diff options
| author | Devin Carlen <devin.carlen@gmail.com> | 2010-07-29 03:23:51 +0000 |
|---|---|---|
| committer | Tarmac <> | 2010-07-29 03:23:51 +0000 |
| commit | f9569be64be5dbc909ac8dcb594d361aea12c97c (patch) | |
| tree | 6281ca2d7d3a13edf5adfdb74f18b695abd7ff93 /nova/adminclient.py | |
| parent | 7847a029e00f089297f0446267bf818eaef3e1f5 (diff) | |
| parent | bb375bbeffb1249c653d3589acb521a25f8824c7 (diff) | |
| download | nova-f9569be64be5dbc909ac8dcb594d361aea12c97c.tar.gz nova-f9569be64be5dbc909ac8dcb594d361aea12c97c.tar.xz nova-f9569be64be5dbc909ac8dcb594d361aea12c97c.zip | |
Implemented admin api for rbac
Diffstat (limited to 'nova/adminclient.py')
| -rw-r--r-- | nova/adminclient.py | 163 |
1 files changed, 159 insertions, 4 deletions
diff --git a/nova/adminclient.py b/nova/adminclient.py index db392feb1..fceeac274 100644 --- a/nova/adminclient.py +++ b/nova/adminclient.py @@ -23,6 +23,7 @@ import base64 import boto from boto.ec2.regioninfo import RegionInfo + class UserInfo(object): """ Information about a Nova user, as parsed through SAX @@ -56,6 +57,64 @@ class UserInfo(object): elif name == 'secretkey': self.secretkey = str(value) +class ProjectInfo(object): + """ + Information about a Nova project, as parsed through SAX + Fields include: + projectname + description + projectManagerId + memberIds + """ + + def __init__(self, connection=None): + self.connection = connection + self.projectname = None + self.description = None + self.projectManagerId = None + self.memberIds = [] + + def __repr__(self): + return 'ProjectInfo:%s' % self.projectname + + def startElement(self, name, attrs, connection): + return None + + def endElement(self, name, value, connection): + if name == 'projectname': + self.projectname = value + elif name == 'description': + self.description = value + elif name == 'projectManagerId': + self.projectManagerId = value + elif name == 'memberId': + self.memberIds.append(value) + else: + setattr(self, name, str(value)) + +class ProjectMember(object): + """ + Information about a Nova project member, as parsed through SAX. + Fields include: + memberId + """ + def __init__(self, connection=None): + self.connection = connection + self.memberId = None + + def __repr__(self): + return 'ProjectMember:%s' % self.memberId + + def startElement(self, name, attrs, connection): + return None + + def endElement(self, name, value, connection): + if name == 'member': + self.memberId = value + else: + setattr(self, name, str(value)) + + class HostInfo(object): """ Information about a Nova Host, as parsed through SAX: @@ -99,20 +158,20 @@ class NovaAdminClient(object): **kwargs) self.apiconn.APIVersion = 'nova' - def connection_for(self, username, **kwargs): + def connection_for(self, username, project, **kwargs): """ Returns a boto ec2 connection for the given username. """ user = self.get_user(username) + access_key = '%s:%s' % (user.accesskey, project) return boto.connect_ec2( - aws_access_key_id=user.accesskey, + aws_access_key_id=access_key, aws_secret_access_key=user.secretkey, is_secure=False, region=RegionInfo(None, self.region, self.clc_ip), port=8773, path='/services/Cloud', - **kwargs - ) + **kwargs) def get_users(self): """ grabs the list of all users """ @@ -137,6 +196,102 @@ class NovaAdminClient(object): """ deletes a user """ return self.apiconn.get_object('DeregisterUser', {'Name': username}, UserInfo) + def add_user_role(self, user, role, project=None): + """ + Add a role to a user either globally or for a specific project. + """ + return self.modify_user_role(user, role, project=project, + operation='add') + + def remove_user_role(self, user, role, project=None): + """ + Remove a role from a user either globally or for a specific project. + """ + return self.modify_user_role(user, role, project=project, + operation='remove') + + def modify_user_role(self, user, role, project=None, operation='add', + **kwargs): + """ + Add or remove a role for a user and project. + """ + params = {'User': user, + 'Role': role, + 'Project': project, + 'Operation': operation} + return self.apiconn.get_status('ModifyUserRole', params) + + def get_projects(self, user=None): + """ + Returns a list of all projects. + """ + if user: + params = {'User': user} + else: + params = {} + return self.apiconn.get_list('DescribeProjects', + params, + [('item', ProjectInfo)]) + + def get_project(self, name): + """ + Returns a single project with the specified name. + """ + project = self.apiconn.get_object('DescribeProject', + {'Name': name}, + ProjectInfo) + + if project.projectname != None: + return project + + def create_project(self, projectname, manager_user, description=None, + member_users=None): + """ + Creates a new project. + """ + params = {'Name': projectname, + 'ManagerUser': manager_user, + 'Description': description, + 'MemberUsers': member_users} + return self.apiconn.get_object('RegisterProject', params, ProjectInfo) + + def delete_project(self, projectname): + """ + Permanently deletes the specified project. + """ + return self.apiconn.get_object('DeregisterProject', + {'Name': projectname}, + ProjectInfo) + + def get_project_members(self, name): + """ + Returns a list of members of a project. + """ + return self.apiconn.get_list('DescribeProjectMembers', + {'Name': name}, + [('item', ProjectMember)]) + + def add_project_member(self, user, project): + """ + Adds a user to a project. + """ + return self.modify_project_member(user, project, operation='add') + + def remove_project_member(self, user, project): + """ + Removes a user from a project. + """ + return self.modify_project_member(user, project, operation='remove') + + def modify_project_member(self, user, project, operation='add'): + """ + Adds or removes a user from a project. + """ + params = {'User': user, + 'Project': project, + 'Operation': operation} + return self.apiconn.get_status('ModifyProjectMember', params) + def get_zip(self, username): """ returns the content of a zip file containing novarc and access credentials. """ return self.apiconn.get_object('GenerateX509ForUser', {'Name': username}, UserInfo).file |