exporting auth to keystone (users, projects/tenants, roles, credentials)

author: paul@openstack.org <> 2011-09-14 12:10:33 -0500
committer: paul@openstack.org <> 2011-09-14 12:10:33 -0500
commit: 5b436ffc2a46e34c8b4cc94780a9059dbef58cda (patch)
tree: 3e4ed760d226f3626677ef33388b6607df4330a9 /bin
parent: 89736bf13562811cebb42cd6e3377d7f9e0a0b9c (diff)
download: nova-5b436ffc2a46e34c8b4cc94780a9059dbef58cda.tar.gz
nova-5b436ffc2a46e34c8b4cc94780a9059dbef58cda.tar.xz
nova-5b436ffc2a46e34c8b4cc94780a9059dbef58cda.zip
1 files changed, 45 insertions, 0 deletions
diff --git a/bin/nova-manage b/bin/nova-manage
index 089b2eeae..5f0c54717 100755
--- a/bin/nova-manage
+++ b/bin/nova-manage
@@ -61,6 +61,7 @@ import math
 import netaddr
 from optparse import OptionParser
 import os
+import StringIO
 import sys
 import time
 
@@ -274,6 +275,50 @@ class ShellCommands(object):
         arguments: path"""
         exec(compile(open(path).read(), path, 'exec'), locals(), globals())
 
+    @args('--filename', dest='filename', metavar='<path>', help='Export path')
+    def export(self, filename):
+        """Export Nova users into a file that can be consumed by Keystone"""
+        def create_file(filename):
+            data = generate_file()
+            with open(filename, 'w') as f:
+                f.write(data.getvalue())
+
+        def tenants(data, am):
+            for project in am.get_projects():
+                print >> data, ("tenant add '%s'" %
+                                   (project.name))
+                for u in project.member_ids:
+                    user = am.get_user(u)
+                    print >> data, ("user add '%s' '%s' '%s'" %
+                                     (user.name, user.access, project.name))
+                    print >> data, ("credentials add 'EC2' '%s' '%s'" %
+                                 (user.access, user.secret))
+
+        def roles(data, am):
+            for role in am.get_roles():
+                print >> data, ("role add '%s'" % (role))
+
+        def grant_roles(data, am):
+            roles = am.get_roles()
+            for project in am.get_projects():
+                for u in project.member_ids:
+                    user = am.get_user(u)
+                    for role in roles:
+                        if user.has_role(role):
+                            print >> data, ("role grant '%s', '%s', '%s')," %
+                                           (user.name, role, project.name))
+            print >> data, footer
+
+        def generate_file():
+            data = StringIO.StringIO()
+            am = manager.AuthManager()
+            tenants(data, am)
+            roles(data, am)
+            data.seek(0)
+            return data
+
+        create_file(filename)
+
 
 class RoleCommands(object):
     """Class for managing roles."""
author	paul@openstack.org <>	2011-09-14 12:10:33 -0500
committer	paul@openstack.org <>	2011-09-14 12:10:33 -0500
commit	5b436ffc2a46e34c8b4cc94780a9059dbef58cda (patch)
tree	3e4ed760d226f3626677ef33388b6607df4330a9 /bin
parent	89736bf13562811cebb42cd6e3377d7f9e0a0b9c (diff)
download	nova-5b436ffc2a46e34c8b4cc94780a9059dbef58cda.tar.gz nova-5b436ffc2a46e34c8b4cc94780a9059dbef58cda.tar.xz nova-5b436ffc2a46e34c8b4cc94780a9059dbef58cda.zip