openstack
/
keystone
Code Issues Proposed changes

New model working with echo_client.py

This commit is contained in:
Ziad Sawalha 2011-05-23 02:11:59 -05:00
parent 656517632d
commit 888b18e3f4
20 changed files with 486 additions and 219 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
README.md
View File

@ -84,15 +84,14 @@ A sample client that gets a token from Keystone and then uses it to call Echo (a
TESTING:
--------
After starting keystone a keystone.db sqlite database should be created in the keystone folder.
A set of sample data can be added by running a shell script:
Add test data to the database:
$ ./bin/sampledata.sh
$ sqlite3 keystone/keystone.db < test/test_setup.sql
The script calls keystone-manage to create the sample data
To clean the test database
After starting keystone or runnign keystone-manage a keystone.db sqlite database should be created in the keystone folder.
$ sqlite3 keystone/keystone.db < test/kill.sql
To run client demo (with all auth middleware running locally on sample service):
@ -142,3 +141,7 @@ in troubleshooting:
1. config.py takes the config file from <topdir>/etc/keystone.conf
2. If the keystone package is also intalled on the system,
/etc/keystone.conf or /etc/keystone/keystone.conf have higher priority than <top_dir>/etc/keystone.conf.
CURL commands:
curl -d '{"passwordCredentials": {"username": "joeuser", "password": "secrete"}}' -H "Content-type: application/json" http://localhost:8081/v2.0/token
curl -d '{"passwordCredentials": {"username": "joeuser", "password": "secrete", "tenant": "1234"}}' -H "Content-type: application/json" http://localhost:8081/v2.0/token

14
bin/keystone
View File

@ -22,10 +22,10 @@
Keystone Identity Server - Admin and Service API
"""
import eventlet
import optparse
import os
import sys
import tools.tracer #load this first
# If ../../keystone/__init__.py exists, add ../ to Python search path, so that
# it will override what happens to be installed in /usr/(local/)lib/python...
@ -35,25 +35,29 @@ possible_topdir = os.path.normpath(os.path.join(os.path.abspath(sys.argv[0]),
if os.path.exists(os.path.join(possible_topdir, 'keystone', '__init__.py')):
sys.path.insert(0, possible_topdir)
import keystone
from keystone.common import config
from keystone.common import wsgi
if __name__ == '__main__':
# Parse options (command-line arguments and config file)
parser = optparse.OptionParser(version='%%prog %s'
% version.version_string())
# Initialize a parser for our configuration paramaters
parser = optparse.OptionParser(version='%%prog %s' % keystone.version)
common_group = config.add_common_options(parser)
config.add_log_options(parser)
# Handle a special argument to support starting two endpoints
common_group.add_option('-a', '--admin-port', default=8081,
dest="admin_port", metavar="PORT",
help = "specifies port for Admin API to listen"
"on (default is 8080)")
# Parse arguments and load config
(options, args) = config.parse_options(parser)
config_file = config.find_config_file(options, args)
print "Using config file:", config_file
# Start services
print "Using config file:", config.find_config_file(options, args)
try:
# Load Service API server
conf, app = config.load_paste_app('server', options, args)

6
bin/keystone-admin
View File

@ -46,12 +46,6 @@ if __name__ == '__main__':
common_group = config.add_common_options(parser)
config.add_log_options(parser)
# Handle a special argument to support starting two endpoints
common_group.add_option('-a', '--admin-port', default=8081,
dest="admin_port", metavar="PORT",
help = "specifies port for Admin API to listen" \
"on (default is 8080)")
# Parse arguments and load config
(options, args) = config.parse_options(parser)
config_file = config.find_config_file(options, args)

13
bin/keystone-auth
View File

@ -25,6 +25,7 @@ Keystone Identity Server - Service API
import optparse
import os
import sys
import tools.tracer #load this first
# If ../../keystone/__init__.py exists, add ../ to Python search path, so that
# it will override what happens to be installed in /usr/(local/)lib/python...
@ -34,21 +35,23 @@ possible_topdir = os.path.normpath(os.path.join(os.path.abspath(sys.argv[0]),
if os.path.exists(os.path.join(possible_topdir, 'keystone', '__init__.py')):
sys.path.insert(0, possible_topdir)
import keystone
from keystone.common import config
from keystone.common import wsgi
if __name__ == '__main__':
# Parse options (command-line arguments and config file)
parser = optparse.OptionParser(version='%%prog %s'
% version.version_string())
# Initialize a parser for our configuration paramaters
parser = optparse.OptionParser(version='%%prog %s' % keystone.version)
common_group = config.add_common_options(parser)
config.add_log_options(parser)
# Parse arguments and load config
(options, args) = config.parse_options(parser)
config_file = config.find_config_file(options, args)
print "Using config file:", config_file
# Start services
print "Using config file:", config.find_config_file(options, args)
try:
# Load Service API server
conf, app = config.load_paste_app('server', options, args)

266
bin/keystone-manage
View File

@ -22,9 +22,11 @@
Keystone Identity Server - CLI Management Interface
"""
import datetime
import optparse
import os
import sys
import tools.tracer
# If ../../keystone/__init__.py exists, add ../ to Python search path, so that
# it will override what happens to be installed in /usr/(local/)lib/python...
@ -34,56 +36,244 @@ possible_topdir = os.path.normpath(os.path.join(os.path.abspath(sys.argv[0]),
if os.path.exists(os.path.join(possible_topdir, 'keystone', '__init__.py')):
sys.path.insert(0, possible_topdir)
import keystone
from keystone.common import config
import keystone.db.sqlalchemy.api as db_api
import keystone.db.sqlalchemy.models as db_models
def Main():
# Parse options (command-line arguments and config file)
parser = optparse.OptionParser(version='%%prog %s'
% version.version_string())
"""
Usage: keystone-manage [options] type command [id [attributes]]
type : role, tenant, user, token (more to come)
command : add, list, disable (more to come)
id : name or id
attributes : depending on type...
users : password, tenant
tokens : user, tenant, expiration
options
-c | --config-file : config file to use
-d | --debug : debug mode
Example: keystone-manage add user Admin P@ssw0rd
"""
usage = "usage: %prog [options] type command [id [attributes]]"
# Initialize a parser for our configuration paramaters
parser = optparse.OptionParser(usage, version='%%prog %s'
% keystone.version())
common_group = config.add_common_options(parser)
config.add_log_options(parser)
# Parse command-line and load config
(options, args) = config.parse_options(parser)
if len(args) <> 4:
print "Usage: keystone-manage [options] type command id [attributes]"
print " type : user (more to come)"
print " command : add (more to come)"
print " id : name (user or tenant name)"
print " attributes : password, tenant"
print "\noptions"
print " -c | --config-file : config file to use"
print " -d | --debug : debug mode"
print "\nExample: keystone-manage add user Admin P@ssw0rd"
return
config_file, conf = config.load_paste_config('admin', options, args)
# Check arguments
if len(args) == 0:
parser.error('No object type specified for first argument')
object_type = args[0]
command = args[1]
object_id = args[2]
password = args[3]
if command == "add" and object_type == "user":
try:
config_file, conf = config.load_paste_config('admin', options, args)
print "Config file in use: %s" % config_file
config.setup_logging(options, conf)
db_api.configure_db(conf)
duser = db_models.User()
duser.id = object_id
duser.password = password
duser.enabled = True
db_api.user_create(duser)
print "User created successfully. ID=%s" % duser.id
except Exception as exc:
print "ERROR: Failed to create user: %s" % exc
if object_type in ['user', 'tenant', 'role', 'token']:
pass
else:
print ("Fail: only user add supported right now."
"You entered %s %s" % (object_type, command))
parser.error('%s is not a supported object type' % object_type)
if len(args) == 1:
parser.error('No command specified for second argument')
command = args[1]
if command in ['add', 'list', 'disable', 'delete', 'grant', 'revoke']:
pass
else:
parser.error('add, disable, delete, and list are the only supported"\
" commands (right now)')
if len(args) == 2:
if command != 'list':
parser.error('No id specified for third argument')
if len(args) > 2:
object_id = args[2]
# Set things up to run the command
print "Config file in use: %s" % config_file
config.setup_logging(options, conf)
db_api.configure_db(conf)
if object_type == "user":
if command == "add":
if len(args) < 4:
parser.error('No password specified for fourth argument')
password = args[3]
try:
object = db_models.User()
object.id = object_id
object.password = password
object.enabled = True
if len(args) > 4:
tenant = args[4]
object.tenant_id = tenant
db_api.user_create(object)
print "User created successfully. ID=%s" % object.id
except Exception as exc:
print "ERROR: Failed to create user: %s" % exc
return
elif command == "disable":
try:
object = db_api.user_get(object_id)
if object == None:
raise IndexError("User %s not found" % object_id)
object.enabled = False
db_api.user_update(object_id, object)
print "User disabled: %s" % object.id
except Exception as exc:
print "ERROR: Failed to disable user: %s" % exc
return
elif command == "list":
try:
if len(args) > 2:
tenant = args[2]
objects = db_api.user_get_by_tenant(tenant)
if objects == None:
raise IndexError("Users not found")
print 'id', 'enabled'
print '-' * 20
for row in objects:
print row.id, row.enabled
else:
objects = db_api.user_get_all()
if objects == None:
raise IndexError("Users not found")
print 'id', 'enabled', 'tenant'
print '-' * 20
for row in objects:
print row.id, row.enabled, row.tenant_id
except Exception, e:
print 'Error getting all users:', str(e)
return
elif object_type == "tenant":
if command == "add":
try:
object = db_models.Tenant()
object.id = object_id
object.enabled = True
db_api.tenant_create(object)
print "Tenant created successfully. ID=%s" % object.id
return
except Exception as exc:
print "ERROR: Failed to create tenant: %s" % exc
return
elif command == "list":
try:
objects = db_api.tenant_get_all()
if objects == None:
raise IndexError("Tenants not found")
print 'tenant', 'enabled'
print '-' * 20
for row in objects:
print row.id, row.enabled
except Exception, e:
print 'Error getting all users:', str(e)
return
elif command == "disable":
try:
object = db_api.tenant_get(object_id)
if object == None:
raise IndexError("Tenant %s not found" % object_id)
object.enabled = False
db_api.tenant_update(object_id, object)
print "Tenant disabled: %s" % object.id
except Exception as exc:
print "ERROR: Failed to disable tenant: %s" % exc
return
elif object_type == "role":
if command == "add":
try:
object = db_models.Role()
object.id = object_id
db_api.role_create(object)
print "Role created successfully. ID=%s" % object.id
return
except Exception as exc:
print "ERROR: Failed to create role: %s" % exc
return
elif command == "list":
try:
objects = db_api.role_get_all()
if objects == None:
raise IndexError("Roles not found")
print 'role'
print '-' * 20
for row in objects:
print row.id
except Exception, e:
print 'Error getting all roles:', str(e)
return
elif command == "grant":
if len(args) < 5:
parser.error("Missing arguments: role grant 'role' 'user'"\
"'tenant'")
user = args[3]
tenant = args[4]
try:
object = db_models.UserRoleAssociation()
object.role_id = object_id
object.user_id = user
object.tenant_id = tenant
db_api.user_role_add(object)
print "Successfully granted %s the %s role on %s" %\
(object.user_id, object.role_id, object.tenant_id)
except Exception as exc:
print "ERROR: Failed to grant role: %s" % exc
return
elif object_type == "token":
if command == "add":
if len(args) < 6:
parser.error('Creating a token requires a token id, user'\
', tenant, and expiration')
try:
object = db_models.Token()
object.token_id = object_id
object.user_id = args[3]
object.tenant_id = args[4]
tuple_time = datetime.datetime.strptime(args[5]
.replace("-", ""),
"%Y%m%dT%H:%M")
object.expires = tuple_time
db_api.token_create(object)
print "Token created successfully. ID=%s" % object.token_id
return
except Exception as exc:
print "ERROR: Failed to create token: %s" % exc
return
elif command == "list":
try:
objects = db_api.token_get_all()
if objects == None:
raise IndexError("Tokens not found")
print 'token', 'user', 'expiration', 'tenant'
print '-' * 20
for row in objects:
print row.token_id, row.user_id, row.expires, row.tenant_id
except Exception, e:
print 'Error getting all tokens:', str(e)
return
elif command == "delete":
try:
object = db_api.token_get(object_id)
if object == None:
raise IndexError("Token %s not found" % object_id)
else:
db_api.token_delete(object_id)
print 'Token %s deleted' % object_id
except Exception, e:
print 'Error deleting token %s:' % object_id, str(e)
return
# Command not handled
print ("Fail: %s %s not yet supported" % (object_type, command))
if __name__ == '__main__':

51
bin/sampledata.sh Executable file
View File

@ -0,0 +1,51 @@
#!/bin/bash
# vim: tabstop=4 shiftwidth=4 softtabstop=4
# Copyright 2010 United States Government as represented by the
# Administrator of the National Aeronautics and Space Administration.
# Copyright 2011 OpenStack LLC.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# Tenants
./keystone-manage tenant add 1234
./keystone-manage tenant add 0000
./keystone-manage tenant disable 0000
# Users
./keystone-manage user add joeuser secrete 1234
./keystone-manage user add admin secrete 1234
./keystone-manage user add disabled secrete 1234
./keystone-manage user disable disabled
# Roles
./keystone-manage role add Admin
./keystone-manage role add Admin admin 1234
# Groups
#./keystone-manage group add Admin 1234
#./keystone-manage group add Default 1234
#./keystone-manage group add Empty 0000
# User Group Associations
#./keystone-manage user joeuser join Default
#./keystone-manage user disabled join Default
#./keystone-manage user admin join Admin
# Tokens
./keystone-manage token add 887665443383838 joeuser 1234 2012-02-05T00:00
./keystone-manage token add 999888777666 admin 1234 2015-02-05T00:00
./keystone-manage token add 000999 admin 1234 2010-02-05T00:00
./keystone-manage token add 999888777 disabled 1234 2015-02-05T00:00

6
echo/echo/echo.ini
View File

@ -20,7 +20,7 @@ pipeline =
echo
[filter:tokenauth]
paste.filter_factory = keystone:tokenauth_factory
paste.filter_factory = keystone.auth_protocols.auth_token:filter_factory
;where to find the token auth service
auth_host = 127.0.0.1
auth_port = 8081
@ -30,7 +30,7 @@ auth_protocol = http
admin_token = 999888777666
[filter:basicauth]
paste.filter_factory = keystone:basicauth_factory
paste.filter_factory = keystone.auth_protocols.auth_basic:filter_factory
[filter:openidauth]
paste.filter_factory = keystone:openidauth_factory
paste.filter_factory = keystone.auth_protocols.auth_openid:filter_factory

6
echo/echo/echo_basic.ini
View File

@ -20,7 +20,7 @@ pipeline =
echo
[filter:tokenauth]
paste.filter_factory = keystone:tokenauth_factory
paste.filter_factory = keystone.auth_protocols.auth_token:filter_factory
;where to find the token auth service
auth_host = 127.0.0.1
auth_port = 8081
@ -30,7 +30,7 @@ auth_protocol = http
admin_token = 999888777666
[filter:basicauth]
paste.filter_factory = keystone:basicauth_factory
paste.filter_factory = keystone.auth_protocols.auth_basic:filter_factory
[filter:openidauth]
paste.filter_factory = keystone:openidauth_factory
paste.filter_factory = keystone.auth_protocols.auth_openid:filter_factory

4
echo/echo/echo_remote.ini
View File

@ -9,11 +9,11 @@ pipeline =
echo
[filter:remoteauth]
paste.filter_factory = keystone:remoteauth_factory
paste.filter_factory = keystone.middleware.remoteauth:filter_factory
;password which will tell us call is coming from a trusted auth proxy
; (otherwise we redirect call)
remote_auth_pass = dTpw
;where to redirect untrusted calls to
auth_location = http://127.0.0.1:8080/
auth_location = http://127.0.0.1:8081/

1
echo/echo_client.py
View File

@ -31,6 +31,7 @@ def get_auth_token(username, password, tenant):
conn.request("POST", "/v2.0/token", json.dumps(params), headers=headers)
response = conn.getresponse()
data = response.read()
print data
ret = data
return ret

13
keystone/auth_protocols/auth_token.py
View File

@ -165,8 +165,8 @@ class AuthProtocol(object):
"Proxy %s" % claims['user'])
self._decorate_request('X_TENANT',
claims['tenant'])
self._decorate_request('X_GROUP',
claims['group'])
if 'group' in claims:
self._decorate_request('X_GROUP', claims['group'])
self.expanded = True
#Send request downstream
@ -262,11 +262,12 @@ class AuthProtocol(object):
token_info = json.loads(data)
#TODO(Ziad): make this more robust
first_group = token_info['auth']['user']['groups']['group'][0]
#first_group = token_info['auth']['user']['groups']['group'][0]
verified_claims = {'user': token_info['auth']['user']['username'],
'tenant': token_info['auth']['user']['tenantId'],
'group': '%s/%s' % (first_group['id'],
first_group['tenantId'])}
'tenant': token_info['auth']['user']['tenantId']}
# TODO(Ziad): removed groups for now
# ,'group': '%s/%s' % (first_group['id'],
# first_group['tenantId'])}
return verified_claims
def _decorate_request(self, index, value):

184
keystone/db/sqlalchemy/api.py
View File

@ -78,11 +78,33 @@ def unregister_models():
assert _ENGINE
BASE.metadata.drop_all(_ENGINE)
#
# Role API operations
#
def role_create(values):
role_ref = models.Role()
role_ref.update(values)
role_ref.save()
return role_ref
def role_get(id, session=None):
if not session:
session = get_session()
result = session.query(models.Role).filter_by(id=id).first()
return result
def role_get_all(session=None):
if not session:
session = get_session()
return session.query(models.Role).all()
#
# Tenant API operations
#
def tenant_create(values):
tenant_ref = models.Tenant()
tenant_ref.update(values)
@ -183,11 +205,11 @@ def tenant_delete(id, session=None):
tenant_ref = tenant_get(id, session)
session.delete(tenant_ref)
#
# Tenant Group Operations API
#
def tenant_group_create(values):
group_ref = models.Group()
group_ref.update(values)
@ -289,6 +311,16 @@ def tenant_group_delete(id, tenant_id, session=None):
session.delete(tenantgroup_ref)
#
# User Operations
#
def user_get_all(session=None):
if not session:
session = get_session()
result = session.query(models.User)
return result
def get_user_by_group(user_id, group_id, session=None):
if not session:
session = get_session()
@ -311,10 +343,6 @@ def user_tenant_group_delete(id, group_id, session=None):
usertenantgroup_ref = get_user_by_group(id, group_id, session)
session.delete(usertenantgroup_ref)
#
# User Operations
#
def user_create(values):
user_ref = models.User()
@ -326,8 +354,10 @@ def user_create(values):
def user_get(id, session=None):
if not session:
session = get_session()
result = session.query(models.User).options(joinedload('groups')).options(\
joinedload('tenants')).filter_by(id=id).first()
#TODO(Ziad): finish cleaning up model
# result = session.query(models.User).options(joinedload('groups')).options(\
# joinedload('tenants')).filter_by(id=id).first()
result = session.query(models.User).filter_by(id=id).first()
return result
@ -346,6 +376,14 @@ def user_groups(id, session=None):
return result
def user_roles_by_tenant(user_id, tenant_id, session=None):
if not session:
session = get_session()
result = session.query(models.UserRoleAssociation).filter_by(\
user_id=user_id, tenant_id=tenant_id).options(joinedload('roles'))
return result
def user_update(id, values, session=None):
if not session:
session = get_session()
@ -420,6 +458,64 @@ def users_tenant_group_get_page_markers(group_id, marker, limit, session=None):
return (prev, next)
def user_delete(id, session=None):
if not session:
session = get_session()
with session.begin():
user_ref = user_get(id, session)
session.delete(user_ref)
def user_get_by_tenant(id, tenant_id, session=None):
if not session:
session = get_session()
user_tenant = session.query(models.UserTenantAssociation).filter_by(\
tenant_id=tenant_id, user_id=id).first()
if user_tenant:
return user_get(id, session)
else:
return None
def user_get_by_group(id, session=None):
if not session:
session = get_session()
user_group = session.query(models.Group).filter_by(tenant_id=id).all()
return user_group
def user_delete_tenant(id, tenant_id, session=None):
if not session:
session = get_session()
with session.begin():
user_tenant_ref = user_get_by_tenant(id, tenant_id, session)
session.delete(user_tenant_ref)
user_group_ref = user_get_by_group(tenant_id, session)
if user_group_ref is not None:
for user_group in user_group_ref:
group_users = session.query(models.UserGroupAssociation)\
.filter_by(user_id=id,
group_id=user_group.id).all()
for group_user in group_users:
session.delete(group_user)
user_tenant_ref = session.query(models.UserTenantAssociation)\
.filter_by(user_id=id).first()
if user_tenant_ref is None:
user_ref = user_get(id, session)
session.delete(user_ref)
def user_get_by_tenant(user_id, tenant_id, session=None):
if not session:
session = get_session()
result = session.query(models.User).filter_by(id=user_id,
tenant_id=tenant_id).first()
return result
#
# Group Operations
#
def group_get(id, session=None):
if not session:
session = get_session()
@ -500,11 +596,10 @@ def group_delete(id, session=None):
group_ref = group_get(id, session)
session.delete(group_ref)
#
# Token Operations
#
def token_create(values):
token_ref = models.Token()
token_ref.update(values)
@ -543,6 +638,22 @@ def token_for_user_tenant(user_id, tenant_id, session=None):
return result
def token_get_all(session=None):
if not session:
session = get_session()
return session.query(models.Token).all()
#
# Unsorted operations
#
def user_role_add(values):
user_role_ref = models.UserRoleAssociation()
user_role_ref.update(values)
user_role_ref.save()
return user_role_ref
def user_tenant_create(values):
user_tenant_ref = models.UserTenantAssociation()
user_tenant_ref.update(values)
@ -710,52 +821,3 @@ def groups_get_by_user_get_page_markers(user_id, marker, limit, session=None):
else:
next = next.id
return (prev, next)
def user_delete(id, session=None):
if not session:
session = get_session()
with session.begin():
user_ref = user_get(id, session)
session.delete(user_ref)
def user_get_by_tenant(id, tenant_id, session=None):
if not session:
session = get_session()
user_tenant = session.query(models.UserTenantAssociation).filter_by(\
tenant_id=tenant_id, user_id=id).first()
if user_tenant:
return user_get(id, session)
else:
return None
def user_get_by_group(id, session=None):
if not session:
session = get_session()
user_group = session.query(models.Group).filter_by(tenant_id=id).all()
return user_group
def user_delete_tenant(id, tenant_id, session=None):
if not session:
session = get_session()
with session.begin():
user_tenant_ref = user_get_by_tenant(id, tenant_id, session)
session.delete(user_tenant_ref)
user_group_ref = user_get_by_group(tenant_id, session)
if user_group_ref is not None:
for user_group in user_group_ref:
group_users = session.query(models.UserGroupAssociation)\
.filter_by(user_id=id,
group_id=user_group.id).all()
for group_user in group_users:
session.delete(group_user)
user_tenant_ref = session.query(models.UserTenantAssociation)\
.filter_by(user_id=id).first()
if user_tenant_ref is None:
user_ref = user_get(id, session)
session.delete(user_ref)

4
keystone/db/sqlalchemy/models.py
View File

@ -87,7 +87,7 @@ class UserRoleAssociation(Base, KeystoneBase):
user_id = Column(String(255), ForeignKey('users.id'), primary_key=True)
role_id = Column(String(255), ForeignKey('roles.id'), primary_key=True)
tenant_id = Column(String(255), ForeignKey('tenants.id'))
tenant_id = Column(String(255), ForeignKey('tenants.id'), primary_key=True)
# Define objects
@ -150,5 +150,5 @@ class Endpoints(Base, KeystoneBase):
__tablename__ = 'endpoints'
id = Column(String(255), primary_key=True, unique=True)
id = Column(String(255), primary_key=True, unique=True)
service = Column(String(255))
desc = Column(String(255))

5
keystone/logic/service.py
View File

@ -855,11 +855,12 @@ class IdentityService(object):
if not user.enabled:
raise fault.UserDisabledFault("The user %s has been disabled!"
% user.id)
'''TODO(Ziad): return roles
if admin:
for ug in user.groups:
for roles in user.roles:
if ug.group_id == "Admin":
return (token, user)
raise fault.UnauthorizedFault("You are not authorized "
"to make this call")
'''
return (token, user)

2
keystone/logic/types/auth.py
View File

@ -67,6 +67,8 @@ class PasswordCredentials(object):
password = cred["password"]
if "tenantId" in cred:
tenant_id = cred["tenantId"]
else:
tenant_id = None
return PasswordCredentials(username, password, tenant_id)
except (ValueError, TypeError) as e:
raise fault.BadRequestFault("Cannot parse password credentials",

38
management/getusers.py
View File

@ -1,38 +0,0 @@
# Copyright (c) 2010-2011 OpenStack, LLC.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import optparse
import keystone.db.sqlalchemy.api as db_api
def main():
usage = "usage: %prog tenant_id"
parser = optparse.OptionParser(usage)
options, args = parser.parse_args()
if len(args) != 1:
parser.error("Incorrect number of arguments")
else:
tenant_id = args[0]
try:
u = db_api.user_get_by_tenant(tenant_id)
if u == None:
raise IndexError("Users not found")
for row in u:
print row
except Exception, e:
print 'Error getting users for tenant', tenant_id, ':', str(e)
if __name__ == '__main__':
main()

42
management/useradd.py
View File

@ -1,42 +0,0 @@
# Copyright (c) 2010-2011 OpenStack, LLC.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import optparse
import keystone.db.sqlalchemy.api as db_api
from keystone.db.sqlalchemy import models
def main():
usage = "usage: %prog username password"
parser = optparse.OptionParser(usage)
options, args = parser.parse_args()
if len(args) != 2:
parser.error("Incorrect number of arguments")
else:
username = args[0]
password = args[1]
try:
u = models.User()
u.id = username
u.email = username
u.password = password
u.enabled = True
db_api.user_create(u)
print 'User', u.id, 'created.'
except Exception, e:
print 'Error creating user', username, ':', str(e)
if __name__ == '__main__':
main()

1
test/unit/test_common.py
View File

@ -27,7 +27,6 @@ import unittest
URL = 'http://localhost:8081/v2.0/'
URLv1 = 'http://localhost:8081/v1.0/'
def get_token(user, pswd, tenant_id, kind=''):
header = httplib2.Http(".cache")
url = '%stoken' % URL

16
test/unit/test_exthandler.py
View File

@ -1,3 +1,19 @@
# vim: tabstop=4 shiftwidth=4 softtabstop=4
# Copyright (c) 2010-2011 OpenStack, LLC.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import os
import sys
# Need to access identity module

20
tools/tracer.py
View File

@ -17,6 +17,8 @@
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Author: Ziad Sawalha (http://launchpad.net/~ziad-sawalha)
"""
OpenStack Call Tracing Tool
@ -47,10 +49,28 @@ if '--trace-calls' in sys.argv:
global stack_depth
if event == "return":
stack_depth = stack_depth - 1
elif event == "exception":
co = frame.f_code
func_name = co.co_name
line_no = frame.f_lineno
filename = co.co_filename
exc_type, exc_value, exc_traceback = arg
print '\033[91m%sERROR: %s %s on line %s of %s\033[0m' % \
(' ' * stack_depth, exc_type.__name__, exc_value, line_no,
func_name)
return None
def selectivetrace(frame, event, arg):
global stack_depth
if event == "exception":
co = frame.f_code
func_name = co.co_name
line_no = frame.f_lineno
filename = co.co_filename
exc_type, exc_value, exc_traceback = arg
print '\033[91m%sERROR: %s %s on line %s of %s\033[0m' % \
(' ' * stack_depth, exc_type.__name__, exc_value, line_no,
func_name)
if event != 'call':
return
co = frame.f_code