From 9c7822ef3e9ad5280c216063d59b13adff7a7bc1 Mon Sep 17 00:00:00 2001 From: Yogeshwar Srikrishnan Date: Fri, 1 Jul 2011 11:47:41 -0500 Subject: Changes to make Admin for keystone configurable.#27. --- etc/keystone.conf | 3 ++ keystone/backends/__init__.py | 8 +++++ keystone/backends/models.py | 2 +- keystone/logic/service.py | 73 ++++++++++++++++++++++++++----------------- 4 files changed, 56 insertions(+), 30 deletions(-) mode change 100644 => 100755 keystone/backends/__init__.py diff --git a/etc/keystone.conf b/etc/keystone.conf index 8d6ec4f1..6a983f30 100755 --- a/etc/keystone.conf +++ b/etc/keystone.conf @@ -27,6 +27,9 @@ server_bind_host = 0.0.0.0 # Port the bind the API server to server_bind_port = 5000 +#Role that allows to perform admin operations. +keystone-admin-role=Admin + [keystone.backends.sqlalchemy] # SQLAlchemy connection string for the reference implementation # registry server. Any valid SQLAlchemy connection string is fine. diff --git a/keystone/backends/__init__.py b/keystone/backends/__init__.py old mode 100644 new mode 100755 index 89b3afb1..e123fa18 --- a/keystone/backends/__init__.py +++ b/keystone/backends/__init__.py @@ -22,9 +22,17 @@ from keystone.backends import api as api DEFAULT_BACKENDS = 'keystone.backends.sqlalchemy' +#Configs applicable to all backends. +#Reference to Admin Role. +KeyStoneAdminRole = None + + def configure_backends(options): '''Load backends given in the 'backends' option.''' backend_names = options.get('backends', DEFAULT_BACKENDS) for backend in backend_names.split(','): backend_module = utils.import_module(backend) backend_module.configure_backend(options[backend]) + #Initialialize common configs general to all backends. + global KeyStoneAdminRole + KeyStoneAdminRole = options["keystone-admin-role"] diff --git a/keystone/backends/models.py b/keystone/backends/models.py index 3543a485..3f00a319 100755 --- a/keystone/backends/models.py +++ b/keystone/backends/models.py @@ -58,4 +58,4 @@ def set_value(variable_name, value): Token = value elif variable_name == 'EndpointTemplates': global EndpointTemplates - EndpointTemplates = value \ No newline at end of file + EndpointTemplates = value diff --git a/keystone/logic/service.py b/keystone/logic/service.py index b4124a25..aa87520e 100755 --- a/keystone/logic/service.py +++ b/keystone/logic/service.py @@ -19,6 +19,7 @@ import uuid import keystone.logic.types.auth as auth import keystone.logic.types.atom as atom +import keystone.backends as backends import keystone.backends.api as api import keystone.backends.models as models import keystone.logic.types.fault as fault @@ -27,7 +28,6 @@ import keystone.logic.types.role as roles import keystone.logic.types.user as get_users import keystone.logic.types.endpoint as endpoints import keystone.utils as utils -#TODO(Yogi) Remove references to specific backend model and move them to generic models. class IdentityService(object): @@ -488,13 +488,13 @@ class IdentityService(object): dtenantuser.email, dtenantuser.enabled)) links = [] if ts.__len__(): - prev, next = api.user.users_get_by_tenant_get_page_markers(tenant_id, - marker, limit) + prev, next = api.user.users_get_by_tenant_get_page_markers( + tenant_id, marker, limit) if prev: - links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" % + links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" % (url, prev, limit))) if next: - links.append(atom.Link('next', "%s?'marker=%s&limit=%s'" % + links.append(atom.Link('next', "%s?'marker=%s&limit=%s'" % (url, next, limit))) return get_users.Users(ts, links) @@ -509,10 +509,10 @@ class IdentityService(object): if ts.__len__(): prev, next = api.user.users_get_page_markers(marker, limit) if prev: - links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" % + links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" % (url, prev, limit))) if next: - links.append(atom.Link('next', "%s?'marker=%s&limit=%s'" % + links.append(atom.Link('next', "%s?'marker=%s&limit=%s'" % (url, next, limit))) return get_users.Users(ts, links) @@ -533,8 +533,8 @@ class IdentityService(object): for dusergroup, dusergroupAsso in dusergroups: ts.append(tenants.Group(dusergroup.id, dusergroup.tenant_id, None)) - return get_users.User_Update(None, duser.id, duser.tenant_id, duser.email, - duser.enabled, ts) + return get_users.User_Update(None, duser.id, duser.tenant_id, + duser.email, duser.enabled, ts) def update_user(self, admin_token, user_id, user): self.__validate_token(admin_token) @@ -582,7 +582,8 @@ class IdentityService(object): api.user.update(user_id, values) - return get_users.User_Update(user.password, None, None, None, None, None) + return get_users.User_Update(user.password, + None, None, None, None, None) def enable_disable_user(self, admin_token, user_id, user): self.__validate_token(admin_token) @@ -600,7 +601,8 @@ class IdentityService(object): api.user.update(user_id, values) - return get_users.User_Update(None, None, None, None, user.enabled, None) + return get_users.User_Update(None, + None, None, None, user.enabled, None) def set_user_tenant(self, admin_token, user_id, user): self.__validate_token(admin_token) @@ -617,7 +619,8 @@ class IdentityService(object): dtenant = self.validate_and_fetch_user_tenant(user.tenant_id) values = {'tenant_id': user.tenant_id} api.user.update(user_id, values) - return get_users.User_Update(None, None, user.tenant_id, None, None, None) + return get_users.User_Update(None, + None, user.tenant_id, None, None, None) def delete_user(self, admin_token, user_id): self.__validate_token(admin_token) @@ -647,10 +650,10 @@ class IdentityService(object): prev, next = api.group.get_by_user_get_page_markers(user_id, marker, limit) if prev: - links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" % + links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" % (url, prev, limit))) if next: - links.append(atom.Link('next', "%s?'marker=%s&limit=%s'" % + links.append(atom.Link('next', "%s?'marker=%s&limit=%s'" % (url, next, limit))) return tenants.Groups(ts, links) @@ -704,10 +707,10 @@ class IdentityService(object): marker, limit) links = [] if prev: - links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" % + links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" % (url, prev, limit))) if next: - links.append(atom.Link('next', "%s?'marker=%s&limit=%s'" % + links.append(atom.Link('next', "%s?'marker=%s&limit=%s'" % (url, next, limit))) return tenants.GlobalGroups(ts, links) @@ -890,7 +893,8 @@ class IdentityService(object): if admin: roleRefs = api.role.ref_get_all_global_roles(user.id) for roleRef in roleRefs: - if roleRef.role_id == "Admin" and roleRef.tenant_id is None: + if roleRef.role_id == backends.KeyStoneAdminRole\ + and roleRef.tenant_id is None: return (token, user) raise fault.UnauthorizedFault("You are not authorized " "to make this call") @@ -1004,12 +1008,15 @@ class IdentityService(object): ts = [] dendpointTemplates = api.endpoint_template.get_page(marker, limit) for dendpointTemplate in dendpointTemplates: - ts.append(endpoints.EndpointTemplate(dendpointTemplate.id, dendpointTemplate.region, - dendpointTemplate.service, dendpointTemplate.public_url, - dendpointTemplate.admin_url, - dendpointTemplate.internal_url, - dendpointTemplate.enabled, - dendpointTemplate.is_global)) + ts.append(endpoints.EndpointTemplate( + dendpointTemplate.id, + dendpointTemplate.region, + dendpointTemplate.service, + dendpointTemplate.public_url, + dendpointTemplate.admin_url, + dendpointTemplate.internal_url, + dendpointTemplate.enabled, + dendpointTemplate.is_global)) prev, next = api.endpoint_template.get_page_markers(marker, limit) links = [] if prev: @@ -1025,10 +1032,17 @@ class IdentityService(object): dendpointTemplate = api.endpoint_template.get(endpoint_template_id) if not dendpointTemplate: - raise fault.ItemNotFoundFault("The endpoint template could not be found") - return endpoints.EndpointTemplate(dendpointTemplate.id, dendpointTemplate.region, dendpointTemplate.service, - dendpointTemplate.public_url, dendpointTemplate.admin_url, - dendpointTemplate.internal_url, dendpointTemplate.enabled, dendpointTemplate.is_global) + raise fault.ItemNotFoundFault( + "The endpoint template could not be found") + return endpoints.EndpointTemplate( + dendpointTemplate.id, + dendpointTemplate.region, + dendpointTemplate.service, + dendpointTemplate.public_url, + dendpointTemplate.admin_url, + dendpointTemplate.internal_url, + dendpointTemplate.enabled, + dendpointTemplate.is_global) def get_tenant_endpoints(self, admin_token, marker, limit, url, tenant_id): self.__validate_token(admin_token) @@ -1041,8 +1055,9 @@ class IdentityService(object): ts = [] dtenantEndpoints = \ - api.endpoint_template.endpoint_get_by_tenant_get_page(tenant_id, marker, - limit) + api.endpoint_template.\ + endpoint_get_by_tenant_get_page( + tenant_id, marker, limit) for dtenantEndpoint in dtenantEndpoints: ts.append(endpoints.Endpoint(dtenantEndpoint.id, url + '/endpointTemplates/' + \ -- cgit