Updates client to work with keystone essex roles API routes.

Also adds pep8 to requirements since it was missing, and adds the automatically-created venv to the gitignore list. Change-Id: Iafa05c1889d7706b79d0f9392a9ac24f2f5a1719
2012-01-28 18:35:46 -08:00
parent d29168fa3f
commit 2914c2b1d1
7 changed files with 88 additions and 37 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,5 @@
 .coverage
-.keystoneclient-venv
+.venv
 *,cover
 cover
 *.pyc
--- a/keystoneclient/base.py
+++ b/keystoneclient/base.py
@@ -87,9 +87,11 @@ class Manager(object):
    def _delete(self, url):
        resp, body = self.api.delete(url)

-    def _update(self, url, body, response_key):
+    def _update(self, url, body, response_key=None):
        resp, body = self.api.put(url, body=body)
-        return self.resource_class(self, body[response_key])
+        # PUT requests may not return a body
+        if body:
+            return self.resource_class(self, body[response_key])


 class ManagerWithFind(Manager):
--- a/keystoneclient/v2_0/roles.py
+++ b/keystoneclient/v2_0/roles.py
@@ -50,16 +50,43 @@ class RoleManager(base.ManagerWithFind):
        """
        return self._list("/OS-KSADM/roles", "roles")

-    # FIXME(ja): finialize roles once finalized in keystone
-    #            right now the only way to add/remove a tenant is to
-    #            give them a role within a project
-    def get_user_role_refs(self, user_id):
-        return self._list("/users/%s/roleRefs" % user_id, "roles")
+    def roles_for_user(self, user, tenant=None):
+        user_id = base.getid(user)
+        if tenant:
+            tenant_id = base.getid(tenant)
+            route = "/tenants/%s/users/%s/roles"
+            return self._list(route % (tenant_id, user_id), "roles")
+        else:
+            return self._list("/users/%s/roles" % user_id, "roles")

-    def add_user_to_tenant(self, tenant_id, user_id, role_id):
-        params = {"role": {"tenantId": tenant_id, "roleId": role_id}}
-        return self._create("/users/%s/roleRefs" % user_id, params, "role")
+    def add_user_role(self, user, role, tenant=None):
+        """ Adds a role to a user.

-    def remove_user_from_tenant(self, tenant_id, user_id, role_id):
-        params = {"role": {"tenantId": tenant_id, "roleId": role_id}}
-        return self._delete("/users/%s/roleRefs/%s" % (user_id, role_id))
+        If tenant is specified, the role is added just for that tenant,
+        otherwise the role is added globally.
+        """
+        user_id = base.getid(user)
+        role_id = base.getid(role)
+        if tenant:
+            route = "/tenants/%s/users/%s/roles/OS-KSADM/%s"
+            params = (base.getid(tenant), user_id, role_id)
+            return self._update(route % params, None, "role")
+        else:
+            route = "/users/%s/roles/OS-KSADM/%s"
+            return self._update(route % (user_id, role_id), None, "roles")
+
+    def remove_user_role(self, user, role, tenant=None):
+        """ Removes a role from a user.
+
+        If tenant is specified, the role is removed just for that tenant,
+        otherwise the role is removed from the user's global roles.
+        """
+        user_id = base.getid(user)
+        role_id = base.getid(role)
+        if tenant:
+            route = "/tenants/%s/users/%s/roles/OS-KSADM/%s"
+            params = (base.getid(tenant), user_id, role_id)
+            return self._delete(route % params)
+        else:
+            route = "/users/%s/roles/OS-KSADM/%s"
+            return self._delete(route % (user_id, role_id), "roles")
--- a/keystoneclient/v2_0/shell.py
+++ b/keystoneclient/v2_0/shell.py
@@ -202,32 +202,20 @@ def do_role_delete(kc, args):
        print 'Unable to delete role.'


-@utils.arg('id', metavar='<user_id>', help='ID of User', nargs='?')
-def do_user_roles(kc, args):
-    roles = kc.roles.get_user_role_refs(args.id)
-    for role in roles:
-        try:
-            role.tenant = kc.tenants.get(role.tenantId).name
-        except Exception, e:
-            role.tenant = 'n/a'
-        role.name = kc.roles.get(role.roleId).name
-    utils.print_list(roles, ['tenant', 'name'])
+# TODO(jakedahn): refactor this to allow role, user, and tenant names.
+@utils.arg('user_id', metavar='<user_id>', help='ID of User', nargs='?')
+@utils.arg('role_id', metavar='<role_id>', help='ID of Role', nargs='?')
+@utils.arg('tenant_id', metavar='<tenant_id>', help='ID of Tenant', nargs='?')
+def do_add_user_role(kc, args):
+    kc.roles.add_user_role(args.user_id, args.role_id, args.tenant_id)


 # TODO(jakedahn): refactor this to allow role, user, and tenant names.
-@utils.arg('tenant_id', metavar='<tenant_id>', help='ID of Tenant', nargs='?')
@utils.arg('user_id', metavar='<user_id>', help='ID of User', nargs='?')
@utils.arg('role_id', metavar='<role_id>', help='ID of Role', nargs='?')
-def do_user_add_tenant_role(kc, args):
-    kc.roles.add_user_to_tenant(args.tenant_id, args.user_id, args.role_id)
-
-
-# TODO(jakedahn): refactor this to allow role, user, and tenant names.
@utils.arg('tenant_id', metavar='<tenant_id>', help='ID of Tenant', nargs='?')
-@utils.arg('user_id', metavar='<user_id>', help='ID of User', nargs='?')
-@utils.arg('role_id', metavar='<role_id>', help='ID of Role', nargs='?')
-def do_user_remove_tenant_role(kc, args):
-    kc.roles.remove_user_to_tenant(args.tenant_id, args.user_id, args.role_id)
+def do_remove_user_role(kc, args):
+    kc.roles.remove_user_role(args.user_id, args.role_id, args.tenant_id)


@utils.arg('tenant_id', metavar='<tenant_id>', help='ID of Tenant', nargs='?')
--- a/keystoneclient/v2_0/tenants.py
+++ b/keystoneclient/v2_0/tenants.py
@@ -30,8 +30,18 @@ class Tenant(base.Resource):
        # FIXME(ja): set the attributes in this object if successful
        return self.manager.update(self.id, description, enabled)

-    def add_user(self, user):
-        return self.manager.add_user_to_tenant(self.id, base.getid(user))
+    def add_user(self, user, role):
+        return self.manager.api.roles.add_user_to_tenant(self.id,
+                                                         base.getid(user),
+                                                         base.getid(role))
+
+    def remove_user(self, user, role):
+        return self.manager.api.roles.remove_user_from_tenant(self.id,
+                                                              base.getid(user),
+                                                              base.getid(role))
+
+    def list_users(self):
+        return self.manager.list_users(self.id)


 class TenantManager(base.ManagerWithFind):
@@ -71,7 +81,7 @@ class TenantManager(base.ManagerWithFind):
    def update(self, tenant_id, tenant_name=None, description=None,
               enabled=None):
        """
-        update a tenant with a new name and description
+        Update a tenant with a new name and description.
        """
        body = {"tenant": {'id': tenant_id}}
        if tenant_name is not None:
@@ -88,3 +98,19 @@ class TenantManager(base.ManagerWithFind):
        Delete a tenant.
        """
        return self._delete("/tenants/%s" % (base.getid(tenant)))
+
+    def list_users(self, tenant):
+        """ List users for a tenant. """
+        return self.api.users.list(base.getid(tenant))
+
+    def add_user(self, tenant, user, role):
+        """ Add a user to a tenant with the given role. """
+        return self.api.roles.add_user_to_tenant(base.getid(tenant),
+                                                 base.getid(user),
+                                                 base.getid(role))
+
+    def remove_user(self, tenant, user, role):
+        """ Remove the specified role from the user on the tenant. """
+        return self.api.roles.remove_user_from_tenant(base.getid(tenant),
+                                                      base.getid(user),
+                                                      base.getid(role))
--- a/keystoneclient/v2_0/users.py
+++ b/keystoneclient/v2_0/users.py
@@ -26,6 +26,9 @@ class User(base.Resource):
    def delete(self):
        return self.manager.delete(self)

+    def list_roles(self, tenant=None):
+        return self.manager.list_roles(self.id, base.getid(tenant))
+

 class UserManager(base.ManagerWithFind):
    resource_class = User
@@ -114,3 +117,7 @@ class UserManager(base.ManagerWithFind):
        else:
            return self._list("/tenants/%s/users%s" % (tenant_id, query),
                              "users")
+
+    def list_roles(self, user, tenant=None):
+        return self.api.roles.roles_for_user(base.getid(user),
+                                             base.getid(tenant))
--- a/tools/pip-requires
+++ b/tools/pip-requires
@@ -4,5 +4,6 @@ httplib2
 mock
 mox
 nose
+pep8
 prettytable
 simplejson