From 1289bbf12e8cf6e7792df0de44a3bc9bf6e9c505 Mon Sep 17 00:00:00 2001 From: Elena Ezhova Date: Tue, 16 Apr 2013 17:34:40 +0400 Subject: Abstract out attribute_mapping filling in LDAP driver. bp refactor-ldap-driver Change-Id: I4b3bb2900b54f046b05d68f15fb6e35b324ca9f7 --- keystone/assignment/backends/ldap.py | 19 +++++-------------- keystone/common/ldap/core.py | 7 ++++++- keystone/identity/backends/ldap.py | 27 ++++++++------------------- 3 files changed, 19 insertions(+), 34 deletions(-) (limited to 'keystone') diff --git a/keystone/assignment/backends/ldap.py b/keystone/assignment/backends/ldap.py index 9b273e40..34cd9c2f 100644 --- a/keystone/assignment/backends/ldap.py +++ b/keystone/assignment/backends/ldap.py @@ -267,20 +267,14 @@ class ProjectApi(common_ldap.EnabledEmuMixIn, common_ldap.BaseLdap): NotFound = exception.ProjectNotFound notfound_arg = 'project_id' # NOTE(yorik-sar): while options_name = tenant options_name = 'tenant' - attribute_mapping = {'name': 'ou', - 'description': 'description', - 'tenantId': 'cn', - 'enabled': 'enabled', - 'domain_id': 'domain_id'} + attribute_options_names = {'name': 'name', + 'description': 'desc', + 'enabled': 'enabled', + 'domain_id': 'domain_id'} model = models.Project def __init__(self, conf): super(ProjectApi, self).__init__(conf) - self.attribute_mapping['name'] = conf.ldap.tenant_name_attribute - self.attribute_mapping['description'] = conf.ldap.tenant_desc_attribute - self.attribute_mapping['enabled'] = conf.ldap.tenant_enabled_attribute - self.attribute_mapping['domain_id'] = ( - conf.ldap.tenant_domain_id_attribute) self.member_attribute = (getattr(conf.ldap, 'tenant_member_attribute') or self.DEFAULT_MEMBER_ATTRIBUTE) self.attribute_ignore = (getattr(conf.ldap, 'tenant_attribute_ignore') @@ -384,14 +378,11 @@ class RoleApi(common_ldap.BaseLdap): DEFAULT_ATTRIBUTE_IGNORE = [] NotFound = exception.RoleNotFound options_name = 'role' - attribute_mapping = {'name': 'ou', - #'serviceId': 'service_id', - } + attribute_options_names = {'name': 'name'} model = models.Role def __init__(self, conf): super(RoleApi, self).__init__(conf) - self.attribute_mapping['name'] = conf.ldap.role_name_attribute self.member_attribute = (getattr(conf.ldap, 'role_member_attribute') or self.DEFAULT_MEMBER_ATTRIBUTE) self.attribute_ignore = (getattr(conf.ldap, 'role_attribute_ignore') diff --git a/keystone/common/ldap/core.py b/keystone/common/ldap/core.py index 7a2dfee7..71423064 100644 --- a/keystone/common/ldap/core.py +++ b/keystone/common/ldap/core.py @@ -114,7 +114,7 @@ class BaseLdap(object): notfound_arg = None options_name = None model = None - attribute_mapping = {} + attribute_options_names = {} attribute_ignore = [] tree_dn = None @@ -129,6 +129,7 @@ class BaseLdap(object): self.tls_cacertfile = conf.ldap.tls_cacertfile self.tls_cacertdir = conf.ldap.tls_cacertdir self.tls_req_cert = parse_tls_cert(conf.ldap.tls_req_cert) + self.attribute_mapping = {} if self.options_name is not None: self.suffix = conf.ldap.suffix @@ -145,6 +146,10 @@ class BaseLdap(object): self.object_class = (getattr(conf.ldap, objclass) or self.DEFAULT_OBJECTCLASS) + for k, v in self.attribute_options_names.iteritems(): + v = '%s_%s_attribute' % (self.options_name, v) + self.attribute_mapping[k] = getattr(conf.ldap, v) + attr_mapping_opt = ('%s_additional_attribute_mapping' % self.options_name) attr_mapping = (getattr(conf.ldap, attr_mapping_opt) diff --git a/keystone/identity/backends/ldap.py b/keystone/identity/backends/ldap.py index 91ea1e41..5aa4edee 100644 --- a/keystone/identity/backends/ldap.py +++ b/keystone/identity/backends/ldap.py @@ -213,22 +213,16 @@ class UserApi(common_ldap.EnabledEmuMixIn, common_ldap.BaseLdap): DEFAULT_ATTRIBUTE_IGNORE = ['tenant_id', 'tenants'] NotFound = exception.UserNotFound options_name = 'user' - attribute_mapping = {'password': 'userPassword', - 'email': 'mail', - 'name': 'sn', - 'enabled': 'enabled', - 'domain_id': 'domain_id'} + attribute_options_names = {'password': 'pass', + 'email': 'mail', + 'name': 'name', + 'enabled': 'enabled', + 'domain_id': 'domain_id'} model = models.User def __init__(self, conf): super(UserApi, self).__init__(conf) - self.attribute_mapping['name'] = conf.ldap.user_name_attribute - self.attribute_mapping['email'] = conf.ldap.user_mail_attribute - self.attribute_mapping['password'] = conf.ldap.user_pass_attribute - self.attribute_mapping['enabled'] = conf.ldap.user_enabled_attribute - self.attribute_mapping['domain_id'] = ( - conf.ldap.user_domain_id_attribute) self.enabled_mask = conf.ldap.user_enabled_mask self.enabled_default = conf.ldap.user_enabled_default self.attribute_ignore = (getattr(conf.ldap, 'user_attribute_ignore') @@ -280,18 +274,13 @@ class GroupApi(common_ldap.BaseLdap): DEFAULT_ATTRIBUTE_IGNORE = [] NotFound = exception.GroupNotFound options_name = 'group' - attribute_mapping = {'name': 'ou', - 'description': 'description', - 'groupId': 'cn', - 'domain_id': 'domain_id'} + attribute_options_names = {'description': 'desc', + 'name': 'name', + 'domain_id': 'domain_id'} model = models.Group def __init__(self, conf): super(GroupApi, self).__init__(conf) - self.attribute_mapping['name'] = conf.ldap.group_name_attribute - self.attribute_mapping['description'] = conf.ldap.group_desc_attribute - self.attribute_mapping['domain_id'] = ( - conf.ldap.group_domain_id_attribute) self.member_attribute = (getattr(conf.ldap, 'group_member_attribute') or self.DEFAULT_MEMBER_ATTRIBUTE) self.attribute_ignore = (getattr(conf.ldap, 'group_attribute_ignore') -- cgit