Meging changes
This commit is contained in:
parent
908ededed9
commit
98b251e91b
|
@ -26,16 +26,20 @@
|
|||
|
||||
# Users
|
||||
./keystone-manage $* user add joeuser secrete 1234
|
||||
./keystone-manage $* user add joeadmin secrete 1234
|
||||
./keystone-manage $* user add admin secrete 1234
|
||||
./keystone-manage $* user add disabled secrete 1234
|
||||
./keystone-manage $* user disable disabled
|
||||
|
||||
# Roles
|
||||
./keystone-manage $* role add Admin
|
||||
./keystone-manage $* role grant Admin admin
|
||||
./keystone-manage $* role grant Admin admin
|
||||
./keystone-manage $* role grant Admin joeadmin 1234
|
||||
./keystone-manage $* role grant Admin joeadmin ANOTHER:TENANT
|
||||
|
||||
#BaseURLs
|
||||
./keystone-manage $* baseURLs add DFW cloudFiles public.cloudfiles.com admin.cloudfiles.com internal.cloudfiles.com 1
|
||||
|
||||
# Groups
|
||||
#./keystone-manage $* group add Admin 1234
|
||||
#./keystone-manage $* group add Default 1234
|
||||
|
|
|
@ -60,7 +60,7 @@
|
|||
</copyright>
|
||||
<releaseinfo>API v2.0</releaseinfo>
|
||||
<productname>Keystone - OpenStack Identity</productname>
|
||||
<pubdate>2011-05-27</pubdate>
|
||||
<pubdate>2011-06-01</pubdate>
|
||||
<legalnotice role="apache2">
|
||||
<annotation>
|
||||
<remark>Copyright details are filled in by the template.</remark>
|
||||
|
@ -756,7 +756,7 @@ Host: identity.api.openstack.org/v1.1/
|
|||
<tr>
|
||||
<td colspan="1"> &GET; </td>
|
||||
<td colspan="1">/tenants</td>
|
||||
<td colspan="4">Get a list of tenants accessible with suplied token.</td>
|
||||
<td colspan="4">Get a list of tenants accessible with supplied token.</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</informaltable>
|
||||
|
@ -865,7 +865,7 @@ Host: identity.api.openstack.org/v1.1/
|
|||
<tbody>
|
||||
<tr>
|
||||
<td colspan="1"> &GET; </td>
|
||||
<td colspan="4">/tokens</td>
|
||||
<td colspan="4">/tokens/<parameter>tokenId</parameter></td>
|
||||
<td colspan="3">Validate a token.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
|
|
|
@ -44,4 +44,4 @@ from auth_protocols.auth_openid \
|
|||
#Remote Auth handler
|
||||
from middleware.remoteauth \
|
||||
import filter_factory as remoteauth_factory
|
||||
'''
|
||||
'''
|
||||
|
|
Binary file not shown.
|
@ -716,6 +716,7 @@ def user_role_add(values):
|
|||
|
||||
|
||||
def user_tenant_create(values):
|
||||
#TODO(ZIAD): Update model / fix this
|
||||
user_tenant_ref = models.UserTenantAssociation()
|
||||
user_tenant_ref.update(values)
|
||||
user_tenant_ref.save()
|
||||
|
|
|
@ -27,6 +27,7 @@ import keystone.logic.types.role as roles
|
|||
import keystone.logic.types.user as users
|
||||
import keystone.logic.types.baseURL as baseURLs
|
||||
|
||||
|
||||
class IdentityService(object):
|
||||
"This is the logical implemenation of the Identity service"
|
||||
|
||||
|
@ -73,7 +74,7 @@ class IdentityService(object):
|
|||
dtoken.expires = datetime.now() + timedelta(days=1)
|
||||
db_api.token_create(dtoken)
|
||||
|
||||
return self.__get_auth_data(dtoken, duser)
|
||||
return self.__get_auth_data(dtoken)
|
||||
|
||||
def validate_token(self, admin_token, token_id, belongs_to=None):
|
||||
self.__validate_token(admin_token)
|
||||
|
@ -88,7 +89,7 @@ class IdentityService(object):
|
|||
if not user.enabled:
|
||||
raise fault.UserDisabledFault("The user %s has been disabled!"
|
||||
% user.id)
|
||||
return self.__get_auth_data(token, user)
|
||||
return self.__get_validate_data(token, user)
|
||||
|
||||
def revoke_token(self, admin_token, token_id):
|
||||
self.__validate_token(admin_token)
|
||||
|
@ -383,7 +384,6 @@ class IdentityService(object):
|
|||
db_api.user_tenant_group_delete(user, group)
|
||||
return None
|
||||
|
||||
|
||||
#
|
||||
# Private Operations
|
||||
#
|
||||
|
@ -398,7 +398,6 @@ class IdentityService(object):
|
|||
user = db_api.user_get(token.user_id)
|
||||
return (token, user)
|
||||
|
||||
|
||||
#
|
||||
# User Operations
|
||||
#
|
||||
|
@ -432,11 +431,9 @@ class IdentityService(object):
|
|||
duser.enabled = user.enabled
|
||||
duser.tenant_id = tenant_id
|
||||
db_api.user_create(duser)
|
||||
|
||||
|
||||
return user
|
||||
|
||||
|
||||
def get_tenant_users(self, admin_token, tenant_id, marker, limit, url):
|
||||
self.__validate_token(admin_token)
|
||||
|
||||
|
@ -822,11 +819,19 @@ class IdentityService(object):
|
|||
|
||||
#
|
||||
|
||||
def __get_auth_data(self, dtoken, duser):
|
||||
"""return AuthData object for a token/user pair"""
|
||||
def __get_auth_data(self, dtoken):
|
||||
"""return AuthData object for a token"""
|
||||
|
||||
token = auth.Token(dtoken.expires, dtoken.token_id, dtoken.tenant_id)
|
||||
|
||||
return auth.AuthData(token)
|
||||
|
||||
def __get_validate_data(self, dtoken, duser):
|
||||
"""return ValidateData object for a token/user pair"""
|
||||
|
||||
token = auth.Token(dtoken.expires, dtoken.token_id, dtoken.tenant_id)
|
||||
|
||||
<<<<<<< HEAD
|
||||
"""gs = []
|
||||
for ug in duser.groups:
|
||||
dgroup = db_api.group_get(ug.group_id)
|
||||
|
@ -846,6 +851,11 @@ class IdentityService(object):
|
|||
droleRef.tenant_id))
|
||||
user = auth.User(duser.id, duser.tenant_id, None, roles.RoleRefs(ts, []))
|
||||
return auth.AuthData(token, user)
|
||||
=======
|
||||
user = auth.User(duser.id, duser.tenant_id, None)
|
||||
|
||||
return auth.ValidateData(token, user)
|
||||
>>>>>>> rackspace/master
|
||||
|
||||
def __validate_token(self, token_id, admin=True):
|
||||
if not token_id:
|
||||
|
@ -867,7 +877,7 @@ class IdentityService(object):
|
|||
raise fault.UnauthorizedFault("You are not authorized "
|
||||
"to make this call")
|
||||
return (token, user)
|
||||
|
||||
|
||||
def create_role(self, admin_token, role):
|
||||
self.__validate_token(admin_token)
|
||||
|
||||
|
@ -885,7 +895,7 @@ class IdentityService(object):
|
|||
drole.desc = role.desc
|
||||
db_api.role_create(drole)
|
||||
return role
|
||||
|
||||
|
||||
def get_roles(self, admin_token, marker, limit, url):
|
||||
self.__validate_token(admin_token)
|
||||
|
||||
|
@ -911,24 +921,24 @@ class IdentityService(object):
|
|||
if not drole:
|
||||
raise fault.ItemNotFoundFault("The role could not be found")
|
||||
return roles.Role(drole.id, drole.desc)
|
||||
|
||||
|
||||
def create_role_ref(self, admin_token, user_id, roleRef):
|
||||
self.__validate_token(admin_token)
|
||||
duser = db_api.user_get(user_id)
|
||||
|
||||
if not duser:
|
||||
raise fault.ItemNotFoundFault("The user could not be found")
|
||||
|
||||
|
||||
if not isinstance(roleRef, roles.RoleRef):
|
||||
raise fault.BadRequestFault("Expecting a Role Ref")
|
||||
|
||||
if roleRef.role_id == None:
|
||||
raise fault.BadRequestFault("Expecting a Role Id")
|
||||
|
||||
|
||||
drole = db_api.role_get(roleRef.role_id)
|
||||
if drole == None:
|
||||
raise fault.ItemNotFoundFault("The role not found")
|
||||
|
||||
|
||||
if roleRef.tenant_id != None:
|
||||
dtenant = db_api.tenant_get(roleRef.tenant_id)
|
||||
if dtenant == None:
|
||||
|
@ -942,12 +952,12 @@ class IdentityService(object):
|
|||
user_role_ref = db_api.user_role_add(drole_ref)
|
||||
roleRef.role_ref_id = user_role_ref.id
|
||||
return roleRef
|
||||
|
||||
|
||||
def delete_role_ref(self, admin_token, role_ref_id):
|
||||
self.__validate_token(admin_token)
|
||||
db_api.role_ref_delete(role_ref_id)
|
||||
return None
|
||||
|
||||
|
||||
def get_user_roles(self, admin_token, marker, limit, url, user_id):
|
||||
self.__validate_token(admin_token)
|
||||
duser = db_api.user_get(user_id)
|
||||
|
@ -958,7 +968,7 @@ class IdentityService(object):
|
|||
ts = []
|
||||
droleRefs = db_api.role_ref_get_page(marker, limit, user_id)
|
||||
for droleRef in droleRefs:
|
||||
ts.append(roles.RoleRef(droleRef.id,droleRef.role_id,
|
||||
ts.append(roles.RoleRef(droleRef.id, droleRef.role_id,
|
||||
droleRef.tenant_id))
|
||||
prev, next = db_api.role_ref_get_page_markers(user_id, marker, limit)
|
||||
links = []
|
||||
|
@ -969,14 +979,18 @@ class IdentityService(object):
|
|||
links.append(atom.Link('next', "%s?'marker=%s&limit=%s'" \
|
||||
% (url, next, limit)))
|
||||
return roles.RoleRefs(ts, links)
|
||||
|
||||
|
||||
def get_baseurls(self, admin_token, marker, limit, url):
|
||||
self.__validate_token(admin_token)
|
||||
|
||||
ts = []
|
||||
dbaseurls = db_api.baseurls_get_page(marker, limit)
|
||||
for dbaseurl in dbaseurls:
|
||||
ts.append(baseURLs.BaseURL(dbaseurl.id, dbaseurl.region, dbaseurl.service, dbaseurl.public_url, dbaseurl.admin_url, dbaseurl.internal_url, dbaseurl.enabled))
|
||||
ts.append(baseURLs.BaseURL(dbaseurl.id, dbaseurl.region,
|
||||
dbaseurl.service, dbaseurl.public_url,
|
||||
dbaseurl.admin_url,
|
||||
dbaseurl.internal_url,
|
||||
dbaseurl.enabled))
|
||||
prev, next = db_api.baseurls_get_page_markers(marker, limit)
|
||||
links = []
|
||||
if prev:
|
||||
|
@ -993,9 +1007,11 @@ class IdentityService(object):
|
|||
dbaseurl = db_api.baseurls_get(baseurl_id)
|
||||
if not dbaseurl:
|
||||
raise fault.ItemNotFoundFault("The base URL could not be found")
|
||||
return baseURLs.BaseURL(dbaseurl.id, dbaseurl.region, dbaseurl.service, dbaseurl.public_url, dbaseurl.admin_url, dbaseurl.internal_url, dbaseurl.enabled)
|
||||
|
||||
def get_tenant_baseURLs(self, admin_token, marker, limit, url, tenant_id):
|
||||
return baseURLs.BaseURL(dbaseurl.id, dbaseurl.region, dbaseurl.service,
|
||||
dbaseurl.public_url, dbaseurl.admin_url,
|
||||
dbaseurl.internal_url, dbaseurl.enabled)
|
||||
|
||||
def get_tenant_baseURLs(self, admin_token, marker, limit, url, tenant_id):
|
||||
self.__validate_token(admin_token)
|
||||
if tenant_id == None:
|
||||
raise fault.BadRequestFault("Expecting a Tenant Id")
|
||||
|
@ -1004,14 +1020,18 @@ class IdentityService(object):
|
|||
raise fault.ItemNotFoundFault("The tenant not found")
|
||||
|
||||
ts = []
|
||||
|
||||
dtenantBaseURLAssociations = db_api.baseurls_ref_get_by_tenant_get_page(tenant_id, marker,
|
||||
|
||||
dtenantBaseURLAssociations = \
|
||||
db_api.baseurls_ref_get_by_tenant_get_page(tenant_id, marker,
|
||||
limit)
|
||||
for dtenantBaseURLAssociation in dtenantBaseURLAssociations:
|
||||
ts.append(baseURLs.BaseURLRef(dtenantBaseURLAssociation.id, url + '/baseURLs/' + str(dtenantBaseURLAssociation.baseURLs_id)))
|
||||
ts.append(baseURLs.BaseURLRef(dtenantBaseURLAssociation.id,
|
||||
url + '/baseURLs/' + \
|
||||
str(dtenantBaseURLAssociation.baseURLs_id)))
|
||||
links = []
|
||||
if ts.__len__():
|
||||
prev, next = db_api.baseurls_ref_get_by_tenant_get_page_markers(tenant_id,
|
||||
prev, next = \
|
||||
db_api.baseurls_ref_get_by_tenant_get_page_markers(tenant_id,
|
||||
marker, limit)
|
||||
if prev:
|
||||
links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" %
|
||||
|
@ -1021,7 +1041,8 @@ class IdentityService(object):
|
|||
(url, next, limit)))
|
||||
return baseURLs.BaseURLRefs(ts, links)
|
||||
|
||||
def create_baseurl_ref_to_tenant(self, admin_token, tenant_id, baseurl, url):
|
||||
def create_baseurl_ref_to_tenant(self, admin_token,
|
||||
tenant_id, baseurl, url):
|
||||
self.__validate_token(admin_token)
|
||||
if tenant_id == None:
|
||||
raise fault.BadRequestFault("Expecting a Tenant Id")
|
||||
|
@ -1036,12 +1057,12 @@ class IdentityService(object):
|
|||
dbaseurl_ref.tenant_id = tenant_id
|
||||
dbaseurl_ref.baseURLs_id = baseurl.id
|
||||
dbaseurl_ref = db_api.baseurls_ref_add(dbaseurl_ref)
|
||||
baseurlRef = baseURLs.BaseURLRef(dbaseurl_ref.id, url + '/baseURLs/' + dbaseurl_ref.baseURLs_id)
|
||||
baseurlRef = baseURLs.BaseURLRef(dbaseurl_ref.id, url + \
|
||||
'/baseURLs/' + \
|
||||
dbaseurl_ref.baseURLs_id)
|
||||
return baseurlRef
|
||||
|
||||
|
||||
def delete_baseurls_ref(self, admin_token, baseurls_id):
|
||||
self.__validate_token(admin_token)
|
||||
db_api.baseurls_ref_delete(baseurls_id)
|
||||
return None
|
||||
|
||||
|
|
@ -119,6 +119,32 @@ class User(object):
|
|||
class AuthData(object):
|
||||
"Authentation Information returned upon successful login."
|
||||
|
||||
def __init__(self, token):
|
||||
self.token = token
|
||||
|
||||
def to_xml(self):
|
||||
dom = etree.Element("auth",
|
||||
xmlns="http://docs.openstack.org/identity/api/v2.0")
|
||||
token = etree.Element("token",
|
||||
expires=self.token.expires.isoformat())
|
||||
token.set("id", self.token.token_id)
|
||||
dom.append(token)
|
||||
return etree.tostring(dom)
|
||||
|
||||
def to_json(self):
|
||||
token = {}
|
||||
token["id"] = self.token.token_id
|
||||
token["expires"] = self.token.expires.isoformat()
|
||||
auth = {}
|
||||
auth["token"] = token
|
||||
ret = {}
|
||||
ret["auth"] = auth
|
||||
return json.dumps(ret)
|
||||
|
||||
|
||||
class ValidateData(object):
|
||||
"Authentation Information returned upon successful token validation."
|
||||
|
||||
def __init__(self, token, user):
|
||||
self.token = token
|
||||
self.user = user
|
||||
|
|
|
@ -18,6 +18,8 @@ from lxml import etree
|
|||
import string
|
||||
|
||||
import keystone.logic.types.fault as fault
|
||||
|
||||
|
||||
class BaseURL(object):
|
||||
@staticmethod
|
||||
def from_xml(xml_str):
|
||||
|
@ -35,7 +37,8 @@ class BaseURL(object):
|
|||
admin_url = root.get("adminURL")
|
||||
internal_url = root.get("internalURL")
|
||||
enabled = root.get("enabled")
|
||||
return BaseURL(id, region, service, public_url, admin_url, internal_url, enabled)
|
||||
return BaseURL(id, region, service, public_url, admin_url,
|
||||
internal_url, enabled)
|
||||
except etree.LxmlError as e:
|
||||
raise fault.BadRequestFault("Cannot parse baseURL", str(e))
|
||||
|
||||
|
@ -62,22 +65,24 @@ class BaseURL(object):
|
|||
|
||||
if 'region' in baseURL:
|
||||
region = baseURL["region"]
|
||||
if 'serviceName' in baseURL:
|
||||
if 'serviceName' in baseURL:
|
||||
service = baseURL["serviceName"]
|
||||
if 'publicURL' in baseURL:
|
||||
if 'publicURL' in baseURL:
|
||||
public_url = baseURL["publicURL"]
|
||||
if 'adminURL' in baseURL:
|
||||
admin_url = baseURL["adminURL"]
|
||||
if 'internalURL' in baseURL:
|
||||
if 'internalURL' in baseURL:
|
||||
internal_url = baseURL["internalURL"]
|
||||
if 'enabled' in baseURL:
|
||||
enabled = baseURL["enabled"]
|
||||
|
||||
return BaseURL(id, region, service, public_url, admin_url, internal_url, enabled)
|
||||
|
||||
return BaseURL(id, region, service, public_url, admin_url,
|
||||
internal_url, enabled)
|
||||
except (ValueError, TypeError) as e:
|
||||
raise fault.BadRequestFault("Cannot parse baseURL", str(e))
|
||||
|
||||
def __init__(self, id, region, service, public_url, admin_url, internal_url, enabled):
|
||||
def __init__(self, id, region, service, public_url, admin_url,
|
||||
internal_url, enabled):
|
||||
self.id = id
|
||||
self.region = region
|
||||
self.service = service
|
||||
|
@ -85,7 +90,7 @@ class BaseURL(object):
|
|||
self.admin_url = admin_url
|
||||
self.internal_url = internal_url
|
||||
self.enabled = enabled
|
||||
|
||||
|
||||
def to_dom(self):
|
||||
dom = etree.Element("baseURL",
|
||||
xmlns="http://docs.openstack.org/identity/api/v2.0")
|
||||
|
@ -128,7 +133,8 @@ class BaseURL(object):
|
|||
|
||||
def to_json(self):
|
||||
return json.dumps(self.to_dict())
|
||||
|
||||
|
||||
|
||||
class BaseURLs(object):
|
||||
"A collection of baseURls."
|
||||
|
||||
|
@ -151,14 +157,14 @@ class BaseURLs(object):
|
|||
def to_json(self):
|
||||
values = [t.to_dict()["baseURL"] for t in self.values]
|
||||
links = [t.to_dict()["links"] for t in self.links]
|
||||
return json.dumps({"baseURLs": {"values": values, "links": links}})
|
||||
|
||||
return json.dumps({"baseURLs": {"values": values, "links": links}})
|
||||
|
||||
|
||||
class BaseURLRef(object):
|
||||
def __init__(self, id, href):
|
||||
self.id = id
|
||||
self.href = href
|
||||
|
||||
|
||||
def to_dom(self):
|
||||
dom = etree.Element("baseURLRef",
|
||||
xmlns="http://docs.openstack.org/identity/api/v2.0")
|
||||
|
@ -178,10 +184,11 @@ class BaseURLRef(object):
|
|||
if self.href:
|
||||
baseURLRef["href"] = self.href
|
||||
return {'baseURLRef': baseURLRef}
|
||||
|
||||
|
||||
def to_json(self):
|
||||
return json.dumps(self.to_dict())
|
||||
|
||||
|
||||
class BaseURLRefs(object):
|
||||
"A collection of baseURlRefs."
|
||||
|
||||
|
@ -204,4 +211,4 @@ class BaseURLRefs(object):
|
|||
def to_json(self):
|
||||
values = [t.to_dict()["baseURLRef"] for t in self.values]
|
||||
links = [t.to_dict()["links"] for t in self.links]
|
||||
return json.dumps({"baseURLRefs": {"values": values, "links": links}})
|
||||
return json.dumps({"baseURLRefs": {"values": values, "links": links}})
|
||||
|
|
|
@ -33,7 +33,7 @@ class IdentityFault(Exception):
|
|||
|
||||
def to_xml(self):
|
||||
dom = etree.Element(self.key,
|
||||
xmlns="http://docs.openstack.org/identity/api/v2.0")
|
||||
xmlns="http://docs.openstack.org/identity/api/v2.0")
|
||||
dom.set("code", str(self.code))
|
||||
msg = etree.Element("message")
|
||||
msg.text = self.msg
|
||||
|
@ -160,6 +160,7 @@ class UserGroupConflictFault(IdentityFault):
|
|||
super(UserGroupConflictFault, self).__init__(msg, details, code)
|
||||
self.key = "userGroupConflict"
|
||||
|
||||
|
||||
class RoleConflictFault(IdentityFault):
|
||||
"The User already exists?"
|
||||
|
||||
|
|
|
@ -33,7 +33,8 @@ class Tenant(object):
|
|||
try:
|
||||
dom = etree.Element("root")
|
||||
dom.append(etree.fromstring(xml_str))
|
||||
root = dom.find("{http://docs.openstack.org/identity/api/v2.0}tenant")
|
||||
root = dom.find(
|
||||
"{http://docs.openstack.org/identity/api/v2.0}tenant")
|
||||
if root == None:
|
||||
raise fault.BadRequestFault("Expecting Tenant")
|
||||
tenant_id = root.get("id")
|
||||
|
@ -77,8 +78,8 @@ class Tenant(object):
|
|||
|
||||
def to_dom(self):
|
||||
dom = etree.Element("tenant",
|
||||
xmlns="http://docs.openstack.org/identity/api/v2.0",
|
||||
enabled=string.lower(str(self.enabled)))
|
||||
xmlns="http://docs.openstack.org/identity/api/v2.0",
|
||||
enabled=string.lower(str(self.enabled)))
|
||||
if self.tenant_id:
|
||||
dom.set("id", self.tenant_id)
|
||||
desc = etree.Element("description")
|
||||
|
@ -142,7 +143,8 @@ class Group(object):
|
|||
try:
|
||||
dom = etree.Element("root")
|
||||
dom.append(etree.fromstring(xml_str))
|
||||
root = dom.find("{http://docs.openstack.org/identity/api/v2.0}group")
|
||||
root = dom.find( \
|
||||
"{http://docs.openstack.org/identity/api/v2.0}group")
|
||||
if root == None:
|
||||
raise fault.BadRequestFault("Expecting Group")
|
||||
group_id = root.get("id")
|
||||
|
@ -188,7 +190,7 @@ class Group(object):
|
|||
|
||||
def to_dom(self):
|
||||
dom = etree.Element("group",
|
||||
xmlns="http://docs.openstack.org/identity/api/v2.0")
|
||||
xmlns="http://docs.openstack.org/identity/api/v2.0")
|
||||
if self.group_id:
|
||||
dom.set("id", self.group_id)
|
||||
if self.tenant_id:
|
||||
|
@ -251,7 +253,8 @@ class GlobalGroup(object):
|
|||
try:
|
||||
dom = etree.Element("root")
|
||||
dom.append(etree.fromstring(xml_str))
|
||||
root = dom.find("{http://docs.openstack.org/identity/api/v2.0}group")
|
||||
root = dom.find(\
|
||||
"{http://docs.openstack.org/identity/api/v2.0}group")
|
||||
if root == None:
|
||||
raise fault.BadRequestFault("Expecting Group")
|
||||
group_id = root.get("id")
|
||||
|
@ -287,7 +290,7 @@ class GlobalGroup(object):
|
|||
|
||||
def to_dom(self):
|
||||
dom = etree.Element("group",
|
||||
xmlns="http://docs.openstack.org/identity/api/v2.0")
|
||||
xmlns="http://docs.openstack.org/identity/api/v2.0")
|
||||
if self.group_id:
|
||||
dom.set("id", self.group_id)
|
||||
|
||||
|
@ -354,7 +357,7 @@ class User(object):
|
|||
|
||||
def to_dom(self):
|
||||
dom = etree.Element("user",
|
||||
xmlns="http://docs.openstack.org/identity/api/v2.0")
|
||||
xmlns="http://docs.openstack.org/identity/api/v2.0")
|
||||
if self.group_id != None:
|
||||
dom.set("group_id", self.group_id)
|
||||
if self.user_id:
|
||||
|
|
|
@ -223,7 +223,7 @@ class TenantController(wsgi.Controller):
|
|||
|
||||
@utils.wrap_error
|
||||
def get_tenants(self, req):
|
||||
marker, limit, url = get_marker_limit_and_url(req)
|
||||
marker, limit, url = get_marker_limit_and_url(req)
|
||||
tenants = service.get_tenants(utils.get_auth_token(req), marker,
|
||||
limit, url)
|
||||
return utils.send_result(200, req, tenants)
|
||||
|
@ -452,31 +452,33 @@ class RolesController(wsgi.Controller):
|
|||
roles = service.get_roles(utils.get_auth_token(req),
|
||||
marker, limit, url)
|
||||
return utils.send_result(200, req, roles)
|
||||
|
||||
@utils.wrap_error
|
||||
|
||||
@utils.wrap_error
|
||||
def get_role(self, req, role_id):
|
||||
role = service.get_role(utils.get_auth_token(req), role_id)
|
||||
return utils.send_result(200, req, role)
|
||||
|
||||
@utils.wrap_error
|
||||
|
||||
@utils.wrap_error
|
||||
def create_role_ref(self, req, user_id):
|
||||
roleRef = utils.get_normalized_request_content(roles.RoleRef, req)
|
||||
return utils.send_result(201, req, service.create_role_ref(utils.get_auth_token(req), user_id, roleRef))
|
||||
|
||||
return utils.send_result(201, req, service.create_role_ref(
|
||||
utils.get_auth_token(req), user_id, roleRef))
|
||||
|
||||
@utils.wrap_error
|
||||
def get_role_refs(self, req, user_id):
|
||||
marker, limit, url = get_marker_limit_and_url(req)
|
||||
roleRefs = service.get_user_roles(utils.get_auth_token(req),
|
||||
marker, limit, url,user_id)
|
||||
marker, limit, url, user_id)
|
||||
|
||||
return utils.send_result(200, req, roleRefs)
|
||||
|
||||
|
||||
@utils.wrap_error
|
||||
def delete_role_ref(self, req, user_id, role_ref_id):
|
||||
rval = service.delete_role_ref(utils.get_auth_token(req),
|
||||
role_ref_id)
|
||||
return utils.send_result(204, req, rval)
|
||||
|
||||
|
||||
|
||||
class BaseURLsController(wsgi.Controller):
|
||||
"""
|
||||
BaseURL Controller -
|
||||
|
@ -485,7 +487,7 @@ class BaseURLsController(wsgi.Controller):
|
|||
|
||||
def __init__(self, options):
|
||||
self.options = options
|
||||
|
||||
|
||||
@utils.wrap_error
|
||||
def get_baseurls(self, req):
|
||||
marker, limit, url = get_marker_limit_and_url(req)
|
||||
|
@ -497,26 +499,29 @@ class BaseURLsController(wsgi.Controller):
|
|||
def get_baseurl(self, req, baseURLId):
|
||||
baseurl = service.get_baseurl(utils.get_auth_token(req), baseURLId)
|
||||
return utils.send_result(200, req, baseurl)
|
||||
|
||||
|
||||
@utils.wrap_error
|
||||
def get_baseurls_for_tenant(self, req, tenant_id):
|
||||
marker, limit, url = get_marker_limit_and_url(req)
|
||||
baseURLRefs = service.get_tenant_baseURLs(utils.get_auth_token(req),
|
||||
marker, limit, url, tenant_id)
|
||||
return utils.send_result(200, req, baseURLRefs)
|
||||
|
||||
@utils.wrap_error
|
||||
|
||||
@utils.wrap_error
|
||||
def add_baseurls_to_tenant(self, req, tenant_id):
|
||||
baseurl = utils.get_normalized_request_content(baseURLs.BaseURL, req)
|
||||
return utils.send_result(201, req,
|
||||
service.create_baseurl_ref_to_tenant(utils.get_auth_token(req),
|
||||
tenant_id, baseurl, get_url(req)))
|
||||
@utils.wrap_error
|
||||
service.create_baseurl_ref_to_tenant(
|
||||
utils.get_auth_token(req),
|
||||
tenant_id, baseurl, get_url(req)))
|
||||
|
||||
@utils.wrap_error
|
||||
def remove_baseurls_from_tenant(self, req, tenant_id, baseurls_ref_id):
|
||||
rval = service.delete_baseurls_ref(utils.get_auth_token(req),
|
||||
baseurls_ref_id)
|
||||
return utils.send_result(204, req, rval)
|
||||
|
||||
|
||||
def get_marker_limit_and_url(req):
|
||||
marker = None
|
||||
limit = 10
|
||||
|
@ -528,7 +533,8 @@ def get_marker_limit_and_url(req):
|
|||
limit = req.GET["limit"]
|
||||
url = get_url(req)
|
||||
return (marker, limit, url)
|
||||
|
||||
|
||||
|
||||
def get_marker_and_limit(req):
|
||||
marker = None
|
||||
limit = 10
|
||||
|
@ -539,14 +545,15 @@ def get_marker_and_limit(req):
|
|||
if "limit" in req.GET:
|
||||
limit = req.GET["limit"]
|
||||
|
||||
|
||||
def get_url(req):
|
||||
url = '%s://%s:%s%s' % (req.environ['wsgi.url_scheme'],
|
||||
req.environ.get("SERVER_NAME"),
|
||||
req.environ.get("SERVER_PORT"),
|
||||
req.environ['PATH_INFO'])
|
||||
return url
|
||||
|
||||
|
||||
|
||||
|
||||
class KeystoneAPI(wsgi.Router):
|
||||
"""WSGI entry point for public Keystone API requests."""
|
||||
|
||||
|
@ -573,10 +580,8 @@ class KeystoneAPI(wsgi.Router):
|
|||
|
||||
# Token Operations
|
||||
mapper.connect("/v2.0/tokens", controller=auth_controller,
|
||||
action="authenticate")
|
||||
mapper.connect("/v2.0/tokens/{token_id}", controller=auth_controller,
|
||||
action="delete_token",
|
||||
conditions=dict(method=["DELETE"]))
|
||||
action="authenticate",
|
||||
conditions=dict(method=["POST"]))
|
||||
|
||||
# Tenant Operations
|
||||
tenant_controller = TenantController(options)
|
||||
|
@ -639,7 +644,8 @@ class KeystoneAdminAPI(wsgi.Router):
|
|||
# Token Operations
|
||||
auth_controller = AuthController(options)
|
||||
mapper.connect("/v2.0/tokens", controller=auth_controller,
|
||||
action="authenticate")
|
||||
action="authenticate",
|
||||
conditions=dict(method=["POST"]))
|
||||
mapper.connect("/v2.0/tokens/{token_id}", controller=auth_controller,
|
||||
action="validate_token",
|
||||
conditions=dict(method=["GET"]))
|
||||
|
@ -785,16 +791,22 @@ class KeystoneAdminAPI(wsgi.Router):
|
|||
baseurls_controller = BaseURLsController(options)
|
||||
mapper.connect("/v2.0/baseURLs", controller=baseurls_controller,
|
||||
action="get_baseurls", conditions=dict(method=["GET"]))
|
||||
mapper.connect("/v2.0/baseURLs/{baseURLId}", controller=baseurls_controller,
|
||||
mapper.connect("/v2.0/baseURLs/{baseURLId}",
|
||||
controller=baseurls_controller,
|
||||
action="get_baseurl", conditions=dict(method=["GET"]))
|
||||
mapper.connect("/v2.0/tenants/{tenant_id}/baseURLRefs", controller=baseurls_controller,
|
||||
action="get_baseurls_for_tenant", conditions=dict(method=["GET"]))
|
||||
mapper.connect("/v2.0/tenants/{tenant_id}/baseURLRefs", controller=baseurls_controller,
|
||||
action="add_baseurls_to_tenant", conditions=dict(method=["POST"]))
|
||||
mapper.connect("/v2.0/tenants/{tenant_id}/baseURLRefs/{baseurls_ref_id}", controller=baseurls_controller,
|
||||
action="remove_baseurls_from_tenant", conditions=dict(method=["DELETE"]))
|
||||
|
||||
|
||||
mapper.connect("/v2.0/tenants/{tenant_id}/baseURLRefs",
|
||||
controller=baseurls_controller,
|
||||
action="get_baseurls_for_tenant",
|
||||
conditions=dict(method=["GET"]))
|
||||
mapper.connect("/v2.0/tenants/{tenant_id}/baseURLRefs",
|
||||
controller=baseurls_controller,
|
||||
action="add_baseurls_to_tenant",
|
||||
conditions=dict(method=["POST"]))
|
||||
mapper.connect(
|
||||
"/v2.0/tenants/{tenant_id}/baseURLRefs/{baseurls_ref_id}",
|
||||
controller=baseurls_controller,
|
||||
action="remove_baseurls_from_tenant",
|
||||
conditions=dict(method=["DELETE"]))
|
||||
|
||||
# Miscellaneous Operations
|
||||
version_controller = VersionController(options)
|
||||
|
|
4
setup.py
4
setup.py
|
@ -16,7 +16,7 @@
|
|||
|
||||
from setuptools import setup, find_packages
|
||||
|
||||
version = '1.0'
|
||||
version = '1.0'
|
||||
|
||||
setup(
|
||||
name='keystone',
|
||||
|
@ -38,7 +38,7 @@ setup(
|
|||
'paste.app_factory': ['main=identity:app_factory'],
|
||||
'paste.filter_factory': [
|
||||
'remoteauth=keystone:remoteauth_factory',
|
||||
'tokenauth=keystone:tokenauth_factory',
|
||||
'tokenauth=keystone.auth_protocols.auth_token:filter_factory',
|
||||
],
|
||||
},
|
||||
)
|
||||
|
|
Loading…
Reference in New Issue