Updates client to work with keystone essex roles API routes.
Also adds pep8 to requirements since it was missing, and adds the automatically-created venv to the gitignore list. Change-Id: Iafa05c1889d7706b79d0f9392a9ac24f2f5a1719
This commit is contained in:
Gabriel Hurley
2
.gitignore
vendored
2
.gitignore
vendored
@@ -1,5 +1,5 @@
|
|||||||
.coverage
|
.coverage
|
||||||
.keystoneclient-venv
|
.venv
|
||||||
*,cover
|
*,cover
|
||||||
cover
|
cover
|
||||||
*.pyc
|
*.pyc
|
||||||
|
|||||||
@@ -87,8 +87,10 @@ class Manager(object):
|
|||||||
def _delete(self, url):
|
def _delete(self, url):
|
||||||
resp, body = self.api.delete(url)
|
resp, body = self.api.delete(url)
|
||||||
|
|
||||||
def _update(self, url, body, response_key):
|
def _update(self, url, body, response_key=None):
|
||||||
resp, body = self.api.put(url, body=body)
|
resp, body = self.api.put(url, body=body)
|
||||||
|
# PUT requests may not return a body
|
||||||
|
if body:
|
||||||
return self.resource_class(self, body[response_key])
|
return self.resource_class(self, body[response_key])
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -50,16 +50,43 @@ class RoleManager(base.ManagerWithFind):
|
|||||||
"""
|
"""
|
||||||
return self._list("/OS-KSADM/roles", "roles")
|
return self._list("/OS-KSADM/roles", "roles")
|
||||||
|
|
||||||
# FIXME(ja): finialize roles once finalized in keystone
|
def roles_for_user(self, user, tenant=None):
|
||||||
# right now the only way to add/remove a tenant is to
|
user_id = base.getid(user)
|
||||||
# give them a role within a project
|
if tenant:
|
||||||
def get_user_role_refs(self, user_id):
|
tenant_id = base.getid(tenant)
|
||||||
return self._list("/users/%s/roleRefs" % user_id, "roles")
|
route = "/tenants/%s/users/%s/roles"
|
||||||
|
return self._list(route % (tenant_id, user_id), "roles")
|
||||||
|
else:
|
||||||
|
return self._list("/users/%s/roles" % user_id, "roles")
|
||||||
|
|
||||||
def add_user_to_tenant(self, tenant_id, user_id, role_id):
|
def add_user_role(self, user, role, tenant=None):
|
||||||
params = {"role": {"tenantId": tenant_id, "roleId": role_id}}
|
""" Adds a role to a user.
|
||||||
return self._create("/users/%s/roleRefs" % user_id, params, "role")
|
|
||||||
|
|
||||||
def remove_user_from_tenant(self, tenant_id, user_id, role_id):
|
If tenant is specified, the role is added just for that tenant,
|
||||||
params = {"role": {"tenantId": tenant_id, "roleId": role_id}}
|
otherwise the role is added globally.
|
||||||
return self._delete("/users/%s/roleRefs/%s" % (user_id, role_id))
|
"""
|
||||||
|
user_id = base.getid(user)
|
||||||
|
role_id = base.getid(role)
|
||||||
|
if tenant:
|
||||||
|
route = "/tenants/%s/users/%s/roles/OS-KSADM/%s"
|
||||||
|
params = (base.getid(tenant), user_id, role_id)
|
||||||
|
return self._update(route % params, None, "role")
|
||||||
|
else:
|
||||||
|
route = "/users/%s/roles/OS-KSADM/%s"
|
||||||
|
return self._update(route % (user_id, role_id), None, "roles")
|
||||||
|
|
||||||
|
def remove_user_role(self, user, role, tenant=None):
|
||||||
|
""" Removes a role from a user.
|
||||||
|
|
||||||
|
If tenant is specified, the role is removed just for that tenant,
|
||||||
|
otherwise the role is removed from the user's global roles.
|
||||||
|
"""
|
||||||
|
user_id = base.getid(user)
|
||||||
|
role_id = base.getid(role)
|
||||||
|
if tenant:
|
||||||
|
route = "/tenants/%s/users/%s/roles/OS-KSADM/%s"
|
||||||
|
params = (base.getid(tenant), user_id, role_id)
|
||||||
|
return self._delete(route % params)
|
||||||
|
else:
|
||||||
|
route = "/users/%s/roles/OS-KSADM/%s"
|
||||||
|
return self._delete(route % (user_id, role_id), "roles")
|
||||||
|
|||||||
@@ -202,32 +202,20 @@ def do_role_delete(kc, args):
|
|||||||
print 'Unable to delete role.'
|
print 'Unable to delete role.'
|
||||||
|
|
||||||
|
|
||||||
@utils.arg('id', metavar='<user_id>', help='ID of User', nargs='?')
|
# TODO(jakedahn): refactor this to allow role, user, and tenant names.
|
||||||
def do_user_roles(kc, args):
|
@utils.arg('user_id', metavar='<user_id>', help='ID of User', nargs='?')
|
||||||
roles = kc.roles.get_user_role_refs(args.id)
|
@utils.arg('role_id', metavar='<role_id>', help='ID of Role', nargs='?')
|
||||||
for role in roles:
|
@utils.arg('tenant_id', metavar='<tenant_id>', help='ID of Tenant', nargs='?')
|
||||||
try:
|
def do_add_user_role(kc, args):
|
||||||
role.tenant = kc.tenants.get(role.tenantId).name
|
kc.roles.add_user_role(args.user_id, args.role_id, args.tenant_id)
|
||||||
except Exception, e:
|
|
||||||
role.tenant = 'n/a'
|
|
||||||
role.name = kc.roles.get(role.roleId).name
|
|
||||||
utils.print_list(roles, ['tenant', 'name'])
|
|
||||||
|
|
||||||
|
|
||||||
# TODO(jakedahn): refactor this to allow role, user, and tenant names.
|
# TODO(jakedahn): refactor this to allow role, user, and tenant names.
|
||||||
@utils.arg('tenant_id', metavar='<tenant_id>', help='ID of Tenant', nargs='?')
|
|
||||||
@utils.arg('user_id', metavar='<user_id>', help='ID of User', nargs='?')
|
@utils.arg('user_id', metavar='<user_id>', help='ID of User', nargs='?')
|
||||||
@utils.arg('role_id', metavar='<role_id>', help='ID of Role', nargs='?')
|
@utils.arg('role_id', metavar='<role_id>', help='ID of Role', nargs='?')
|
||||||
def do_user_add_tenant_role(kc, args):
|
|
||||||
kc.roles.add_user_to_tenant(args.tenant_id, args.user_id, args.role_id)
|
|
||||||
|
|
||||||
|
|
||||||
# TODO(jakedahn): refactor this to allow role, user, and tenant names.
|
|
||||||
@utils.arg('tenant_id', metavar='<tenant_id>', help='ID of Tenant', nargs='?')
|
@utils.arg('tenant_id', metavar='<tenant_id>', help='ID of Tenant', nargs='?')
|
||||||
@utils.arg('user_id', metavar='<user_id>', help='ID of User', nargs='?')
|
def do_remove_user_role(kc, args):
|
||||||
@utils.arg('role_id', metavar='<role_id>', help='ID of Role', nargs='?')
|
kc.roles.remove_user_role(args.user_id, args.role_id, args.tenant_id)
|
||||||
def do_user_remove_tenant_role(kc, args):
|
|
||||||
kc.roles.remove_user_to_tenant(args.tenant_id, args.user_id, args.role_id)
|
|
||||||
|
|
||||||
|
|
||||||
@utils.arg('tenant_id', metavar='<tenant_id>', help='ID of Tenant', nargs='?')
|
@utils.arg('tenant_id', metavar='<tenant_id>', help='ID of Tenant', nargs='?')
|
||||||
|
|||||||
@@ -30,8 +30,18 @@ class Tenant(base.Resource):
|
|||||||
# FIXME(ja): set the attributes in this object if successful
|
# FIXME(ja): set the attributes in this object if successful
|
||||||
return self.manager.update(self.id, description, enabled)
|
return self.manager.update(self.id, description, enabled)
|
||||||
|
|
||||||
def add_user(self, user):
|
def add_user(self, user, role):
|
||||||
return self.manager.add_user_to_tenant(self.id, base.getid(user))
|
return self.manager.api.roles.add_user_to_tenant(self.id,
|
||||||
|
base.getid(user),
|
||||||
|
base.getid(role))
|
||||||
|
|
||||||
|
def remove_user(self, user, role):
|
||||||
|
return self.manager.api.roles.remove_user_from_tenant(self.id,
|
||||||
|
base.getid(user),
|
||||||
|
base.getid(role))
|
||||||
|
|
||||||
|
def list_users(self):
|
||||||
|
return self.manager.list_users(self.id)
|
||||||
|
|
||||||
|
|
||||||
class TenantManager(base.ManagerWithFind):
|
class TenantManager(base.ManagerWithFind):
|
||||||
@@ -71,7 +81,7 @@ class TenantManager(base.ManagerWithFind):
|
|||||||
def update(self, tenant_id, tenant_name=None, description=None,
|
def update(self, tenant_id, tenant_name=None, description=None,
|
||||||
enabled=None):
|
enabled=None):
|
||||||
"""
|
"""
|
||||||
update a tenant with a new name and description
|
Update a tenant with a new name and description.
|
||||||
"""
|
"""
|
||||||
body = {"tenant": {'id': tenant_id}}
|
body = {"tenant": {'id': tenant_id}}
|
||||||
if tenant_name is not None:
|
if tenant_name is not None:
|
||||||
@@ -88,3 +98,19 @@ class TenantManager(base.ManagerWithFind):
|
|||||||
Delete a tenant.
|
Delete a tenant.
|
||||||
"""
|
"""
|
||||||
return self._delete("/tenants/%s" % (base.getid(tenant)))
|
return self._delete("/tenants/%s" % (base.getid(tenant)))
|
||||||
|
|
||||||
|
def list_users(self, tenant):
|
||||||
|
""" List users for a tenant. """
|
||||||
|
return self.api.users.list(base.getid(tenant))
|
||||||
|
|
||||||
|
def add_user(self, tenant, user, role):
|
||||||
|
""" Add a user to a tenant with the given role. """
|
||||||
|
return self.api.roles.add_user_to_tenant(base.getid(tenant),
|
||||||
|
base.getid(user),
|
||||||
|
base.getid(role))
|
||||||
|
|
||||||
|
def remove_user(self, tenant, user, role):
|
||||||
|
""" Remove the specified role from the user on the tenant. """
|
||||||
|
return self.api.roles.remove_user_from_tenant(base.getid(tenant),
|
||||||
|
base.getid(user),
|
||||||
|
base.getid(role))
|
||||||
|
|||||||
@@ -26,6 +26,9 @@ class User(base.Resource):
|
|||||||
def delete(self):
|
def delete(self):
|
||||||
return self.manager.delete(self)
|
return self.manager.delete(self)
|
||||||
|
|
||||||
|
def list_roles(self, tenant=None):
|
||||||
|
return self.manager.list_roles(self.id, base.getid(tenant))
|
||||||
|
|
||||||
|
|
||||||
class UserManager(base.ManagerWithFind):
|
class UserManager(base.ManagerWithFind):
|
||||||
resource_class = User
|
resource_class = User
|
||||||
@@ -114,3 +117,7 @@ class UserManager(base.ManagerWithFind):
|
|||||||
else:
|
else:
|
||||||
return self._list("/tenants/%s/users%s" % (tenant_id, query),
|
return self._list("/tenants/%s/users%s" % (tenant_id, query),
|
||||||
"users")
|
"users")
|
||||||
|
|
||||||
|
def list_roles(self, user, tenant=None):
|
||||||
|
return self.api.roles.roles_for_user(base.getid(user),
|
||||||
|
base.getid(tenant))
|
||||||
|
|||||||
@@ -4,5 +4,6 @@ httplib2
|
|||||||
mock
|
mock
|
||||||
mox
|
mox
|
||||||
nose
|
nose
|
||||||
|
pep8
|
||||||
prettytable
|
prettytable
|
||||||
simplejson
|
simplejson
|
||||||
|
|||||||
Reference in New Issue
Block a user