Merge branch 'master' of https://github.com/rackspace/keystone

author: Dolph Mathews <dolph.mathews@rackspace.com> 2011-07-01 17:07:39 -0500
committer: Dolph Mathews <dolph.mathews@rackspace.com> 2011-07-01 17:07:39 -0500
commit: 79d110e33ba328c671e5e9fa375b76b8a0a1422b (patch)
tree: e15fda6696daed61771df2c9dd3eeb56a9889721
parent: 806b2372500b9ef2626e797d463817175de85d12 (diff)
parent: e9b406ea4bda2a34e64d52c86b7ace41a5f42c4c (diff)
download: keystone-79d110e33ba328c671e5e9fa375b76b8a0a1422b.tar.gz
keystone-79d110e33ba328c671e5e9fa375b76b8a0a1422b.tar.xz
keystone-79d110e33ba328c671e5e9fa375b76b8a0a1422b.zip
7 files changed, 66 insertions, 51 deletions
diff --git a/bin/sampledata.sh b/bin/sampledata.sh
index 90e3c203..bec2d0c5 100755
--- a/bin/sampledata.sh
+++ b/bin/sampledata.sh
@@ -37,14 +37,21 @@
 `dirname $0`/keystone-manage $* role grant Admin joeadmin 1234
 `dirname $0`/keystone-manage $* role grant Admin joeadmin ANOTHER:TENANT
 
-#endpointTemplates
+#Keeping for compatibility for a while till dashboard catches up - endpointTemplates
 `dirname $0`/keystone-manage $* endpointTemplates add RegionOne swift http://swift.publicinternets.com/v1/AUTH_%tenant_id% http://swift.admin-nets.local:8080/ http://127.0.0.1:8080/v1/AUTH_%tenant_id% 1 0
 `dirname $0`/keystone-manage $* endpointTemplates add RegionOne nova_compat http://nova.publicinternets.com/v1.0/ http://127.0.0.1:8774/v1.0  http://localhost:8774/v1.0 1 0
 `dirname $0`/keystone-manage $* endpointTemplates add RegionOne nova http://nova.publicinternets.com/v1.1/ http://127.0.0.1:8774/v1.1  http://localhost:8774/v1.1 1 0
 `dirname $0`/keystone-manage $* endpointTemplates add RegionOne glance http://glance.publicinternets.com/v1.1/%tenant_id% http://nova.admin-nets.local/v1.1/%tenant_id% http://127.0.0.1:9292/v1.1/%tenant_id% 1 0
 `dirname $0`/keystone-manage $* endpointTemplates add RegionOne cdn http://cdn.publicinternets.com/v1.1/%tenant_id% http://cdn.admin-nets.local/v1.1/%tenant_id% http://127.0.0.1:7777/v1.1/%tenant_id% 1 0
+
+#endpointTemplates
+`dirname $0`/keystone-manage $* endpointTemplates add RegionOne object_store http://swift.publicinternets.com/v1/AUTH_%tenant_id% http://swift.admin-nets.local:8080/ http://127.0.0.1:8080/v1/AUTH_%tenant_id% 1 0
+`dirname $0`/keystone-manage $* endpointTemplates add RegionOne compute http://nova.publicinternets.com/v1.0/ http://127.0.0.1:8774/v1.0  http://localhost:8774/v1.0 1 0
+`dirname $0`/keystone-manage $* endpointTemplates add RegionOne compute_v1 http://nova.publicinternets.com/v1.1/ http://127.0.0.1:8774/v1.1  http://localhost:8774/v1.1 1 0
+`dirname $0`/keystone-manage $* endpointTemplates add RegionOne image http://glance.publicinternets.com/v1.1/%tenant_id% http://nova.admin-nets.local/v1.1/%tenant_id% http://127.0.0.1:9292/v1.1/%tenant_id% 1 0
+`dirname $0`/keystone-manage $* endpointTemplates add RegionOne cdn http://cdn.publicinternets.com/v1.1/%tenant_id% http://cdn.admin-nets.local/v1.1/%tenant_id% http://127.0.0.1:7777/v1.1/%tenant_id% 1 0
 #Global endpointTemplate
-`dirname $0`/keystone-manage $* endpointTemplates add RegionOne keystone http://keystone.publicinternets.com/v2.0 http://127.0.0.1:5001/v2.0 http://127.0.0.1:5000/v2.0 1 1
+`dirname $0`/keystone-manage $* endpointTemplates add RegionOne identity http://keystone.publicinternets.com/v2.0 http://127.0.0.1:5001/v2.0 http://127.0.0.1:5000/v2.0 1 1
 
 
 # Groups
diff --git a/etc/keystone.conf b/etc/keystone.conf
index 8d6ec4f1..6a983f30 100755
--- a/etc/keystone.conf
+++ b/etc/keystone.conf
@@ -27,6 +27,9 @@ server_bind_host = 0.0.0.0
 # Port the bind the API server to
 server_bind_port = 5000
 
+#Role that allows to perform admin operations.
+keystone-admin-role=Admin
+
 [keystone.backends.sqlalchemy]
 # SQLAlchemy connection string for the reference implementation
 # registry server. Any valid SQLAlchemy connection string is fine.
diff --git a/keystone/__init__.py b/keystone/__init__.py
index 643310e5..d40bc04f 100644
--- a/keystone/__init__.py
+++ b/keystone/__init__.py
@@ -27,21 +27,3 @@ gettext.install('keystone')
 def version():
     return __version__
 
-'''
-TODO(Ziad): Commenting out so we don't load this always - remove eventually
-#TOKEN AUTH
-from auth_protocols.auth_token \
-        import filter_factory as tokenauth_factory
-
-#BASIC AUTH
-from auth_protocols.auth_basic \
-        import filter_factory as basicauth_factory
-
-#OPENID AUTH
-from auth_protocols.auth_openid \
-        import filter_factory as openidauth_factory
-
-#Remote Auth handler
-from middleware.remoteauth \
-        import filter_factory as remoteauth_factory
-'''
diff --git a/keystone/backends/__init__.py b/keystone/backends/__init__.py
index 89b3afb1..e123fa18 100644..100755
--- a/keystone/backends/__init__.py
+++ b/keystone/backends/__init__.py
@@ -22,9 +22,17 @@ from keystone.backends import api as api
 
 DEFAULT_BACKENDS = 'keystone.backends.sqlalchemy'
 
+#Configs applicable to all backends.
+#Reference to Admin Role.
+KeyStoneAdminRole = None
+
+
 def configure_backends(options):
     '''Load backends given in the 'backends' option.'''
     backend_names = options.get('backends', DEFAULT_BACKENDS)
     for backend in backend_names.split(','):
         backend_module = utils.import_module(backend)
         backend_module.configure_backend(options[backend])
+        #Initialialize common configs general to all backends.
+        global KeyStoneAdminRole
+        KeyStoneAdminRole = options["keystone-admin-role"]
diff --git a/keystone/backends/models.py b/keystone/backends/models.py
index 3543a485..3f00a319 100755
--- a/keystone/backends/models.py
+++ b/keystone/backends/models.py
@@ -58,4 +58,4 @@ def set_value(variable_name, value):
         Token = value
     elif variable_name == 'EndpointTemplates':
         global EndpointTemplates
-        EndpointTemplates = value                
-\ No newline at end of file
+        EndpointTemplates = value
diff --git a/keystone/logic/service.py b/keystone/logic/service.py
index b4124a25..aa87520e 100755
--- a/keystone/logic/service.py
+++ b/keystone/logic/service.py
@@ -19,6 +19,7 @@ import uuid
 
 import keystone.logic.types.auth as auth
 import keystone.logic.types.atom as atom
+import keystone.backends as backends
 import keystone.backends.api as api
 import keystone.backends.models as models
 import keystone.logic.types.fault as fault
@@ -27,7 +28,6 @@ import keystone.logic.types.role as roles
 import keystone.logic.types.user as get_users
 import keystone.logic.types.endpoint as endpoints
 import keystone.utils as utils
-#TODO(Yogi) Remove references to specific backend model and move them to generic models.
 
 
 class IdentityService(object):
@@ -488,13 +488,13 @@ class IdentityService(object):
                                    dtenantuser.email, dtenantuser.enabled))
         links = []
         if ts.__len__():
-            prev, next = api.user.users_get_by_tenant_get_page_markers(tenant_id,
-                                                             marker, limit)
+            prev, next = api.user.users_get_by_tenant_get_page_markers(
+                    tenant_id, marker, limit)
             if prev:
-                links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" % 
+                links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" %
                                       (url, prev, limit)))
             if next:
-                links.append(atom.Link('next', "%s?'marker=%s&limit=%s'" % 
+                links.append(atom.Link('next', "%s?'marker=%s&limit=%s'" %
                                       (url, next, limit)))
         return get_users.Users(ts, links)
 
@@ -509,10 +509,10 @@ class IdentityService(object):
         if ts.__len__():
             prev, next = api.user.users_get_page_markers(marker, limit)
             if prev:
-                links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" % 
+                links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" %
                                       (url, prev, limit)))
             if next:
-                links.append(atom.Link('next', "%s?'marker=%s&limit=%s'" % 
+                links.append(atom.Link('next', "%s?'marker=%s&limit=%s'" %
                                       (url, next, limit)))
         return get_users.Users(ts, links)
 
@@ -533,8 +533,8 @@ class IdentityService(object):
         for dusergroup, dusergroupAsso in dusergroups:
             ts.append(tenants.Group(dusergroup.id, dusergroup.tenant_id, None))
 
-        return get_users.User_Update(None, duser.id, duser.tenant_id, duser.email,
-                                 duser.enabled, ts)
+        return get_users.User_Update(None, duser.id, duser.tenant_id,
+                duser.email, duser.enabled, ts)
 
     def update_user(self, admin_token, user_id, user):
         self.__validate_token(admin_token)
@@ -582,7 +582,8 @@ class IdentityService(object):
 
         api.user.update(user_id, values)
 
-        return get_users.User_Update(user.password, None, None, None, None, None)
+        return get_users.User_Update(user.password,
+            None, None, None, None, None)
 
     def enable_disable_user(self, admin_token, user_id, user):
         self.__validate_token(admin_token)
@@ -600,7 +601,8 @@ class IdentityService(object):
 
         api.user.update(user_id, values)
 
-        return get_users.User_Update(None, None, None, None, user.enabled, None)
+        return get_users.User_Update(None,
+            None, None, None, user.enabled, None)
 
     def set_user_tenant(self, admin_token, user_id, user):
         self.__validate_token(admin_token)
@@ -617,7 +619,8 @@ class IdentityService(object):
         dtenant = self.validate_and_fetch_user_tenant(user.tenant_id)
         values = {'tenant_id': user.tenant_id}
         api.user.update(user_id, values)
-        return get_users.User_Update(None, None, user.tenant_id, None, None, None)
+        return get_users.User_Update(None,
+            None, user.tenant_id, None, None, None)
 
     def delete_user(self, admin_token, user_id):
         self.__validate_token(admin_token)
@@ -647,10 +650,10 @@ class IdentityService(object):
             prev, next = api.group.get_by_user_get_page_markers(user_id,
                                                         marker, limit)
             if prev:
-                links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" % 
+                links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" %
                                       (url, prev, limit)))
             if next:
-                links.append(atom.Link('next', "%s?'marker=%s&limit=%s'" % 
+                links.append(atom.Link('next', "%s?'marker=%s&limit=%s'" %
                                       (url, next, limit)))
         return tenants.Groups(ts, links)
 
@@ -704,10 +707,10 @@ class IdentityService(object):
                                                        marker, limit)
         links = []
         if prev:
-            links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" % 
+            links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" %
                                   (url, prev, limit)))
         if next:
-            links.append(atom.Link('next', "%s?'marker=%s&limit=%s'" % 
+            links.append(atom.Link('next', "%s?'marker=%s&limit=%s'" %
                                   (url, next, limit)))
         return tenants.GlobalGroups(ts, links)
 
@@ -890,7 +893,8 @@ class IdentityService(object):
         if admin:
             roleRefs = api.role.ref_get_all_global_roles(user.id)
             for roleRef in roleRefs:
-                if roleRef.role_id == "Admin" and roleRef.tenant_id is None:
+                if roleRef.role_id == backends.KeyStoneAdminRole\
+                        and roleRef.tenant_id is None:
                     return (token, user)
             raise fault.UnauthorizedFault("You are not authorized "
                                        "to make this call")
@@ -1004,12 +1008,15 @@ class IdentityService(object):
         ts = []
         dendpointTemplates = api.endpoint_template.get_page(marker, limit)
         for dendpointTemplate in dendpointTemplates:
-            ts.append(endpoints.EndpointTemplate(dendpointTemplate.id, dendpointTemplate.region,
-                                       dendpointTemplate.service, dendpointTemplate.public_url,
-                                       dendpointTemplate.admin_url,
-                                       dendpointTemplate.internal_url,
-                                       dendpointTemplate.enabled,
-                                       dendpointTemplate.is_global))
+            ts.append(endpoints.EndpointTemplate(
+                dendpointTemplate.id,
+                dendpointTemplate.region,
+                dendpointTemplate.service,
+                dendpointTemplate.public_url,
+                dendpointTemplate.admin_url,
+                dendpointTemplate.internal_url,
+                dendpointTemplate.enabled,
+                dendpointTemplate.is_global))
         prev, next = api.endpoint_template.get_page_markers(marker, limit)
         links = []
         if prev:
@@ -1025,10 +1032,17 @@ class IdentityService(object):
 
         dendpointTemplate = api.endpoint_template.get(endpoint_template_id)
         if not dendpointTemplate:
-            raise fault.ItemNotFoundFault("The endpoint template could not be found")
-        return endpoints.EndpointTemplate(dendpointTemplate.id, dendpointTemplate.region, dendpointTemplate.service,
-                                dendpointTemplate.public_url, dendpointTemplate.admin_url,
-                                dendpointTemplate.internal_url, dendpointTemplate.enabled, dendpointTemplate.is_global)
+            raise fault.ItemNotFoundFault(
+                "The endpoint template could not be found")
+        return endpoints.EndpointTemplate(
+            dendpointTemplate.id,
+            dendpointTemplate.region,
+            dendpointTemplate.service,
+            dendpointTemplate.public_url,
+            dendpointTemplate.admin_url,
+            dendpointTemplate.internal_url,
+            dendpointTemplate.enabled,
+            dendpointTemplate.is_global)
 
     def get_tenant_endpoints(self, admin_token, marker, limit, url, tenant_id):
         self.__validate_token(admin_token)
@@ -1041,8 +1055,9 @@ class IdentityService(object):
         ts = []
 
         dtenantEndpoints = \
-            api.endpoint_template.endpoint_get_by_tenant_get_page(tenant_id, marker,
-                                                          limit)
+            api.endpoint_template.\
+                endpoint_get_by_tenant_get_page(
+                    tenant_id, marker, limit)
         for dtenantEndpoint in dtenantEndpoints:
             ts.append(endpoints.Endpoint(dtenantEndpoint.id,
                     url + '/endpointTemplates/' + \
diff --git a/keystone/test/unit/test_authentication.py b/keystone/test/unit/test_authentication.py
index 5d492c44..b91ff75d 100755
--- a/keystone/test/unit/test_authentication.py
+++ b/keystone/test/unit/test_authentication.py
@@ -91,7 +91,7 @@ class AuthenticationTest(unittest.TestCase):
         #self.assertTrue(resp['x-storage-url'])
         self.assertTrue(resp['x-glance'])
         #Assert Existence of global endpoint
-        self.assertTrue(resp['x-keystone'])
+        self.assertTrue(resp['x-identity'])
 
     def test_a_authorize_user_disabled(self):
         header = httplib2.Http(".cache")
author	Dolph Mathews <dolph.mathews@rackspace.com>	2011-07-01 17:07:39 -0500
committer	Dolph Mathews <dolph.mathews@rackspace.com>	2011-07-01 17:07:39 -0500
commit	79d110e33ba328c671e5e9fa375b76b8a0a1422b (patch)
tree	e15fda6696daed61771df2c9dd3eeb56a9889721
parent	806b2372500b9ef2626e797d463817175de85d12 (diff)
parent	e9b406ea4bda2a34e64d52c86b7ace41a5f42c4c (diff)
download	keystone-79d110e33ba328c671e5e9fa375b76b8a0a1422b.tar.gz keystone-79d110e33ba328c671e5e9fa375b76b8a0a1422b.tar.xz keystone-79d110e33ba328c671e5e9fa375b76b8a0a1422b.zip