From 9a51696c9d0f5f93db94cbc04ce092b1077cabc9 Mon Sep 17 00:00:00 2001 From: Yogeshwar Srikrishnan Date: Wed, 25 May 2011 00:29:20 -0500 Subject: Changes to support roleref calls. --- keystone/db/sqlalchemy/api.py | 49 ++++++++++--- keystone/db/sqlalchemy/models.py | 16 ++--- keystone/logic/service.py | 66 +++++++++++++++-- keystone/logic/types/role.py | 100 ++++++++++++++++++++++++++ keystone/server.py | 41 ++++++++++- test/unit/test_common.py | 30 +++++++- test/unit/test_roles.py | 150 ++++++++++++++++++++++++++++++++++++++- 7 files changed, 423 insertions(+), 29 deletions(-) diff --git a/keystone/db/sqlalchemy/api.py b/keystone/db/sqlalchemy/api.py index b230fdc0..3f53ab65 100644 --- a/keystone/db/sqlalchemy/api.py +++ b/keystone/db/sqlalchemy/api.py @@ -108,11 +108,35 @@ def role_get_page(marker, limit, session=None): if marker: return session.query(models.Role).filter("id>:marker").params(\ marker='%s' % marker).order_by(\ - models.Tenant.id.desc()).limit(limit).all() + models.Role.id.desc()).limit(limit).all() else: - return session.query(models.Tenant).order_by(\ - models.Tenant.id.desc()).limit(limit).all() + return session.query(models.Role).order_by(\ + models.Role.id.desc()).limit(limit).all() + +def role_ref_get_page(marker, limit, user_id, session=None): + if not session: + session = get_session() + if marker: + return session.query(models.UserRoleAssociation).filter("id>:marker").params(\ + marker='%s' % marker).filter_by(user_id=user_id).order_by(\ + models.UserRoleAssociation.id.desc()).limit(limit).all() + else: + return session.query(models.UserRoleAssociation).filter_by(user_id=user_id).order_by(\ + models.UserRoleAssociation.id.desc()).limit(limit).all() + +def role_ref_get(id, session=None): + if not session: + session = get_session() + result = session.query(models.UserRoleAssociation).filter_by(id=id).first() + return result + +def role_ref_delete(id, session=None): + if not session: + session = get_session() + with session.begin(): + role_ref = role_ref_get(id, session) + session.delete(role_ref) # # Tenant API operations # @@ -509,9 +533,11 @@ def user_delete_tenant(id, tenant_id, session=None): if not session: session = get_session() with session.begin(): - user_tenant_ref = user_get_by_tenant(id, tenant_id, session) + users_tenant_ref = users_get_by_tenant(id, tenant_id, session) + if users_tenant_ref is not None: + for user_tenant_ref in users_tenant_ref: + session.delete(user_tenant_ref) - session.delete(user_tenant_ref) user_group_ref = user_get_by_group(tenant_id, session) if user_group_ref is not None: @@ -521,11 +547,6 @@ def user_delete_tenant(id, tenant_id, session=None): group_id=user_group.id).all() for group_user in group_users: session.delete(group_user) - user_tenant_ref = session.query(models.UserTenantAssociation)\ - .filter_by(user_id=id).first() - if user_tenant_ref is None: - user_ref = user_get(id, session) - session.delete(user_ref) def user_get_by_tenant(user_id, tenant_id, session=None): if not session: @@ -534,6 +555,13 @@ def user_get_by_tenant(user_id, tenant_id, session=None): tenant_id=tenant_id).first() return result +def users_get_by_tenant(user_id, tenant_id, session=None): + if not session: + session = get_session() + result = session.query(models.User).filter_by(id=user_id, + tenant_id=tenant_id) + return result + # # Group Operations # @@ -668,6 +696,7 @@ def token_get_all(session=None): # # Unsorted operations # + def user_role_add(values): user_role_ref = models.UserRoleAssociation() user_role_ref.update(values) diff --git a/keystone/db/sqlalchemy/models.py b/keystone/db/sqlalchemy/models.py index 71511653..11785b63 100644 --- a/keystone/db/sqlalchemy/models.py +++ b/keystone/db/sqlalchemy/models.py @@ -15,7 +15,7 @@ # limitations under the License. # Not Yet PEP8 standardized -from sqlalchemy import create_engine, Column, String, Integer, ForeignKey +from sqlalchemy import create_engine, Column, String, Integer, ForeignKey, UniqueConstraint from sqlalchemy import DateTime from sqlalchemy.exc import IntegrityError from sqlalchemy.ext.declarative import declarative_base @@ -74,7 +74,7 @@ class KeystoneBase(object): return local.iteritems() -# Define associations firest +# Define associations first class UserGroupAssociation(Base, KeystoneBase): __tablename__ = 'user_group_association' @@ -84,10 +84,11 @@ class UserGroupAssociation(Base, KeystoneBase): class UserRoleAssociation(Base, KeystoneBase): __tablename__ = 'user_roles' - - user_id = Column(String(255), ForeignKey('users.id'), primary_key=True) - role_id = Column(String(255), ForeignKey('roles.id'), primary_key=True) - tenant_id = Column(String(255), ForeignKey('tenants.id'), primary_key=True) + id = Column(Integer, primary_key=True) + user_id = Column(String(255), ForeignKey('users.id')) + role_id = Column(String(255), ForeignKey('roles.id')) + tenant_id = Column(String(255), ForeignKey('tenants.id')) + UniqueConstraint('user_id', 'role_id', 'tenant_id', name='user_role_tenant_uniquness') # Define objects @@ -104,7 +105,6 @@ class Tenant(Base, KeystoneBase): id = Column(String(255), primary_key=True, unique=True) desc = Column(String(255)) enabled = Column(Integer) - groups = relationship('Group', backref='tenants') @@ -118,7 +118,7 @@ class User(Base, KeystoneBase): tenant_id = Column(String(255), ForeignKey('tenants.id')) groups = relationship(UserGroupAssociation, backref='users') - roles = relationship(UserRoleAssociation) + roles = relationship(UserRoleAssociation,cascade="all,delete") class Credentials(Base, KeystoneBase): __tablename__ = 'credentials' diff --git a/keystone/logic/service.py b/keystone/logic/service.py index 7343e5bb..01989b32 100644 --- a/keystone/logic/service.py +++ b/keystone/logic/service.py @@ -425,17 +425,14 @@ class IdentityService(object): raise fault.EmailConflictFault( "Email already exists") - duser_tenant = db_models.UserTenantAssociation() - duser_tenant.user_id = user.user_id - duser_tenant.tenant_id = tenant_id - db_api.user_tenant_create(duser_tenant) - duser = db_models.User() duser.id = user.user_id duser.password = user.password duser.email = user.email duser.enabled = user.enabled + duser.tenant_id = tenant_id db_api.user_create(duser) + return user @@ -912,4 +909,63 @@ class IdentityService(object): if not drole: raise fault.ItemNotFoundFault("The role could not be found") return roles.Role(drole.id, drole.desc) + + def create_role_ref(self, admin_token, user_id, roleRef): + self.__validate_token(admin_token) + duser = db_api.user_get(user_id) + + if not duser: + raise fault.ItemNotFoundFault("The user could not be found") + + if not isinstance(roleRef, roles.RoleRef): + raise fault.BadRequestFault("Expecting a Role Ref") + + if roleRef.role_id == None: + raise fault.BadRequestFault("Expecting a Role Id") + + drole = db_api.role_get(roleRef.role_id) + if drole == None: + raise fault.ItemNotFoundFault("The role not found") + + if roleRef.tenant_id == None: + raise fault.BadRequestFault("Expecting a Tenant Id") + + dtenant = db_api.tenant_get(roleRef.tenant_id) + if dtenant == None: + raise fault.ItemNotFoundFault("The tenant not found") + + drole_ref = db_models.UserRoleAssociation() + drole_ref.user_id = duser.id + drole_ref.role_id = drole.id + drole_ref.tenant_id = dtenant.id + user_role_ref = db_api.user_role_add(drole_ref) + roleRef.role_ref_id = user_role_ref.id + return roleRef + + def delete_role_ref(self, admin_token, role_ref_id): + self.__validate_token(admin_token) + db_api.role_ref_delete(role_ref_id) + return None + + def get_user_roles(self, admin_token, marker, limit, url, user_id): + self.__validate_token(admin_token) + duser = db_api.user_get(user_id) + + if not duser: + raise fault.ItemNotFoundFault("The user could not be found") + ts = [] + droleRefs = db_api.role_ref_get_page(marker, limit, user_id) + for droleRef in droleRefs: + ts.append(roles.RoleRef(droleRef.id,droleRef.role_id, + droleRef.tenant_id)) + prev, next = db_api.tenant_get_page_markers(marker, limit) + links = [] + if prev: + links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" \ + % (url, prev, limit))) + if next: + links.append(atom.Link('next', "%s?'marker=%s&limit=%s'" \ + % (url, next, limit))) + return roles.RoleRefs(ts, links) + diff --git a/keystone/logic/types/role.py b/keystone/logic/types/role.py index f0d7ab41..531ed56d 100644 --- a/keystone/logic/types/role.py +++ b/keystone/logic/types/role.py @@ -104,4 +104,104 @@ class Roles(object): values = [t.to_dict()["role"] for t in self.values] links = [t.to_dict()["links"] for t in self.links] return json.dumps({"roles": {"values": values, "links": links}}) + + +class RoleRef(object): + def __init__(self, role_ref_id, role_id, tenant_id): + self.role_ref_id = role_ref_id + self.role_id = role_id + self.tenant_id = tenant_id + + @staticmethod + def from_xml(xml_str): + try: + dom = etree.Element("root") + dom.append(etree.fromstring(xml_str)) + root = dom.find("{http://docs.openstack.org/identity/api/v2.0}" \ + "roleRef") + if root == None: + raise fault.BadRequestFault("Expecting RoleRef") + role_id = root.get("role_id") + tenant_id = root.get("tenant_id") + if role_id == None: + raise fault.BadRequestFault("Expecting Role") + elif tenant_id == None: + raise fault.BadRequestFault("Expecting Tenant") + return RoleRef('', role_id, tenant_id) + except etree.LxmlError as e: + raise fault.BadRequestFault("Cannot parse RoleRef", str(e)) + + @staticmethod + def from_json(json_str): + try: + obj = json.loads(json_str) + if not "roleRef" in obj: + raise fault.BadRequestFault("Expecting Role Ref") + roleRef = obj["roleRef"] + if not "role_id" in roleRef: + role_id = None + else: + role_id = roleRef["role_id"] + if role_id == None: + raise fault.BadRequestFault("Expecting Role") + if not "tenant_id" in roleRef: + tenant_id = None + else: + tenant_id = roleRef["tenant_id"] + if tenant_id == None: + raise fault.BadRequestFault("Expecting Tenant") + return RoleRef('',role_id, tenant_id) + except (ValueError, TypeError) as e: + raise fault.BadRequestFault("Cannot parse Role", str(e)) + + def to_dom(self): + dom = etree.Element("roleRef", + xmlns="http://docs.openstack.org/identity/api/v2.0") + if self.role_ref_id: + dom.set("id", str(self.role_ref_id)) + if self.role_id: + dom.set("role_id", self.role_id) + if self.tenant_id: + dom.set("tenant_id", self.tenant_id) + return dom + + def to_xml(self): + return etree.tostring(self.to_dom()) + + def to_dict(self): + roleRef = {} + if self.role_ref_id: + roleRef["id"] = self.role_ref_id + if self.role_id: + roleRef["role_id"] = self.role_id + if self.tenant_id: + roleRef["tenant_id"] = self.tenant_id + return {'roleRef': roleRef} + + def to_json(self): + return json.dumps(self.to_dict()) + +class RoleRefs(object): + "A collection of role refs." + + def __init__(self, values, links): + self.values = values + self.links = links + + def to_xml(self): + dom = etree.Element("roleRefs") + dom.set(u"xmlns", "http://docs.openstack.org/identity/api/v2.0") + + for t in self.values: + dom.append(t.to_dom()) + + for t in self.links: + dom.append(t.to_dom()) + + return etree.tostring(dom) + + def to_json(self): + values = [t.to_dict()["roleRef"] for t in self.values] + links = [t.to_dict()["links"] for t in self.links] + return json.dumps({"roleRefs": {"values": values, "links": links}}) \ No newline at end of file diff --git a/keystone/server.py b/keystone/server.py index 16b72529..af9580ff 100644 --- a/keystone/server.py +++ b/keystone/server.py @@ -556,6 +556,36 @@ class RolesController(wsgi.Controller): def get_role(self, req, role_id): role = service.get_role(utils.get_auth_token(req), role_id) return utils.send_result(200, req, role) + + @utils.wrap_error + def create_role_ref(self, req, user_id): + roleRef = utils.get_normalized_request_content(roles.RoleRef, req) + return utils.send_result(201, req, service.create_role_ref(utils.get_auth_token(req), user_id, roleRef)) + + @utils.wrap_error + def get_role_refs(self, req, user_id): + marker = None + if "marker" in req.GET: + marker = req.GET["marker"] + + if "limit" in req.GET: + limit = req.GET["limit"] + else: + limit = 10 + + url = '%s://%s:%s%s' % (req.environ['wsgi.url_scheme'], + req.environ.get("SERVER_NAME"), + req.environ.get("SERVER_PORT"), + req.environ['PATH_INFO']) + roleRefs = service.get_user_roles(utils.get_auth_token(req), + marker, limit, url,user_id) + + return utils.send_result(200, req, roleRefs) + + def delete_role_ref(self, req, user_id, role_ref_id): + rval = service.delete_role_ref(utils.get_auth_token(req), + role_ref_id) + return utils.send_result(204, req, rval) class KeystoneAPI(wsgi.Router): """WSGI entry point for public Keystone API requests.""" @@ -782,7 +812,16 @@ class KeystoneAdminAPI(wsgi.Router): action="get_roles", conditions=dict(method=["GET"])) mapper.connect("/v2.0/roles/{role_id}", controller=roles_controller, action="get_role", conditions=dict(method=["GET"])) - + mapper.connect("/v2.0/users/{user_id}/roleRefs", + controller=roles_controller, action="get_role_refs", + conditions=dict(method=["GET"])) + mapper.connect("/v2.0/users/{user_id}/roleRefs", + controller=roles_controller, action="create_role_ref", + conditions=dict(method=["POST"])) + mapper.connect("/v2.0/users/{user_id}/roleRefs/{role_ref_id}", + controller=roles_controller, action="delete_role_ref", + conditions=dict(method=["DELETE"])) + # Miscellaneous Operations version_controller = VersionController(options) diff --git a/test/unit/test_common.py b/test/unit/test_common.py index 2dc6e193..2e7e11bb 100644 --- a/test/unit/test_common.py +++ b/test/unit/test_common.py @@ -354,8 +354,8 @@ def add_user_xml(tenantid, userid, auth_token): def add_user_json(tenantid, userid, auth_token): header = httplib2.Http(".cache") - url = '%stenants/%s/users/%s/add' % (URL, tenantid, userid) - resp, content = header.request(url, "PUT", body='{}', + url = '%stenants/%s/users/' % (URL, tenantid) + resp, content = header.request(url, "POST", body='{}', headers={"Content-Type": "application/json", "X-Auth-Token": auth_token}) return (resp, content) @@ -716,6 +716,31 @@ def create_role(roleid, auth_token): "X-Auth-Token": auth_token}) return (resp, content) +def create_role_ref(user_id, role_id, tenant_id, auth_token): + header = httplib2.Http(".cache") + + url = '%susers/%s/roleRefs' % (URL, user_id) + body = {"roleRef": {"tenant_id": tenant_id, + "role_id": role_id}} + resp, content = header.request(url, "POST", body=json.dumps(body), + headers={"Content-Type": "application/json", + "X-Auth-Token": auth_token}) + print url, resp, content + return (resp, content) + +def create_role_ref_xml(user_id, role_id, tenant_id, auth_token): + header = httplib2.Http(".cache") + url = '%susers/%s/roleRefs' % (URL, user_id) + body = '\ + \ + ' % (tenant_id, role_id) + resp, content = header.request(url, "POST", body=body, + headers={"Content-Type": "application/xml", + "X-Auth-Token": auth_token, + "ACCEPT": "application/xml"}) + return (resp, content) + def create_role_xml(role_id, auth_token): header = httplib2.Http(".cache") url = '%sroles' % (URL) @@ -723,7 +748,6 @@ def create_role_xml(role_id, auth_token): \ ' % role_id - print "Role XML Body is :" ,body resp, content = header.request(url, "POST", body=body, headers={"Content-Type": "application/xml", "X-Auth-Token": auth_token, diff --git a/test/unit/test_roles.py b/test/unit/test_roles.py index 37021440..fa736f6a 100644 --- a/test/unit/test_roles.py +++ b/test/unit/test_roles.py @@ -40,7 +40,7 @@ class RolesTest(unittest.TestCase): self.missing_token = utils.get_none_token() self.invalid_token = utils.get_non_existing_token() utils.create_tenant(self.tenant, str(self.auth_token)) - utils.add_user_json(self.tenant, self.user, self.auth_token) + utils.create_user(self.tenant, self.user, self.auth_token) self.token = utils.get_token(self.user, 'secrete', self.tenant, 'token') @@ -61,6 +61,23 @@ class GetRolesTest(RolesTest): elif int(resp['status']) == 503: self.fail('Service Not Available') self.assertEqual(200, int(resp['status'])) + + #verify content + obj = json.loads(content) + if not "roles" in obj: + raise self.fail("Expecting Roles") + roles = obj["roles"]["values"] + if len(roles) != 1: + self.fail("Roles not of required length.") + + role = roles[0] + if not "id" in role: + role_id = None + else: + role_id = role["id"] + if role_id != 'Admin': + self.fail("Not the expected Role") + def test_get_roles_xml(self): header = httplib2.Http(".cache") @@ -75,6 +92,22 @@ class GetRolesTest(RolesTest): elif int(resp['status']) == 503: self.fail('Service Not Available') self.assertEqual(200, int(resp['status'])) + + # Validate Returned Content + dom = etree.Element("root") + dom.append(etree.fromstring(content)) + roles = dom.find("{http://docs.openstack.org/identity/api/v2.0}" \ + "roles") + if roles == None: + self.fail("Expecting Roles") + roles = roles.findall("{http://docs.openstack.org/identity/api/v2.0}" \ + "role") + if len(roles) != 1: + self.fail("Not the expected Role count") + for role in roles: + if role.get("id") != 'Admin': + self.fail("Not the expected Role") + def test_get_roles_exp_token(self): header = httplib2.Http(".cache") @@ -118,6 +151,20 @@ class GetRoleTest(RolesTest): elif int(resp['status']) == 503: self.fail('Service Not Available') self.assertEqual(200, int(resp['status'])) + + #verify content + obj = json.loads(content) + if not "role" in obj: + raise fault.BadRequestFault("Expecting Role") + role = obj["role"] + if not "id" in role: + role_id = None + else: + role_id = role["id"] + if role_id != 'Admin': + self.fail("Not the expected Role") + + def test_get_role_xml(self): self.role = 'Admin' @@ -133,7 +180,18 @@ class GetRoleTest(RolesTest): elif int(resp['status']) == 503: self.fail('Service Not Available') self.assertEqual(200, int(resp['status'])) - + + #verify content + dom = etree.Element("root") + dom.append(etree.fromstring(content)) + role = dom.find("{http://docs.openstack.org/identity/api/v2.0}" \ + "role") + if role == None: + self.fail("Expecting Role") + role_id = role.get("id") + if role_id != 'Admin': + self.fail("Not the expected Role") + def test_get_role_bad(self): header = httplib2.Http(".cache") url = '%sroles/%s' % (utils.URL, 'tenant_bad') @@ -162,5 +220,93 @@ class GetRoleTest(RolesTest): self.fail('Service Not Available') self.assertEqual(404, int(resp['status'])) +class CreateRoleRefTest(RolesTest): + def test_role_ref_create_json(self): + utils.add_user_json(self.tenant, self.user, self.auth_token) + resp, content = utils.create_role_ref(self.user, 'Admin', self.tenant, + str(self.auth_token)) + resp_val = int(resp['status']) + self.assertEqual(201, resp_val) + + def test_role_ref_create_xml(self): + utils.add_user_json(self.tenant, self.user, self.auth_token) + resp, content = utils.create_role_ref_xml(self.user, 'Admin', self.tenant, + str(self.auth_token)) + resp_val = int(resp['status']) + self.assertEqual(201, resp_val) + +class GetRoleRefsTest(RolesTest): + def test_get_rolerefs(self): + header = httplib2.Http(".cache") + utils.add_user_json(self.tenant, self.user, self.auth_token) + resp, content = utils.create_role_ref(self.user, 'Admin', self.tenant, + str(self.auth_token)) + url = '%susers/%s/roleRefs' % (URL, self.user) + #test for Content-Type = application/json + resp, content = header.request(url, "GET", body='{}', + headers={"Content-Type": "application/json", + "X-Auth-Token": str(self.auth_token)}) + if int(resp['status']) == 500: + self.fail('Identity Fault') + elif int(resp['status']) == 503: + self.fail('Service Not Available') + self.assertEqual(200, int(resp['status'])) + + #verify content + obj = json.loads(content) + if not "roleRefs" in obj: + raise self.fail("Expecting RoleRefs") + + def test_get_rolerefs_xml(self): + header = httplib2.Http(".cache") + utils.add_user_json(self.tenant, self.user, self.auth_token) + resp, content = utils.create_role_ref(self.user, 'Admin', self.tenant, + str(self.auth_token)) + url = '%susers/%s/roleRefs' % (URL, self.user) + #test for Content-Type = application/xml + resp, content = header.request(url, "GET", body='{}', + headers={"Content-Type": "application/xml", + "X-Auth-Token": str(self.auth_token), + "ACCEPT": "application/xml"}) + if int(resp['status']) == 500: + self.fail('Identity Fault') + elif int(resp['status']) == 503: + self.fail('Service Not Available') + self.assertEqual(200, int(resp['status'])) + #verify content + dom = etree.Element("root") + dom.append(etree.fromstring(content)) + roles = dom.find("{http://docs.openstack.org/identity/api/v2.0}" \ + "roleRefs") + if roles == None: + self.fail("Expecting Role Refs") + +class DeleteRoleRefTest(RolesTest): + def test_delete_roleref(self): + header = httplib2.Http(".cache") + utils.add_user_json(self.tenant, self.user, self.auth_token) + resp, content = utils.create_role_ref(self.user, 'Admin', self.tenant, + str(self.auth_token)) + resp_val = int(resp['status']) + self.assertEqual(201, resp_val) + obj = json.loads(content) + if not "roleRef" in obj: + raise fault.BadRequestFault("Expecting RoleRef") + roleRef = obj["roleRef"] + if not "id" in roleRef: + role_ref_id = None + else: + role_ref_id = roleRef["id"] + if role_ref_id is None: + raise fault.BadRequestFault("Expecting RoleRefId") + url = '%susers/%s/roleRefs/%s' % (URL, self.user, role_ref_id) + resp, content = header.request(url, "DELETE", body='', + headers={"Content-Type": "application/json", + "X-Auth-Token": str(self.auth_token)}) + resp_val = int(resp['status']) + self.assertEqual(204, resp_val) + return (resp, content) + + if __name__ == '__main__': unittest.main() -- cgit From 7c04dc579b3380950773f2e2f281c77006f6d951 Mon Sep 17 00:00:00 2001 From: Yogeshwar Srikrishnan Date: Wed, 25 May 2011 01:06:20 -0500 Subject: Changes to support /tokens on docbook and minor roleref changes --- docs/guide/src/docbkx/identitydevguide.xml | 10 +++++----- docs/guide/src/docbkx/samples/roleRef.json | 2 +- docs/guide/src/docbkx/samples/roleRef.xml | 2 +- docs/guide/src/docbkx/samples/roleRefs.json | 4 ++-- docs/guide/src/docbkx/samples/roleRefs.xml | 4 ++-- keystone/logic/types/role.py | 20 ++++++++++---------- test/unit/test_common.py | 6 +++--- 7 files changed, 24 insertions(+), 24 deletions(-) diff --git a/docs/guide/src/docbkx/identitydevguide.xml b/docs/guide/src/docbkx/identitydevguide.xml index 4418ce42..23af253a 100644 --- a/docs/guide/src/docbkx/identitydevguide.xml +++ b/docs/guide/src/docbkx/identitydevguide.xml @@ -748,7 +748,7 @@ Host: identity.api.openstack.org/v1.1/ &POST; - /token + /tokens Authenticate to generate a token. @@ -795,7 +795,7 @@ Host: identity.api.openstack.org/v1.1/ &GET; /token/tokenId?belongsTo=tenantId + >/tokens/tokenId?belongsTo=tenantId Check that a token is valid and that it belongs to a particular user and return the permissions relevant to a particular client. @@ -810,7 +810,7 @@ Host: identity.api.openstack.org/v1.1/ &NO_REQUEST; Valid tokens will exist in the - /token/tokenId path and invalid + /tokens/tokenId path and invalid tokens will not. In other words, a user should expect an itemNotFound (404) fault for an invalid token. @@ -835,7 +835,7 @@ Host: identity.api.openstack.org/v1.1/ &DELETE; - /token/tokenId + /tokens/tokenId Revoke an existing token. @@ -1423,7 +1423,7 @@ Host: identity.api.openstack.org/v1.1/ &DELETE; - /users/userId/roleRefs/roleId + /users/userId/roleRefs/roleRefId Remove a role from a user. diff --git a/docs/guide/src/docbkx/samples/roleRef.json b/docs/guide/src/docbkx/samples/roleRef.json index 99d7b3b8..83f4ae4b 100644 --- a/docs/guide/src/docbkx/samples/roleRef.json +++ b/docs/guide/src/docbkx/samples/roleRef.json @@ -1,7 +1,7 @@ { "roleRef" : { "id" : 1, - "href" : "https://.openstack.org/identity/v1.1/roles/admin", + "roleId" : "admin", "tenantId" : "one" } } \ No newline at end of file diff --git a/docs/guide/src/docbkx/samples/roleRef.xml b/docs/guide/src/docbkx/samples/roleRef.xml index e5eb30f7..29115ee2 100644 --- a/docs/guide/src/docbkx/samples/roleRef.xml +++ b/docs/guide/src/docbkx/samples/roleRef.xml @@ -1,4 +1,4 @@ + id="1" roleId="Admin" tenantId="tenantId"/> diff --git a/docs/guide/src/docbkx/samples/roleRefs.json b/docs/guide/src/docbkx/samples/roleRefs.json index 77819d44..51573f74 100644 --- a/docs/guide/src/docbkx/samples/roleRefs.json +++ b/docs/guide/src/docbkx/samples/roleRefs.json @@ -2,12 +2,12 @@ "roleRefs" : [ { "id" : 1, - "href" : "https://.openstack.org/identity/v2.0/roles/admin", + "roleId" : "admin", "tenantId" : "one" }, { "id" : 2, - "href" : "https://.openstack.org/identity/v2.0/roles/test", + "roleId" : "test", "tenantId" : "two" } ] diff --git a/docs/guide/src/docbkx/samples/roleRefs.xml b/docs/guide/src/docbkx/samples/roleRefs.xml index 284154ce..bd7ee983 100644 --- a/docs/guide/src/docbkx/samples/roleRefs.xml +++ b/docs/guide/src/docbkx/samples/roleRefs.xml @@ -3,7 +3,7 @@ + roleId="admin" id="3" tenantId="tenantId"/> + roleId="test" id="4" tenantId="tenantId"/> diff --git a/keystone/logic/types/role.py b/keystone/logic/types/role.py index 531ed56d..a88b9faf 100644 --- a/keystone/logic/types/role.py +++ b/keystone/logic/types/role.py @@ -121,8 +121,8 @@ class RoleRef(object): "roleRef") if root == None: raise fault.BadRequestFault("Expecting RoleRef") - role_id = root.get("role_id") - tenant_id = root.get("tenant_id") + role_id = root.get("roleId") + tenant_id = root.get("tenantId") if role_id == None: raise fault.BadRequestFault("Expecting Role") elif tenant_id == None: @@ -138,16 +138,16 @@ class RoleRef(object): if not "roleRef" in obj: raise fault.BadRequestFault("Expecting Role Ref") roleRef = obj["roleRef"] - if not "role_id" in roleRef: + if not "roleId" in roleRef: role_id = None else: - role_id = roleRef["role_id"] + role_id = roleRef["roleId"] if role_id == None: raise fault.BadRequestFault("Expecting Role") - if not "tenant_id" in roleRef: + if not "tenantId" in roleRef: tenant_id = None else: - tenant_id = roleRef["tenant_id"] + tenant_id = roleRef["tenantId"] if tenant_id == None: raise fault.BadRequestFault("Expecting Tenant") return RoleRef('',role_id, tenant_id) @@ -160,9 +160,9 @@ class RoleRef(object): if self.role_ref_id: dom.set("id", str(self.role_ref_id)) if self.role_id: - dom.set("role_id", self.role_id) + dom.set("roleId", self.role_id) if self.tenant_id: - dom.set("tenant_id", self.tenant_id) + dom.set("tenantId", self.tenant_id) return dom def to_xml(self): @@ -173,9 +173,9 @@ class RoleRef(object): if self.role_ref_id: roleRef["id"] = self.role_ref_id if self.role_id: - roleRef["role_id"] = self.role_id + roleRef["roleId"] = self.role_id if self.tenant_id: - roleRef["tenant_id"] = self.tenant_id + roleRef["tenantId"] = self.tenant_id return {'roleRef': roleRef} def to_json(self): diff --git a/test/unit/test_common.py b/test/unit/test_common.py index 2e7e11bb..126a3f62 100644 --- a/test/unit/test_common.py +++ b/test/unit/test_common.py @@ -720,8 +720,8 @@ def create_role_ref(user_id, role_id, tenant_id, auth_token): header = httplib2.Http(".cache") url = '%susers/%s/roleRefs' % (URL, user_id) - body = {"roleRef": {"tenant_id": tenant_id, - "role_id": role_id}} + body = {"roleRef": {"tenantId": tenant_id, + "roleId": role_id}} resp, content = header.request(url, "POST", body=json.dumps(body), headers={"Content-Type": "application/json", "X-Auth-Token": auth_token}) @@ -733,7 +733,7 @@ def create_role_ref_xml(user_id, role_id, tenant_id, auth_token): url = '%susers/%s/roleRefs' % (URL, user_id) body = '\ \ + tenantId="%s" roleId="%s"/>\ ' % (tenant_id, role_id) resp, content = header.request(url, "POST", body=body, headers={"Content-Type": "application/xml", -- cgit