Wired up admin api for user roles

2010-08-10 18:46:49 -07:00
parent 27b1508e6b
commit ec5c25ea86
2 changed files with 48 additions and 1 deletions
--- a/nova/adminclient.py
+++ b/nova/adminclient.py
@@ -57,6 +57,28 @@ class UserInfo(object):
        elif name == 'secretkey':
            self.secretkey = str(value)

+class UserRole(object):
+    """
+    Information about a Nova user's role, as parsed through SAX.
+    Fields include:
+        role
+    """
+    def __init__(self, connection=None):
+        self.connection = connection
+        self.role = None
+    
+    def __repr__(self):
+        return 'UserRole:%s' % self.role
+
+    def startElement(self, name, attrs, connection):
+        return None
+        
+    def endElement(self, name, value, connection):
+        if name == 'role':
+            self.role = value
+        else:
+            setattr(self, name, str(value))
+
 class ProjectInfo(object):
    """
    Information about a Nova project, as parsed through SAX
@@ -114,7 +136,6 @@ class ProjectMember(object):
        else:
            setattr(self, name, str(value))
            
-
 class HostInfo(object):
    """
    Information about a Nova Host, as parsed through SAX:
@@ -196,6 +217,19 @@ class NovaAdminClient(object):
        """ deletes a user """
        return self.apiconn.get_object('DeregisterUser', {'Name': username}, UserInfo)

+    def get_user_roles(self, user, project=None):
+        """
+        Returns a list of roles for the given user.
+        Omitting project will return any global roles that the user has.
+        Specifying project will return only project specific roles.
+        """
+        params = {'User':user}
+        if project:
+            params['Project'] = project
+        return self.apiconn.get_list('DescribeUserRoles',
+                                     params,
+                                     [('item', UserRole)])
+
    def add_user_role(self, user, role, project=None):
        """
        Add a role to a user either globally or for a specific project.
--- a/nova/endpoint/admin.py
+++ b/nova/endpoint/admin.py
@@ -102,6 +102,19 @@ class AdminController(object):

        return True

+    @admin_only
+    def describe_roles(self, context, project_roles=True, **kwargs):
+        """Returns a list of allowed roles."""
+        return manager.AuthManager().get_roles(project_roles)
+
+    @admin_only
+    def describe_user_roles(self, context, user, project=None, **kwargs):
+        """Returns a list of roles for the given user.
+           Omitting project will return any global roles that the user has.
+           Specifying project will return only project specific roles.
+        """
+        return manager.AuthManager().get_user_roles(user, project=project)
+
    @admin_only
    def modify_user_role(self, context, user, role, project=None,
                         operation='add', **kwargs):