summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorYogeshwar Srikrishnan <yoga80@yahoo.com>2011-10-18 13:56:27 -0500
committerYogeshwar Srikrishnan <yoga80@yahoo.com>2011-10-18 13:58:10 -0500
commit29a87a82d9a7aba74117ef82ec44ce752fed0bbd (patch)
treea0656095eb843b8f80880a57b7a367427472e87f
parent63c18186019754495a970773c0cc83dd330decbd (diff)
downloadkeystone-29a87a82d9a7aba74117ef82ec44ce752fed0bbd.tar.gz
keystone-29a87a82d9a7aba74117ef82ec44ce752fed0bbd.tar.xz
keystone-29a87a82d9a7aba74117ef82ec44ce752fed0bbd.zip
Adding calls to get roles for user as per new format.Cleaning references to old code.
Change-Id: I996ce187fd5319591ac9e49ac398d525c038da99
Diffstat
-rwxr-xr-xkeystone/backends/api.py4
-rw-r--r--keystone/backends/ldap/api/role.py22
-rwxr-xr-xkeystone/backends/sqlalchemy/api/role.py38
-rw-r--r--keystone/content/admin/OS-KSADM-admin.wadl52
-rw-r--r--keystone/contrib/extensions/admin/osksadm/extension_handler.py8
-rw-r--r--keystone/controllers/roles.py9
-rwxr-xr-xkeystone/logic/service.py78
-rw-r--r--keystone/logic/types/role.py177
-rwxr-xr-xkeystone/routers/admin.py8
-rw-r--r--keystone/test/functional/common.py18
-rwxr-xr-xkeystone/test/functional/test_roles.py24
11 files changed, 103 insertions, 335 deletions
diff --git a/keystone/backends/api.py b/keystone/backends/api.py
index 96254aff..7f48cc20 100755
--- a/keystone/backends/api.py
+++ b/keystone/backends/api.py
@@ -166,7 +166,7 @@ class BaseRoleAPI(object):
def get_page(self, marker, limit):
raise NotImplementedError
- def ref_get_page(self, marker, limit, user_id):
+ def ref_get_page(self, marker, limit, user_id, tenant_id):
raise NotImplementedError
def ref_get_all_global_roles(self, user_id):
@@ -187,7 +187,7 @@ class BaseRoleAPI(object):
def get_page_markers(self, marker, limit):
raise NotImplementedError
- def ref_get_page_markers(self, user_id, marker, limit):
+ def ref_get_page_markers(self, user_id, tenant_id, marker, limit):
raise NotImplementedError
def ref_get_by_user(self, user_id, role_id, tenant_id):
diff --git a/keystone/backends/ldap/api/role.py b/keystone/backends/ldap/api/role.py
index d2cd7463..9f45d376 100644
--- a/keystone/backends/ldap/api/role.py
+++ b/keystone/backends/ldap/api/role.py
@@ -196,16 +196,22 @@ class RoleAPI(BaseLdapAPI, BaseTenantAPI):
except ldap.NO_SUCH_ATTRIBUTE:
raise exception.NotFound("No such user in role")
- def ref_get_page(self, marker, limit, user_id):
- all_roles = self.ref_get_all_global_roles(user_id)
- for tenant in self.api.tenant.get_all():
- all_roles += self.ref_get_all_tenant_roles(user_id, tenant.id)
+ def ref_get_page(self, marker, limit, user_id, tenant_id):
+ all_roles = []
+ if tenant_id is None:
+ all_roles += self.ref_get_all_global_roles(user_id)
+ else:
+ for tenant in self.api.tenant.get_all():
+ all_roles += self.ref_get_all_tenant_roles(user_id, tenant.id)
return self._get_page(marker, limit, all_roles)
- def ref_get_page_markers(self, user_id, marker, limit):
- all_roles = self.ref_get_all_global_roles(user_id)
- for tenant in self.api.tenant.get_all():
- all_roles += self.ref_get_all_tenant_roles(user_id, tenant.id)
+ def ref_get_page_markers(self, user_id, tenant_id, marker, limit):
+ all_roles = []
+ if tenant_id is None:
+ all_roles = self.ref_get_all_global_roles(user_id)
+ else:
+ for tenant in self.api.tenant.get_all():
+ all_roles += self.ref_get_all_tenant_roles(user_id, tenant.id)
return self._get_page_markers(marker, limit, all_roles)
def ref_get_by_role(self, id):
diff --git a/keystone/backends/sqlalchemy/api/role.py b/keystone/backends/sqlalchemy/api/role.py
index b43a9437..05073e76 100755
--- a/keystone/backends/sqlalchemy/api/role.py
+++ b/keystone/backends/sqlalchemy/api/role.py
@@ -67,18 +67,21 @@ class RoleAPI(BaseRoleAPI):
return session.query(models.Role).order_by(\
models.Role.id.desc()).limit(limit).all()
- def ref_get_page(self, marker, limit, user_id, session=None):
+ def ref_get_page(self, marker, limit, user_id, tenant_id, session=None):
if not session:
session = get_session()
-
+ query = session.query(models.UserRoleAssociation).\
+ filter_by(user_id=user_id)
+ if tenant_id:
+ query = query.filter_by(tenant_id=tenant_id)
+ else:
+ query = query.filter("tenant_id is null")
if marker:
- return session.query(models.UserRoleAssociation).\
- filter("id>:marker").params(\
- marker='%s' % marker).filter_by(user_id=user_id).order_by(\
+ return query.filter("id>:marker").params(\
+ marker='%s' % marker).order_by(\
models.UserRoleAssociation.id.desc()).limit(limit).all()
else:
- return session.query(models.UserRoleAssociation).\
- filter_by(user_id=user_id).order_by(\
+ return query.order_by(\
models.UserRoleAssociation.id.desc()).limit(limit).all()
def ref_get_all_global_roles(self, user_id, session=None):
@@ -144,28 +147,31 @@ class RoleAPI(BaseRoleAPI):
next_page = next_page.id
return (prev_page, next_page)
- def ref_get_page_markers(self, user_id, marker, limit, session=None):
+ def ref_get_page_markers(self, user_id, tenant_id, marker,
+ limit, session=None):
if not session:
session = get_session()
- first = session.query(models.UserRoleAssociation).filter_by(\
- user_id=user_id).order_by(\
+ query = session.query(models.UserRoleAssociation).filter_by(\
+ user_id=user_id)
+ if tenant_id:
+ query = query.filter_by(tenant_id=tenant_id)
+ else:
+ query = query.filter("tenant_id is null")
+ first = query.order_by(\
models.UserRoleAssociation.id).first()
- last = session.query(models.UserRoleAssociation).filter_by(\
- user_id=user_id).order_by(\
+ last = query.order_by(\
models.UserRoleAssociation.id.desc()).first()
if first is None:
return (None, None)
if marker is None:
marker = first.id
- next_page = session.query(models.UserRoleAssociation).\
- filter_by(user_id=user_id).\
+ next_page = query.\
filter("id > :marker").\
params(marker='%s' % marker).\
order_by(models.UserRoleAssociation.id).\
limit(limit).\
all()
- prev_page = session.query(models.UserRoleAssociation).\
- filter_by(user_id=user_id).\
+ prev_page = query.\
filter("id < :marker").\
params(marker='%s' % marker).\
order_by(models.UserRoleAssociation.id.desc()).\
diff --git a/keystone/content/admin/OS-KSADM-admin.wadl b/keystone/content/admin/OS-KSADM-admin.wadl
index 24e5d2bf..9295337e 100644
--- a/keystone/content/admin/OS-KSADM-admin.wadl
+++ b/keystone/content/admin/OS-KSADM-admin.wadl
@@ -49,7 +49,6 @@
<method href="#deleteUser"/>
<resource id="userRoles" path="roles">
- <method href="#listUserRoles"/>
<resource id="user-roles-OS-KSADM" path="OS-KSADM">
<resource id="userRoleById" path="{roleId}">
<param name="roleId" style="template" type="xsd:string"/>
@@ -92,7 +91,6 @@
</resource>
<resource id="usersForTenant" path="users">
<method href="#listUsersForTenant"/>
- <method href="#listUsersWithRoleForTenant"/>
<resource id="userForTenant" path="{userId}">
<param name="userId" style="template" type="xsd:string"/>
<resource id="userRolesForTenant" path="roles">
@@ -272,32 +270,6 @@
&getFaults;
</method>
- <method name="GET" id="listUsersWithRoleForTenant">
- <doc xml:lang="EN" title="List user with role for tenant.">
- <p xmlns="http://www.w3.org/1999/xhtml">Lists all the users with a specific role for a tenant.</p>
-
- </doc>
- <request>
- <param name="roleId" style="query" required="true" type="xsd:string"/>
- <param name="marker" style="query" required="false" type="xsd:string"/>
- <param name="limit" style="query" required="false" type="xsd:int"/>
- </request>
- <response status="200 203">
- <representation mediaType="application/xml" element="identity:users">
- <doc xml:lang="EN">
- <xsdxt:code href="../common/samples/users.xml"/>
- </doc>
- </representation>
- <representation mediaType="application/json">
- <doc xml:lang="EN">
- <xsdxt:code href="../common/samples/users.json"/>
- </doc>
- </representation>
- </response>
- &commonFaults;
- &getFaults;
- </method>
-
<method name="PUT" id="addRolesToUserOnTenant">
<doc xml:lang="EN" title="Add roles to a user on a tenant.">
<p xmlns="http://www.w3.org/1999/xhtml">Adds a specific role to a user for a tenant.</p>
@@ -454,30 +426,6 @@
</method>
<!--User Roles-->
- <method name="GET" id="listUserRoles">
- <doc xml:lang="EN" title="List Global Roles for a User">
- <p xmlns="http://www.w3.org/1999/xhtml">List all the global roles for a user.</p>
-
- </doc>
- <request>
- <param name="serviceId" style="query" required="false" type="xsd:string"/>
- </request>
- <response status="200 203">
- <representation mediaType="application/xml" element="identity:roles">
- <doc xml:lang="EN">
- <xsdxt:code href="../common/samples/roles.xml"/>
- </doc>
- </representation>
- <representation mediaType="application/json">
- <doc xml:lang="EN">
- <xsdxt:code href="../common/samples/roles.json"/>
- </doc>
- </representation>
- </response>
- &commonFaults;
- &getFaults;
- </method>
-
<method name="PUT" id="addUserRole">
<doc xml:lang="EN" title="Add Global roles to a user.">
<p xmlns="http://www.w3.org/1999/xhtml">Adds a specific global role to a user.</p>
diff --git a/keystone/contrib/extensions/admin/osksadm/extension_handler.py b/keystone/contrib/extensions/admin/osksadm/extension_handler.py
index 5b34c188..0e16f8e8 100644
--- a/keystone/contrib/extensions/admin/osksadm/extension_handler.py
+++ b/keystone/contrib/extensions/admin/osksadm/extension_handler.py
@@ -58,7 +58,7 @@ class ExtensionHandler(BaseExtensionHandler):
#Add/Delete Global role.
mapper.connect("/users/{user_id}/roles/OS-KSADM/{role_id}",
controller=roles_controller, action="add_role_to_user",
- conditions=dict(method=["POST"]))
+ conditions=dict(method=["PUT"]))
mapper.connect("/users/{user_id}/roles/OS-KSADM/{role_id}",
controller=roles_controller, action="delete_role_from_user",
conditions=dict(method=["DELETE"]))
@@ -67,12 +67,8 @@ class ExtensionHandler(BaseExtensionHandler):
mapper.connect(
"/tenants/{tenant_id}/users/{user_id}/roles/OS-KSADM/{role_id}",
controller=roles_controller, action="add_role_to_user",
- conditions=dict(method=["POST"]))
+ conditions=dict(method=["PUT"]))
mapper.connect(
"/tenants/{tenant_id}/users/{user_id}/roles/OS-KSADM/{role_id}",
controller=roles_controller, action="delete_role_from_user",
conditions=dict(method=["DELETE"]))
-
- mapper.connect("/users/{user_id}/roleRefs",
- controller=roles_controller, action="get_role_refs",
- conditions=dict(method=["GET"]))
diff --git a/keystone/controllers/roles.py b/keystone/controllers/roles.py
index 1bf500bd..82cce1a2 100644
--- a/keystone/controllers/roles.py
+++ b/keystone/controllers/roles.py
@@ -48,9 +48,8 @@ class RolesController(wsgi.Controller):
return utils.send_result(204, req, None)
@utils.wrap_error
- def get_role_refs(self, req, user_id):
+ def get_user_roles(self, req, user_id, tenant_id=None):
marker, limit, url = get_marker_limit_and_url(req)
- roleRefs = config.SERVICE.get_user_roles(
- utils.get_auth_token(req), marker, limit, url, user_id)
-
- return utils.send_result(200, req, roleRefs)
+ roles = config.SERVICE.get_user_roles(
+ utils.get_auth_token(req), marker, limit, url, user_id, tenant_id)
+ return utils.send_result(200, req, roles)
diff --git a/keystone/logic/service.py b/keystone/logic/service.py
index ec0993eb..6eb260e3 100755
--- a/keystone/logic/service.py
+++ b/keystone/logic/service.py
@@ -24,8 +24,7 @@ import keystone.backends.api as api
import keystone.backends.models as models
from keystone.logic.types import fault
from keystone.logic.types.tenant import Tenant, Tenants
-from keystone.logic.types.role import Role, RoleRef, RoleRefs, Roles, \
- UserRole, UserRoles
+from keystone.logic.types.role import Role, Roles
from keystone.logic.types.service import Service, Services
from keystone.logic.types.user import User, User_Update, Users
from keystone.logic.types.endpoint import Endpoint, Endpoints, \
@@ -518,15 +517,15 @@ class IdentityService(object):
dtoken.tenant_id)
for drole_ref in drole_refs:
drole = api.ROLE.get(drole_ref.role_id)
- ts.append(UserRole(drole_ref.role_id, drole.name,
- drole_ref.tenant_id))
+ ts.append(Role(drole_ref.role_id, drole.name,
+ None, drole_ref.tenant_id))
drole_refs = api.ROLE.ref_get_all_global_roles(duser.id)
for drole_ref in drole_refs:
drole = api.ROLE.get(drole_ref.role_id)
- ts.append(UserRole(drole_ref.role_id, drole.name,
- drole_ref.tenant_id))
+ ts.append(Role(drole_ref.role_id, drole.name,
+ None, drole_ref.tenant_id))
- user = auth.User(duser.id, duser.name, None, None, UserRoles(ts, []))
+ user = auth.User(duser.id, duser.name, None, None, Roles(ts, []))
return auth.AuthData(token, user, endpoints)
@@ -545,13 +544,13 @@ class IdentityService(object):
dtoken.tenant_id)
for drole_ref in drole_refs:
drole = api.ROLE.get(drole_ref.role_id)
- ts.append(UserRole(drole_ref.role_id, drole.name,
- drole_ref.tenant_id))
+ ts.append(Role(drole_ref.role_id, drole.name,
+ None, drole_ref.tenant_id))
drole_refs = api.ROLE.ref_get_all_global_roles(duser.id)
for drole_ref in drole_refs:
drole = api.ROLE.get(drole_ref.role_id)
- ts.append(UserRole(drole_ref.role_id, drole.name,
- drole_ref.tenant_id))
+ ts.append(Role(drole_ref.role_id, drole.name,
+ None, drole_ref.tenant_id))
# Also get the user's tenant's name
tenant_name = None
@@ -560,7 +559,7 @@ class IdentityService(object):
tenant_name = utenant.name
user = auth.User(duser.id, duser.name, duser.tenant_id,
- tenant_name, UserRoles(ts, []))
+ tenant_name, Roles(ts, []))
return auth.ValidateData(token, user)
@@ -734,42 +733,6 @@ class IdentityService(object):
api.ROLE.ref_delete(role_ref.id)
api.ROLE.delete(role_id)
- def create_role_ref(self, admin_token, user_id, role_ref):
- self.__validate_service_or_keystone_admin_token(admin_token)
- duser = api.USER.get(user_id)
-
- if not duser:
- raise fault.ItemNotFoundFault("The user could not be found")
-
- if not isinstance(role_ref, RoleRef):
- raise fault.BadRequestFault("Expecting a Role Ref")
-
- if role_ref.role_id == None:
- raise fault.BadRequestFault("Expecting a Role Id")
-
- drole = api.ROLE.get(role_ref.role_id)
- if drole == None:
- raise fault.ItemNotFoundFault("The role not found")
-
- if role_ref.tenant_id != None:
- dtenant = api.TENANT.get(role_ref.tenant_id)
- if dtenant == None:
- raise fault.ItemNotFoundFault("The tenant not found")
-
- drole_ref = models.UserRoleAssociation()
- drole_ref.user_id = duser.id
- drole_ref.role_id = drole.id
- if role_ref.tenant_id != None:
- drole_ref.tenant_id = dtenant.id
- user_role_ref = api.USER.user_role_add(drole_ref)
- role_ref.role_ref_id = user_role_ref.id
- return role_ref
-
- def delete_role_ref(self, admin_token, role_ref_id):
- self.__validate_service_or_keystone_admin_token(admin_token)
- api.ROLE.ref_delete(role_ref_id)
- return None
-
def add_role_to_user(self, admin_token,
user_id, role_id, tenant_id=None):
self.__validate_service_or_keystone_admin_token(admin_token)
@@ -806,19 +769,26 @@ class IdentityService(object):
"This role is not mapped to the user.")
api.ROLE.ref_delete(drole_ref.id)
- def get_user_roles(self, admin_token, marker, limit, url, user_id):
+ def get_user_roles(self, admin_token, marker,
+ limit, url, user_id, tenant_id):
self.__validate_service_or_keystone_admin_token(admin_token)
duser = api.USER.get(user_id)
if not duser:
raise fault.ItemNotFoundFault("The user could not be found")
+ if tenant_id is not None:
+ dtenant = api.TENANT.get(tenant_id)
+ if not dtenant:
+ raise fault.ItemNotFoundFault("The tenant could not be found.")
ts = []
- drole_refs = api.ROLE.ref_get_page(marker, limit, user_id)
+ drole_refs = api.ROLE.ref_get_page(marker, limit, user_id, tenant_id)
for drole_ref in drole_refs:
- ts.append(RoleRef(drole_ref.id, drole_ref.role_id,
- drole_ref.tenant_id))
- prev, next = api.ROLE.ref_get_page_markers(user_id, marker, limit)
+ drole = api.ROLE.get(drole_ref.role_id)
+ ts.append(Role(drole.id, drole.name,
+ drole.desc, drole.service_id))
+ prev, next = api.ROLE.ref_get_page_markers(
+ user_id, tenant_id, marker, limit)
links = []
if prev:
links.append(atom.Link('prev',
@@ -826,7 +796,7 @@ class IdentityService(object):
if next:
links.append(atom.Link('next',
"%s?'marker=%s&limit=%s'" % (url, next, limit)))
- return RoleRefs(ts, links)
+ return Roles(ts, links)
def add_endpoint_template(self, admin_token, endpoint_template):
self.__validate_service_or_keystone_admin_token(admin_token)
diff --git a/keystone/logic/types/role.py b/keystone/logic/types/role.py
index f542553a..c74b7eb9 100644
--- a/keystone/logic/types/role.py
+++ b/keystone/logic/types/role.py
@@ -20,11 +20,12 @@ from keystone.logic.types import fault
class Role(object):
- def __init__(self, id, name, description, service_id=None):
+ def __init__(self, id, name, description, service_id=None, tenant_id=None):
self.id = id
self.name = name
self.description = description
self.service_id = service_id
+ self.tenant_id = tenant_id
@staticmethod
def from_xml(xml_str):
@@ -57,7 +58,6 @@ class Role(object):
name = role.get('name')
description = role.get('description')
service_id = role.get('serviceId')
-
if name is None:
raise fault.BadRequestFault("Expecting Role name")
@@ -76,6 +76,8 @@ class Role(object):
dom.set("description", unicode(self.description))
if self.service_id:
dom.set("serviceId", unicode(self.service_id))
+ if self.tenant_id:
+ dom.set("tenantId", unicode(self.tenant_id))
return dom
def to_xml(self):
@@ -91,6 +93,8 @@ class Role(object):
role["description"] = unicode(self.description)
if self.service_id:
role["serviceId"] = unicode(self.service_id)
+ if self.tenant_id:
+ role["tenantId"] = unicode(self.tenant_id)
return {'role': role}
def to_json(self):
@@ -116,94 +120,6 @@ class Roles(object):
return etree.tostring(dom)
- def to_json(self):
- values = [t.to_dict()["role"] for t in self.values]
- links = [t.to_dict()["links"] for t in self.links]
- return json.dumps({"roles": {"values": values, "links": links}})
-
-
-class RoleRef(object):
- def __init__(self, role_ref_id, role_id, tenant_id):
- self.role_ref_id = role_ref_id
- self.role_id = role_id
- self.tenant_id = tenant_id
-
- @staticmethod
- def from_xml(xml_str):
- try:
- dom = etree.Element("root")
- dom.append(etree.fromstring(xml_str))
- root = dom.find("{http://docs.openstack.org/identity/api/v2.0}" \
- "role")
- if root == None:
- raise fault.BadRequestFault("Expecting Role")
- role_id = root.get("roleId")
- tenant_id = root.get("tenantId")
- if role_id == None:
- raise fault.BadRequestFault("Expecting Role")
- return RoleRef('', role_id, tenant_id)
- except etree.LxmlError as e:
- raise fault.BadRequestFault("Cannot parse Role", str(e))
-
- @staticmethod
- def from_json(json_str):
- try:
- obj = json.loads(json_str)
- if not "role" in obj:
- raise fault.BadRequestFault("Expecting Role")
- role_ref = obj["role"]
-
- role_id = role_ref.get('roleId')
- tenant_id = role_ref.get('tenantId')
-
- if role_id == None:
- raise fault.BadRequestFault("Expecting Role ID")
- if tenant_id == None:
- raise fault.BadRequestFault("Expecting Tenant ID")
-
- return RoleRef('', role_id, tenant_id)
- except (ValueError, TypeError) as e:
- raise fault.BadRequestFault("Cannot parse Role", str(e))
-
- def to_dom(self):
- dom = etree.Element("role",
- xmlns="http://docs.openstack.org/identity/api/v2.0")
- if self.role_ref_id:
- dom.set("id", unicode(self.role_ref_id))
- if self.role_id:
- dom.set("roleId", unicode(self.role_id))
- if self.tenant_id:
- dom.set("tenantId", unicode(self.tenant_id))
- return dom
-
- def to_xml(self):
- return etree.tostring(self.to_dom())
-
- def to_dict(self):
- role_ref = {}
- if self.role_ref_id:
- role_ref["id"] = unicode(self.role_ref_id)
- if self.role_id:
- role_ref["roleId"] = unicode(self.role_id)
- if self.tenant_id:
- role_ref["tenantId"] = unicode(self.tenant_id)
- return {'role': role_ref}
-
- def to_json(self):
- return json.dumps(self.to_dict())
-
-
-class RoleRefs(object):
- "A collection of role refs."
-
- def __init__(self, values, links):
- self.values = values
- self.links = links
-
- def to_xml(self):
- dom = self.to_dom()
- return etree.tostring(dom)
-
def to_dom(self):
dom = etree.Element("roles")
dom.set(u"xmlns", "http://docs.openstack.org/identity/api/v2.0")
@@ -224,84 +140,3 @@ class RoleRefs(object):
def to_json_values(self):
values = [t.to_dict()["role"] for t in self.values]
return values
-
-
-class UserRole(object):
- """A role granted to a user"""
-
- def __init__(self, role_id, role_name, tenant_id):
- self.role_id = role_id
- self.role_name = role_name
- self.tenant_id = tenant_id
-
- @staticmethod
- def from_xml(xml_str):
- try:
- dom = etree.Element("root")
- dom.append(etree.fromstring(xml_str))
-
- root = dom.find("{http://docs.openstack.org/identity/api/v2.0}" \
- "role")
- if root == None:
- raise fault.BadRequestFault("Expecting Role")
-
- role_id = root.get("id")
- role_name = root.get("name")
- tenant_id = root.get("tenantId")
-
- if role_id is None:
- raise fault.BadRequestFault("Expecting Role ID")
-
- return UserRole(role_id, role_name, tenant_id)
- except etree.LxmlError as e:
- raise fault.BadRequestFault("Cannot parse Role", str(e))
-
- @staticmethod
- def from_json(json_str):
- try:
- obj = json.loads(json_str)
- if not "role" in obj:
- raise fault.BadRequestFault("Expecting Role")
- role = obj["role"]
-
- role_id = role.get('id')
- role_name = role.get('name')
- tenant_id = role.get('tenantId')
-
- if role_id is None:
- raise fault.BadRequestFault("Expecting Role ID")
-
- return RoleRef(role_id, role_name, tenant_id)
- except (ValueError, TypeError) as e:
- raise fault.BadRequestFault("Cannot parse Role", str(e))
-
- def to_dom(self):
- dom = etree.Element("role",
- xmlns="http://docs.openstack.org/identity/api/v2.0")
- if self.role_id:
- dom.set("id", unicode(self.role_id))
- if self.role_name:
- dom.set("name", unicode(self.role_name))
- if self.tenant_id:
- dom.set("tenantId", unicode(self.tenant_id))
- return dom
-
- def to_xml(self):
- return etree.tostring(self.to_dom())
-
- def to_dict(self):
- role = {}
- if self.role_id:
- role["id"] = unicode(self.role_id)
- if self.role_name:
- role["name"] = unicode(self.role_name)
- if self.tenant_id:
- role["tenantId"] = unicode(self.tenant_id)
- return {'role': role}
-
- def to_json(self):
- return json.dumps(self.to_dict())
-
-
-class UserRoles(RoleRefs):
- "A collection of roles granted to a user."
diff --git a/keystone/routers/admin.py b/keystone/routers/admin.py
index c80def2c..17f5ce52 100755
--- a/keystone/routers/admin.py
+++ b/keystone/routers/admin.py
@@ -21,6 +21,7 @@ from keystone.common import wsgi
import keystone.backends as db
from keystone.controllers.auth import AuthController
from keystone.controllers.endpointtemplates import EndpointTemplatesController
+from keystone.controllers.roles import RolesController
from keystone.controllers.staticfiles import StaticFilesController
from keystone.controllers.tenant import TenantController
from keystone.controllers.user import UserController
@@ -112,6 +113,13 @@ class AdminApi(wsgi.Router):
controller=user_controller,
action="get_tenant_users",
conditions=dict(method=["GET"]))
+ roles_controller = RolesController(options)
+ mapper.connect("/users/{user_id}/roles",
+ controller=roles_controller, action="get_user_roles",
+ conditions=dict(method=["GET"]))
+ mapper.connect("/tenants/{tenant_id}/users/{user_id}/roles",
+ controller=roles_controller, action="get_user_roles",
+ conditions=dict(method=["GET"]))
#EndpointTemplatesControllers and Endpoints
endpoint_templates_controller = EndpointTemplatesController(options)
diff --git a/keystone/test/functional/common.py b/keystone/test/functional/common.py
index c0edefa0..cd448496 100644
--- a/keystone/test/functional/common.py
+++ b/keystone/test/functional/common.py
@@ -279,20 +279,20 @@ class ApiTestCase(RestfulTestCase):
path='/users/%s' % (user_id,), **kwargs)
def get_user_roles(self, user_id, **kwargs):
- """GET /users/{user_id}/roleRefs"""
+ """GET /users/{user_id}/roles"""
return self.admin_request(method='GET',
- path='/users/%s/roleRefs' % (user_id,), **kwargs)
+ path='/users/%s/roles' % (user_id,), **kwargs)
- def post_user_role(self, user_id, role_id, tenant_id, **kwargs):
+ def put_user_role(self, user_id, role_id, tenant_id, **kwargs):
if tenant_id is None:
- """POST /users/{user_id}/roles/OS-KSADM/{role_id}"""
- return self.admin_request(method='POST',
+ """PUT /users/{user_id}/roles/OS-KSADM/{role_id}"""
+ return self.admin_request(method='PUT',
path='/users/%s/roles/OS-KSADM/%s' %
(user_id, role_id), **kwargs)
else:
- """POST /tenants/{tenant_id}/users/{user_id}/
+ """PUT /tenants/{tenant_id}/users/{user_id}/
roles/OS-KSADM/{role_id}"""
- return self.admin_request(method='POST',
+ return self.admin_request(method='PUT',
path='/tenants/%s/users/%s/roles/OS-KSADM/%s' % (tenant_id,
user_id, role_id,), **kwargs)
@@ -653,13 +653,13 @@ class FunctionalTestCase(ApiTestCase):
user_id = optional_str(user_id)
role_id = optional_str(role_id)
tenant_id = optional_str(tenant_id)
- return self.post_user_role(user_id, role_id, tenant_id, **kwargs)
+ return self.put_user_role(user_id, role_id, tenant_id, **kwargs)
def grant_global_role_to_user(self, user_id=None, role_id=None,
**kwargs):
user_id = optional_str(user_id)
role_id = optional_str(role_id)
- return self.post_user_role(user_id, role_id, None, **kwargs)
+ return self.put_user_role(user_id, role_id, None, **kwargs)
def revoke_global_role_from_user(self,
user_id=None, role_id=None, **kwargs):
diff --git a/keystone/test/functional/test_roles.py b/keystone/test/functional/test_roles.py
index 43631939..54bcf019 100755
--- a/keystone/test/functional/test_roles.py
+++ b/keystone/test/functional/test_roles.py
@@ -280,9 +280,9 @@ class CreateRoleAssignmentTest(RolesTest):
self.user['id'], self.role['id'], assert_status=201)
-class GetRoleRefsTest(RolesTest):
+class GetRoleAssignmentsTest(RolesTest):
def setUp(self, *args, **kwargs):
- super(GetRoleRefsTest, self).setUp(*args, **kwargs)
+ super(GetRoleAssignmentsTest, self).setUp(*args, **kwargs)
self.tenant = self.create_tenant().json['tenant']
self.user = self.create_user_with_known_password(
@@ -291,47 +291,47 @@ class GetRoleRefsTest(RolesTest):
self.grant_role_to_user(self.user['id'], self.role['id'],
self.tenant['id'])
- def test_get_rolerefs(self):
+ def test_get_role_assignments(self):
r = self.get_user_roles(self.user['id'], assert_status=200)
self.assertIsNotNone(r.json['roles']['values'])
- def test_get_rolerefs_xml(self):
+ def test_get_roler_assignments_xml(self):
r = self.get_user_roles(self.user['id'], assert_status=200,
headers={'Accept': 'application/xml'})
self.assertEqual(r.xml.tag, "{%s}roles" % self.xmlns)
- def test_get_rolerefs_using_expired_token(self):
+ def test_get_role_assignments_using_expired_token(self):
self.admin_token = self.expired_admin_token
self.get_user_roles(self.user['id'], assert_status=403)
- def test_get_rolerefs_xml_using_expired_token(self):
+ def test_get_role_assignments_xml_using_expired_token(self):
self.admin_token = self.expired_admin_token
self.get_user_roles(self.user['id'], assert_status=403, headers={
'Accept': 'application/xml'})
- def test_get_rolerefs_using_disabled_token(self):
+ def test_get_role_assignments_using_disabled_token(self):
self.admin_token = self.disabled_admin_token
self.get_user_roles(self.user['id'], assert_status=403)
- def test_get_rolerefs_xml_using_disabled_token(self):
+ def test_get_role_assignments_xml_using_disabled_token(self):
self.admin_token = self.disabled_admin_token
self.get_user_roles(self.user['id'], assert_status=403, headers={
'Accept': 'application/xml'})
- def test_get_rolerefs_using_missing_token(self):
+ def test_get_role_assignments_using_missing_token(self):
self.admin_token = ''
self.get_user_roles(self.user['id'], assert_status=401)
- def test_get_rolerefs_xml_using_missing_token(self):
+ def test_get_role_assignments_xml_using_missing_token(self):
self.admin_token = ''
self.get_user_roles(self.user['id'], assert_status=401, headers={
'Accept': 'application/xml'})
- def test_get_rolerefs_json_using_invalid_token(self):
+ def test_get_role_assignments_json_using_invalid_token(self):
self.admin_token = common.unique_str()
self.get_user_roles(self.user['id'], assert_status=404)
- def test_get_rolerefs_xml_using_invalid_token(self):
+ def test_get_role_assignments_xml_using_invalid_token(self):
self.admin_token = common.unique_str()
self.get_user_roles(self.user['id'], assert_status=404, headers={
'Accept': 'application/xml'})
generated by cgit (git 2.34.1) at 2026-01-31 02:35:27 +0000