diff options
Diffstat (limited to 'keystone/identity/core.py')
-rw-r--r-- | keystone/identity/core.py | 382 |
1 files changed, 94 insertions, 288 deletions
diff --git a/keystone/identity/core.py b/keystone/identity/core.py index a254470e..b2b3eaf0 100644 --- a/keystone/identity/core.py +++ b/keystone/identity/core.py @@ -52,6 +52,7 @@ def filter_user(user_ref): @dependency.provider('identity_api') +@dependency.requires('assignment_api') class Manager(manager.Manager): """Default pivot point for the Identity backend. @@ -63,15 +64,6 @@ class Manager(manager.Manager): def __init__(self): super(Manager, self).__init__(CONF.identity.driver) - def authenticate(self, user_id=None, tenant_id=None, password=None): - """Authenticate a given user and password and - authorize them for a tenant. - :returns: (user_ref, tenant_ref, metadata_ref) - :raises: AssertionError - """ - user_ref = self.driver.authenticate_user(user_id, password) - return self.driver.authorize_for_project(user_ref, tenant_id) - def create_user(self, user_id, user_ref): user = user_ref.copy() user['name'] = clean.user_name(user['name']) @@ -97,288 +89,133 @@ class Manager(manager.Manager): tenant.setdefault('enabled', True) tenant['enabled'] = clean.project_enabled(tenant['enabled']) tenant.setdefault('description', '') - return self.driver.create_project(tenant_id, tenant) + return self.assignment_api.create_project(tenant_id, tenant) def update_project(self, tenant_id, tenant_ref): tenant = tenant_ref.copy() if 'enabled' in tenant: tenant['enabled'] = clean.project_enabled(tenant['enabled']) - return self.driver.update_project(tenant_id, tenant) - - -class Driver(object): - """Interface description for an Identity driver.""" - - def authenticate_user(self, user_id, password): - """Authenticate a given user and password. - :returns: user_ref - :raises: AssertionError - """ - raise exception.NotImplemented() - - def authorize_for_project(self, tenant_id, user_ref): - """Authenticate a given user for a tenant. - :returns: (user_ref, tenant_ref, metadata_ref) - :raises: AssertionError - """ - raise exception.NotImplemented() + return self.assignment_api.update_project(tenant_id, tenant) def get_project_by_name(self, tenant_name, domain_id): - """Get a tenant by name. - - :returns: tenant_ref - :raises: keystone.exception.ProjectNotFound - - """ - raise exception.NotImplemented() - - def get_user_by_name(self, user_name, domain_id): - """Get a user by name. - - :returns: user_ref - :raises: keystone.exception.UserNotFound - - """ - raise exception.NotImplemented() - - def add_user_to_project(self, tenant_id, user_id): - """Add user to a tenant by creating a default role relationship. - - :raises: keystone.exception.ProjectNotFound, - keystone.exception.UserNotFound + return self.assignment_api.get_project_by_name(tenant_name, domain_id) - """ - self.add_role_to_user_and_project(user_id, - tenant_id, - config.CONF.member_role_id) - - def remove_user_from_project(self, tenant_id, user_id): - """Remove user from a tenant + def get_project(self, tenant_id): + return self.assignment_api.get_project(tenant_id) - :raises: keystone.exception.ProjectNotFound, - keystone.exception.UserNotFound + def list_projects(self, domain_id=None): + return self.assignment_api.list_projects(domain_id) - """ - roles = self.get_roles_for_user_and_project(user_id, tenant_id) - if not roles: - raise exception.NotFound(tenant_id) - for role_id in roles: - self.remove_role_from_user_and_project(user_id, tenant_id, role_id) - - def get_project_users(self, tenant_id): - """Lists all users with a relationship to the specified project. - - :returns: a list of user_refs or an empty set. - :raises: keystone.exception.ProjectNotFound + def get_role(self, role_id): + return self.assignment_api.get_role(role_id) - """ - raise exception.NotImplemented() + def list_roles(self): + return self.assignment_api.list_roles() def get_projects_for_user(self, user_id): - """Get the tenants associated with a given user. + return self.assignment_api.get_projects_for_user(user_id) - :returns: a list of tenant_id's. - :raises: keystone.exception.UserNotFound - - """ - raise exception.NotImplemented() + def get_project_users(self, tenant_id): + return self.assignment_api.get_project_users(tenant_id) def get_roles_for_user_and_project(self, user_id, tenant_id): - """Get the roles associated with a user within given tenant. - - :returns: a list of role ids. - :raises: keystone.exception.UserNotFound, - keystone.exception.ProjectNotFound - - """ - raise exception.NotImplemented() + return self.assignment_api.get_roles_for_user_and_project( + user_id, tenant_id) def get_roles_for_user_and_domain(self, user_id, domain_id): - """Get the roles associated with a user within given domain. - - :returns: a list of role ids. - :raises: keystone.exception.UserNotFound, - keystone.exception.ProjectNotFound - - """ - - def update_metadata_for_group_domain_roles(self, metadata_ref, - user_id, domain_id): - group_refs = self.list_groups_for_user(user_id=user_id) - for x in group_refs: - try: - metadata_ref.update( - self.get_metadata(group_id=x['id'], - domain_id=domain_id)) - except exception.MetadataNotFound: - # no group grant, skip - pass - - def update_metadata_for_user_domain_roles(self, metadata_ref, - user_id, domain_id): - try: - metadata_ref.update(self.get_metadata(user_id=user_id, - domain_id=domain_id)) - except exception.MetadataNotFound: - pass - - self.get_user(user_id) - self.get_domain(domain_id) - metadata_ref = {} - update_metadata_for_user_domain_roles(self, metadata_ref, - user_id, domain_id) - update_metadata_for_group_domain_roles(self, metadata_ref, - user_id, domain_id) - return list(set(metadata_ref.get('roles', []))) - - def add_role_to_user_and_project(self, user_id, tenant_id, role_id): - """Add a role to a user within given tenant. - - :raises: keystone.exception.UserNotFound, - keystone.exception.ProjectNotFound, - keystone.exception.RoleNotFound - """ - raise exception.NotImplemented() - - def remove_role_from_user_and_project(self, user_id, tenant_id, role_id): - """Remove a role from a user within given tenant. - - :raises: keystone.exception.UserNotFound, - keystone.exception.ProjectNotFound, - keystone.exception.RoleNotFound + return (self.assignment_api.get_roles_for_user_and_domain + (user_id, domain_id)) - """ - raise exception.NotImplemented() - - # metadata crud - def get_metadata(self, user_id=None, tenant_id=None, - domain_id=None, group_id=None): - """Gets the metadata for the specified user/group on project/domain. + def _subrole_id_to_dn(self, role_id, tenant_id): + return self.assignment_api._subrole_id_to_dn(role_id, tenant_id) - :raises: keystone.exception.MetadataNotFound - :returns: metadata - - """ - raise exception.NotImplemented() + def add_role_to_user_and_project(self, user_id, + tenant_id, role_id): + return (self.assignment_api.add_role_to_user_and_project + (user_id, tenant_id, role_id)) - def create_metadata(self, user_id, tenant_id, metadata, - domain_id=None, group_id=None): - """Creates the metadata for the specified user/group on project/domain. - - :returns: metadata created + def create_role(self, role_id, role): + return self.assignment_api.create_role(role_id, role) - """ - raise exception.NotImplemented() + def delete_role(self, role_id): + return self.assignment_api.delete_role(role_id) - def update_metadata(self, user_id, tenant_id, metadata, - domain_id=None, group_id=None): - """Updates the metadata for the specified user/group on project/domain. + def delete_project(self, tenant_id): + return self.assignment_api.delete_project(tenant_id) - :returns: metadata updated + def remove_role_from_user_and_project(self, user_id, + tenant_id, role_id): + return (self.assignment_api.remove_role_from_user_and_project + (user_id, tenant_id, role_id)) - """ - raise exception.NotImplemented() + def update_role(self, role_id, role): + return self.assignment_api.update_role(role_id, role) + + def create_grant(self, role_id, user_id=None, group_id=None, + domain_id=None, project_id=None, + inherited_to_projects=False): + return (self.assignment_api.create_grant + (role_id, user_id, group_id, domain_id, project_id, + inherited_to_projects)) + + def list_grants(self, user_id=None, group_id=None, + domain_id=None, project_id=None, + inherited_to_projects=False): + return (self.assignment_api.list_grants + (user_id, group_id, domain_id, project_id, + inherited_to_projects)) + + def get_grant(self, role_id, user_id=None, group_id=None, + domain_id=None, project_id=None, + inherited_to_projects=False): + return (self.assignment_api.get_grant + (role_id, user_id, group_id, domain_id, project_id, + inherited_to_projects)) + + def delete_grant(self, role_id, user_id=None, group_id=None, + domain_id=None, project_id=None, + inherited_to_projects=False): + return (self.assignment_api.delete_grant + (role_id, user_id, group_id, domain_id, project_id, + inherited_to_projects)) - # domain crud def create_domain(self, domain_id, domain): - """Creates a new domain. - - :raises: keystone.exception.Conflict - - """ - raise exception.NotImplemented() - - def list_domains(self): - """List all domains in the system. - - :returns: a list of domain_refs or an empty list. - - """ - raise exception.NotImplemented() - - def get_domain(self, domain_id): - """Get a domain by ID. - - :returns: domain_ref - :raises: keystone.exception.DomainNotFound - - """ - raise exception.NotImplemented() + return self.assignment_api.create_domain(domain_id, domain) def get_domain_by_name(self, domain_name): - """Get a domain by name. + return self.assignment_api.get_domain_by_name(domain_name) - :returns: domain_ref - :raises: keystone.exception.DomainNotFound - - """ - raise exception.NotImplemented() + def get_domain(self, domain_id): + return self.assignment_api.get_domain(domain_id) def update_domain(self, domain_id, domain): - """Updates an existing domain. - - :raises: keystone.exception.DomainNotFound, - keystone.exception.Conflict - - """ - raise exception.NotImplemented() + return self.assignment_api.update_domain(domain_id, domain) def delete_domain(self, domain_id): - """Deletes an existing domain. - - :raises: keystone.exception.DomainNotFound - - """ - raise exception.NotImplemented() + return self.assignment_api.delete_domain(domain_id) - # project crud - def create_project(self, project_id, project): - """Creates a new project. - - :raises: keystone.exception.Conflict - - """ - raise exception.NotImplemented() - - def list_projects(self): - """List all projects in the system. - - :returns: a list of project_refs or an empty list. - - """ - raise exception.NotImplemented() + def list_domains(self): + return self.assignment_api.list_domains() def list_user_projects(self, user_id): - """List all projects associated with a given user. + return self.assignment_api.list_user_projects(user_id) - :returns: a list of project_refs or an empty list. - - """ - raise exception.NotImplemented() - - def get_project(self, project_id): - """Get a project by ID. - - :returns: project_ref - :raises: keystone.exception.ProjectNotFound - - """ - raise exception.NotImplemented() - - def update_project(self, project_id, project): - """Updates an existing project. - - :raises: keystone.exception.ProjectNotFound, - keystone.exception.Conflict + def add_user_to_project(self, tenant_id, user_id): + return self.assignment_api.add_user_to_project(tenant_id, user_id) - """ - raise exception.NotImplemented() + def remove_user_from_project(self, tenant_id, user_id): + return self.assignment_api.remove_user_from_project(tenant_id, user_id) - def delete_project(self, project_id): - """Deletes an existing project. + def list_role_assignments(self): + return self.assignment_api.list_role_assignments() - :raises: keystone.exception.ProjectNotFound +class Driver(object): + """Interface description for an Identity driver.""" + def authenticate(self, user_id, password): + """Authenticate a given user and password. + :returns: user_ref + :raises: AssertionError """ raise exception.NotImplemented() @@ -460,46 +297,11 @@ class Driver(object): """ raise exception.NotImplemented() - # role crud - - def create_role(self, role_id, role): - """Creates a new role. - - :raises: keystone.exception.Conflict - - """ - raise exception.NotImplemented() - - def list_roles(self): - """List all roles in the system. - - :returns: a list of role_refs or an empty list. - - """ - raise exception.NotImplemented() - - def get_role(self, role_id): - """Get a role by ID. - - :returns: role_ref - :raises: keystone.exception.RoleNotFound - - """ - raise exception.NotImplemented() - - def update_role(self, role_id, role): - """Updates an existing role. - - :raises: keystone.exception.RoleNotFound, - keystone.exception.Conflict - - """ - raise exception.NotImplemented() - - def delete_role(self, role_id): - """Deletes an existing role. + def get_user_by_name(self, user_name, domain_id): + """Get a user by name. - :raises: keystone.exception.RoleNotFound + :returns: user_ref + :raises: keystone.exception.UserNotFound """ raise exception.NotImplemented() @@ -555,3 +357,7 @@ class Driver(object): """ raise exception.NotImplemented() + + #end of identity + + # Assignments |