234 2012-02-05T00:00
|
||||
./keystone-manage token add 999888777666 admin 1234 2015-02-05T00:00
|
||||
./keystone-manage token add 000999 admin 1234 2010-02-05T00:00
|
||||
./keystone-manage token add 999888777 disabled 1234 2015-02-05T00:00
|
|
@ -20,7 +20,7 @@ pipeline =
|
|||
echo
|
||||
|
||||
[filter:tokenauth]
|
||||
paste.filter_factory = keystone:tokenauth_factory
|
||||
paste.filter_factory = keystone.auth_protocols.auth_token:filter_factory
|
||||
;where to find the token auth service
|
||||
auth_host = 127.0.0.1
|
||||
auth_port = 8081
|
||||
|
@ -30,7 +30,7 @@ auth_protocol = http
|
|||
admin_token = 999888777666
|
||||
|
||||
[filter:basicauth]
|
||||
paste.filter_factory = keystone:basicauth_factory
|
||||
paste.filter_factory = keystone.auth_protocols.auth_basic:filter_factory
|
||||
|
||||
[filter:openidauth]
|
||||
paste.filter_factory = keystone:openidauth_factory
|
||||
paste.filter_factory = keystone.auth_protocols.auth_openid:filter_factory
|
||||
|
|
|
@ -20,7 +20,7 @@ pipeline =
|
|||
echo
|
||||
|
||||
[filter:tokenauth]
|
||||
paste.filter_factory = keystone:tokenauth_factory
|
||||
paste.filter_factory = keystone.auth_protocols.auth_token:filter_factory
|
||||
;where to find the token auth service
|
||||
auth_host = 127.0.0.1
|
||||
auth_port = 8081
|
||||
|
@ -30,7 +30,7 @@ auth_protocol = http
|
|||
admin_token = 999888777666
|
||||
|
||||
[filter:basicauth]
|
||||
paste.filter_factory = keystone:basicauth_factory
|
||||
paste.filter_factory = keystone.auth_protocols.auth_basic:filter_factory
|
||||
|
||||
[filter:openidauth]
|
||||
paste.filter_factory = keystone:openidauth_factory
|
||||
paste.filter_factory = keystone.auth_protocols.auth_openid:filter_factory
|
||||
|
|
|
@ -9,11 +9,11 @@ pipeline =
|
|||
echo
|
||||
|
||||
[filter:remoteauth]
|
||||
paste.filter_factory = keystone:remoteauth_factory
|
||||
paste.filter_factory = keystone.middleware.remoteauth:filter_factory
|
||||
;password which will tell us call is coming from a trusted auth proxy
|
||||
; (otherwise we redirect call)
|
||||
remote_auth_pass = dTpw
|
||||
;where to redirect untrusted calls to
|
||||
auth_location = http://127.0.0.1:8080/
|
||||
auth_location = http://127.0.0.1:8081/
|
||||
|
||||
|
||||
|
|
|
@ -31,6 +31,7 @@ def get_auth_token(username, password, tenant):
|
|||
conn.request("POST", "/v2.0/token", json.dumps(params), headers=headers)
|
||||
response = conn.getresponse()
|
||||
data = response.read()
|
||||
print data
|
||||
ret = data
|
||||
return ret
|
||||
|
||||
|
|
|
@ -165,8 +165,8 @@ class AuthProtocol(object):
|
|||
"Proxy %s" % claims['user'])
|
||||
self._decorate_request('X_TENANT',
|
||||
claims['tenant'])
|
||||
self._decorate_request('X_GROUP',
|
||||
claims['group'])
|
||||
if 'group' in claims:
|
||||
self._decorate_request('X_GROUP', claims['group'])
|
||||
self.expanded = True
|
||||
|
||||
#Send request downstream
|
||||
|
@ -262,11 +262,12 @@ class AuthProtocol(object):
|
|||
|
||||
token_info = json.loads(data)
|
||||
#TODO(Ziad): make this more robust
|
||||
first_group = token_info['auth']['user']['groups']['group'][0]
|
||||
#first_group = token_info['auth']['user']['groups']['group'][0]
|
||||
verified_claims = {'user': token_info['auth']['user']['username'],
|
||||
'tenant': token_info['auth']['user']['tenantId'],
|
||||
'group': '%s/%s' % (first_group['id'],
|
||||
first_group['tenantId'])}
|
||||
'tenant': token_info['auth']['user']['tenantId']}
|
||||
# TODO(Ziad): removed groups for now
|
||||
# ,'group': '%s/%s' % (first_group['id'],
|
||||
# first_group['tenantId'])}
|
||||
return verified_claims
|
||||
|
||||
def _decorate_request(self, index, value):
|
||||
|
|
|
@ -78,11 +78,33 @@ def unregister_models():
|
|||
assert _ENGINE
|
||||
BASE.metadata.drop_all(_ENGINE)
|
||||
|
||||
|
||||
#
|
||||
# Role API operations
|
||||
#
|
||||
def role_create(values):
|
||||
role_ref = models.Role()
|
||||
role_ref.update(values)
|
||||
role_ref.save()
|
||||
return role_ref
|
||||
|
||||
|
||||
def role_get(id, session=None):
|
||||
if not session:
|
||||
session = get_session()
|
||||
result = session.query(models.Role).filter_by(id=id).first()
|
||||
return result
|
||||
|
||||
|
||||
def role_get_all(session=None):
|
||||
if not session:
|
||||
session = get_session()
|
||||
return session.query(models.Role).all()
|
||||
|
||||
|
||||
#
|
||||
# Tenant API operations
|
||||
#
|
||||
|
||||
|
||||
def tenant_create(values):
|
||||
tenant_ref = models.Tenant()
|
||||
tenant_ref.update(values)
|
||||
|
@ -183,11 +205,11 @@ def tenant_delete(id, session=None):
|
|||
tenant_ref = tenant_get(id, session)
|
||||
session.delete(tenant_ref)
|
||||
|
||||
|
||||
|
||||
#
|
||||
# Tenant Group Operations API
|
||||
#
|
||||
|
||||
|
||||
def tenant_group_create(values):
|
||||
group_ref = models.Group()
|
||||
group_ref.update(values)
|
||||
|
@ -289,6 +311,16 @@ def tenant_group_delete(id, tenant_id, session=None):
|
|||
session.delete(tenantgroup_ref)
|
||||
|
||||
|
||||
#
|
||||
# User Operations
|
||||
#
|
||||
def user_get_all(session=None):
|
||||
if not session:
|
||||
session = get_session()
|
||||
result = session.query(models.User)
|
||||
return result
|
||||
|
||||
|
||||
def get_user_by_group(user_id, group_id, session=None):
|
||||
if not session:
|
||||
session = get_session()
|
||||
|
@ -311,10 +343,6 @@ def user_tenant_group_delete(id, group_id, session=None):
|
|||
usertenantgroup_ref = get_user_by_group(id, group_id, session)
|
||||
session.delete(usertenantgroup_ref)
|
||||
|
||||
#
|
||||
# User Operations
|
||||
#
|
||||
|
||||
|
||||
def user_create(values):
|
||||
user_ref = models.User()
|
||||
|
@ -326,8 +354,10 @@ def user_create(values):
|
|||
def user_get(id, session=None):
|
||||
if not session:
|
||||
session = get_session()
|
||||
result = session.query(models.User).options(joinedload('groups')).options(\
|
||||
joinedload('tenants')).filter_by(id=id).first()
|
||||
#TODO(Ziad): finish cleaning up model
|
||||
# result = session.query(models.User).options(joinedload('groups')).options(\
|
||||
# joinedload('tenants')).filter_by(id=id).first()
|
||||
result = session.query(models.User).filter_by(id=id).first()
|
||||
return result
|
||||
|
||||
|
||||
|
@ -346,6 +376,14 @@ def user_groups(id, session=None):
|
|||
return result
|
||||
|
||||
|
||||
def user_roles_by_tenant(user_id, tenant_id, session=None):
|
||||
if not session:
|
||||
session = get_session()
|
||||
result = session.query(models.UserRoleAssociation).filter_by(\
|
||||
user_id=user_id, tenant_id=tenant_id).options(joinedload('roles'))
|
||||
return result
|
||||
|
||||
|
||||
def user_update(id, values, session=None):
|
||||
if not session:
|
||||
session = get_session()
|
||||
|
@ -420,6 +458,64 @@ def users_tenant_group_get_page_markers(group_id, marker, limit, session=None):
|
|||
return (prev, next)
|
||||
|
||||
|
||||
def user_delete(id, session=None):
|
||||
if not session:
|
||||
session = get_session()
|
||||
with session.begin():
|
||||
user_ref = user_get(id, session)
|
||||
session.delete(user_ref)
|
||||
|
||||
|
||||
def user_get_by_tenant(id, tenant_id, session=None):
|
||||
if not session:
|
||||
session = get_session()
|
||||
user_tenant = session.query(models.UserTenantAssociation).filter_by(\
|
||||
tenant_id=tenant_id, user_id=id).first()
|
||||
if user_tenant:
|
||||
return user_get(id, session)
|
||||
else:
|
||||
return None
|
||||
|
||||
|
||||
def user_get_by_group(id, session=None):
|
||||
if not session:
|
||||
session = get_session()
|
||||
user_group = session.query(models.Group).filter_by(tenant_id=id).all()
|
||||
return user_group
|
||||
|
||||
|
||||
def user_delete_tenant(id, tenant_id, session=None):
|
||||
if not session:
|
||||
session = get_session()
|
||||
with session.begin():
|
||||
user_tenant_ref = user_get_by_tenant(id, tenant_id, session)
|
||||
|
||||
session.delete(user_tenant_ref)
|
||||
user_group_ref = user_get_by_group(tenant_id, session)
|
||||
|
||||
if user_group_ref is not None:
|
||||
for user_group in user_group_ref:
|
||||
group_users = session.query(models.UserGroupAssociation)\
|
||||
.filter_by(user_id=id,
|
||||
group_id=user_group.id).all()
|
||||
for group_user in group_users:
|
||||
session.delete(group_user)
|
||||
user_tenant_ref = session.query(models.UserTenantAssociation)\
|
||||
.filter_by(user_id=id).first()
|
||||
if user_tenant_ref is None:
|
||||
user_ref = user_get(id, session)
|
||||
session.delete(user_ref)
|
||||
|
||||
def user_get_by_tenant(user_id, tenant_id, session=None):
|
||||
if not session:
|
||||
session = get_session()
|
||||
result = session.query(models.User).filter_by(id=user_id,
|
||||
tenant_id=tenant_id).first()
|
||||
return result
|
||||
|
||||
#
|
||||
# Group Operations
|
||||
#
|
||||
def group_get(id, session=None):
|
||||
if not session:
|
||||
session = get_session()
|
||||
|
@ -500,11 +596,10 @@ def group_delete(id, session=None):
|
|||
group_ref = group_get(id, session)
|
||||
session.delete(group_ref)
|
||||
|
||||
|
||||
#
|
||||
# Token Operations
|
||||
#
|
||||
|
||||
|
||||
def token_create(values):
|
||||
token_ref = models.Token()
|
||||
token_ref.update(values)
|
||||
|
@ -543,6 +638,22 @@ def token_for_user_tenant(user_id, tenant_id, session=None):
|
|||
return result
|
||||
|
||||
|
||||
def token_get_all(session=None):
|
||||
if not session:
|
||||
session = get_session()
|
||||
return session.query(models.Token).all()
|
||||
|
||||
|
||||
#
|
||||
# Unsorted operations
|
||||
#
|
||||
def user_role_add(values):
|
||||
user_role_ref = models.UserRoleAssociation()
|
||||
user_role_ref.update(values)
|
||||
user_role_ref.save()
|
||||
return user_role_ref
|
||||
|
||||
|
||||
def user_tenant_create(values):
|
||||
user_tenant_ref = models.UserTenantAssociation()
|
||||
user_tenant_ref.update(values)
|
||||
|
@ -710,52 +821,3 @@ def groups_get_by_user_get_page_markers(user_id, marker, limit, session=None):
|
|||
else:
|
||||
next = next.id
|
||||
return (prev, next)
|
||||
|
||||
|
||||
def user_delete(id, session=None):
|
||||
if not session:
|
||||
session = get_session()
|
||||
with session.begin():
|
||||
user_ref = user_get(id, session)
|
||||
session.delete(user_ref)
|
||||
|
||||
|
||||
def user_get_by_tenant(id, tenant_id, session=None):
|
||||
if not session:
|
||||
session = get_session()
|
||||
user_tenant = session.query(models.UserTenantAssociation).filter_by(\
|
||||
tenant_id=tenant_id, user_id=id).first()
|
||||
if user_tenant:
|
||||
return user_get(id, session)
|
||||
else:
|
||||
return None
|
||||
|
||||
|
||||
def user_get_by_group(id, session=None):
|
||||
if not session:
|
||||
session = get_session()
|
||||
user_group = session.query(models.Group).filter_by(tenant_id=id).all()
|
||||
return user_group
|
||||
|
||||
|
||||
def user_delete_tenant(id, tenant_id, session=None):
|
||||
if not session:
|
||||
session = get_session()
|
||||
with session.begin():
|
||||
user_tenant_ref = user_get_by_tenant(id, tenant_id, session)
|
||||
|
||||
session.delete(user_tenant_ref)
|
||||
user_group_ref = user_get_by_group(tenant_id, session)
|
||||
|
||||
if user_group_ref is not None:
|
||||
for user_group in user_group_ref:
|
||||
group_users = session.query(models.UserGroupAssociation)\
|
||||
.filter_by(user_id=id,
|
||||
group_id=user_group.id).all()
|
||||
for group_user in group_users:
|
||||
session.delete(group_user)
|
||||
user_tenant_ref = session.query(models.UserTenantAssociation)\
|
||||
.filter_by(user_id=id).first()
|
||||
if user_tenant_ref is None:
|
||||
user_ref = user_get(id, session)
|
||||
session.delete(user_ref)
|
||||
|
|
|
@ -87,7 +87,7 @@ class UserRoleAssociation(Base, KeystoneBase):
|
|||
|
||||
user_id = Column(String(255), ForeignKey('users.id'), primary_key=True)
|
||||
role_id = Column(String(255), ForeignKey('roles.id'), primary_key=True)
|
||||
tenant_id = Column(String(255), ForeignKey('tenants.id'))
|
||||
tenant_id = Column(String(255), ForeignKey('tenants.id'), primary_key=True)
|
||||
|
||||
|
||||
# Define objects
|
||||
|
@ -150,5 +150,5 @@ class Endpoints(Base, KeystoneBase):
|
|||
__tablename__ = 'endpoints'
|
||||
|
||||
id = Column(String(255), primary_key=True, unique=True)
|
||||
id = Column(String(255), primary_key=True, unique=True)
|
||||
service = Column(String(255))
|
||||
desc = Column(String(255))
|
||||
|
|
|
@ -855,11 +855,12 @@ class IdentityService(object):
|
|||
if not user.enabled:
|
||||
raise fault.UserDisabledFault("The user %s has been disabled!"
|
||||
% user.id)
|
||||
'''TODO(Ziad): return roles
|
||||
if admin:
|
||||
for ug in user.groups:
|
||||
for roles in user.roles:
|
||||
if ug.group_id == "Admin":
|
||||
return (token, user)
|
||||
raise fault.UnauthorizedFault("You are not authorized "
|
||||
"to make this call")
|
||||
|
||||
'''
|
||||
return (token, user)
|
||||
|
|
|
@ -67,6 +67,8 @@ class PasswordCredentials(object):
|
|||
password = cred["password"]
|
||||
if "tenantId" in cred:
|
||||
tenant_id = cred["tenantId"]
|
||||
else:
|
||||
tenant_id = None
|
||||
return PasswordCredentials(username, password, tenant_id)
|
||||
except (ValueError, TypeError) as e:
|
||||
raise fault.BadRequestFault("Cannot parse password credentials",
|
||||
|
|
|
@ -1,38 +0,0 @@
|
|||
# Copyright (c) 2010-2011 OpenStack, LLC.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
# implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
import optparse
|
||||
import keystone.db.sqlalchemy.api as db_api
|
||||
|
||||
|
||||
def main():
|
||||
usage = "usage: %prog tenant_id"
|
||||
parser = optparse.OptionParser(usage)
|
||||
options, args = parser.parse_args()
|
||||
if len(args) != 1:
|
||||
parser.error("Incorrect number of arguments")
|
||||
else:
|
||||
tenant_id = args[0]
|
||||
try:
|
||||
u = db_api.user_get_by_tenant(tenant_id)
|
||||
if u == None:
|
||||
raise IndexError("Users not found")
|
||||
for row in u:
|
||||
print row
|
||||
except Exception, e:
|
||||
print 'Error getting users for tenant', tenant_id, ':', str(e)
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
|
@ -1,42 +0,0 @@
|
|||
# Copyright (c) 2010-2011 OpenStack, LLC.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
# implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
import optparse
|
||||
import keystone.db.sqlalchemy.api as db_api
|
||||
from keystone.db.sqlalchemy import models
|
||||
|
||||
|
||||
def main():
|
||||
usage = "usage: %prog username password"
|
||||
parser = optparse.OptionParser(usage)
|
||||
options, args = parser.parse_args()
|
||||
if len(args) != 2:
|
||||
parser.error("Incorrect number of arguments")
|
||||
else:
|
||||
username = args[0]
|
||||
password = args[1]
|
||||
try:
|
||||
u = models.User()
|
||||
u.id = username
|
||||
u.email = username
|
||||
u.password = password
|
||||
u.enabled = True
|
||||
db_api.user_create(u)
|
||||
print 'User', u.id, 'created.'
|
||||
except Exception, e:
|
||||
print 'Error creating user', username, ':', str(e)
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
|
@ -27,7 +27,6 @@ import unittest
|
|||
URL = 'http://localhost:8081/v2.0/'
|
||||
URLv1 = 'http://localhost:8081/v1.0/'
|
||||
|
||||
|
||||
def get_token(user, pswd, tenant_id, kind=''):
|
||||
header = httplib2.Http(".cache")
|
||||
url = '%stoken' % URL
|
||||
|
|
|
@ -1,3 +1,19 @@
|
|||
# vim: tabstop=4 shiftwidth=4 softtabstop=4
|
||||
# Copyright (c) 2010-2011 OpenStack, LLC.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
# implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
import os
|
||||
import sys
|
||||
# Need to access identity module
|
||||
|
|
|
@ -17,6 +17,8 @@
|
|||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# Author: Ziad Sawalha (http://launchpad.net/~ziad-sawalha)
|
||||
|
||||
"""
|
||||
OpenStack Call Tracing Tool
|
||||
|
@ -47,10 +49,28 @@ if '--trace-calls' in sys.argv:
|
|||
global stack_depth
|
||||
if event == "return":
|
||||
stack_depth = stack_depth - 1
|
||||
elif event == "exception":
|
||||
co = frame.f_code
|
||||
func_name = co.co_name
|
||||
line_no = frame.f_lineno
|
||||
filename = co.co_filename
|
||||
exc_type, exc_value, exc_traceback = arg
|
||||
print '\033[91m%sERROR: %s %s on line %s of %s\033[0m' % \
|
||||
(' ' * stack_depth, exc_type.__name__, exc_value, line_no,
|
||||
func_name)
|
||||
return None
|
||||
|
||||
def selectivetrace(frame, event, arg):
|
||||
global stack_depth
|
||||
if event == "exception":
|
||||
co = frame.f_code
|
||||
func_name = co.co_name
|
||||
line_no = frame.f_lineno
|
||||
filename = co.co_filename
|
||||
exc_type, exc_value, exc_traceback = arg
|
||||
print '\033[91m%sERROR: %s %s on line %s of %s\033[0m' % \
|
||||
(' ' * stack_depth, exc_type.__name__, exc_value, line_no,
|
||||
func_name)
|
||||
if event != 'call':
|
||||
return
|
||||
co = frame.f_code
|
||||
|
|
Loading…
Reference in New Issue