LdapDriver cleanup: docstrings and parameter ordering

author: Vishvananda Ishaya <vishvananda@gmail.com> 2010-07-19 17:10:25 -0500
committer: Vishvananda Ishaya <vishvananda@gmail.com> 2010-07-19 17:10:25 -0500
commit: bc524d362391c22ece2c2b24d11239837fe5db39 (patch)
tree: d31ffdce73b9a632d768055ea2117b17ec6e21b3
parent: a3ca587654095ffd4b97103302fb0744e505e332 (diff)
download: nova-bc524d362391c22ece2c2b24d11239837fe5db39.tar.gz
nova-bc524d362391c22ece2c2b24d11239837fe5db39.tar.xz
nova-bc524d362391c22ece2c2b24d11239837fe5db39.zip
1 files changed, 56 insertions, 5 deletions
diff --git a/nova/auth/ldapdriver.py b/nova/auth/ldapdriver.py
index 49443c99a..21c87a576 100644
--- a/nova/auth/ldapdriver.py
+++ b/nova/auth/ldapdriver.py
@@ -67,6 +67,10 @@ flags.DEFINE_string('ldap_developer',
 
 
 class LdapDriver(object):
+    """Ldap Auth driver
+
+    Defines enter and exit and therefore supports the with/as syntax.
+    """
     def __enter__(self):
         """Creates the connection to LDAP"""
         if FLAGS.fake_users:
@@ -86,43 +90,51 @@ class LdapDriver(object):
         return False
 
     def get_user(self, uid):
+        """Retrieve user by id"""
         attr = self.__find_object(self.__uid_to_dn(uid),
                                 '(objectclass=novaUser)')
         return self.__to_user(attr)
 
     def get_user_from_access_key(self, access):
+        """Retrieve user by access key"""
         query = '(accessKey=%s)' % access
         dn = FLAGS.ldap_user_subtree
         return self.__to_user(self.__find_object(dn, query))
 
     def get_key_pair(self, uid, key_name):
+        """Retrieve key pair by uid and key name"""
         dn = 'cn=%s,%s' % (key_name,
                            self.__uid_to_dn(uid))
         attr = self.__find_object(dn, '(objectclass=novaKeyPair)')
         return self.__to_key_pair(uid, attr)
 
     def get_project(self, name):
+        """Retrieve project by name"""
         dn = 'cn=%s,%s' % (name,
                            FLAGS.ldap_project_subtree)
         attr = self.__find_object(dn, '(objectclass=novaProject)')
         return self.__to_project(attr)
 
     def get_users(self):
+        """Retrieve list of users"""
         attrs = self.__find_objects(FLAGS.ldap_user_subtree,
                                   '(objectclass=novaUser)')
         return [self.__to_user(attr) for attr in attrs]
 
     def get_key_pairs(self, uid):
+        """Retrieve list of key pairs"""
         attrs = self.__find_objects(self.__uid_to_dn(uid),
                                   '(objectclass=novaKeyPair)')
         return [self.__to_key_pair(uid, attr) for attr in attrs]
 
     def get_projects(self):
+        """Retrieve list of projects"""
         attrs = self.__find_objects(FLAGS.ldap_project_subtree,
                                   '(objectclass=novaProject)')
         return [self.__to_project(attr) for attr in attrs]
 
     def create_user(self, name, access_key, secret_key, is_admin):
+        """Create a user"""
         if self.__user_exists(name):
             raise exception.Duplicate("LDAP user %s already exists" % name)
         attr = [
@@ -142,7 +154,7 @@ class LdapDriver(object):
         return self.__to_user(dict(attr))
 
     def create_key_pair(self, uid, key_name, public_key, fingerprint):
-        """create's a public key in the directory underneath the user"""
+        """Create a key pair"""
         # TODO(vish): possibly refactor this to store keys in their own ou
         #   and put dn reference in the user object
         attr = [
@@ -158,6 +170,7 @@ class LdapDriver(object):
 
     def create_project(self, name, manager_uid,
                        description=None, member_uids=None):
+        """Create a project"""
         if self.__project_exists(name):
             raise exception.Duplicate("Project can't be created because "
                                       "project %s already exists" % name)
@@ -189,22 +202,31 @@ class LdapDriver(object):
         return self.__to_project(dict(attr))
 
     def add_to_project(self, uid, project_id):
+        """Add user to project"""
         dn = 'cn=%s,%s' % (project_id, FLAGS.ldap_project_subtree)
         return self.__add_to_group(uid, dn)
 
     def remove_from_project(self, uid, project_id):
+        """Remove user from project"""
         dn = 'cn=%s,%s' % (project_id, FLAGS.ldap_project_subtree)
         return self.__remove_from_group(uid, dn)
 
     def is_in_project(self, uid, project_id):
+        """Check if user is in project"""
         dn = 'cn=%s,%s' % (project_id, FLAGS.ldap_project_subtree)
         return self.__is_in_group(uid, dn)
 
     def has_role(self, uid, role, project_id=None):
+        """Check if user has role
+
+        If project is specified, it checks for local role, otherwise it
+        checks for global role
+        """
         role_dn = self.__role_to_dn(role, project_id)
         return self.__is_in_group(uid, role_dn)
 
     def add_role(self, uid, role, project_id=None):
+        """Add role for user (or user and project)"""
         role_dn = self.__role_to_dn(role, project_id)
         if not self.__group_exists(role_dn):
             # create the role if it doesn't exist
@@ -214,10 +236,12 @@ class LdapDriver(object):
             return self.__add_to_group(uid, role_dn)
 
     def remove_role(self, uid, role, project_id=None):
+        """Remove role for user (or user and project)"""
         role_dn = self.__role_to_dn(role, project_id)
         return self.__remove_from_group(uid, role_dn)
 
     def delete_user(self, uid):
+        """Delete a user"""
         if not self.__user_exists(uid):
             raise exception.NotFound("User %s doesn't exist" % uid)
         self.__delete_key_pairs(uid)
@@ -226,6 +250,7 @@ class LdapDriver(object):
                                           FLAGS.ldap_user_subtree))
 
     def delete_key_pair(self, uid, key_name):
+        """Delete a key pair"""
         if not self.__key_pair_exists(uid, key_name):
             raise exception.NotFound("Key Pair %s doesn't exist for user %s" %
                             (key_name, uid))
@@ -233,26 +258,33 @@ class LdapDriver(object):
                                           FLAGS.ldap_user_subtree))
 
     def delete_project(self, name):
+        """Delete a project"""
         project_dn = 'cn=%s,%s' % (name, FLAGS.ldap_project_subtree)
         self.__delete_roles(project_dn)
         self.__delete_group(project_dn)
 
     def __user_exists(self, name):
+        """Check if user exists"""
         return self.get_user(name) != None
 
     def __key_pair_exists(self, uid, key_name):
+        """Check if key pair exists"""
+        return self.get_user(uid) != None
         return self.get_key_pair(uid, key_name) != None
 
     def __project_exists(self, name):
+        """Check if project exists"""
         return self.get_project(name) != None
 
     def __find_object(self, dn, query = None):
+        """Find an object by dn and query"""
         objects = self.__find_objects(dn, query)
         if len(objects) == 0:
             return None
         return objects[0]
 
     def __find_dns(self, dn, query=None):
+        """Find dns by query"""
         try:
             res = self.conn.search_s(dn, ldap.SCOPE_SUBTREE, query)
         except self.NO_SUCH_OBJECT:
@@ -261,6 +293,7 @@ class LdapDriver(object):
         return [dn for dn, attributes in res]
 
     def __find_objects(self, dn, query = None):
+        """Find objects by query"""
         try:
             res = self.conn.search_s(dn, ldap.SCOPE_SUBTREE, query)
         except self.NO_SUCH_OBJECT:
@@ -269,25 +302,30 @@ class LdapDriver(object):
         return [attributes for dn, attributes in res]
 
     def __find_role_dns(self, tree):
+        """Find dns of role objects in given tree"""
         return self.__find_dns(tree,
                 '(&(objectclass=groupOfNames)(!(objectclass=novaProject)))')
 
     def __find_group_dns_with_member(self, tree, uid):
+        """Find dns of group objects in a given tree that contain member"""
         dns = self.__find_dns(tree,
                             '(&(objectclass=groupOfNames)(member=%s))' %
                             self.__uid_to_dn(uid))
         return dns
 
     def __group_exists(self, dn):
+        """Check if group exists"""
         return self.__find_object(dn, '(objectclass=groupOfNames)') != None
 
     def __delete_key_pairs(self, uid):
+        """Delete all key pairs for user"""
         keys = self.get_key_pairs(uid)
         if keys != None:
             for key in keys:
                 self.delete_key_pair(uid, key.name)
 
     def __role_to_dn(self, role, project_id=None):
+        """Convert role to corresponding dn"""
         if project_id == None:
             return FLAGS.__getitem__("ldap_%s" % role).value
         else:
@@ -297,6 +335,7 @@ class LdapDriver(object):
 
     def __create_group(self, group_dn, name, uid,
                        description, member_uids = None):
+        """Create a group"""
         if self.__group_exists(group_dn):
             raise exception.Duplicate("Group can't be created because "
                                       "group %s already exists" % name)
@@ -319,6 +358,7 @@ class LdapDriver(object):
         self.conn.add_s(group_dn, attr)
 
     def __is_in_group(self, uid, group_dn):
+        """Check if user is in group"""
         if not self.__user_exists(uid):
             raise exception.NotFound("User %s can't be searched in group "
                     "becuase the user doesn't exist" % (uid,))
@@ -329,6 +369,7 @@ class LdapDriver(object):
         return res != None
 
     def __add_to_group(self, uid, group_dn):
+        """Add user to group"""
         if not self.__user_exists(uid):
             raise exception.NotFound("User %s can't be added to the group "
                     "becuase the user doesn't exist" % (uid,))
@@ -344,6 +385,7 @@ class LdapDriver(object):
         self.conn.modify_s(group_dn, attr)
 
     def __remove_from_group(self, uid, group_dn):
+        """Remove user from group"""
         if not self.__group_exists(group_dn):
             raise exception.NotFound("The group at dn %s doesn't exist" %
                                      (group_dn,))
@@ -353,9 +395,10 @@ class LdapDriver(object):
         if not self.__is_in_group(uid, group_dn):
             raise exception.NotFound("User %s is not a member of the group" %
                                      (uid,))
-        self.__safe_remove_from_group(group_dn, uid)
+        self.__safe_remove_from_group(uid, group_dn)
 
-    def __safe_remove_from_group(self, group_dn, uid):
+    def __safe_remove_from_group(self, uid, group_dn):
+        """Remove user from group, deleting group if user is last member"""
         # FIXME(vish): what if deleted user is a project manager?
         attr = [(ldap.MOD_DELETE, 'member', self.__uid_to_dn(uid))]
         try:
@@ -366,6 +409,7 @@ class LdapDriver(object):
             self.__delete_group(group_dn)
 
     def __remove_from_all(self, uid):
+        """Remove user from all roles and projects"""
         if not self.__user_exists(uid):
             raise exception.NotFound("User %s can't be removed from all "
                     "because the user doesn't exist" % (uid,))
@@ -373,22 +417,25 @@ class LdapDriver(object):
         role_dns = self.__find_group_dns_with_member(
                 FLAGS.role_project_subtree, uid)
         for role_dn in role_dns:
-            self.__safe_remove_from_group(role_dn, uid)
+            self.__safe_remove_from_group(uid, role_dn)
         project_dns = self.__find_group_dns_with_member(
                 FLAGS.ldap_project_subtree, uid)
         for project_dn in project_dns:
-            self.__safe_remove_from_group(project_dn, uid)
+            self.__safe_remove_from_group(uid, role_dn)
 
     def __delete_group(self, group_dn):
+        """Delete Group"""
         if not self.__group_exists(group_dn):
             raise exception.NotFound("Group at dn %s doesn't exist" % group_dn)
         self.conn.delete_s(group_dn)
 
     def __delete_roles(self, project_dn):
+        """Delete all roles for project"""
         for role_dn in self.__find_role_dns(project_dn):
             self.__delete_group(role_dn)
 
     def __to_user(self, attr):
+        """Convert ldap attributes to User object"""
         if attr == None:
             return None
         return manager.User(
@@ -400,6 +447,7 @@ class LdapDriver(object):
         )
 
     def __to_key_pair(self, owner, attr):
+        """Convert ldap attributes to KeyPair object"""
         if attr == None:
             return None
         return manager.KeyPair(
@@ -410,6 +458,7 @@ class LdapDriver(object):
         )
 
     def __to_project(self, attr):
+        """Convert ldap attributes to Project object"""
         if attr == None:
             return None
         member_dns = attr.get('member', [])
@@ -421,8 +470,10 @@ class LdapDriver(object):
         )
 
     def __dn_to_uid(self, dn):
+        """Convert user dn to uid"""
         return dn.split(',')[0].split('=')[1]
 
     def __uid_to_dn(self, dn):
+        """Convert uid to dn"""
         return 'uid=%s,%s' % (dn, FLAGS.ldap_user_subtree)
author	Vishvananda Ishaya <vishvananda@gmail.com>	2010-07-19 17:10:25 -0500
committer	Vishvananda Ishaya <vishvananda@gmail.com>	2010-07-19 17:10:25 -0500
commit	bc524d362391c22ece2c2b24d11239837fe5db39 (patch)
tree	d31ffdce73b9a632d768055ea2117b17ec6e21b3
parent	a3ca587654095ffd4b97103302fb0744e505e332 (diff)
download	nova-bc524d362391c22ece2c2b24d11239837fe5db39.tar.gz nova-bc524d362391c22ece2c2b24d11239837fe5db39.tar.xz nova-bc524d362391c22ece2c2b24d11239837fe5db39.zip