Initial set of changes to move role operations to extensions.

Change-Id: Ibe3dc1f4b428f423ddd5e5c5e8eab171abf36a65
author: Yogeshwar Srikrishnan <yoga80@yahoo.com> 2011-09-22 13:01:07 -0500
committer: Yogeshwar Srikrishnan <yoga80@yahoo.com> 2011-09-22 13:01:07 -0500
commit: fec0c7402b112e2d8795c18807e026a7cb36e54b (patch)
tree: de7cacd2f56b094ebe48604974c400c3e4bb509d
parent: be05e312176bb06c8c8ed6b360c8c8af36b0a064 (diff)
download: keystone-fec0c7402b112e2d8795c18807e026a7cb36e54b.tar.gz
keystone-fec0c7402b112e2d8795c18807e026a7cb36e54b.tar.xz
keystone-fec0c7402b112e2d8795c18807e026a7cb36e54b.zip
7 files changed, 59 insertions, 30 deletions
diff --git a/keystone/content/admin/OS-KSADM-admin.wadl b/keystone/content/admin/OS-KSADM-admin.wadl
index 183774c6..3f6176ec 100644
--- a/keystone/content/admin/OS-KSADM-admin.wadl
+++ b/keystone/content/admin/OS-KSADM-admin.wadl
@@ -300,7 +300,7 @@
         <doc xml:lang="EN" title="Add roles to a user on a tenant.">
             <p xmlns="http://www.w3.org/1999/xhtml">Adds a specific role to a user for a tenant.</p>
         </doc>
-        <response status="200"/>
+        <response status="201"/>
         &commonFaults;
         &postPutFaults;
         &getFaults;
@@ -480,7 +480,7 @@
         <doc xml:lang="EN" title="Add Global roles to a user.">
             <p xmlns="http://www.w3.org/1999/xhtml">Adds a specific global role to a user.</p>
         </doc>
-        <response status="200"/>
+        <response status="201"/>
         &commonFaults;
         &postPutFaults;
         &getFaults;
@@ -836,4 +836,4 @@
         &commonFaults;
         &getFaults;
     </method>
-</application>
-\ No newline at end of file
+</application>
diff --git a/keystone/contrib/extensions/admin/osksadm/extension_handler.py b/keystone/contrib/extensions/admin/osksadm/extension_handler.py
index 7cee648c..b3420016 100644
--- a/keystone/contrib/extensions/admin/osksadm/extension_handler.py
+++ b/keystone/contrib/extensions/admin/osksadm/extension_handler.py
@@ -18,11 +18,12 @@
 
 from keystone.contrib.extensions.admin.extension import BaseExtensionHandler
 from keystone.controllers.services import ServicesController
+from keystone.controllers.roles import RolesController
 
 
 class ExtensionHandler(BaseExtensionHandler):
     def map_extension_methods(self, mapper, options):
-        # Services Controller
+        # Services
         services_controller = ServicesController(options)
         mapper.connect("/OS-KSADM/services",
                     controller=services_controller,
@@ -40,3 +41,29 @@ class ExtensionHandler(BaseExtensionHandler):
                     controller=services_controller,
                     action="get_service",
                     conditions=dict(method=["GET"]))
+        #Roles
+        roles_controller = RolesController(options)
+        mapper.connect("/OS-KSADM/roles", controller=roles_controller,
+                    action="create_role", conditions=dict(method=["POST"]))
+        mapper.connect("/OS-KSADM/roles", controller=roles_controller,
+                    action="get_roles", conditions=dict(method=["GET"]))
+        mapper.connect("/OS-KSADM/roles/{role_id}",
+            controller=roles_controller, action="get_role",
+                conditions=dict(method=["GET"]))
+        mapper.connect("/OS-KSADM/roles/{role_id}",
+            controller=roles_controller, action="delete_role",
+            conditions=dict(method=["DELETE"]))
+
+        #User Roles
+        mapper.connect("/users/{user_id}/OS-KSADM/{role_id}",
+            controller=roles_controller, action="add_global_role_to_user",
+            conditions=dict(method=["POST"]))
+        mapper.connect("/users/{user_id}/roleRefs",
+            controller=roles_controller, action="get_role_refs",
+            conditions=dict(method=["GET"]))
+        mapper.connect("/users/{user_id}/roleRefs",
+            controller=roles_controller, action="create_role_ref",
+            conditions=dict(method=["POST"]))
+        mapper.connect("/users/{user_id}/roleRefs/{role_ref_id}",
+            controller=roles_controller, action="delete_role_ref",
+            conditions=dict(method=["DELETE"]))
diff --git a/keystone/controllers/roles.py b/keystone/controllers/roles.py
index 44657b96..13da6bf4 100644
--- a/keystone/controllers/roles.py
+++ b/keystone/controllers/roles.py
@@ -54,3 +54,9 @@ class RolesController(wsgi.Controller):
         rval = config.SERVICE.delete_role_ref(utils.get_auth_token(req),
             role_ref_id)
         return utils.send_result(204, req, rval)
+
+    @utils.wrap_error
+    def add_global_role_to_user(self, req, user_id, role_id):
+        config.SERVICE.add_global_role_to_user(utils.get_auth_token(req),
+            user_id, role_id)
+        return utils.send_result(201)
diff --git a/keystone/logic/service.py b/keystone/logic/service.py
index 0fc60846..98f8db38 100755
--- a/keystone/logic/service.py
+++ b/keystone/logic/service.py
@@ -655,6 +655,21 @@ class IdentityService(object):
         api.ROLE.ref_delete(role_ref_id)
         return None
 
+    def add_global_role_to_user(self, admin_token, user_id, role_id):
+        self.__validate_service_or_keystone_admin_token(admin_token)
+        duser = api.USER.get(user_id)
+        if not duser:
+            raise fault.ItemNotFoundFault("The user could not be found")
+
+        drole = api.ROLE.get(role_id)
+        if drole == None:
+            raise fault.ItemNotFoundFault("The role not found")
+
+        drole_ref = models.UserRoleAssociation()
+        drole_ref.user_id = duser.id
+        drole_ref.role_id = drole.id
+        api.USER.user_role_add(drole_ref)
+
     def get_user_roles(self, admin_token, marker, limit, url, user_id):
         self.__validate_service_or_keystone_admin_token(admin_token)
         duser = api.USER.get(user_id)
diff --git a/keystone/middleware/auth_token.py b/keystone/middleware/auth_token.py
index f6fd07d7..ccd5f2c0 100755
--- a/keystone/middleware/auth_token.py
+++ b/keystone/middleware/auth_token.py
@@ -56,7 +56,7 @@ import json
 import os
 from paste.deploy import loadapp
 from urlparse import urlparse
-from webob.exc import HTTPUnauthorized, HTTPUseProxy
+from webob.exc import HTTPUnauthorized
 from webob.exc import Request, Response
 import keystone.tools.tracer  # @UnusedImport # module runs on import
 
diff --git a/keystone/routers/admin.py b/keystone/routers/admin.py
index d63304f9..f812ecd6 100755
--- a/keystone/routers/admin.py
+++ b/keystone/routers/admin.py
@@ -21,7 +21,6 @@ from keystone.common import wsgi
 import keystone.backends as db
 from keystone.controllers.auth import AuthController
 from keystone.controllers.endpointtemplates import EndpointTemplatesController
-from keystone.controllers.roles import RolesController
 from keystone.controllers.staticfiles import StaticFilesController
 from keystone.controllers.tenant import TenantController
 from keystone.controllers.user import UserController
@@ -110,26 +109,6 @@ class AdminApi(wsgi.Router):
                     action="get_tenant_users",
                     conditions=dict(method=["GET"]))
 
-        #Roles
-        roles_controller = RolesController(options)
-        mapper.connect("/roles", controller=roles_controller,
-                    action="create_role", conditions=dict(method=["POST"]))
-        mapper.connect("/roles", controller=roles_controller,
-                    action="get_roles", conditions=dict(method=["GET"]))
-        mapper.connect("/roles/{role_id}", controller=roles_controller,
-                    action="get_role", conditions=dict(method=["GET"]))
-        mapper.connect("/roles/{role_id}", controller=roles_controller,
-            action="delete_role", conditions=dict(method=["DELETE"]))
-        mapper.connect("/users/{user_id}/roleRefs",
-            controller=roles_controller, action="get_role_refs",
-            conditions=dict(method=["GET"]))
-        mapper.connect("/users/{user_id}/roleRefs",
-            controller=roles_controller, action="create_role_ref",
-            conditions=dict(method=["POST"]))
-        mapper.connect("/users/{user_id}/roleRefs/{role_ref_id}",
-            controller=roles_controller, action="delete_role_ref",
-            conditions=dict(method=["DELETE"]))
-
         #EndpointTemplatesControllers and Endpoints
         endpoint_templates_controller = EndpointTemplatesController(options)
         mapper.connect("/endpointTemplates",
diff --git a/keystone/test/functional/common.py b/keystone/test/functional/common.py
index c408905a..df7ba527 100644
--- a/keystone/test/functional/common.py
+++ b/keystone/test/functional/common.py
@@ -290,21 +290,23 @@ class ApiTestCase(RestfulTestCase):
 
     def post_role(self, **kwargs):
         """POST /roles"""
-        return self.admin_request(method='POST', path='/roles', **kwargs)
+        return self.admin_request(method='POST',
+            path='/OS-KSADM/roles', **kwargs)
 
     def get_roles(self, **kwargs):
         """GET /roles"""
-        return self.admin_request(method='GET', path='/roles', **kwargs)
+        return self.admin_request(method='GET',
+            path='/OS-KSADM/roles', **kwargs)
 
     def get_role(self, role_id, **kwargs):
         """GET /roles/{role_id}"""
         return self.admin_request(method='GET',
-            path='/roles/%s' % (role_id,), **kwargs)
+            path='/OS-KSADM/roles/%s' % (role_id,), **kwargs)
 
     def delete_role(self, role_id, **kwargs):
         """DELETE /roles/{role_id}"""
         return self.admin_request(method='DELETE',
-            path='/roles/%s' % (role_id,), **kwargs)
+            path='/OS-KSADM/roles/%s' % (role_id,), **kwargs)
 
     def get_endpoint_templates(self, **kwargs):
         """GET /endpointTemplates"""
author	Yogeshwar Srikrishnan <yoga80@yahoo.com>	2011-09-22 13:01:07 -0500
committer	Yogeshwar Srikrishnan <yoga80@yahoo.com>	2011-09-22 13:01:07 -0500
commit	fec0c7402b112e2d8795c18807e026a7cb36e54b (patch)
tree	de7cacd2f56b094ebe48604974c400c3e4bb509d
parent	be05e312176bb06c8c8ed6b360c8c8af36b0a064 (diff)
download	keystone-fec0c7402b112e2d8795c18807e026a7cb36e54b.tar.gz keystone-fec0c7402b112e2d8795c18807e026a7cb36e54b.tar.xz keystone-fec0c7402b112e2d8795c18807e026a7cb36e54b.zip