From: Eduardo Sousa Date: Tue, 4 Jun 2019 07:10:32 +0000 (+0100) Subject: Fix bug 726 X-Git-Tag: v6.0.0~17 X-Git-Url: https://osm.etsi.org/gitweb/?a=commitdiff_plain;h=refs%2Fchanges%2F01%2F7601%2F4;p=osm%2FNBI.git Fix bug 726 Change-Id: I3a8c6e83cf85b6f27a4b649f8af2a4fe89e3494b Signed-off-by: Eduardo Sousa --- diff --git a/osm_nbi/admin_topics.py b/osm_nbi/admin_topics.py index ffe24fb..b0dc087 100644 --- a/osm_nbi/admin_topics.py +++ b/osm_nbi/admin_topics.py @@ -471,15 +471,15 @@ class UserTopicAuth(UserTopic): @staticmethod def format_on_show(content): """ - Modifies the content of the role information to separate the role + Modifies the content of the role information to separate the role metadata from the role definition. """ project_role_mappings = [] for project in content["projects"]: for role in project["roles"]: - project_role_mappings.append({"project": project, "role": role}) - + project_role_mappings.append({"project": project["_id"], "role": role["_id"]}) + del content["projects"] content["project_role_mappings"] = project_role_mappings @@ -506,7 +506,11 @@ class UserTopicAuth(UserTopic): content = self._validate_input_new(content, session["force"]) self.check_conflict_on_new(session, content) self.format_on_new(content, session["project_id"], make_public=session["public"]) - _id = self.auth.create_user(content["username"], content["password"]) + _id = self.auth.create_user(content["username"], content["password"])["_id"] + + for mapping in content["project_role_mappings"]: + self.auth.assign_role_to_user(_id, mapping["project"], mapping["role"]) + rollback.append({"topic": self.topic, "_id": _id}) del content["password"] # self._send_msg("create", content) @@ -561,20 +565,20 @@ class UserTopicAuth(UserTopic): user = self.show(session, _id) original_mapping = user["project_role_mappings"] edit_mapping = content["project_role_mappings"] - - mappings_to_remove = [mapping for mapping in original_mapping + + mappings_to_remove = [mapping for mapping in original_mapping if mapping not in edit_mapping] - + mappings_to_add = [mapping for mapping in edit_mapping if mapping not in original_mapping] - + for mapping in mappings_to_remove: self.auth.remove_role_from_user( - user["name"], + user["name"], mapping["project"], mapping["role"] ) - + for mapping in mappings_to_add: self.auth.assign_role_to_user( user["name"], @@ -620,8 +624,8 @@ class UserTopicAuth(UserTopic): class ProjectTopicAuth(ProjectTopic): # topic = "projects" # topic_msg = "projects" - # schema_new = project_new_schema - # schema_edit = project_edit_schema + schema_new = project_new_schema + schema_edit = project_edit_schema def __init__(self, db, fs, msg, auth): ProjectTopic.__init__(self, db, fs, msg) diff --git a/osm_nbi/authconn_keystone.py b/osm_nbi/authconn_keystone.py index 7f59270..f819d3f 100644 --- a/osm_nbi/authconn_keystone.py +++ b/osm_nbi/authconn_keystone.py @@ -23,7 +23,7 @@ AuthconnKeystone implements implements the connector for Openstack Keystone and leverages the RBAC model, to bring it for OSM. """ -import time + __author__ = "Eduardo Sousa " __date__ = "$27-jul-2018 23:59:59$" @@ -32,12 +32,14 @@ from authconn import Authconn, AuthException, AuthconnOperationException import logging import requests +import time from keystoneauth1 import session from keystoneauth1.identity import v3 from keystoneauth1.exceptions.base import ClientException from keystoneauth1.exceptions.http import Conflict from keystoneclient.v3 import client from http import HTTPStatus +from validation import is_valid_uuid class AuthconnKeystone(Authconn): @@ -420,9 +422,20 @@ class AuthconnKeystone(Authconn): :raises AuthconnOperationException: if role assignment failed. """ try: - user_obj = list(filter(lambda x: x.name == user, self.keystone.users.list()))[0] - project_obj = list(filter(lambda x: x.name == project, self.keystone.projects.list()))[0] - role_obj = list(filter(lambda x: x.name == role, self.keystone.roles.list()))[0] + if is_valid_uuid(user): + user_obj = self.keystone.users.get(user) + else: + user_obj = self.keystone.users.list(name=user)[0] + + if is_valid_uuid(project): + project_obj = self.keystone.projects.get(project) + else: + project_obj = self.keystone.projects.list(name=project)[0] + + if is_valid_uuid(role): + role_obj = self.keystone.roles.get(role) + else: + role_obj = self.keystone.roles.list(name=role)[0] self.keystone.roles.grant(role_obj, user=user_obj, project=project_obj) except ClientException: