summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
1ac7f46)
Change-Id: I3a8c6e83cf85b6f27a4b649f8af2a4fe89e3494b
Signed-off-by: Eduardo Sousa <eduardo.sousa@canonical.com>
@staticmethod
def format_on_show(content):
"""
@staticmethod
def format_on_show(content):
"""
- Modifies the content of the role information to separate the role
+ Modifies the content of the role information to separate the role
metadata from the role definition.
"""
project_role_mappings = []
for project in content["projects"]:
for role in project["roles"]:
metadata from the role definition.
"""
project_role_mappings = []
for project in content["projects"]:
for role in project["roles"]:
- project_role_mappings.append({"project": project, "role": role})
-
+ project_role_mappings.append({"project": project["_id"], "role": role["_id"]})
+
del content["projects"]
content["project_role_mappings"] = project_role_mappings
del content["projects"]
content["project_role_mappings"] = project_role_mappings
content = self._validate_input_new(content, session["force"])
self.check_conflict_on_new(session, content)
self.format_on_new(content, session["project_id"], make_public=session["public"])
content = self._validate_input_new(content, session["force"])
self.check_conflict_on_new(session, content)
self.format_on_new(content, session["project_id"], make_public=session["public"])
- _id = self.auth.create_user(content["username"], content["password"])
+ _id = self.auth.create_user(content["username"], content["password"])["_id"]
+
+ for mapping in content["project_role_mappings"]:
+ self.auth.assign_role_to_user(_id, mapping["project"], mapping["role"])
+
rollback.append({"topic": self.topic, "_id": _id})
del content["password"]
# self._send_msg("create", content)
rollback.append({"topic": self.topic, "_id": _id})
del content["password"]
# self._send_msg("create", content)
user = self.show(session, _id)
original_mapping = user["project_role_mappings"]
edit_mapping = content["project_role_mappings"]
user = self.show(session, _id)
original_mapping = user["project_role_mappings"]
edit_mapping = content["project_role_mappings"]
-
- mappings_to_remove = [mapping for mapping in original_mapping
+
+ mappings_to_remove = [mapping for mapping in original_mapping
if mapping not in edit_mapping]
if mapping not in edit_mapping]
mappings_to_add = [mapping for mapping in edit_mapping
if mapping not in original_mapping]
mappings_to_add = [mapping for mapping in edit_mapping
if mapping not in original_mapping]
for mapping in mappings_to_remove:
self.auth.remove_role_from_user(
for mapping in mappings_to_remove:
self.auth.remove_role_from_user(
mapping["project"],
mapping["role"]
)
mapping["project"],
mapping["role"]
)
for mapping in mappings_to_add:
self.auth.assign_role_to_user(
user["name"],
for mapping in mappings_to_add:
self.auth.assign_role_to_user(
user["name"],
class ProjectTopicAuth(ProjectTopic):
# topic = "projects"
# topic_msg = "projects"
class ProjectTopicAuth(ProjectTopic):
# topic = "projects"
# topic_msg = "projects"
- # schema_new = project_new_schema
- # schema_edit = project_edit_schema
+ schema_new = project_new_schema
+ schema_edit = project_edit_schema
def __init__(self, db, fs, msg, auth):
ProjectTopic.__init__(self, db, fs, msg)
def __init__(self, db, fs, msg, auth):
ProjectTopic.__init__(self, db, fs, msg)
Openstack Keystone and leverages the RBAC model, to bring
it for OSM.
"""
Openstack Keystone and leverages the RBAC model, to bring
it for OSM.
"""
__author__ = "Eduardo Sousa <esousa@whitestack.com>"
__date__ = "$27-jul-2018 23:59:59$"
__author__ = "Eduardo Sousa <esousa@whitestack.com>"
__date__ = "$27-jul-2018 23:59:59$"
import logging
import requests
import logging
import requests
from keystoneauth1 import session
from keystoneauth1.identity import v3
from keystoneauth1.exceptions.base import ClientException
from keystoneauth1.exceptions.http import Conflict
from keystoneclient.v3 import client
from http import HTTPStatus
from keystoneauth1 import session
from keystoneauth1.identity import v3
from keystoneauth1.exceptions.base import ClientException
from keystoneauth1.exceptions.http import Conflict
from keystoneclient.v3 import client
from http import HTTPStatus
+from validation import is_valid_uuid
class AuthconnKeystone(Authconn):
class AuthconnKeystone(Authconn):
:raises AuthconnOperationException: if role assignment failed.
"""
try:
:raises AuthconnOperationException: if role assignment failed.
"""
try:
- user_obj = list(filter(lambda x: x.name == user, self.keystone.users.list()))[0]
- project_obj = list(filter(lambda x: x.name == project, self.keystone.projects.list()))[0]
- role_obj = list(filter(lambda x: x.name == role, self.keystone.roles.list()))[0]
+ if is_valid_uuid(user):
+ user_obj = self.keystone.users.get(user)
+ else:
+ user_obj = self.keystone.users.list(name=user)[0]
+
+ if is_valid_uuid(project):
+ project_obj = self.keystone.projects.get(project)
+ else:
+ project_obj = self.keystone.projects.list(name=project)[0]
+
+ if is_valid_uuid(role):
+ role_obj = self.keystone.roles.get(role)
+ else:
+ role_obj = self.keystone.roles.list(name=role)[0]
self.keystone.roles.grant(role_obj, user=user_obj, project=project_obj)
except ClientException:
self.keystone.roles.grant(role_obj, user=user_obj, project=project_obj)
except ClientException: