From 6a9361062c1d17e2ba9a07249da5eea67afb0802 Mon Sep 17 00:00:00 2001 From: Dolph Mathews Date: Tue, 20 Sep 2011 16:34:05 -0500 Subject: GET /tokens/{token_id}: Exposing both role ID's and Name's Change-Id: I80931b133562a7ad70f1d185ce481e48927887b4 --- keystone/logic/service.py | 11 +++-- keystone/logic/types/role.py | 81 ++++++++++++++++++++++++++++++++++ keystone/test/functional/test_token.py | 11 +++-- 3 files changed, 96 insertions(+), 7 deletions(-) diff --git a/keystone/logic/service.py b/keystone/logic/service.py index a8c88f13..ddb97166 100755 --- a/keystone/logic/service.py +++ b/keystone/logic/service.py @@ -24,7 +24,8 @@ import keystone.backends.api as api import keystone.backends.models as models from keystone.logic.types import fault from keystone.logic.types.tenant import Tenant, Tenants -from keystone.logic.types.role import Role, RoleRef, RoleRefs, Roles +from keystone.logic.types.role import Role, RoleRef, RoleRefs, Roles, \ + UserRole, UserRoles from keystone.logic.types.service import Service, Services from keystone.logic.types.user import User, User_Update, Users from keystone.logic.types.endpoint import Endpoint, Endpoints, \ @@ -446,15 +447,17 @@ class IdentityService(object): drole_refs = api.ROLE.ref_get_all_tenant_roles(duser.id, dtoken.tenant_id) for drole_ref in drole_refs: - ts.append(RoleRef(drole_ref.id, drole_ref.role_id, + drole = api.ROLE.get(drole_ref.role_id) + ts.append(UserRole(drole_ref.role_id, drole.name, drole_ref.tenant_id)) drole_refs = api.ROLE.ref_get_all_global_roles(duser.id) for drole_ref in drole_refs: - ts.append(RoleRef(drole_ref.id, drole_ref.role_id, + drole = api.ROLE.get(drole_ref.role_id) + ts.append(UserRole(drole_ref.role_id, drole.name, drole_ref.tenant_id)) user = auth.User(duser.id, duser.name, duser.tenant_id, - RoleRefs(ts, [])) + UserRoles(ts, [])) return auth.ValidateData(token, user) diff --git a/keystone/logic/types/role.py b/keystone/logic/types/role.py index a05c7d33..f542553a 100644 --- a/keystone/logic/types/role.py +++ b/keystone/logic/types/role.py @@ -224,3 +224,84 @@ class RoleRefs(object): def to_json_values(self): values = [t.to_dict()["role"] for t in self.values] return values + + +class UserRole(object): + """A role granted to a user""" + + def __init__(self, role_id, role_name, tenant_id): + self.role_id = role_id + self.role_name = role_name + self.tenant_id = tenant_id + + @staticmethod + def from_xml(xml_str): + try: + dom = etree.Element("root") + dom.append(etree.fromstring(xml_str)) + + root = dom.find("{http://docs.openstack.org/identity/api/v2.0}" \ + "role") + if root == None: + raise fault.BadRequestFault("Expecting Role") + + role_id = root.get("id") + role_name = root.get("name") + tenant_id = root.get("tenantId") + + if role_id is None: + raise fault.BadRequestFault("Expecting Role ID") + + return UserRole(role_id, role_name, tenant_id) + except etree.LxmlError as e: + raise fault.BadRequestFault("Cannot parse Role", str(e)) + + @staticmethod + def from_json(json_str): + try: + obj = json.loads(json_str) + if not "role" in obj: + raise fault.BadRequestFault("Expecting Role") + role = obj["role"] + + role_id = role.get('id') + role_name = role.get('name') + tenant_id = role.get('tenantId') + + if role_id is None: + raise fault.BadRequestFault("Expecting Role ID") + + return RoleRef(role_id, role_name, tenant_id) + except (ValueError, TypeError) as e: + raise fault.BadRequestFault("Cannot parse Role", str(e)) + + def to_dom(self): + dom = etree.Element("role", + xmlns="http://docs.openstack.org/identity/api/v2.0") + if self.role_id: + dom.set("id", unicode(self.role_id)) + if self.role_name: + dom.set("name", unicode(self.role_name)) + if self.tenant_id: + dom.set("tenantId", unicode(self.tenant_id)) + return dom + + def to_xml(self): + return etree.tostring(self.to_dom()) + + def to_dict(self): + role = {} + if self.role_id: + role["id"] = unicode(self.role_id) + if self.role_name: + role["name"] = unicode(self.role_name) + if self.tenant_id: + role["tenantId"] = unicode(self.tenant_id) + return {'role': role} + + def to_json(self): + return json.dumps(self.to_dict()) + + +class UserRoles(RoleRefs): + "A collection of roles granted to a user." diff --git a/keystone/test/functional/test_token.py b/keystone/test/functional/test_token.py index 1f570dee..14000139 100755 --- a/keystone/test/functional/test_token.py +++ b/keystone/test/functional/test_token.py @@ -38,7 +38,9 @@ class ValidateToken(common.FunctionalTestCase): self.assertIsNotNone(r.json['access']['user']["roles"]) self.assertEqual(r.json['access']['user']["roles"][0]['id'], - self.role_ref['id']) + self.role['id']) + self.assertEqual(r.json['access']['user']["roles"][0]['name'], + self.role['name']) def test_validate_token_true_using_service_token(self): self.admin_token = self.service_admin_token @@ -47,7 +49,9 @@ class ValidateToken(common.FunctionalTestCase): self.assertIsNotNone(r.json['access']['user']["roles"]) self.assertEqual(r.json['access']['user']["roles"][0]['id'], - self.role_ref['id']) + self.role['id']) + self.assertEqual(r.json['access']['user']["roles"][0]['name'], + self.role['name']) def test_validate_token_true_xml(self): r = self.get_token_belongsto(self.token['id'], self.tenant['id'], @@ -63,7 +67,8 @@ class ValidateToken(common.FunctionalTestCase): role = roles.find('{%s}role' % self.xmlns) self.assertIsNotNone(role) - self.assertEqual(self.role_ref['id'], role.get("id")) + self.assertEqual(self.role['id'], role.get("id")) + self.assertEqual(self.role['name'], role.get("name")) def test_validate_token_expired(self): self.get_token(self.expired_admin_token, assert_status=403) -- cgit