From 40dfe6316fae4b14f9fa694653341349a86d55ab Mon Sep 17 00:00:00 2001
From: Devin Carlen <devin.carlen@gmail.com>
Date: Wed, 28 Jul 2010 00:28:56 +0000
Subject: Wired up user:project auth calls

---
 nova/adminclient.py    |  5 +++--
 nova/auth/manager.py   |  1 +
 nova/endpoint/admin.py | 13 ++++---------
 3 files changed, 8 insertions(+), 11 deletions(-)

diff --git a/nova/adminclient.py b/nova/adminclient.py
index 9b9505ac1..e81e0470f 100644
--- a/nova/adminclient.py
+++ b/nova/adminclient.py
@@ -122,13 +122,14 @@ class NovaAdminClient(object):
                                         **kwargs)
         self.apiconn.APIVersion = 'nova'
 
-    def connection_for(self, username, **kwargs):
+    def connection_for(self, username, project, **kwargs):
         """
         Returns a boto ec2 connection for the given username.
         """
         user = self.get_user(username)
+        access_key = '%s:%s' % (user.accesskey, project)
         return boto.connect_ec2(
-            aws_access_key_id=user.accesskey,
+            aws_access_key_id=access_key,
             aws_secret_access_key=user.secretkey,
             is_secure=False,
             region=RegionInfo(None, self.region, self.clc_ip),
diff --git a/nova/auth/manager.py b/nova/auth/manager.py
index bc373fd26..8c8c7377c 100644
--- a/nova/auth/manager.py
+++ b/nova/auth/manager.py
@@ -532,6 +532,7 @@ class AuthManager(object):
 
     def get_projects(self):
         """Retrieves list of all projects"""
+        # TODO(devcamcar): Implement filter by user.
         with self.driver() as drv:
             project_list = drv.get_projects()
             if not project_list:
diff --git a/nova/endpoint/admin.py b/nova/endpoint/admin.py
index e3762e2af..e1e06e944 100644
--- a/nova/endpoint/admin.py
+++ b/nova/endpoint/admin.py
@@ -106,10 +106,7 @@ class AdminController(object):
     @admin_only
     def modify_user_role(self, context, user, role, project=None,
                          operation='add', **kwargs):
-        """
-        Add or remove a role for a user and project.
-        """
-
+        """Add or remove a role for a user and project."""
         if operation == 'add':
             manager.AuthManager().add_role(user, role, project)
         elif operation == 'remove':
@@ -137,8 +134,9 @@ class AdminController(object):
         return project_dict(manager.AuthManager().get_project(name))
 
     @admin_only
-    def describe_projects(self, context, **kwargs):
+    def describe_projects(self, context, user=None, **kwargs):
         """Returns all projects - should be changed to deal with a list."""
+        # TODO(devcamcar): Implement filter by user.
         return {'projectSet':
             [project_dict(u) for u in
             manager.AuthManager().get_projects()]}
@@ -164,10 +162,7 @@ class AdminController(object):
 
     @admin_only
     def modify_project_user(self, context, user, project, operation, **kwargs):
-        """
-        Add or remove a user from a project.
-        """
-
+        """Add or remove a user from a project."""
         if operation =='add':
             manager.AuthManager().add_to_project(user, project)
         elif operation == 'remove':
-- 
cgit