diff options
-rw-r--r-- | .gitignore | 2 | ||||
-rw-r--r-- | keystoneclient/base.py | 6 | ||||
-rw-r--r-- | keystoneclient/v2_0/roles.py | 49 | ||||
-rwxr-xr-x | keystoneclient/v2_0/shell.py | 24 | ||||
-rw-r--r-- | keystoneclient/v2_0/tenants.py | 32 | ||||
-rw-r--r-- | keystoneclient/v2_0/users.py | 7 | ||||
-rw-r--r-- | tools/pip-requires | 1 |
7 files changed, 86 insertions, 35 deletions
@@ -1,5 +1,5 @@ .coverage -.keystoneclient-venv +.venv *,cover cover *.pyc diff --git a/keystoneclient/base.py b/keystoneclient/base.py index 7daf997..d5d3ee9 100644 --- a/keystoneclient/base.py +++ b/keystoneclient/base.py @@ -87,9 +87,11 @@ class Manager(object): def _delete(self, url): resp, body = self.api.delete(url) - def _update(self, url, body, response_key): + def _update(self, url, body, response_key=None): resp, body = self.api.put(url, body=body) - return self.resource_class(self, body[response_key]) + # PUT requests may not return a body + if body: + return self.resource_class(self, body[response_key]) class ManagerWithFind(Manager): diff --git a/keystoneclient/v2_0/roles.py b/keystoneclient/v2_0/roles.py index dc4af01..492562b 100644 --- a/keystoneclient/v2_0/roles.py +++ b/keystoneclient/v2_0/roles.py @@ -50,16 +50,43 @@ class RoleManager(base.ManagerWithFind): """ return self._list("/OS-KSADM/roles", "roles") - # FIXME(ja): finialize roles once finalized in keystone - # right now the only way to add/remove a tenant is to - # give them a role within a project - def get_user_role_refs(self, user_id): - return self._list("/users/%s/roleRefs" % user_id, "roles") + def roles_for_user(self, user, tenant=None): + user_id = base.getid(user) + if tenant: + tenant_id = base.getid(tenant) + route = "/tenants/%s/users/%s/roles" + return self._list(route % (tenant_id, user_id), "roles") + else: + return self._list("/users/%s/roles" % user_id, "roles") - def add_user_to_tenant(self, tenant_id, user_id, role_id): - params = {"role": {"tenantId": tenant_id, "roleId": role_id}} - return self._create("/users/%s/roleRefs" % user_id, params, "role") + def add_user_role(self, user, role, tenant=None): + """ Adds a role to a user. - def remove_user_from_tenant(self, tenant_id, user_id, role_id): - params = {"role": {"tenantId": tenant_id, "roleId": role_id}} - return self._delete("/users/%s/roleRefs/%s" % (user_id, role_id)) + If tenant is specified, the role is added just for that tenant, + otherwise the role is added globally. + """ + user_id = base.getid(user) + role_id = base.getid(role) + if tenant: + route = "/tenants/%s/users/%s/roles/OS-KSADM/%s" + params = (base.getid(tenant), user_id, role_id) + return self._update(route % params, None, "role") + else: + route = "/users/%s/roles/OS-KSADM/%s" + return self._update(route % (user_id, role_id), None, "roles") + + def remove_user_role(self, user, role, tenant=None): + """ Removes a role from a user. + + If tenant is specified, the role is removed just for that tenant, + otherwise the role is removed from the user's global roles. + """ + user_id = base.getid(user) + role_id = base.getid(role) + if tenant: + route = "/tenants/%s/users/%s/roles/OS-KSADM/%s" + params = (base.getid(tenant), user_id, role_id) + return self._delete(route % params) + else: + route = "/users/%s/roles/OS-KSADM/%s" + return self._delete(route % (user_id, role_id), "roles") diff --git a/keystoneclient/v2_0/shell.py b/keystoneclient/v2_0/shell.py index e84681a..505a6ef 100755 --- a/keystoneclient/v2_0/shell.py +++ b/keystoneclient/v2_0/shell.py @@ -202,32 +202,20 @@ def do_role_delete(kc, args): print 'Unable to delete role.' -@utils.arg('id', metavar='<user_id>', help='ID of User', nargs='?') -def do_user_roles(kc, args): - roles = kc.roles.get_user_role_refs(args.id) - for role in roles: - try: - role.tenant = kc.tenants.get(role.tenantId).name - except Exception, e: - role.tenant = 'n/a' - role.name = kc.roles.get(role.roleId).name - utils.print_list(roles, ['tenant', 'name']) - - # TODO(jakedahn): refactor this to allow role, user, and tenant names. -@utils.arg('tenant_id', metavar='<tenant_id>', help='ID of Tenant', nargs='?') @utils.arg('user_id', metavar='<user_id>', help='ID of User', nargs='?') @utils.arg('role_id', metavar='<role_id>', help='ID of Role', nargs='?') -def do_user_add_tenant_role(kc, args): - kc.roles.add_user_to_tenant(args.tenant_id, args.user_id, args.role_id) +@utils.arg('tenant_id', metavar='<tenant_id>', help='ID of Tenant', nargs='?') +def do_add_user_role(kc, args): + kc.roles.add_user_role(args.user_id, args.role_id, args.tenant_id) # TODO(jakedahn): refactor this to allow role, user, and tenant names. -@utils.arg('tenant_id', metavar='<tenant_id>', help='ID of Tenant', nargs='?') @utils.arg('user_id', metavar='<user_id>', help='ID of User', nargs='?') @utils.arg('role_id', metavar='<role_id>', help='ID of Role', nargs='?') -def do_user_remove_tenant_role(kc, args): - kc.roles.remove_user_to_tenant(args.tenant_id, args.user_id, args.role_id) +@utils.arg('tenant_id', metavar='<tenant_id>', help='ID of Tenant', nargs='?') +def do_remove_user_role(kc, args): + kc.roles.remove_user_role(args.user_id, args.role_id, args.tenant_id) @utils.arg('tenant_id', metavar='<tenant_id>', help='ID of Tenant', nargs='?') diff --git a/keystoneclient/v2_0/tenants.py b/keystoneclient/v2_0/tenants.py index 9b0c9f2..5723fb9 100644 --- a/keystoneclient/v2_0/tenants.py +++ b/keystoneclient/v2_0/tenants.py @@ -30,8 +30,18 @@ class Tenant(base.Resource): # FIXME(ja): set the attributes in this object if successful return self.manager.update(self.id, description, enabled) - def add_user(self, user): - return self.manager.add_user_to_tenant(self.id, base.getid(user)) + def add_user(self, user, role): + return self.manager.api.roles.add_user_to_tenant(self.id, + base.getid(user), + base.getid(role)) + + def remove_user(self, user, role): + return self.manager.api.roles.remove_user_from_tenant(self.id, + base.getid(user), + base.getid(role)) + + def list_users(self): + return self.manager.list_users(self.id) class TenantManager(base.ManagerWithFind): @@ -71,7 +81,7 @@ class TenantManager(base.ManagerWithFind): def update(self, tenant_id, tenant_name=None, description=None, enabled=None): """ - update a tenant with a new name and description + Update a tenant with a new name and description. """ body = {"tenant": {'id': tenant_id}} if tenant_name is not None: @@ -88,3 +98,19 @@ class TenantManager(base.ManagerWithFind): Delete a tenant. """ return self._delete("/tenants/%s" % (base.getid(tenant))) + + def list_users(self, tenant): + """ List users for a tenant. """ + return self.api.users.list(base.getid(tenant)) + + def add_user(self, tenant, user, role): + """ Add a user to a tenant with the given role. """ + return self.api.roles.add_user_to_tenant(base.getid(tenant), + base.getid(user), + base.getid(role)) + + def remove_user(self, tenant, user, role): + """ Remove the specified role from the user on the tenant. """ + return self.api.roles.remove_user_from_tenant(base.getid(tenant), + base.getid(user), + base.getid(role)) diff --git a/keystoneclient/v2_0/users.py b/keystoneclient/v2_0/users.py index ec97d94..4003db3 100644 --- a/keystoneclient/v2_0/users.py +++ b/keystoneclient/v2_0/users.py @@ -26,6 +26,9 @@ class User(base.Resource): def delete(self): return self.manager.delete(self) + def list_roles(self, tenant=None): + return self.manager.list_roles(self.id, base.getid(tenant)) + class UserManager(base.ManagerWithFind): resource_class = User @@ -114,3 +117,7 @@ class UserManager(base.ManagerWithFind): else: return self._list("/tenants/%s/users%s" % (tenant_id, query), "users") + + def list_roles(self, user, tenant=None): + return self.api.roles.roles_for_user(base.getid(user), + base.getid(tenant)) diff --git a/tools/pip-requires b/tools/pip-requires index 53c2768..5132a34 100644 --- a/tools/pip-requires +++ b/tools/pip-requires @@ -4,5 +4,6 @@ httplib2 mock mox nose +pep8 prettytable simplejson |