Fix bug 731

[osm/NBI.git] / osm_nbi / authconn_keystone.py
diff --git a/osm_nbi/authconn_keystone.py b/osm_nbi/authconn_keystone.py

index 54442c8..f819d3f 100644 (file)
--- a/osm_nbi/authconn_keystone.py
+++ b/osm_nbi/authconn_keystone.py
@@ -23,7 +23,7 @@ AuthconnKeystone implements implements the connector for
  Openstack Keystone and leverages the RBAC model, to bring
  it for OSM.
  """
  Openstack Keystone and leverages the RBAC model, to bring
  it for OSM.
  """
-import time
+
  
  __author__ = "Eduardo Sousa <esousa@whitestack.com>"
  __date__ = "$27-jul-2018 23:59:59$"
  
  __author__ = "Eduardo Sousa <esousa@whitestack.com>"
  __date__ = "$27-jul-2018 23:59:59$"
@@ -32,12 +32,14 @@ from authconn import Authconn, AuthException, AuthconnOperationException
  
  import logging
  import requests
  
  import logging
  import requests
+import time
  from keystoneauth1 import session
  from keystoneauth1.identity import v3
  from keystoneauth1.exceptions.base import ClientException
  from keystoneauth1.exceptions.http import Conflict
  from keystoneclient.v3 import client
  from http import HTTPStatus
  from keystoneauth1 import session
  from keystoneauth1.identity import v3
  from keystoneauth1.exceptions.base import ClientException
  from keystoneauth1.exceptions.http import Conflict
  from keystoneclient.v3 import client
  from http import HTTPStatus
+from validation import is_valid_uuid
  
  
  class AuthconnKeystone(Authconn):
  
  
  class AuthconnKeystone(Authconn):
@@ -247,31 +249,43 @@ class AuthconnKeystone(Authconn):
              self.logger.exception("Error during user deletion using keystone")
              raise AuthconnOperationException("Error during user deletion using Keystone")
  
              self.logger.exception("Error during user deletion using keystone")
              raise AuthconnOperationException("Error during user deletion using Keystone")
  
-    def get_user_list(self):
+    def get_user_list(self, filter_q={}):
          """
          Get user list.
  
          """
          Get user list.
  
+        :param filter_q: dictionary to filter user list.
          :return: returns a list of users.
          """
          try:
              users = self.keystone.users.list()
              users = [{
                  "username": user.name,
          :return: returns a list of users.
          """
          try:
              users = self.keystone.users.list()
              users = [{
                  "username": user.name,
-                "_id": user.id
+                "_id": user.id,
+                "id": user.id
              } for user in users if user.name != self.admin_username]
  
              } for user in users if user.name != self.admin_username]
  
+            allowed_fields = ["_id", "id", "username"]
+            for key in filter_q.keys():
+                if key not in allowed_fields:
+                    continue
+
+                users = [user for user in users 
+                         if filter_q[key] == user[key]]
+
              for user in users:
                  projects = self.keystone.projects.list(user=user["_id"])
                  projects = [{
                      "name": project.name,
              for user in users:
                  projects = self.keystone.projects.list(user=user["_id"])
                  projects = [{
                      "name": project.name,
-                    "_id": project.id
+                    "_id": project.id,
+                    "id": project.id
                  } for project in projects]
  
                  for project in projects:
                      roles = self.keystone.roles.list(user=user["_id"], project=project["_id"])
                      roles = [{
                          "name": role.name,
                  } for project in projects]
  
                  for project in projects:
                      roles = self.keystone.roles.list(user=user["_id"], project=project["_id"])
                      roles = [{
                          "name": role.name,
-                        "_id": role.id
+                        "_id": role.id,
+                        "id": role.id
                      } for role in roles]
                      project["roles"] = roles
  
                      } for role in roles]
                      project["roles"] = roles
  
@@ -286,8 +300,7 @@ class AuthconnKeystone(Authconn):
          """
          Get role list.
  
          """
          Get role list.
  
-        :return: returns the list of roles for the user in that project. If
-        the token is unscoped it returns None.
+        :return: returns the list of roles.
          """
          try:
              roles_list = self.keystone.roles.list()
          """
          try:
              roles_list = self.keystone.roles.list()
@@ -338,10 +351,11 @@ class AuthconnKeystone(Authconn):
              self.logger.exception("Error during role deletion using keystone")
              raise AuthconnOperationException("Error during role deletion using Keystone")
  
              self.logger.exception("Error during role deletion using keystone")
              raise AuthconnOperationException("Error during role deletion using Keystone")
  
-    def get_project_list(self):
+    def get_project_list(self, filter_q={}):
          """
          Get all the projects.
  
          """
          Get all the projects.
  
+        :param filter_q: dictionary to filter project list.
          :return: list of projects
          """
          try:
          :return: list of projects
          """
          try:
@@ -351,6 +365,14 @@ class AuthconnKeystone(Authconn):
                  "_id": project.id
              } for project in projects if project.name != self.admin_project]
  
                  "_id": project.id
              } for project in projects if project.name != self.admin_project]
  
+            allowed_fields = ["_id", "name"]
+            for key in filter_q.keys():
+                if key not in allowed_fields:
+                    continue
+
+                projects = [project for project in projects
+                            if filter_q[key] == project[key]]
+
              return projects
          except ClientException:
              self.logger.exception("Error during user project listing using keystone")
              return projects
          except ClientException:
              self.logger.exception("Error during user project listing using keystone")
@@ -400,9 +422,20 @@ class AuthconnKeystone(Authconn):
          :raises AuthconnOperationException: if role assignment failed.
          """
          try:
          :raises AuthconnOperationException: if role assignment failed.
          """
          try:
-            user_obj = list(filter(lambda x: x.name == user, self.keystone.users.list()))[0]
-            project_obj = list(filter(lambda x: x.name == project, self.keystone.projects.list()))[0]
-            role_obj = list(filter(lambda x: x.name == role, self.keystone.roles.list()))[0]
+            if is_valid_uuid(user):
+                user_obj = self.keystone.users.get(user)
+            else:
+                user_obj = self.keystone.users.list(name=user)[0]
+
+            if is_valid_uuid(project):
+                project_obj = self.keystone.projects.get(project)
+            else:
+                project_obj = self.keystone.projects.list(name=project)[0]
+
+            if is_valid_uuid(role):
+                role_obj = self.keystone.roles.get(role)
+            else:
+                role_obj = self.keystone.roles.list(name=role)[0]
  
              self.keystone.roles.grant(role_obj, user=user_obj, project=project_obj)
          except ClientException:
  
              self.keystone.roles.grant(role_obj, user=user_obj, project=project_obj)
          except ClientException: