x/python-ganttclient
Code Issues Proposed changes

Began wiring up rbac admin api

Browse Source
This commit is contained in:
Devin Carlen
2010-07-27 00:11:18 +00:00
parent 06b0edee55
commit 5538ce5cbf
2 changed files with 173 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

102
nova/adminclient.py
View File

@@ -56,6 +56,29 @@ class UserInfo(object):
elif name == 'secretkey':
self.secretkey = str(value)
class ProjectInfo(object):
"""
Information about a Nova project, as parsed through SAX
fields include:
projectname
description
member_ids
"""
def __init__(self, connection=None, projectname=None, endpoint=None):
self.connection = connection
self.projectname = projectname
self.endpoint = endpoint
def __repr__(self):
return 'ProjectInfo:%s' % self.projectname
def startElement(self, name, attrs, connection):
return None
def endElement(self, name, value, connection):
setattr(self, name, str(value))
class HostInfo(object):
"""
Information about a Nova Host, as parsed through SAX:
@@ -137,6 +160,85 @@ class NovaAdminClient(object):
""" deletes a user """
return self.apiconn.get_object('DeregisterUser', {'Name': username}, UserInfo)
def add_user_role(self, user, role, project=None):
"""
Add a role to a user either globally or for a specific project.
"""
return self.modify_user_role(user, role, project=project,
operation='add')
def remove_user_role(self, user, role, project=None):
"""
Remove a role from a user either globally or for a specific project.
"""
return self.modify_user_role(user, role, project=project,
operation='remove')
def modify_user_role(self, user, role, project=None, operation='add',
**kwargs):
"""
Add or remove a role for a user and project.
"""
params = {
'User': user,
'Role': role,
'Project': project,
'Operation': operation
}
return self.apiconn.get_status('ModifyUserRole', params)
def get_projects(self):
"""
Returns a list of all projects.
"""
return self.apiconn.get_list('DescribeProjects', {},
[('item', ProjectInfo)])
def get_project(self, name):
"""
Returns a single project with the specified name.
"""
project = self.apiconn.get_object('DescribeProject',
{'Name': name},
ProjectInfo)
if project.projectname != None:
return project
def create_project(self, projectname, manager_user, description=None,
member_users=None):
"""
Creates a new project.
"""
params = {
'Name': projectname,
'ManagerUser': manager_user,
'Description': description,
'MemberUsers': member_users
}
return self.apiconn.get_object('RegisterProject', params, ProjectInfo)
def delete_project(self, projectname):
"""
Permanently deletes the specified project.
"""
return self.apiconn.get_object('DeregisterProject',
{'Name': projectname},
ProjectInfo)
def modify_project_user(self, user, project, operation='add',
**kwargs):
"""
Adds or removes a user from a project.
"""
params = {
'User': user,
'Project': project,
'Operation': operation
}
return self.apiconn.get_status('ModifyProjectUser', params)
def get_zip(self, username):
""" returns the content of a zip file containing novarc and access credentials. """
return self.apiconn.get_object('GenerateX509ForUser', {'Name': username}, UserInfo).file

71
nova/endpoint/admin.py
View File

@@ -37,6 +37,17 @@ def user_dict(user, base64_file=None):
else:
return {}
def project_dict(project):
"""Convert the project object to a result dict"""
if project:
return {
'projectname': project.id,
'description': project.description,
'member_ids': project.member_ids
}
else:
return {}
def host_dict(host):
"""Convert a host model object to a result dict"""
if host:
@@ -92,6 +103,22 @@ class AdminController(object):
return True
@admin_only
def modify_user_role(self, context, user, role, project=None,
operation='add', **kwargs):
"""
Add or remove a role for a user and project.
"""
if operation == 'add':
manager.AuthManager().add_role(user, role, project)
elif operation == 'remove':
manager.AuthManager().remove_role(user, role, project)
else:
raise exception.ApiError('operation must be add or remove')
return True
@admin_only
def generate_x509_for_user(self, _context, name, project=None, **kwargs):
"""Generates and returns an x509 certificate for a single user.
@@ -104,6 +131,50 @@ class AdminController(object):
user = manager.AuthManager().get_user(name)
return user_dict(user, base64.b64encode(project.get_credentials(user)))
@admin_only
def describe_project(self, context, name, **kwargs):
"""Returns project data, including member ids."""
return project_dict(manager.AuthManager().get_project(name))
@admin_only
def describe_projects(self, context, **kwargs):
"""Returns all projects - should be changed to deal with a list."""
return {'projectSet':
[project_dict(u) for u in
manager.AuthManager().get_projects()]}
@admin_only
def register_project(self, context, name, manager_user, description=None,
member_users=None, **kwargs):
"""Creates a new project"""
return project_dict(
manager.AuthManager().create_project(
name,
manager_user,
description=None,
member_users=None
)
)
@admin_only
def deregister_project(self, context, name):
"""Permanently deletes a project."""
manager.AuthManager().delete_project(name)
return True
@admin_only
def modify_project_user(self, context, user, project, operation, **kwargs):
"""
Add or remove a user from a project.
"""
if operation =='add':
manager.AuthManager().add_to_project(user, project)
elif operation == 'remove':
manager.AuthManager().remove_from_project(user, project)
else:
raise exception.ApiError('operation must be add or remove')
@admin_only
def describe_hosts(self, _context, **_kwargs):
"""Returns status info for all nodes. Includes: