@staticmethod
def format_on_show(content):
"""
- Modifies the content of the role information to separate the role
+ Modifies the content of the role information to separate the role
metadata from the role definition.
"""
project_role_mappings = []
for project in content["projects"]:
for role in project["roles"]:
- project_role_mappings.append({"project": project, "role": role})
-
+ project_role_mappings.append({"project": project["_id"], "role": role["_id"]})
+
del content["projects"]
content["project_role_mappings"] = project_role_mappings
content = self._validate_input_new(content, session["force"])
self.check_conflict_on_new(session, content)
self.format_on_new(content, session["project_id"], make_public=session["public"])
- _id = self.auth.create_user(content["username"], content["password"])
+ _id = self.auth.create_user(content["username"], content["password"])["_id"]
+
+ for mapping in content["project_role_mappings"]:
+ self.auth.assign_role_to_user(_id, mapping["project"], mapping["role"])
+
rollback.append({"topic": self.topic, "_id": _id})
del content["password"]
# self._send_msg("create", content)
user = self.show(session, _id)
original_mapping = user["project_role_mappings"]
edit_mapping = content["project_role_mappings"]
-
- mappings_to_remove = [mapping for mapping in original_mapping
+
+ mappings_to_remove = [mapping for mapping in original_mapping
if mapping not in edit_mapping]
-
+
mappings_to_add = [mapping for mapping in edit_mapping
if mapping not in original_mapping]
-
+
for mapping in mappings_to_remove:
self.auth.remove_role_from_user(
- user["name"],
+ user["name"],
mapping["project"],
mapping["role"]
)
-
+
for mapping in mappings_to_add:
self.auth.assign_role_to_user(
user["name"],
class ProjectTopicAuth(ProjectTopic):
# topic = "projects"
# topic_msg = "projects"
- # schema_new = project_new_schema
- # schema_edit = project_edit_schema
+ schema_new = project_new_schema
+ schema_edit = project_edit_schema
def __init__(self, db, fs, msg, auth):
ProjectTopic.__init__(self, db, fs, msg)
Openstack Keystone and leverages the RBAC model, to bring
it for OSM.
"""
-import time
+
__author__ = "Eduardo Sousa <esousa@whitestack.com>"
__date__ = "$27-jul-2018 23:59:59$"
import logging
import requests
+import time
from keystoneauth1 import session
from keystoneauth1.identity import v3
from keystoneauth1.exceptions.base import ClientException
from keystoneauth1.exceptions.http import Conflict
from keystoneclient.v3 import client
from http import HTTPStatus
+from validation import is_valid_uuid
class AuthconnKeystone(Authconn):
:raises AuthconnOperationException: if role assignment failed.
"""
try:
- user_obj = list(filter(lambda x: x.name == user, self.keystone.users.list()))[0]
- project_obj = list(filter(lambda x: x.name == project, self.keystone.projects.list()))[0]
- role_obj = list(filter(lambda x: x.name == role, self.keystone.roles.list()))[0]
+ if is_valid_uuid(user):
+ user_obj = self.keystone.users.get(user)
+ else:
+ user_obj = self.keystone.users.list(name=user)[0]
+
+ if is_valid_uuid(project):
+ project_obj = self.keystone.projects.get(project)
+ else:
+ project_obj = self.keystone.projects.list(name=project)[0]
+
+ if is_valid_uuid(role):
+ role_obj = self.keystone.roles.get(role)
+ else:
+ role_obj = self.keystone.roles.list(name=role)[0]
self.keystone.roles.grant(role_obj, user=user_obj, project=project_obj)
except ClientException:
projects / osm / NBI.git / commitdiff