projects / osm / NBI.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Adding filter to ProjectTopicAuth
[osm/NBI.git] / osm_nbi / authconn_keystone.py
diff --git a/osm_nbi/authconn_keystone.py b/osm_nbi/authconn_keystone.py
index 059eae4..b0cab0c 100644 (file)
--- a/osm_nbi/authconn_keystone.py
+++ b/osm_nbi/authconn_keystone.py
@@ -1,5 +1,23 @@
 # -*- coding: utf-8 -*-
 
 # -*- coding: utf-8 -*-
 
+# Copyright 2018 Whitestack, LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# For those usages not covered by the Apache License, Version 2.0 please
+# contact: esousa@whitestack.com or glavado@whitestack.com
+##
+
 """
 AuthconnKeystone implements implements the connector for
 Openstack Keystone and leverages the RBAC model, to bring
 """
 AuthconnKeystone implements implements the connector for
 Openstack Keystone and leverages the RBAC model, to bring
@@ -142,7 +160,7 @@ class AuthconnKeystone(Authconn):
             self.logger.exception("Error during token revocation using keystone")
             raise AuthException("Error during token revocation using Keystone", http_code=HTTPStatus.UNAUTHORIZED)
 
             self.logger.exception("Error during token revocation using keystone")
             raise AuthException("Error during token revocation using Keystone", http_code=HTTPStatus.UNAUTHORIZED)
 
-    def get_project_list(self, token):
+    def get_user_project_list(self, token):
         """
         Get all the projects associated with a user.
 
         """
         Get all the projects associated with a user.
 
@@ -159,7 +177,7 @@ class AuthconnKeystone(Authconn):
             self.logger.exception("Error during user project listing using keystone")
             raise AuthException("Error during user project listing using Keystone", http_code=HTTPStatus.UNAUTHORIZED)
 
             self.logger.exception("Error during user project listing using keystone")
             raise AuthException("Error during user project listing using Keystone", http_code=HTTPStatus.UNAUTHORIZED)
 
-    def get_role_list(self, token):
+    def get_user_role_list(self, token):
         """
         Get role list for a scoped project.
 
         """
         Get role list for a scoped project.
 
@@ -185,9 +203,11 @@ class AuthconnKeystone(Authconn):
         :param user: username.
         :param password: password.
         :raises AuthconnOperationException: if user creation failed.
         :param user: username.
         :param password: password.
         :raises AuthconnOperationException: if user creation failed.
+        :return: returns the id of the user in keystone.
         """
         try:
         """
         try:
-            self.keystone.users.create(user, password=password, domain=self.user_domain_name)
+            new_user = self.keystone.users.create(user, password=password, domain=self.user_domain_name)
+            return {"username": new_user.name, "_id": new_user.id}
         except ClientException:
             self.logger.exception("Error during user creation using keystone")
             raise AuthconnOperationException("Error during user creation using Keystone")
         except ClientException:
             self.logger.exception("Error during user creation using keystone")
             raise AuthconnOperationException("Error during user creation using Keystone")
@@ -207,20 +227,90 @@ class AuthconnKeystone(Authconn):
             self.logger.exception("Error during user password update using keystone")
             raise AuthconnOperationException("Error during user password update using Keystone")
 
             self.logger.exception("Error during user password update using keystone")
             raise AuthconnOperationException("Error during user password update using Keystone")
 
-    def delete_user(self, user):
+    def delete_user(self, user_id):
         """
         Delete user.
 
         """
         Delete user.
 
-        :param user: username.
+        :param user_id: user identifier.
         :raises AuthconnOperationException: if user deletion failed.
         """
         try:
         :raises AuthconnOperationException: if user deletion failed.
         """
         try:
-            user_obj = list(filter(lambda x: x.name == user, self.keystone.users.list()))[0]
-            self.keystone.users.delete(user_obj)
+            users = self.keystone.users.list()
+            user_obj = [user for user in users if user.id == user_id][0]
+            result, _ = self.keystone.users.delete(user_obj)
+
+            if result.status_code != 204:
+                raise ClientException("User was not deleted")
+
+            return True
         except ClientException:
             self.logger.exception("Error during user deletion using keystone")
             raise AuthconnOperationException("Error during user deletion using Keystone")
 
         except ClientException:
             self.logger.exception("Error during user deletion using keystone")
             raise AuthconnOperationException("Error during user deletion using Keystone")
 
+    def get_user_list(self, filter_q={}):
+        """
+        Get user list.
+
+        :param filter_q: dictionary to filter user list.
+        :return: returns a list of users.
+        """
+        try:
+            users = self.keystone.users.list()
+            users = [{
+                "username": user.name,
+                "_id": user.id
+            } for user in users if user.name != self.admin_username]
+
+            allowed_fields = ["_id", "username"]
+            for key in filter_q.keys():
+                if key not in allowed_fields:
+                    continue
+
+                users = [user for user in users 
+                         if filter_q[key] == user[key]]
+
+            for user in users:
+                projects = self.keystone.projects.list(user=user["_id"])
+                projects = [{
+                    "name": project.name,
+                    "_id": project.id
+                } for project in projects]
+
+                for project in projects:
+                    roles = self.keystone.roles.list(user=user["_id"], project=project["_id"])
+                    roles = [{
+                        "name": role.name,
+                        "_id": role.id
+                    } for role in roles]
+                    project["roles"] = roles
+
+                user["projects"] = projects
+
+            return users
+        except ClientException:
+            self.logger.exception("Error during user listing using keystone")
+            raise AuthconnOperationException("Error during user listing using Keystone")
+
+    def get_role_list(self):
+        """
+        Get role list.
+
+        :return: returns the list of roles for the user in that project. If
+        the token is unscoped it returns None.
+        """
+        try:
+            roles_list = self.keystone.roles.list()
+
+            roles = [{
+                "name": role.name,
+                "_id": role.id
+            } for role in roles_list if role.name != "service"]
+
+            return roles
+        except ClientException:
+            self.logger.exception("Error during user role listing using keystone")
+            raise AuthException("Error during user role listing using Keystone", http_code=HTTPStatus.UNAUTHORIZED)
+
     def create_role(self, role):
         """
         Create a role.
     def create_role(self, role):
         """
         Create a role.
@@ -229,27 +319,61 @@ class AuthconnKeystone(Authconn):
         :raises AuthconnOperationException: if role creation failed.
         """
         try:
         :raises AuthconnOperationException: if role creation failed.
         """
         try:
-            self.keystone.roles.create(role)
+            result = self.keystone.roles.create(role)
+            return {"name": result.name, "_id": result.id}
         except Conflict as ex:
             self.logger.info("Duplicate entry: %s", str(ex))
         except ClientException:
             self.logger.exception("Error during role creation using keystone")
             raise AuthconnOperationException("Error during role creation using Keystone")
 
         except Conflict as ex:
             self.logger.info("Duplicate entry: %s", str(ex))
         except ClientException:
             self.logger.exception("Error during role creation using keystone")
             raise AuthconnOperationException("Error during role creation using Keystone")
 
-    def delete_role(self, role):
+    def delete_role(self, role_id):
         """
         Delete a role.
 
         """
         Delete a role.
 
-        :param role: role name.
+        :param role_id: role identifier.
         :raises AuthconnOperationException: if role deletion failed.
         """
         try:
         :raises AuthconnOperationException: if role deletion failed.
         """
         try:
-            role_obj = list(filter(lambda x: x.name == role, self.keystone.roles.list()))[0]
-            self.keystone.roles.delete(role_obj)
+            roles = self.keystone.roles.list()
+            role_obj = [role for role in roles if role.id == role_id][0]
+            result, _ = self.keystone.roles.delete(role_obj)
+
+            if result.status_code != 204:
+                raise ClientException("Role was not deleted")
+
+            return True
         except ClientException:
             self.logger.exception("Error during role deletion using keystone")
             raise AuthconnOperationException("Error during role deletion using Keystone")
 
         except ClientException:
             self.logger.exception("Error during role deletion using keystone")
             raise AuthconnOperationException("Error during role deletion using Keystone")
 
+    def get_project_list(self, filter_q={}):
+        """
+        Get all the projects.
+
+        :param filter_q: dictionary to filter project list.
+        :return: list of projects
+        """
+        try:
+            projects = self.keystone.projects.list()
+            projects = [{
+                "name": project.name,
+                "_id": project.id
+            } for project in projects if project.name != self.admin_project]
+
+            allowed_fields = ["_id", "name"]
+            for key in filter_q.keys():
+                if key not in allowed_fields:
+                    continue
+
+                projects = [project for project in projects
+                            if filter_q[key] == project[key]]
+
+            return projects
+        except ClientException:
+            self.logger.exception("Error during user project listing using keystone")
+            raise AuthException("Error during user project listing using Keystone", http_code=HTTPStatus.UNAUTHORIZED)
+
     def create_project(self, project):
         """
         Create a project.
     def create_project(self, project):
         """
         Create a project.
@@ -258,21 +382,28 @@ class AuthconnKeystone(Authconn):
         :raises AuthconnOperationException: if project creation failed.
         """
         try:
         :raises AuthconnOperationException: if project creation failed.
         """
         try:
-            self.keystone.project.create(project, self.project_domain_name)
+            result = self.keystone.projects.create(project, self.project_domain_name)
+            return {"name": result.name, "_id": result.id}
         except ClientException:
             self.logger.exception("Error during project creation using keystone")
             raise AuthconnOperationException("Error during project creation using Keystone")
 
         except ClientException:
             self.logger.exception("Error during project creation using keystone")
             raise AuthconnOperationException("Error during project creation using Keystone")
 
-    def delete_project(self, project):
+    def delete_project(self, project_id):
         """
         Delete a project.
 
         """
         Delete a project.
 
-        :param project: project name.
+        :param project_id: project identifier.
         :raises AuthconnOperationException: if project deletion failed.
         """
         try:
         :raises AuthconnOperationException: if project deletion failed.
         """
         try:
-            project_obj = list(filter(lambda x: x.name == project, self.keystone.projects.list()))[0]
-            self.keystone.project.delete(project_obj)
+            projects = self.keystone.projects.list()
+            project_obj = [project for project in projects if project.id == project_id][0]
+            result, _ = self.keystone.projects.delete(project_obj)
+
+            if result.status_code != 204:
+                raise ClientException("Project was not deleted")
+
+            return True
         except ClientException:
             self.logger.exception("Error during project deletion using keystone")
             raise AuthconnOperationException("Error during project deletion using Keystone")
         except ClientException:
             self.logger.exception("Error during project deletion using keystone")
             raise AuthconnOperationException("Error during project deletion using Keystone")