diff options
| author | Devin Carlen <devin.carlen@gmail.com> | 2010-08-10 18:46:49 -0700 |
|---|---|---|
| committer | Devin Carlen <devin.carlen@gmail.com> | 2010-08-10 18:46:49 -0700 |
| commit | 253cc1f683dfcfe75b1a5c1eb3a93f07e85bb041 (patch) | |
| tree | 4b414e62812e2da394e0cad260a6540c0638873e | |
| parent | ce683104ace24e986f6c4b911ff63952355235f0 (diff) | |
| download | nova-253cc1f683dfcfe75b1a5c1eb3a93f07e85bb041.tar.gz nova-253cc1f683dfcfe75b1a5c1eb3a93f07e85bb041.tar.xz nova-253cc1f683dfcfe75b1a5c1eb3a93f07e85bb041.zip | |
Wired up admin api for user roles
| -rw-r--r-- | nova/adminclient.py | 36 | ||||
| -rw-r--r-- | nova/endpoint/admin.py | 13 |
2 files changed, 48 insertions, 1 deletions
diff --git a/nova/adminclient.py b/nova/adminclient.py index 25d5e71cb..5aa8ff9c2 100644 --- a/nova/adminclient.py +++ b/nova/adminclient.py @@ -57,6 +57,28 @@ class UserInfo(object): elif name == 'secretkey': self.secretkey = str(value) +class UserRole(object): + """ + Information about a Nova user's role, as parsed through SAX. + Fields include: + role + """ + def __init__(self, connection=None): + self.connection = connection + self.role = None + + def __repr__(self): + return 'UserRole:%s' % self.role + + def startElement(self, name, attrs, connection): + return None + + def endElement(self, name, value, connection): + if name == 'role': + self.role = value + else: + setattr(self, name, str(value)) + class ProjectInfo(object): """ Information about a Nova project, as parsed through SAX @@ -114,7 +136,6 @@ class ProjectMember(object): else: setattr(self, name, str(value)) - class HostInfo(object): """ Information about a Nova Host, as parsed through SAX: @@ -196,6 +217,19 @@ class NovaAdminClient(object): """ deletes a user """ return self.apiconn.get_object('DeregisterUser', {'Name': username}, UserInfo) + def get_user_roles(self, user, project=None): + """ + Returns a list of roles for the given user. + Omitting project will return any global roles that the user has. + Specifying project will return only project specific roles. + """ + params = {'User':user} + if project: + params['Project'] = project + return self.apiconn.get_list('DescribeUserRoles', + params, + [('item', UserRole)]) + def add_user_role(self, user, role, project=None): """ Add a role to a user either globally or for a specific project. diff --git a/nova/endpoint/admin.py b/nova/endpoint/admin.py index c4b8c05ca..a3114c0a3 100644 --- a/nova/endpoint/admin.py +++ b/nova/endpoint/admin.py @@ -103,6 +103,19 @@ class AdminController(object): return True @admin_only + def describe_roles(self, context, project_roles=True, **kwargs): + """Returns a list of allowed roles.""" + return manager.AuthManager().get_roles(project_roles) + + @admin_only + def describe_user_roles(self, context, user, project=None, **kwargs): + """Returns a list of roles for the given user. + Omitting project will return any global roles that the user has. + Specifying project will return only project specific roles. + """ + return manager.AuthManager().get_user_roles(user, project=project) + + @admin_only def modify_user_role(self, context, user, role, project=None, operation='add', **kwargs): """Add or remove a role for a user and project.""" |