1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
# Copyright 2011 OpenStack Foundation
# Copyright 2011 Nebula, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from keystoneclient import base
class Role(base.Resource):
"""Represents a Keystone role."""
def __repr__(self):
"""Return string representation of role resource information."""
return "<Role %s>" % self._info
def delete(self):
return self.manager.delete(self)
class RoleManager(base.ManagerWithFind):
"""Manager class for manipulating Keystone roles."""
resource_class = Role
def get(self, role):
return self._get("/OS-KSADM/roles/%s" % base.getid(role), "role")
def create(self, name):
"""Create a role."""
params = {"role": {"name": name}}
return self._post('/OS-KSADM/roles', params, "role")
def delete(self, role):
"""Delete a role."""
return self._delete("/OS-KSADM/roles/%s" % base.getid(role))
def list(self):
"""List all available roles."""
return self._list("/OS-KSADM/roles", "roles")
def roles_for_user(self, user, tenant=None):
user_id = base.getid(user)
if tenant:
tenant_id = base.getid(tenant)
route = "/tenants/%s/users/%s/roles"
return self._list(route % (tenant_id, user_id), "roles")
else:
return self._list("/users/%s/roles" % user_id, "roles")
def add_user_role(self, user, role, tenant=None):
"""Add a role to a user.
If tenant is specified, the role is added just for that tenant,
otherwise the role is added globally.
"""
user_id = base.getid(user)
role_id = base.getid(role)
if tenant:
route = "/tenants/%s/users/%s/roles/OS-KSADM/%s"
params = (base.getid(tenant), user_id, role_id)
return self._update(route % params, None, "role")
else:
route = "/users/%s/roles/OS-KSADM/%s"
return self._update(route % (user_id, role_id), None, "roles")
def remove_user_role(self, user, role, tenant=None):
"""Remove a role from a user.
If tenant is specified, the role is removed just for that tenant,
otherwise the role is removed from the user's global roles.
"""
user_id = base.getid(user)
role_id = base.getid(role)
if tenant:
route = "/tenants/%s/users/%s/roles/OS-KSADM/%s"
params = (base.getid(tenant), user_id, role_id)
return self._delete(route % params)
else:
route = "/users/%s/roles/OS-KSADM/%s"
return self._delete(route % (user_id, role_id))
|
