From c42b214c61342089401b5191e70c0c6b09fb5a4a Mon Sep 17 00:00:00 2001 From: Devin Carlen Date: Tue, 27 Jul 2010 00:11:18 +0000 Subject: Began wiring up rbac admin api --- nova/adminclient.py | 102 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 102 insertions(+) (limited to 'nova/adminclient.py') diff --git a/nova/adminclient.py b/nova/adminclient.py index db392feb1..9b9505ac1 100644 --- a/nova/adminclient.py +++ b/nova/adminclient.py @@ -56,6 +56,29 @@ class UserInfo(object): elif name == 'secretkey': self.secretkey = str(value) +class ProjectInfo(object): + """ + Information about a Nova project, as parsed through SAX + fields include: + projectname + description + member_ids + """ + + def __init__(self, connection=None, projectname=None, endpoint=None): + self.connection = connection + self.projectname = projectname + self.endpoint = endpoint + + def __repr__(self): + return 'ProjectInfo:%s' % self.projectname + + def startElement(self, name, attrs, connection): + return None + + def endElement(self, name, value, connection): + setattr(self, name, str(value)) + class HostInfo(object): """ Information about a Nova Host, as parsed through SAX: @@ -137,6 +160,85 @@ class NovaAdminClient(object): """ deletes a user """ return self.apiconn.get_object('DeregisterUser', {'Name': username}, UserInfo) + def add_user_role(self, user, role, project=None): + """ + Add a role to a user either globally or for a specific project. + """ + return self.modify_user_role(user, role, project=project, + operation='add') + + def remove_user_role(self, user, role, project=None): + """ + Remove a role from a user either globally or for a specific project. + """ + return self.modify_user_role(user, role, project=project, + operation='remove') + + def modify_user_role(self, user, role, project=None, operation='add', + **kwargs): + """ + Add or remove a role for a user and project. + """ + params = { + 'User': user, + 'Role': role, + 'Project': project, + 'Operation': operation + + } + return self.apiconn.get_status('ModifyUserRole', params) + + def get_projects(self): + """ + Returns a list of all projects. + """ + return self.apiconn.get_list('DescribeProjects', {}, + [('item', ProjectInfo)]) + + def get_project(self, name): + """ + Returns a single project with the specified name. + """ + project = self.apiconn.get_object('DescribeProject', + {'Name': name}, + ProjectInfo) + + if project.projectname != None: + return project + + def create_project(self, projectname, manager_user, description=None, + member_users=None): + """ + Creates a new project. + """ + params = { + 'Name': projectname, + 'ManagerUser': manager_user, + 'Description': description, + 'MemberUsers': member_users + } + return self.apiconn.get_object('RegisterProject', params, ProjectInfo) + + def delete_project(self, projectname): + """ + Permanently deletes the specified project. + """ + return self.apiconn.get_object('DeregisterProject', + {'Name': projectname}, + ProjectInfo) + + def modify_project_user(self, user, project, operation='add', + **kwargs): + """ + Adds or removes a user from a project. + """ + params = { + 'User': user, + 'Project': project, + 'Operation': operation + } + return self.apiconn.get_status('ModifyProjectUser', params) + def get_zip(self, username): """ returns the content of a zip file containing novarc and access credentials. """ return self.apiconn.get_object('GenerateX509ForUser', {'Name': username}, UserInfo).file -- cgit From 40dfe6316fae4b14f9fa694653341349a86d55ab Mon Sep 17 00:00:00 2001 From: Devin Carlen Date: Wed, 28 Jul 2010 00:28:56 +0000 Subject: Wired up user:project auth calls --- nova/adminclient.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'nova/adminclient.py') diff --git a/nova/adminclient.py b/nova/adminclient.py index 9b9505ac1..e81e0470f 100644 --- a/nova/adminclient.py +++ b/nova/adminclient.py @@ -122,13 +122,14 @@ class NovaAdminClient(object): **kwargs) self.apiconn.APIVersion = 'nova' - def connection_for(self, username, **kwargs): + def connection_for(self, username, project, **kwargs): """ Returns a boto ec2 connection for the given username. """ user = self.get_user(username) + access_key = '%s:%s' % (user.accesskey, project) return boto.connect_ec2( - aws_access_key_id=user.accesskey, + aws_access_key_id=access_key, aws_secret_access_key=user.secretkey, is_secure=False, region=RegionInfo(None, self.region, self.clc_ip), -- cgit From e53caccb7a242bdabd4ea6aed914ab77cb1fca32 Mon Sep 17 00:00:00 2001 From: Devin Carlen Date: Wed, 28 Jul 2010 18:16:09 +0000 Subject: Fixed project api --- nova/adminclient.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'nova/adminclient.py') diff --git a/nova/adminclient.py b/nova/adminclient.py index e81e0470f..7ef3497bc 100644 --- a/nova/adminclient.py +++ b/nova/adminclient.py @@ -69,6 +69,7 @@ class ProjectInfo(object): self.connection = connection self.projectname = projectname self.endpoint = endpoint + self.memberIds = [] def __repr__(self): return 'ProjectInfo:%s' % self.projectname @@ -77,7 +78,10 @@ class ProjectInfo(object): return None def endElement(self, name, value, connection): - setattr(self, name, str(value)) + if name == 'item': + self.memberIds.append(value) + elif name != 'memberIds': + setattr(self, name, str(value)) class HostInfo(object): """ -- cgit From 93236b6b5f4f18fabf0852c6cbb9540578935961 Mon Sep 17 00:00:00 2001 From: Devin Carlen Date: Wed, 28 Jul 2010 21:04:05 +0000 Subject: Wired up get/add/remove project members --- nova/adminclient.py | 79 +++++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 67 insertions(+), 12 deletions(-) (limited to 'nova/adminclient.py') diff --git a/nova/adminclient.py b/nova/adminclient.py index 7ef3497bc..3a2ce2f01 100644 --- a/nova/adminclient.py +++ b/nova/adminclient.py @@ -59,16 +59,18 @@ class UserInfo(object): class ProjectInfo(object): """ Information about a Nova project, as parsed through SAX - fields include: + Fields include: projectname description - member_ids + projectManagerId + memberIds """ - def __init__(self, connection=None, projectname=None, endpoint=None): + def __init__(self, connection=None): self.connection = connection - self.projectname = projectname - self.endpoint = endpoint + self.projectname = None + self.description = None + self.projectManagerId = None self.memberIds = [] def __repr__(self): @@ -78,11 +80,40 @@ class ProjectInfo(object): return None def endElement(self, name, value, connection): - if name == 'item': + if name == 'projectname': + self.projectname = value + elif name == 'description': + self.description = value + elif name == 'projectManagerId': + self.projectManagerId = value + elif name == 'memberId': self.memberIds.append(value) - elif name != 'memberIds': + else: setattr(self, name, str(value)) +class ProjectMember(object): + """ + Information about a Nova project member, as parsed through SAX. + Fields include: + memberId + """ + def __init__(self, connection=None): + self.connection = connection + self.memberId = None + + def __repr__(self): + return 'ProjectMember:%s' % self.memberId + + def startElement(self, name, attrs, connection): + return None + + def endElement(self, name, value, connection): + if name == 'member': + self.memberId = value + else: + setattr(self, name, str(value)) + + class HostInfo(object): """ Information about a Nova Host, as parsed through SAX: @@ -193,11 +224,16 @@ class NovaAdminClient(object): } return self.apiconn.get_status('ModifyUserRole', params) - def get_projects(self): + def get_projects(self, user=None): """ Returns a list of all projects. """ - return self.apiconn.get_list('DescribeProjects', {}, + if user: + params = {'User': user} + else: + params = {} + return self.apiconn.get_list('DescribeProjects', + params, [('item', ProjectInfo)]) def get_project(self, name): @@ -232,8 +268,27 @@ class NovaAdminClient(object): {'Name': projectname}, ProjectInfo) - def modify_project_user(self, user, project, operation='add', - **kwargs): + def get_project_members(self, name): + """ + Returns a list of members of a project. + """ + return self.apiconn.get_list('DescribeProjectMembers', + {'Name': name}, + [('item', ProjectMember)]) + + def add_project_member(self, user, project): + """ + Adds a user to a project. + """ + return self.modify_project_member(user, project, operation='add') + + def remove_project_member(self, user, project): + """ + Removes a user from a project. + """ + return self.modify_project_member(user, project, operation='remove') + + def modify_project_member(self, user, project, operation='add'): """ Adds or removes a user from a project. """ @@ -242,7 +297,7 @@ class NovaAdminClient(object): 'Project': project, 'Operation': operation } - return self.apiconn.get_status('ModifyProjectUser', params) + return self.apiconn.get_status('ModifyProjectMember', params) def get_zip(self, username): """ returns the content of a zip file containing novarc and access credentials. """ -- cgit From bb375bbeffb1249c653d3589acb521a25f8824c7 Mon Sep 17 00:00:00 2001 From: Devin Carlen Date: Wed, 28 Jul 2010 23:41:43 +0000 Subject: pep8 --- nova/adminclient.py | 37 +++++++++++++++---------------------- 1 file changed, 15 insertions(+), 22 deletions(-) (limited to 'nova/adminclient.py') diff --git a/nova/adminclient.py b/nova/adminclient.py index 3a2ce2f01..fceeac274 100644 --- a/nova/adminclient.py +++ b/nova/adminclient.py @@ -23,6 +23,7 @@ import base64 import boto from boto.ec2.regioninfo import RegionInfo + class UserInfo(object): """ Information about a Nova user, as parsed through SAX @@ -170,8 +171,7 @@ class NovaAdminClient(object): region=RegionInfo(None, self.region, self.clc_ip), port=8773, path='/services/Cloud', - **kwargs - ) + **kwargs) def get_users(self): """ grabs the list of all users """ @@ -215,13 +215,10 @@ class NovaAdminClient(object): """ Add or remove a role for a user and project. """ - params = { - 'User': user, - 'Role': role, - 'Project': project, - 'Operation': operation - - } + params = {'User': user, + 'Role': role, + 'Project': project, + 'Operation': operation} return self.apiconn.get_status('ModifyUserRole', params) def get_projects(self, user=None): @@ -241,8 +238,8 @@ class NovaAdminClient(object): Returns a single project with the specified name. """ project = self.apiconn.get_object('DescribeProject', - {'Name': name}, - ProjectInfo) + {'Name': name}, + ProjectInfo) if project.projectname != None: return project @@ -252,12 +249,10 @@ class NovaAdminClient(object): """ Creates a new project. """ - params = { - 'Name': projectname, - 'ManagerUser': manager_user, - 'Description': description, - 'MemberUsers': member_users - } + params = {'Name': projectname, + 'ManagerUser': manager_user, + 'Description': description, + 'MemberUsers': member_users} return self.apiconn.get_object('RegisterProject', params, ProjectInfo) def delete_project(self, projectname): @@ -292,11 +287,9 @@ class NovaAdminClient(object): """ Adds or removes a user from a project. """ - params = { - 'User': user, - 'Project': project, - 'Operation': operation - } + params = {'User': user, + 'Project': project, + 'Operation': operation} return self.apiconn.get_status('ModifyProjectMember', params) def get_zip(self, username): -- cgit