openstack/python-keystoneclient
Code Issues Proposed changes
Files
1cbda90717f07cb5197224ee389efa7817f9388c
python-keystoneclient/keystoneclient/v2_0/tenants.py
Joe Heck f1cc3cfc42 removing repeat attempt at authorization in client 
blueprint solidify-python-api

* extended and updated documentation strings
* updated README.rst with latest options
* made debug a pass-through value, optionally set on client (instead of
  just being pulled from environment variable)
* adding AccessInfo object and associated tests
  (access.AccessInfo meant to be a cacheable object external to client
  and ultimately to replace service_catalog and it's existing functionality)
* extending authtoken to support lists of endpoints
* maintaining a single entity for client.management_url with first from
  list of possible endpoints
* create project_name and project_id synonyms to match tenant_name and
  tenant_id
* replacing authenticate call to a pure method, not overloading the
  resource/manager path that confuses base URL concepts.
* throw AuthorizationFailure if client attempts to access keystone
  resources before it has a management url
* special case listing tenant using auth_url for unscoped tokens authorized
  through client
* special case listing tokens.authenticate for Dashboard to allow unscoped
  tokens to hand back parity information to dashboard

Change-Id: I4bb3a1b6a5ce2c4b3fbcebeb59116286cac8b2e3
2012-11-09 00:02:41 +00:00

157 lines
5.3 KiB
Python
Raw Blame History

# Copyright 2011 OpenStack LLC.
# Copyright 2011 Nebula, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import urllib
from keystoneclient import base
class Tenant(base.Resource):
"""Represents a Keystone tenant
Attributes:
* id: a uuid that identifies the tenant
* name: tenant name
* description: tenant description
* enabled: boolean to indicate if tenant is enabled
"""
def __repr__(self):
return "<Tenant %s>" % self._info
def delete(self):
return self.manager.delete(self)
def update(self, name=None, description=None, enabled=None):
# Preserve the existing settings; keystone legacy resets these?
new_name = name if name else self.name
if description is not None:
new_description = description
else:
new_description = self.description
new_enabled = enabled if enabled is not None else self.enabled
try:
retval = self.manager.update(self.id, tenant_name=new_name,
description=new_description,
enabled=new_enabled)
self = retval
except Exception:
retval = None
return retval
def add_user(self, user, role):
return self.manager.api.roles.add_user_role(base.getid(user),
base.getid(role),
self.id)
def remove_user(self, user, role):
return self.manager.api.roles.remove_user_role(base.getid(user),
base.getid(role),
self.id)
def list_users(self):
return self.manager.list_users(self.id)
class TenantManager(base.ManagerWithFind):
"""Manager class for manipulating Keystone tenants"""
resource_class = Tenant
def get(self, tenant_id):
return self._get("/tenants/%s" % tenant_id, "tenant")
def create(self, tenant_name, description=None, enabled=True):
"""
Create a new tenant.
"""
params = {"tenant": {"name": tenant_name,
"description": description,
"enabled": enabled}}
return self._create('/tenants', params, "tenant")
def list(self, limit=None, marker=None):
"""
Get a list of tenants.
:param integer limit: maximum number to return. (optional)
:param string marker: use when specifying a limit and making
multiple calls for querying. (optional)
:rtype: list of :class:`Tenant`
"""
params = {}
if limit:
params['limit'] = limit
if marker:
params['marker'] = marker
query = ""
if params:
query = "?" + urllib.urlencode(params)
reset = 0
if self.api.management_url is None:
# special casing to allow tenant lists on the auth_url
# for unscoped tokens
reset = 1
self.api.management_url = self.api.auth_url
tenant_list = self._list("/tenants%s" % query, "tenants")
if reset:
self.api.management_url = None
return tenant_list
def update(self, tenant_id, tenant_name=None, description=None,
enabled=None):
"""
Update a tenant with a new name and description.
"""
body = {"tenant": {'id': tenant_id}}
if tenant_name is not None:
body['tenant']['name'] = tenant_name
if enabled is not None:
body['tenant']['enabled'] = enabled
if description is not None:
body['tenant']['description'] = description
# Keystone's API uses a POST rather than a PUT here.
return self._create("/tenants/%s" % tenant_id, body, "tenant")
def delete(self, tenant):
"""
Delete a tenant.
"""
return self._delete("/tenants/%s" % (base.getid(tenant)))
def list_users(self, tenant):
""" List users for a tenant. """
return self.api.users.list(base.getid(tenant))
def add_user(self, tenant, user, role):
""" Add a user to a tenant with the given role. """
return self.api.roles.add_user_role(base.getid(user),
base.getid(role),
base.getid(tenant))
def remove_user(self, tenant, user, role):
""" Remove the specified role from the user on the tenant. """
return self.api.roles.remove_user_role(base.getid(user),
base.getid(role),
base.getid(tenant))
View Git Blame Copy Permalink