Add application credential CRUD support
This patch adds the client support of application credentials. Change-Id: Idac1b8f4610825ca7fdf62eec4f0453398e43346
This commit is contained in:
parent
9db14f6d78
commit
7c10ff6041
@ -11,6 +11,8 @@
|
|||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
import openstack.exceptions as exception
|
import openstack.exceptions as exception
|
||||||
|
from openstack.identity.v3 import application_credential as \
|
||||||
|
_application_credential
|
||||||
from openstack.identity.v3 import credential as _credential
|
from openstack.identity.v3 import credential as _credential
|
||||||
from openstack.identity.v3 import domain as _domain
|
from openstack.identity.v3 import domain as _domain
|
||||||
from openstack.identity.v3 import endpoint as _endpoint
|
from openstack.identity.v3 import endpoint as _endpoint
|
||||||
@ -1212,3 +1214,108 @@ class Proxy(proxy.Proxy):
|
|||||||
group = self._get_resource(_group.Group, group)
|
group = self._get_resource(_group.Group, group)
|
||||||
role = self._get_resource(_role.Role, role)
|
role = self._get_resource(_role.Role, role)
|
||||||
return project.validate_group_has_role(self, group, role)
|
return project.validate_group_has_role(self, group, role)
|
||||||
|
|
||||||
|
def application_credentials(self, user, **query):
|
||||||
|
"""Retrieve a generator of application credentials
|
||||||
|
|
||||||
|
:param user: Either the ID of a user or a
|
||||||
|
:class:`~openstack.identity.v3.user.User` instance.
|
||||||
|
|
||||||
|
:param kwargs query: Optional query parameters to be sent to
|
||||||
|
application credential the resources being returned.
|
||||||
|
|
||||||
|
:returns: A generator of application credentials instances.
|
||||||
|
:rtype: :class:`~openstack.identity.v3.application_credential.
|
||||||
|
ApplicationCredential`
|
||||||
|
"""
|
||||||
|
user = self._get_resource(_user.User, user)
|
||||||
|
return self._list(_application_credential.ApplicationCredential,
|
||||||
|
user_id=user.id, **query)
|
||||||
|
|
||||||
|
def get_application_credential(self, user, application_credential):
|
||||||
|
"""Get a single application credential
|
||||||
|
|
||||||
|
:param user: Either the ID of a user or a
|
||||||
|
:class:`~openstack.identity.v3.user.User` instance.
|
||||||
|
|
||||||
|
:param application_credential: The value can be the ID of a
|
||||||
|
application credential or a :class:
|
||||||
|
`~openstack.identity.v3.application_credential.
|
||||||
|
ApplicationCredential` instance.
|
||||||
|
|
||||||
|
:returns: One :class:`~openstack.identity.v3.application_credential.
|
||||||
|
ApplicationCredential`
|
||||||
|
:raises: :class:`~openstack.exceptions.ResourceNotFound` when no
|
||||||
|
resource can be found.
|
||||||
|
"""
|
||||||
|
user = self._get_resource(_user.User, user)
|
||||||
|
return self._get(_application_credential.ApplicationCredential,
|
||||||
|
application_credential,
|
||||||
|
user_id=user.id)
|
||||||
|
|
||||||
|
def create_application_credential(self, user, name, **attrs):
|
||||||
|
"""Create a new application credential from attributes
|
||||||
|
|
||||||
|
:param user: Either the ID of a user or a
|
||||||
|
:class:`~openstack.identity.v3.user.User` instance.
|
||||||
|
:param name: The name of the application credential which is
|
||||||
|
unique to the user.
|
||||||
|
:param dict attrs: Keyword arguments which will be used to create
|
||||||
|
a :class:`~openstack.identity.v3.application_credential.
|
||||||
|
ApplicationCredential`, comprised of the properties on the
|
||||||
|
ApplicationCredential class.
|
||||||
|
|
||||||
|
|
||||||
|
:returns: The results of application credential creation.
|
||||||
|
:rtype: :class:`~openstack.identity.v3.application_credential.
|
||||||
|
ApplicationCredential`
|
||||||
|
"""
|
||||||
|
|
||||||
|
user = self._get_resource(_user.User, user)
|
||||||
|
return self._create(_application_credential.ApplicationCredential,
|
||||||
|
name=name,
|
||||||
|
user_id=user.id, **attrs)
|
||||||
|
|
||||||
|
def find_application_credential(self, user, name_or_id,
|
||||||
|
ignore_missing=True, **args):
|
||||||
|
"""Find a single application credential
|
||||||
|
|
||||||
|
:param user: Either the ID of a user or a
|
||||||
|
:class:`~openstack.identity.v3.user.User` instance.
|
||||||
|
:param name_or_id: The name or ID of a application credential.
|
||||||
|
:param bool ignore_missing: When set to ``False``
|
||||||
|
:class:`~openstack.exceptions.ResourceNotFound` will be
|
||||||
|
raised when the resource does not exist.
|
||||||
|
When set to ``True``, None will be returned when
|
||||||
|
attempting to find a nonexistent resource.
|
||||||
|
|
||||||
|
:returns: One :class:`~openstack.identity.v3.application_credential.
|
||||||
|
ApplicationCredential` or None
|
||||||
|
"""
|
||||||
|
user = self._get_resource(_user.User, user)
|
||||||
|
return self._find(_application_credential.ApplicationCredential,
|
||||||
|
user_id=user.id, name_or_id=name_or_id,
|
||||||
|
ignore_missing=ignore_missing, **args)
|
||||||
|
|
||||||
|
def delete_application_credential(self, user, application_credential,
|
||||||
|
ignore_missing=True):
|
||||||
|
"""Delete a application credential
|
||||||
|
|
||||||
|
:param user: Either the ID of a user or a
|
||||||
|
:class:`~openstack.identity.v3.user.User` instance.
|
||||||
|
:param application credential: The value can be either the ID of a
|
||||||
|
application credential or a :class: `~openstack.identity.v3.
|
||||||
|
application_credential.ApplicationCredential` instance.
|
||||||
|
:param bool ignore_missing: When set to ``False``
|
||||||
|
:class:`~openstack.exceptions.ResourceNotFound` will be raised
|
||||||
|
when the application credential does not exist. When set to
|
||||||
|
``True``, no exception will be thrown when attempting to delete
|
||||||
|
a nonexistent application credential.
|
||||||
|
|
||||||
|
:returns: ``None``
|
||||||
|
"""
|
||||||
|
user = self._get_resource(_user.User, user)
|
||||||
|
self._delete(_application_credential.ApplicationCredential,
|
||||||
|
application_credential,
|
||||||
|
user_id=user.id,
|
||||||
|
ignore_missing=ignore_missing)
|
||||||
|
49
openstack/identity/v3/application_credential.py
Normal file
49
openstack/identity/v3/application_credential.py
Normal file
@ -0,0 +1,49 @@
|
|||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
from openstack import resource
|
||||||
|
|
||||||
|
|
||||||
|
class ApplicationCredential(resource.Resource):
|
||||||
|
resource_key = 'application_credential'
|
||||||
|
resources_key = 'application_credentials'
|
||||||
|
base_path = '/users/%(user_id)s/application_credentials'
|
||||||
|
|
||||||
|
# capabilities
|
||||||
|
allow_create = True
|
||||||
|
allow_fetch = True
|
||||||
|
allow_commit = True
|
||||||
|
allow_delete = True
|
||||||
|
allow_list = True
|
||||||
|
|
||||||
|
# Properties
|
||||||
|
#: User ID using application credential. *Type: string*
|
||||||
|
user_id = resource.URI('user_id')
|
||||||
|
#: User object using application credential. *Type: string*
|
||||||
|
user = resource.Body('user')
|
||||||
|
#: The links for the application credential resource.
|
||||||
|
links = resource.Body('links')
|
||||||
|
#: name of the user. *Type: string*
|
||||||
|
name = resource.Body('name')
|
||||||
|
#: secret that application credential will be created with, if any.
|
||||||
|
# *Type: string*
|
||||||
|
secret = resource.Body('secret')
|
||||||
|
#: description of application credential's purpose. *Type: string*
|
||||||
|
description = resource.Body('description')
|
||||||
|
#: expire time of application credential. *Type: string*
|
||||||
|
expires_at = resource.Body('expires_at')
|
||||||
|
#: roles of the user. *Type: list*
|
||||||
|
roles = resource.Body('roles')
|
||||||
|
#: restricts the application credential. *Type: boolean*
|
||||||
|
unrestricted = resource.Body('unrestricted', type=bool)
|
||||||
|
#: ID of project. *Type: string*
|
||||||
|
project_id = resource.Body('project_id')
|
0
openstack/tests/functional/identity/__init__.py
Normal file
0
openstack/tests/functional/identity/__init__.py
Normal file
0
openstack/tests/functional/identity/v3/__init__.py
Normal file
0
openstack/tests/functional/identity/v3/__init__.py
Normal file
@ -0,0 +1,68 @@
|
|||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
from openstack.tests.functional import base
|
||||||
|
from openstack import exceptions
|
||||||
|
|
||||||
|
|
||||||
|
class TestApplicationCredentials(base.BaseFunctionalTest):
|
||||||
|
|
||||||
|
def setUp(self):
|
||||||
|
super(TestApplicationCredentials, self).setUp()
|
||||||
|
self.user_id = self.operator_cloud.current_user_id
|
||||||
|
|
||||||
|
def _create_application_credentials(self):
|
||||||
|
app_creds = self.conn.identity.create_application_credential(
|
||||||
|
user=self.user_id, name='app_cred'
|
||||||
|
)
|
||||||
|
self.addCleanup(self.conn.identity.delete_application_credential,
|
||||||
|
self.user_id, app_creds['id'])
|
||||||
|
return app_creds
|
||||||
|
|
||||||
|
def test_create_application_credentials(self):
|
||||||
|
app_creds = self._create_application_credentials()
|
||||||
|
self.assertEqual(app_creds['user_id'], self.user_id)
|
||||||
|
|
||||||
|
def test_get_application_credential(self):
|
||||||
|
app_creds = self._create_application_credentials()
|
||||||
|
app_cred = self.conn.identity.get_application_credential(
|
||||||
|
user=self.user_id, application_credential=app_creds['id']
|
||||||
|
)
|
||||||
|
self.assertEqual(app_cred['id'], app_creds['id'])
|
||||||
|
self.assertEqual(app_cred['user_id'], self.user_id)
|
||||||
|
|
||||||
|
def test_application_credentials(self):
|
||||||
|
self._create_application_credentials()
|
||||||
|
app_creds = self.conn.identity.application_credentials(
|
||||||
|
user=self.user_id
|
||||||
|
)
|
||||||
|
for app_cred in app_creds:
|
||||||
|
self.assertEqual(app_cred['user_id'], self.user_id)
|
||||||
|
|
||||||
|
def test_find_application_credential(self):
|
||||||
|
app_creds = self._create_application_credentials()
|
||||||
|
app_cred = self.conn.identity.find_application_credential(
|
||||||
|
user=self.user_id, name_or_id=app_creds['id']
|
||||||
|
)
|
||||||
|
self.assertEqual(app_cred['id'], app_creds['id'])
|
||||||
|
self.assertEqual(app_cred['user_id'], self.user_id)
|
||||||
|
|
||||||
|
def test_delete_application_credential(self):
|
||||||
|
app_creds = self._create_application_credentials()
|
||||||
|
self.conn.identity.delete_application_credential(
|
||||||
|
user=self.user_id, application_credential=app_creds['id']
|
||||||
|
)
|
||||||
|
self.assertRaises(exceptions.NotFoundException,
|
||||||
|
self.conn.identity.get_application_credential,
|
||||||
|
user=self.user_id,
|
||||||
|
application_credential=app_creds['id']
|
||||||
|
)
|
@ -0,0 +1,55 @@
|
|||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
from openstack.tests.unit import base
|
||||||
|
|
||||||
|
from openstack.identity.v3 import application_credential
|
||||||
|
|
||||||
|
EXAMPLE = {
|
||||||
|
"user": {
|
||||||
|
"id": "8ac43bb0926245cead88676a96c750d3"},
|
||||||
|
"name": 'monitoring',
|
||||||
|
"secret": 'rEaqvJka48mpv',
|
||||||
|
"roles": [
|
||||||
|
{"name": "Reader"}
|
||||||
|
],
|
||||||
|
"expires_at": '2018-02-27T18:30:59Z',
|
||||||
|
"description": "Application credential for monitoring",
|
||||||
|
"unrestricted": "False",
|
||||||
|
"project_id": "3",
|
||||||
|
"links": {"self": "http://example.com/v3/application_credential_1"}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
class TestApplicationCredential(base.TestCase):
|
||||||
|
|
||||||
|
def test_basic(self):
|
||||||
|
sot = application_credential.ApplicationCredential()
|
||||||
|
self.assertEqual('application_credential', sot.resource_key)
|
||||||
|
self.assertEqual('application_credentials', sot.resources_key)
|
||||||
|
self.assertEqual('/users/%(user_id)s/application_credentials',
|
||||||
|
sot.base_path)
|
||||||
|
self.assertTrue(sot.allow_create)
|
||||||
|
self.assertTrue(sot.allow_fetch)
|
||||||
|
self.assertTrue(sot.allow_commit)
|
||||||
|
self.assertTrue(sot.allow_delete)
|
||||||
|
self.assertTrue(sot.allow_list)
|
||||||
|
|
||||||
|
def test_make_it(self):
|
||||||
|
sot = application_credential.ApplicationCredential(**EXAMPLE)
|
||||||
|
self.assertEqual(EXAMPLE['user'], sot.user)
|
||||||
|
self.assertEqual(EXAMPLE['name'], sot.name)
|
||||||
|
self.assertEqual(EXAMPLE['secret'], sot.secret)
|
||||||
|
self.assertEqual(EXAMPLE['description'], sot.description)
|
||||||
|
self.assertEqual(EXAMPLE['expires_at'], sot.expires_at)
|
||||||
|
self.assertEqual(EXAMPLE['project_id'], sot.project_id)
|
||||||
|
self.assertEqual(EXAMPLE['roles'], sot.roles)
|
||||||
|
self.assertEqual(EXAMPLE['links'], sot.links)
|
@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Added CRUD support for `application credentials
|
||||||
|
<https://docs.openstack.org/keystone/latest/user/application_credentials.html>`_.
|
Loading…
Reference in New Issue
Block a user