Initial set of changes to move role operations to extensions.

Change-Id: Ibe3dc1f4b428f423ddd5e5c5e8eab171abf36a65
This commit is contained in:
Yogeshwar Srikrishnan 2011-09-22 13:01:07 -05:00
parent be05e31217
commit fec0c7402b
7 changed files with 59 additions and 30 deletions

View File

@ -300,7 +300,7 @@
<doc xml:lang="EN" title="Add roles to a user on a tenant.">
<p xmlns="http://www.w3.org/1999/xhtml">Adds a specific role to a user for a tenant.</p>
</doc>
<response status="200"/>
<response status="201"/>
&commonFaults;
&postPutFaults;
&getFaults;
@ -480,7 +480,7 @@
<doc xml:lang="EN" title="Add Global roles to a user.">
<p xmlns="http://www.w3.org/1999/xhtml">Adds a specific global role to a user.</p>
</doc>
<response status="200"/>
<response status="201"/>
&commonFaults;
&postPutFaults;
&getFaults;
@ -836,4 +836,4 @@
&commonFaults;
&getFaults;
</method>
</application>
</application>

View File

@ -18,11 +18,12 @@
from keystone.contrib.extensions.admin.extension import BaseExtensionHandler
from keystone.controllers.services import ServicesController
from keystone.controllers.roles import RolesController
class ExtensionHandler(BaseExtensionHandler):
def map_extension_methods(self, mapper, options):
# Services Controller
# Services
services_controller = ServicesController(options)
mapper.connect("/OS-KSADM/services",
controller=services_controller,
@ -40,3 +41,29 @@ class ExtensionHandler(BaseExtensionHandler):
controller=services_controller,
action="get_service",
conditions=dict(method=["GET"]))
#Roles
roles_controller = RolesController(options)
mapper.connect("/OS-KSADM/roles", controller=roles_controller,
action="create_role", conditions=dict(method=["POST"]))
mapper.connect("/OS-KSADM/roles", controller=roles_controller,
action="get_roles", conditions=dict(method=["GET"]))
mapper.connect("/OS-KSADM/roles/{role_id}",
controller=roles_controller, action="get_role",
conditions=dict(method=["GET"]))
mapper.connect("/OS-KSADM/roles/{role_id}",
controller=roles_controller, action="delete_role",
conditions=dict(method=["DELETE"]))
#User Roles
mapper.connect("/users/{user_id}/OS-KSADM/{role_id}",
controller=roles_controller, action="add_global_role_to_user",
conditions=dict(method=["POST"]))
mapper.connect("/users/{user_id}/roleRefs",
controller=roles_controller, action="get_role_refs",
conditions=dict(method=["GET"]))
mapper.connect("/users/{user_id}/roleRefs",
controller=roles_controller, action="create_role_ref",
conditions=dict(method=["POST"]))
mapper.connect("/users/{user_id}/roleRefs/{role_ref_id}",
controller=roles_controller, action="delete_role_ref",
conditions=dict(method=["DELETE"]))

View File

@ -54,3 +54,9 @@ class RolesController(wsgi.Controller):
rval = config.SERVICE.delete_role_ref(utils.get_auth_token(req),
role_ref_id)
return utils.send_result(204, req, rval)
@utils.wrap_error
def add_global_role_to_user(self, req, user_id, role_id):
config.SERVICE.add_global_role_to_user(utils.get_auth_token(req),
user_id, role_id)
return utils.send_result(201)

View File

@ -655,6 +655,21 @@ class IdentityService(object):
api.ROLE.ref_delete(role_ref_id)
return None
def add_global_role_to_user(self, admin_token, user_id, role_id):
self.__validate_service_or_keystone_admin_token(admin_token)
duser = api.USER.get(user_id)
if not duser:
raise fault.ItemNotFoundFault("The user could not be found")
drole = api.ROLE.get(role_id)
if drole == None:
raise fault.ItemNotFoundFault("The role not found")
drole_ref = models.UserRoleAssociation()
drole_ref.user_id = duser.id
drole_ref.role_id = drole.id
api.USER.user_role_add(drole_ref)
def get_user_roles(self, admin_token, marker, limit, url, user_id):
self.__validate_service_or_keystone_admin_token(admin_token)
duser = api.USER.get(user_id)

View File

@ -56,7 +56,7 @@ import json
import os
from paste.deploy import loadapp
from urlparse import urlparse
from webob.exc import HTTPUnauthorized, HTTPUseProxy
from webob.exc import HTTPUnauthorized
from webob.exc import Request, Response
import keystone.tools.tracer # @UnusedImport # module runs on import

View File

@ -21,7 +21,6 @@ from keystone.common import wsgi
import keystone.backends as db
from keystone.controllers.auth import AuthController
from keystone.controllers.endpointtemplates import EndpointTemplatesController
from keystone.controllers.roles import RolesController
from keystone.controllers.staticfiles import StaticFilesController
from keystone.controllers.tenant import TenantController
from keystone.controllers.user import UserController
@ -110,26 +109,6 @@ class AdminApi(wsgi.Router):
action="get_tenant_users",
conditions=dict(method=["GET"]))
#Roles
roles_controller = RolesController(options)
mapper.connect("/roles", controller=roles_controller,
action="create_role", conditions=dict(method=["POST"]))
mapper.connect("/roles", controller=roles_controller,
action="get_roles", conditions=dict(method=["GET"]))
mapper.connect("/roles/{role_id}", controller=roles_controller,
action="get_role", conditions=dict(method=["GET"]))
mapper.connect("/roles/{role_id}", controller=roles_controller,
action="delete_role", conditions=dict(method=["DELETE"]))
mapper.connect("/users/{user_id}/roleRefs",
controller=roles_controller, action="get_role_refs",
conditions=dict(method=["GET"]))
mapper.connect("/users/{user_id}/roleRefs",
controller=roles_controller, action="create_role_ref",
conditions=dict(method=["POST"]))
mapper.connect("/users/{user_id}/roleRefs/{role_ref_id}",
controller=roles_controller, action="delete_role_ref",
conditions=dict(method=["DELETE"]))
#EndpointTemplatesControllers and Endpoints
endpoint_templates_controller = EndpointTemplatesController(options)
mapper.connect("/endpointTemplates",

View File

@ -290,21 +290,23 @@ class ApiTestCase(RestfulTestCase):
def post_role(self, **kwargs):
"""POST /roles"""
return self.admin_request(method='POST', path='/roles', **kwargs)
return self.admin_request(method='POST',
path='/OS-KSADM/roles', **kwargs)
def get_roles(self, **kwargs):
"""GET /roles"""
return self.admin_request(method='GET', path='/roles', **kwargs)
return self.admin_request(method='GET',
path='/OS-KSADM/roles', **kwargs)
def get_role(self, role_id, **kwargs):
"""GET /roles/{role_id}"""
return self.admin_request(method='GET',
path='/roles/%s' % (role_id,), **kwargs)
path='/OS-KSADM/roles/%s' % (role_id,), **kwargs)
def delete_role(self, role_id, **kwargs):
"""DELETE /roles/{role_id}"""
return self.admin_request(method='DELETE',
path='/roles/%s' % (role_id,), **kwargs)
path='/OS-KSADM/roles/%s' % (role_id,), **kwargs)
def get_endpoint_templates(self, **kwargs):
"""GET /endpointTemplates"""