summaryrefslogtreecommitdiffstats
path: root/keystone/identity/core.py
diff options
context:
space:
mode:
Diffstat (limited to 'keystone/identity/core.py')
-rw-r--r--keystone/identity/core.py382
1 files changed, 94 insertions, 288 deletions
diff --git a/keystone/identity/core.py b/keystone/identity/core.py
index a254470e..b2b3eaf0 100644
--- a/keystone/identity/core.py
+++ b/keystone/identity/core.py
@@ -52,6 +52,7 @@ def filter_user(user_ref):
@dependency.provider('identity_api')
+@dependency.requires('assignment_api')
class Manager(manager.Manager):
"""Default pivot point for the Identity backend.
@@ -63,15 +64,6 @@ class Manager(manager.Manager):
def __init__(self):
super(Manager, self).__init__(CONF.identity.driver)
- def authenticate(self, user_id=None, tenant_id=None, password=None):
- """Authenticate a given user and password and
- authorize them for a tenant.
- :returns: (user_ref, tenant_ref, metadata_ref)
- :raises: AssertionError
- """
- user_ref = self.driver.authenticate_user(user_id, password)
- return self.driver.authorize_for_project(user_ref, tenant_id)
-
def create_user(self, user_id, user_ref):
user = user_ref.copy()
user['name'] = clean.user_name(user['name'])
@@ -97,288 +89,133 @@ class Manager(manager.Manager):
tenant.setdefault('enabled', True)
tenant['enabled'] = clean.project_enabled(tenant['enabled'])
tenant.setdefault('description', '')
- return self.driver.create_project(tenant_id, tenant)
+ return self.assignment_api.create_project(tenant_id, tenant)
def update_project(self, tenant_id, tenant_ref):
tenant = tenant_ref.copy()
if 'enabled' in tenant:
tenant['enabled'] = clean.project_enabled(tenant['enabled'])
- return self.driver.update_project(tenant_id, tenant)
-
-
-class Driver(object):
- """Interface description for an Identity driver."""
-
- def authenticate_user(self, user_id, password):
- """Authenticate a given user and password.
- :returns: user_ref
- :raises: AssertionError
- """
- raise exception.NotImplemented()
-
- def authorize_for_project(self, tenant_id, user_ref):
- """Authenticate a given user for a tenant.
- :returns: (user_ref, tenant_ref, metadata_ref)
- :raises: AssertionError
- """
- raise exception.NotImplemented()
+ return self.assignment_api.update_project(tenant_id, tenant)
def get_project_by_name(self, tenant_name, domain_id):
- """Get a tenant by name.
-
- :returns: tenant_ref
- :raises: keystone.exception.ProjectNotFound
-
- """
- raise exception.NotImplemented()
-
- def get_user_by_name(self, user_name, domain_id):
- """Get a user by name.
-
- :returns: user_ref
- :raises: keystone.exception.UserNotFound
-
- """
- raise exception.NotImplemented()
-
- def add_user_to_project(self, tenant_id, user_id):
- """Add user to a tenant by creating a default role relationship.
-
- :raises: keystone.exception.ProjectNotFound,
- keystone.exception.UserNotFound
+ return self.assignment_api.get_project_by_name(tenant_name, domain_id)
- """
- self.add_role_to_user_and_project(user_id,
- tenant_id,
- config.CONF.member_role_id)
-
- def remove_user_from_project(self, tenant_id, user_id):
- """Remove user from a tenant
+ def get_project(self, tenant_id):
+ return self.assignment_api.get_project(tenant_id)
- :raises: keystone.exception.ProjectNotFound,
- keystone.exception.UserNotFound
+ def list_projects(self, domain_id=None):
+ return self.assignment_api.list_projects(domain_id)
- """
- roles = self.get_roles_for_user_and_project(user_id, tenant_id)
- if not roles:
- raise exception.NotFound(tenant_id)
- for role_id in roles:
- self.remove_role_from_user_and_project(user_id, tenant_id, role_id)
-
- def get_project_users(self, tenant_id):
- """Lists all users with a relationship to the specified project.
-
- :returns: a list of user_refs or an empty set.
- :raises: keystone.exception.ProjectNotFound
+ def get_role(self, role_id):
+ return self.assignment_api.get_role(role_id)
- """
- raise exception.NotImplemented()
+ def list_roles(self):
+ return self.assignment_api.list_roles()
def get_projects_for_user(self, user_id):
- """Get the tenants associated with a given user.
+ return self.assignment_api.get_projects_for_user(user_id)
- :returns: a list of tenant_id's.
- :raises: keystone.exception.UserNotFound
-
- """
- raise exception.NotImplemented()
+ def get_project_users(self, tenant_id):
+ return self.assignment_api.get_project_users(tenant_id)
def get_roles_for_user_and_project(self, user_id, tenant_id):
- """Get the roles associated with a user within given tenant.
-
- :returns: a list of role ids.
- :raises: keystone.exception.UserNotFound,
- keystone.exception.ProjectNotFound
-
- """
- raise exception.NotImplemented()
+ return self.assignment_api.get_roles_for_user_and_project(
+ user_id, tenant_id)
def get_roles_for_user_and_domain(self, user_id, domain_id):
- """Get the roles associated with a user within given domain.
-
- :returns: a list of role ids.
- :raises: keystone.exception.UserNotFound,
- keystone.exception.ProjectNotFound
-
- """
-
- def update_metadata_for_group_domain_roles(self, metadata_ref,
- user_id, domain_id):
- group_refs = self.list_groups_for_user(user_id=user_id)
- for x in group_refs:
- try:
- metadata_ref.update(
- self.get_metadata(group_id=x['id'],
- domain_id=domain_id))
- except exception.MetadataNotFound:
- # no group grant, skip
- pass
-
- def update_metadata_for_user_domain_roles(self, metadata_ref,
- user_id, domain_id):
- try:
- metadata_ref.update(self.get_metadata(user_id=user_id,
- domain_id=domain_id))
- except exception.MetadataNotFound:
- pass
-
- self.get_user(user_id)
- self.get_domain(domain_id)
- metadata_ref = {}
- update_metadata_for_user_domain_roles(self, metadata_ref,
- user_id, domain_id)
- update_metadata_for_group_domain_roles(self, metadata_ref,
- user_id, domain_id)
- return list(set(metadata_ref.get('roles', [])))
-
- def add_role_to_user_and_project(self, user_id, tenant_id, role_id):
- """Add a role to a user within given tenant.
-
- :raises: keystone.exception.UserNotFound,
- keystone.exception.ProjectNotFound,
- keystone.exception.RoleNotFound
- """
- raise exception.NotImplemented()
-
- def remove_role_from_user_and_project(self, user_id, tenant_id, role_id):
- """Remove a role from a user within given tenant.
-
- :raises: keystone.exception.UserNotFound,
- keystone.exception.ProjectNotFound,
- keystone.exception.RoleNotFound
+ return (self.assignment_api.get_roles_for_user_and_domain
+ (user_id, domain_id))
- """
- raise exception.NotImplemented()
-
- # metadata crud
- def get_metadata(self, user_id=None, tenant_id=None,
- domain_id=None, group_id=None):
- """Gets the metadata for the specified user/group on project/domain.
+ def _subrole_id_to_dn(self, role_id, tenant_id):
+ return self.assignment_api._subrole_id_to_dn(role_id, tenant_id)
- :raises: keystone.exception.MetadataNotFound
- :returns: metadata
-
- """
- raise exception.NotImplemented()
+ def add_role_to_user_and_project(self, user_id,
+ tenant_id, role_id):
+ return (self.assignment_api.add_role_to_user_and_project
+ (user_id, tenant_id, role_id))
- def create_metadata(self, user_id, tenant_id, metadata,
- domain_id=None, group_id=None):
- """Creates the metadata for the specified user/group on project/domain.
-
- :returns: metadata created
+ def create_role(self, role_id, role):
+ return self.assignment_api.create_role(role_id, role)
- """
- raise exception.NotImplemented()
+ def delete_role(self, role_id):
+ return self.assignment_api.delete_role(role_id)
- def update_metadata(self, user_id, tenant_id, metadata,
- domain_id=None, group_id=None):
- """Updates the metadata for the specified user/group on project/domain.
+ def delete_project(self, tenant_id):
+ return self.assignment_api.delete_project(tenant_id)
- :returns: metadata updated
+ def remove_role_from_user_and_project(self, user_id,
+ tenant_id, role_id):
+ return (self.assignment_api.remove_role_from_user_and_project
+ (user_id, tenant_id, role_id))
- """
- raise exception.NotImplemented()
+ def update_role(self, role_id, role):
+ return self.assignment_api.update_role(role_id, role)
+
+ def create_grant(self, role_id, user_id=None, group_id=None,
+ domain_id=None, project_id=None,
+ inherited_to_projects=False):
+ return (self.assignment_api.create_grant
+ (role_id, user_id, group_id, domain_id, project_id,
+ inherited_to_projects))
+
+ def list_grants(self, user_id=None, group_id=None,
+ domain_id=None, project_id=None,
+ inherited_to_projects=False):
+ return (self.assignment_api.list_grants
+ (user_id, group_id, domain_id, project_id,
+ inherited_to_projects))
+
+ def get_grant(self, role_id, user_id=None, group_id=None,
+ domain_id=None, project_id=None,
+ inherited_to_projects=False):
+ return (self.assignment_api.get_grant
+ (role_id, user_id, group_id, domain_id, project_id,
+ inherited_to_projects))
+
+ def delete_grant(self, role_id, user_id=None, group_id=None,
+ domain_id=None, project_id=None,
+ inherited_to_projects=False):
+ return (self.assignment_api.delete_grant
+ (role_id, user_id, group_id, domain_id, project_id,
+ inherited_to_projects))
- # domain crud
def create_domain(self, domain_id, domain):
- """Creates a new domain.
-
- :raises: keystone.exception.Conflict
-
- """
- raise exception.NotImplemented()
-
- def list_domains(self):
- """List all domains in the system.
-
- :returns: a list of domain_refs or an empty list.
-
- """
- raise exception.NotImplemented()
-
- def get_domain(self, domain_id):
- """Get a domain by ID.
-
- :returns: domain_ref
- :raises: keystone.exception.DomainNotFound
-
- """
- raise exception.NotImplemented()
+ return self.assignment_api.create_domain(domain_id, domain)
def get_domain_by_name(self, domain_name):
- """Get a domain by name.
+ return self.assignment_api.get_domain_by_name(domain_name)
- :returns: domain_ref
- :raises: keystone.exception.DomainNotFound
-
- """
- raise exception.NotImplemented()
+ def get_domain(self, domain_id):
+ return self.assignment_api.get_domain(domain_id)
def update_domain(self, domain_id, domain):
- """Updates an existing domain.
-
- :raises: keystone.exception.DomainNotFound,
- keystone.exception.Conflict
-
- """
- raise exception.NotImplemented()
+ return self.assignment_api.update_domain(domain_id, domain)
def delete_domain(self, domain_id):
- """Deletes an existing domain.
-
- :raises: keystone.exception.DomainNotFound
-
- """
- raise exception.NotImplemented()
+ return self.assignment_api.delete_domain(domain_id)
- # project crud
- def create_project(self, project_id, project):
- """Creates a new project.
-
- :raises: keystone.exception.Conflict
-
- """
- raise exception.NotImplemented()
-
- def list_projects(self):
- """List all projects in the system.
-
- :returns: a list of project_refs or an empty list.
-
- """
- raise exception.NotImplemented()
+ def list_domains(self):
+ return self.assignment_api.list_domains()
def list_user_projects(self, user_id):
- """List all projects associated with a given user.
+ return self.assignment_api.list_user_projects(user_id)
- :returns: a list of project_refs or an empty list.
-
- """
- raise exception.NotImplemented()
-
- def get_project(self, project_id):
- """Get a project by ID.
-
- :returns: project_ref
- :raises: keystone.exception.ProjectNotFound
-
- """
- raise exception.NotImplemented()
-
- def update_project(self, project_id, project):
- """Updates an existing project.
-
- :raises: keystone.exception.ProjectNotFound,
- keystone.exception.Conflict
+ def add_user_to_project(self, tenant_id, user_id):
+ return self.assignment_api.add_user_to_project(tenant_id, user_id)
- """
- raise exception.NotImplemented()
+ def remove_user_from_project(self, tenant_id, user_id):
+ return self.assignment_api.remove_user_from_project(tenant_id, user_id)
- def delete_project(self, project_id):
- """Deletes an existing project.
+ def list_role_assignments(self):
+ return self.assignment_api.list_role_assignments()
- :raises: keystone.exception.ProjectNotFound
+class Driver(object):
+ """Interface description for an Identity driver."""
+ def authenticate(self, user_id, password):
+ """Authenticate a given user and password.
+ :returns: user_ref
+ :raises: AssertionError
"""
raise exception.NotImplemented()
@@ -460,46 +297,11 @@ class Driver(object):
"""
raise exception.NotImplemented()
- # role crud
-
- def create_role(self, role_id, role):
- """Creates a new role.
-
- :raises: keystone.exception.Conflict
-
- """
- raise exception.NotImplemented()
-
- def list_roles(self):
- """List all roles in the system.
-
- :returns: a list of role_refs or an empty list.
-
- """
- raise exception.NotImplemented()
-
- def get_role(self, role_id):
- """Get a role by ID.
-
- :returns: role_ref
- :raises: keystone.exception.RoleNotFound
-
- """
- raise exception.NotImplemented()
-
- def update_role(self, role_id, role):
- """Updates an existing role.
-
- :raises: keystone.exception.RoleNotFound,
- keystone.exception.Conflict
-
- """
- raise exception.NotImplemented()
-
- def delete_role(self, role_id):
- """Deletes an existing role.
+ def get_user_by_name(self, user_name, domain_id):
+ """Get a user by name.
- :raises: keystone.exception.RoleNotFound
+ :returns: user_ref
+ :raises: keystone.exception.UserNotFound
"""
raise exception.NotImplemented()
@@ -555,3 +357,7 @@ class Driver(object):
"""
raise exception.NotImplemented()
+
+ #end of identity
+
+ # Assignments
generated by cgit (git 2.34.1) at 2024-06-07 23:17:37 +0000