X-Git-Url: https://osm.etsi.org/gitweb/?p=osm%2FNBI.git;a=blobdiff_plain;f=osm_nbi%2Fauthconn_keystone.py;h=f819d3fb84664a3889568c4cde01bb64cefeec34;hp=e9173063669c44a830b4d5f2b8459fb8c7e7c8d2;hb=b6a5819d7daefde450ab263a4a57a6d173255ee0;hpb=2d5a515d32cf20f526e5922fae130868c9710dc3 diff --git a/osm_nbi/authconn_keystone.py b/osm_nbi/authconn_keystone.py index e917306..f819d3f 100644 --- a/osm_nbi/authconn_keystone.py +++ b/osm_nbi/authconn_keystone.py @@ -23,7 +23,7 @@ AuthconnKeystone implements implements the connector for Openstack Keystone and leverages the RBAC model, to bring it for OSM. """ -import time + __author__ = "Eduardo Sousa " __date__ = "$27-jul-2018 23:59:59$" @@ -32,12 +32,14 @@ from authconn import Authconn, AuthException, AuthconnOperationException import logging import requests +import time from keystoneauth1 import session from keystoneauth1.identity import v3 from keystoneauth1.exceptions.base import ClientException from keystoneauth1.exceptions.http import Conflict from keystoneclient.v3 import client from http import HTTPStatus +from validation import is_valid_uuid class AuthconnKeystone(Authconn): @@ -258,10 +260,11 @@ class AuthconnKeystone(Authconn): users = self.keystone.users.list() users = [{ "username": user.name, - "_id": user.id + "_id": user.id, + "id": user.id } for user in users if user.name != self.admin_username] - allowed_fields = ["_id", "username"] + allowed_fields = ["_id", "id", "username"] for key in filter_q.keys(): if key not in allowed_fields: continue @@ -273,14 +276,16 @@ class AuthconnKeystone(Authconn): projects = self.keystone.projects.list(user=user["_id"]) projects = [{ "name": project.name, - "_id": project.id + "_id": project.id, + "id": project.id } for project in projects] for project in projects: roles = self.keystone.roles.list(user=user["_id"], project=project["_id"]) roles = [{ "name": role.name, - "_id": role.id + "_id": role.id, + "id": role.id } for role in roles] project["roles"] = roles @@ -295,8 +300,7 @@ class AuthconnKeystone(Authconn): """ Get role list. - :return: returns the list of roles for the user in that project. If - the token is unscoped it returns None. + :return: returns the list of roles. """ try: roles_list = self.keystone.roles.list() @@ -347,10 +351,11 @@ class AuthconnKeystone(Authconn): self.logger.exception("Error during role deletion using keystone") raise AuthconnOperationException("Error during role deletion using Keystone") - def get_project_list(self): + def get_project_list(self, filter_q={}): """ Get all the projects. + :param filter_q: dictionary to filter project list. :return: list of projects """ try: @@ -360,6 +365,14 @@ class AuthconnKeystone(Authconn): "_id": project.id } for project in projects if project.name != self.admin_project] + allowed_fields = ["_id", "name"] + for key in filter_q.keys(): + if key not in allowed_fields: + continue + + projects = [project for project in projects + if filter_q[key] == project[key]] + return projects except ClientException: self.logger.exception("Error during user project listing using keystone") @@ -409,9 +422,20 @@ class AuthconnKeystone(Authconn): :raises AuthconnOperationException: if role assignment failed. """ try: - user_obj = list(filter(lambda x: x.name == user, self.keystone.users.list()))[0] - project_obj = list(filter(lambda x: x.name == project, self.keystone.projects.list()))[0] - role_obj = list(filter(lambda x: x.name == role, self.keystone.roles.list()))[0] + if is_valid_uuid(user): + user_obj = self.keystone.users.get(user) + else: + user_obj = self.keystone.users.list(name=user)[0] + + if is_valid_uuid(project): + project_obj = self.keystone.projects.get(project) + else: + project_obj = self.keystone.projects.list(name=project)[0] + + if is_valid_uuid(role): + role_obj = self.keystone.roles.get(role) + else: + role_obj = self.keystone.roles.list(name=role)[0] self.keystone.roles.grant(role_obj, user=user_obj, project=project_obj) except ClientException: