Initial set of changes to move role operations to extensions.
Change-Id: Ibe3dc1f4b428f423ddd5e5c5e8eab171abf36a65
This commit is contained in:
parent
be05e31217
commit
fec0c7402b
|
@ -300,7 +300,7 @@
|
|||
<doc xml:lang="EN" title="Add roles to a user on a tenant.">
|
||||
<p xmlns="http://www.w3.org/1999/xhtml">Adds a specific role to a user for a tenant.</p>
|
||||
</doc>
|
||||
<response status="200"/>
|
||||
<response status="201"/>
|
||||
&commonFaults;
|
||||
&postPutFaults;
|
||||
&getFaults;
|
||||
|
@ -480,7 +480,7 @@
|
|||
<doc xml:lang="EN" title="Add Global roles to a user.">
|
||||
<p xmlns="http://www.w3.org/1999/xhtml">Adds a specific global role to a user.</p>
|
||||
</doc>
|
||||
<response status="200"/>
|
||||
<response status="201"/>
|
||||
&commonFaults;
|
||||
&postPutFaults;
|
||||
&getFaults;
|
||||
|
@ -836,4 +836,4 @@
|
|||
&commonFaults;
|
||||
&getFaults;
|
||||
</method>
|
||||
</application>
|
||||
</application>
|
||||
|
|
|
@ -18,11 +18,12 @@
|
|||
|
||||
from keystone.contrib.extensions.admin.extension import BaseExtensionHandler
|
||||
from keystone.controllers.services import ServicesController
|
||||
from keystone.controllers.roles import RolesController
|
||||
|
||||
|
||||
class ExtensionHandler(BaseExtensionHandler):
|
||||
def map_extension_methods(self, mapper, options):
|
||||
# Services Controller
|
||||
# Services
|
||||
services_controller = ServicesController(options)
|
||||
mapper.connect("/OS-KSADM/services",
|
||||
controller=services_controller,
|
||||
|
@ -40,3 +41,29 @@ class ExtensionHandler(BaseExtensionHandler):
|
|||
controller=services_controller,
|
||||
action="get_service",
|
||||
conditions=dict(method=["GET"]))
|
||||
#Roles
|
||||
roles_controller = RolesController(options)
|
||||
mapper.connect("/OS-KSADM/roles", controller=roles_controller,
|
||||
action="create_role", conditions=dict(method=["POST"]))
|
||||
mapper.connect("/OS-KSADM/roles", controller=roles_controller,
|
||||
action="get_roles", conditions=dict(method=["GET"]))
|
||||
mapper.connect("/OS-KSADM/roles/{role_id}",
|
||||
controller=roles_controller, action="get_role",
|
||||
conditions=dict(method=["GET"]))
|
||||
mapper.connect("/OS-KSADM/roles/{role_id}",
|
||||
controller=roles_controller, action="delete_role",
|
||||
conditions=dict(method=["DELETE"]))
|
||||
|
||||
#User Roles
|
||||
mapper.connect("/users/{user_id}/OS-KSADM/{role_id}",
|
||||
controller=roles_controller, action="add_global_role_to_user",
|
||||
conditions=dict(method=["POST"]))
|
||||
mapper.connect("/users/{user_id}/roleRefs",
|
||||
controller=roles_controller, action="get_role_refs",
|
||||
conditions=dict(method=["GET"]))
|
||||
mapper.connect("/users/{user_id}/roleRefs",
|
||||
controller=roles_controller, action="create_role_ref",
|
||||
conditions=dict(method=["POST"]))
|
||||
mapper.connect("/users/{user_id}/roleRefs/{role_ref_id}",
|
||||
controller=roles_controller, action="delete_role_ref",
|
||||
conditions=dict(method=["DELETE"]))
|
||||
|
|
|
@ -54,3 +54,9 @@ class RolesController(wsgi.Controller):
|
|||
rval = config.SERVICE.delete_role_ref(utils.get_auth_token(req),
|
||||
role_ref_id)
|
||||
return utils.send_result(204, req, rval)
|
||||
|
||||
@utils.wrap_error
|
||||
def add_global_role_to_user(self, req, user_id, role_id):
|
||||
config.SERVICE.add_global_role_to_user(utils.get_auth_token(req),
|
||||
user_id, role_id)
|
||||
return utils.send_result(201)
|
||||
|
|
|
@ -655,6 +655,21 @@ class IdentityService(object):
|
|||
api.ROLE.ref_delete(role_ref_id)
|
||||
return None
|
||||
|
||||
def add_global_role_to_user(self, admin_token, user_id, role_id):
|
||||
self.__validate_service_or_keystone_admin_token(admin_token)
|
||||
duser = api.USER.get(user_id)
|
||||
if not duser:
|
||||
raise fault.ItemNotFoundFault("The user could not be found")
|
||||
|
||||
drole = api.ROLE.get(role_id)
|
||||
if drole == None:
|
||||
raise fault.ItemNotFoundFault("The role not found")
|
||||
|
||||
drole_ref = models.UserRoleAssociation()
|
||||
drole_ref.user_id = duser.id
|
||||
drole_ref.role_id = drole.id
|
||||
api.USER.user_role_add(drole_ref)
|
||||
|
||||
def get_user_roles(self, admin_token, marker, limit, url, user_id):
|
||||
self.__validate_service_or_keystone_admin_token(admin_token)
|
||||
duser = api.USER.get(user_id)
|
||||
|
|
|
@ -56,7 +56,7 @@ import json
|
|||
import os
|
||||
from paste.deploy import loadapp
|
||||
from urlparse import urlparse
|
||||
from webob.exc import HTTPUnauthorized, HTTPUseProxy
|
||||
from webob.exc import HTTPUnauthorized
|
||||
from webob.exc import Request, Response
|
||||
import keystone.tools.tracer # @UnusedImport # module runs on import
|
||||
|
||||
|
|
|
@ -21,7 +21,6 @@ from keystone.common import wsgi
|
|||
import keystone.backends as db
|
||||
from keystone.controllers.auth import AuthController
|
||||
from keystone.controllers.endpointtemplates import EndpointTemplatesController
|
||||
from keystone.controllers.roles import RolesController
|
||||
from keystone.controllers.staticfiles import StaticFilesController
|
||||
from keystone.controllers.tenant import TenantController
|
||||
from keystone.controllers.user import UserController
|
||||
|
@ -110,26 +109,6 @@ class AdminApi(wsgi.Router):
|
|||
action="get_tenant_users",
|
||||
conditions=dict(method=["GET"]))
|
||||
|
||||
#Roles
|
||||
roles_controller = RolesController(options)
|
||||
mapper.connect("/roles", controller=roles_controller,
|
||||
action="create_role", conditions=dict(method=["POST"]))
|
||||
mapper.connect("/roles", controller=roles_controller,
|
||||
action="get_roles", conditions=dict(method=["GET"]))
|
||||
mapper.connect("/roles/{role_id}", controller=roles_controller,
|
||||
action="get_role", conditions=dict(method=["GET"]))
|
||||
mapper.connect("/roles/{role_id}", controller=roles_controller,
|
||||
action="delete_role", conditions=dict(method=["DELETE"]))
|
||||
mapper.connect("/users/{user_id}/roleRefs",
|
||||
controller=roles_controller, action="get_role_refs",
|
||||
conditions=dict(method=["GET"]))
|
||||
mapper.connect("/users/{user_id}/roleRefs",
|
||||
controller=roles_controller, action="create_role_ref",
|
||||
conditions=dict(method=["POST"]))
|
||||
mapper.connect("/users/{user_id}/roleRefs/{role_ref_id}",
|
||||
controller=roles_controller, action="delete_role_ref",
|
||||
conditions=dict(method=["DELETE"]))
|
||||
|
||||
#EndpointTemplatesControllers and Endpoints
|
||||
endpoint_templates_controller = EndpointTemplatesController(options)
|
||||
mapper.connect("/endpointTemplates",
|
||||
|
|
|
@ -290,21 +290,23 @@ class ApiTestCase(RestfulTestCase):
|
|||
|
||||
def post_role(self, **kwargs):
|
||||
"""POST /roles"""
|
||||
return self.admin_request(method='POST', path='/roles', **kwargs)
|
||||
return self.admin_request(method='POST',
|
||||
path='/OS-KSADM/roles', **kwargs)
|
||||
|
||||
def get_roles(self, **kwargs):
|
||||
"""GET /roles"""
|
||||
return self.admin_request(method='GET', path='/roles', **kwargs)
|
||||
return self.admin_request(method='GET',
|
||||
path='/OS-KSADM/roles', **kwargs)
|
||||
|
||||
def get_role(self, role_id, **kwargs):
|
||||
"""GET /roles/{role_id}"""
|
||||
return self.admin_request(method='GET',
|
||||
path='/roles/%s' % (role_id,), **kwargs)
|
||||
path='/OS-KSADM/roles/%s' % (role_id,), **kwargs)
|
||||
|
||||
def delete_role(self, role_id, **kwargs):
|
||||
"""DELETE /roles/{role_id}"""
|
||||
return self.admin_request(method='DELETE',
|
||||
path='/roles/%s' % (role_id,), **kwargs)
|
||||
path='/OS-KSADM/roles/%s' % (role_id,), **kwargs)
|
||||
|
||||
def get_endpoint_templates(self, **kwargs):
|
||||
"""GET /endpointTemplates"""
|
||||
|
|
Loading…
Reference in New Issue