Merge "Updates client to work with keystone essex roles API routes."
This commit is contained in:
Jenkins
2
.gitignore
vendored
2
.gitignore
vendored
@@ -1,5 +1,5 @@
|
||||
.coverage
|
||||
.keystoneclient-venv
|
||||
.venv
|
||||
*,cover
|
||||
cover
|
||||
*.pyc
|
||||
|
||||
@@ -87,8 +87,10 @@ class Manager(object):
|
||||
def _delete(self, url):
|
||||
resp, body = self.api.delete(url)
|
||||
|
||||
def _update(self, url, body, response_key):
|
||||
def _update(self, url, body, response_key=None):
|
||||
resp, body = self.api.put(url, body=body)
|
||||
# PUT requests may not return a body
|
||||
if body:
|
||||
return self.resource_class(self, body[response_key])
|
||||
|
||||
|
||||
|
||||
@@ -50,16 +50,43 @@ class RoleManager(base.ManagerWithFind):
|
||||
"""
|
||||
return self._list("/OS-KSADM/roles", "roles")
|
||||
|
||||
# FIXME(ja): finialize roles once finalized in keystone
|
||||
# right now the only way to add/remove a tenant is to
|
||||
# give them a role within a project
|
||||
def get_user_role_refs(self, user_id):
|
||||
return self._list("/users/%s/roleRefs" % user_id, "roles")
|
||||
def roles_for_user(self, user, tenant=None):
|
||||
user_id = base.getid(user)
|
||||
if tenant:
|
||||
tenant_id = base.getid(tenant)
|
||||
route = "/tenants/%s/users/%s/roles"
|
||||
return self._list(route % (tenant_id, user_id), "roles")
|
||||
else:
|
||||
return self._list("/users/%s/roles" % user_id, "roles")
|
||||
|
||||
def add_user_to_tenant(self, tenant_id, user_id, role_id):
|
||||
params = {"role": {"tenantId": tenant_id, "roleId": role_id}}
|
||||
return self._create("/users/%s/roleRefs" % user_id, params, "role")
|
||||
def add_user_role(self, user, role, tenant=None):
|
||||
""" Adds a role to a user.
|
||||
|
||||
def remove_user_from_tenant(self, tenant_id, user_id, role_id):
|
||||
params = {"role": {"tenantId": tenant_id, "roleId": role_id}}
|
||||
return self._delete("/users/%s/roleRefs/%s" % (user_id, role_id))
|
||||
If tenant is specified, the role is added just for that tenant,
|
||||
otherwise the role is added globally.
|
||||
"""
|
||||
user_id = base.getid(user)
|
||||
role_id = base.getid(role)
|
||||
if tenant:
|
||||
route = "/tenants/%s/users/%s/roles/OS-KSADM/%s"
|
||||
params = (base.getid(tenant), user_id, role_id)
|
||||
return self._update(route % params, None, "role")
|
||||
else:
|
||||
route = "/users/%s/roles/OS-KSADM/%s"
|
||||
return self._update(route % (user_id, role_id), None, "roles")
|
||||
|
||||
def remove_user_role(self, user, role, tenant=None):
|
||||
""" Removes a role from a user.
|
||||
|
||||
If tenant is specified, the role is removed just for that tenant,
|
||||
otherwise the role is removed from the user's global roles.
|
||||
"""
|
||||
user_id = base.getid(user)
|
||||
role_id = base.getid(role)
|
||||
if tenant:
|
||||
route = "/tenants/%s/users/%s/roles/OS-KSADM/%s"
|
||||
params = (base.getid(tenant), user_id, role_id)
|
||||
return self._delete(route % params)
|
||||
else:
|
||||
route = "/users/%s/roles/OS-KSADM/%s"
|
||||
return self._delete(route % (user_id, role_id), "roles")
|
||||
|
||||
@@ -202,32 +202,20 @@ def do_role_delete(kc, args):
|
||||
print 'Unable to delete role.'
|
||||
|
||||
|
||||
@utils.arg('id', metavar='<user_id>', help='ID of User', nargs='?')
|
||||
def do_user_roles(kc, args):
|
||||
roles = kc.roles.get_user_role_refs(args.id)
|
||||
for role in roles:
|
||||
try:
|
||||
role.tenant = kc.tenants.get(role.tenantId).name
|
||||
except Exception, e:
|
||||
role.tenant = 'n/a'
|
||||
role.name = kc.roles.get(role.roleId).name
|
||||
utils.print_list(roles, ['tenant', 'name'])
|
||||
# TODO(jakedahn): refactor this to allow role, user, and tenant names.
|
||||
@utils.arg('user_id', metavar='<user_id>', help='ID of User', nargs='?')
|
||||
@utils.arg('role_id', metavar='<role_id>', help='ID of Role', nargs='?')
|
||||
@utils.arg('tenant_id', metavar='<tenant_id>', help='ID of Tenant', nargs='?')
|
||||
def do_add_user_role(kc, args):
|
||||
kc.roles.add_user_role(args.user_id, args.role_id, args.tenant_id)
|
||||
|
||||
|
||||
# TODO(jakedahn): refactor this to allow role, user, and tenant names.
|
||||
@utils.arg('tenant_id', metavar='<tenant_id>', help='ID of Tenant', nargs='?')
|
||||
@utils.arg('user_id', metavar='<user_id>', help='ID of User', nargs='?')
|
||||
@utils.arg('role_id', metavar='<role_id>', help='ID of Role', nargs='?')
|
||||
def do_user_add_tenant_role(kc, args):
|
||||
kc.roles.add_user_to_tenant(args.tenant_id, args.user_id, args.role_id)
|
||||
|
||||
|
||||
# TODO(jakedahn): refactor this to allow role, user, and tenant names.
|
||||
@utils.arg('tenant_id', metavar='<tenant_id>', help='ID of Tenant', nargs='?')
|
||||
@utils.arg('user_id', metavar='<user_id>', help='ID of User', nargs='?')
|
||||
@utils.arg('role_id', metavar='<role_id>', help='ID of Role', nargs='?')
|
||||
def do_user_remove_tenant_role(kc, args):
|
||||
kc.roles.remove_user_to_tenant(args.tenant_id, args.user_id, args.role_id)
|
||||
def do_remove_user_role(kc, args):
|
||||
kc.roles.remove_user_role(args.user_id, args.role_id, args.tenant_id)
|
||||
|
||||
|
||||
@utils.arg('tenant_id', metavar='<tenant_id>', help='ID of Tenant', nargs='?')
|
||||
|
||||
@@ -30,8 +30,18 @@ class Tenant(base.Resource):
|
||||
# FIXME(ja): set the attributes in this object if successful
|
||||
return self.manager.update(self.id, description, enabled)
|
||||
|
||||
def add_user(self, user):
|
||||
return self.manager.add_user_to_tenant(self.id, base.getid(user))
|
||||
def add_user(self, user, role):
|
||||
return self.manager.api.roles.add_user_to_tenant(self.id,
|
||||
base.getid(user),
|
||||
base.getid(role))
|
||||
|
||||
def remove_user(self, user, role):
|
||||
return self.manager.api.roles.remove_user_from_tenant(self.id,
|
||||
base.getid(user),
|
||||
base.getid(role))
|
||||
|
||||
def list_users(self):
|
||||
return self.manager.list_users(self.id)
|
||||
|
||||
|
||||
class TenantManager(base.ManagerWithFind):
|
||||
@@ -71,7 +81,7 @@ class TenantManager(base.ManagerWithFind):
|
||||
def update(self, tenant_id, tenant_name=None, description=None,
|
||||
enabled=None):
|
||||
"""
|
||||
update a tenant with a new name and description
|
||||
Update a tenant with a new name and description.
|
||||
"""
|
||||
body = {"tenant": {'id': tenant_id}}
|
||||
if tenant_name is not None:
|
||||
@@ -88,3 +98,19 @@ class TenantManager(base.ManagerWithFind):
|
||||
Delete a tenant.
|
||||
"""
|
||||
return self._delete("/tenants/%s" % (base.getid(tenant)))
|
||||
|
||||
def list_users(self, tenant):
|
||||
""" List users for a tenant. """
|
||||
return self.api.users.list(base.getid(tenant))
|
||||
|
||||
def add_user(self, tenant, user, role):
|
||||
""" Add a user to a tenant with the given role. """
|
||||
return self.api.roles.add_user_to_tenant(base.getid(tenant),
|
||||
base.getid(user),
|
||||
base.getid(role))
|
||||
|
||||
def remove_user(self, tenant, user, role):
|
||||
""" Remove the specified role from the user on the tenant. """
|
||||
return self.api.roles.remove_user_from_tenant(base.getid(tenant),
|
||||
base.getid(user),
|
||||
base.getid(role))
|
||||
|
||||
@@ -26,6 +26,9 @@ class User(base.Resource):
|
||||
def delete(self):
|
||||
return self.manager.delete(self)
|
||||
|
||||
def list_roles(self, tenant=None):
|
||||
return self.manager.list_roles(self.id, base.getid(tenant))
|
||||
|
||||
|
||||
class UserManager(base.ManagerWithFind):
|
||||
resource_class = User
|
||||
@@ -115,3 +118,7 @@ class UserManager(base.ManagerWithFind):
|
||||
else:
|
||||
return self._list("/tenants/%s/users%s" % (tenant_id, query),
|
||||
"users")
|
||||
|
||||
def list_roles(self, user, tenant=None):
|
||||
return self.api.roles.roles_for_user(base.getid(user),
|
||||
base.getid(tenant))
|
||||
|
||||
@@ -4,5 +4,6 @@ httplib2
|
||||
mock
|
||||
mox
|
||||
nose
|
||||
pep8
|
||||
prettytable
|
||||
simplejson
|
||||
|
||||
Reference in New Issue
Block a user