From 5b436ffc2a46e34c8b4cc94780a9059dbef58cda Mon Sep 17 00:00:00 2001 From: "paul@openstack.org" <> Date: Wed, 14 Sep 2011 12:10:33 -0500 Subject: exporting auth to keystone (users, projects/tenants, roles, credentials) --- bin/nova-manage | 45 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) (limited to 'bin') diff --git a/bin/nova-manage b/bin/nova-manage index 089b2eeae..5f0c54717 100755 --- a/bin/nova-manage +++ b/bin/nova-manage @@ -61,6 +61,7 @@ import math import netaddr from optparse import OptionParser import os +import StringIO import sys import time @@ -274,6 +275,50 @@ class ShellCommands(object): arguments: path""" exec(compile(open(path).read(), path, 'exec'), locals(), globals()) + @args('--filename', dest='filename', metavar='', help='Export path') + def export(self, filename): + """Export Nova users into a file that can be consumed by Keystone""" + def create_file(filename): + data = generate_file() + with open(filename, 'w') as f: + f.write(data.getvalue()) + + def tenants(data, am): + for project in am.get_projects(): + print >> data, ("tenant add '%s'" % + (project.name)) + for u in project.member_ids: + user = am.get_user(u) + print >> data, ("user add '%s' '%s' '%s'" % + (user.name, user.access, project.name)) + print >> data, ("credentials add 'EC2' '%s' '%s'" % + (user.access, user.secret)) + + def roles(data, am): + for role in am.get_roles(): + print >> data, ("role add '%s'" % (role)) + + def grant_roles(data, am): + roles = am.get_roles() + for project in am.get_projects(): + for u in project.member_ids: + user = am.get_user(u) + for role in roles: + if user.has_role(role): + print >> data, ("role grant '%s', '%s', '%s')," % + (user.name, role, project.name)) + print >> data, footer + + def generate_file(): + data = StringIO.StringIO() + am = manager.AuthManager() + tenants(data, am) + roles(data, am) + data.seek(0) + return data + + create_file(filename) + class RoleCommands(object): """Class for managing roles.""" -- cgit From 94e23a3def4172e58264f051a9558ba536dd1d19 Mon Sep 17 00:00:00 2001 From: "paul@openstack.org" <> Date: Wed, 14 Sep 2011 13:20:16 -0500 Subject: minor changes to credentials for the correct format --- bin/nova-manage | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'bin') diff --git a/bin/nova-manage b/bin/nova-manage index 5f0c54717..60799024c 100755 --- a/bin/nova-manage +++ b/bin/nova-manage @@ -286,13 +286,13 @@ class ShellCommands(object): def tenants(data, am): for project in am.get_projects(): print >> data, ("tenant add '%s'" % - (project.name)) + (project.name)) for u in project.member_ids: user = am.get_user(u) print >> data, ("user add '%s' '%s' '%s'" % - (user.name, user.access, project.name)) - print >> data, ("credentials add 'EC2' '%s' '%s'" % - (user.access, user.secret)) + (user.name, user.access, project.name)) + print >> data, ("credentials add 'EC2' '%s:%s' '%s' '%s'" % + (user.access, project.id, user.secret, project.id)) def roles(data, am): for role in am.get_roles(): -- cgit From 358dffe941cd280a69134dc59d3670e50b811800 Mon Sep 17 00:00:00 2001 From: "paul@openstack.org" <> Date: Fri, 16 Sep 2011 21:12:50 -0500 Subject: fixed grant user, added stdout support --- bin/nova-manage | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) (limited to 'bin') diff --git a/bin/nova-manage b/bin/nova-manage index 60799024c..4e9307273 100755 --- a/bin/nova-manage +++ b/bin/nova-manage @@ -275,11 +275,13 @@ class ShellCommands(object): arguments: path""" exec(compile(open(path).read(), path, 'exec'), locals(), globals()) - @args('--filename', dest='filename', metavar='', help='Export path') + @args('--filename', dest='filename', metavar='', default=False, + help='Export file path') def export(self, filename): """Export Nova users into a file that can be consumed by Keystone""" + def create_file(filename): - data = generate_file() + data = generate_data() with open(filename, 'w') as f: f.write(data.getvalue()) @@ -303,21 +305,27 @@ class ShellCommands(object): for project in am.get_projects(): for u in project.member_ids: user = am.get_user(u) - for role in roles: - if user.has_role(role): - print >> data, ("role grant '%s', '%s', '%s')," % - (user.name, role, project.name)) - print >> data, footer + for role in db.user_get_roles_for_project(ctxt, u, + project.id): + print >> data, ("role grant '%s', '%s', '%s')," % + (user.name, role, project.name)) + print >> data - def generate_file(): + def generate_data(): data = StringIO.StringIO() am = manager.AuthManager() tenants(data, am) roles(data, am) + grant_roles(data, am) data.seek(0) return data - create_file(filename) + ctxt = context.get_admin_context() + if filename: + create_file(filename) + else: + data = generate_data() + print data.getvalue() class RoleCommands(object): -- cgit