def add_user(self, role_id, user_id, tenant_id=None): user = self.user_api.get(user_id) if user is None: raise exception.UserNotFound(user_id=user_id) role_dn = self._subrole_id_to_dn(role_id, tenant_id) conn = self.get_connection() user_dn = self.user_api._id_to_dn(user_id) try: conn.modify_s(role_dn, [(ldap.MOD_ADD, self.member_attribute, user_dn)]) except ldap.TYPE_OR_VALUE_EXISTS: raise exception.Error('User %s already has role %s in tenant %s' % (user_id, role_id, tenant_id)) except ldap.NO_SUCH_OBJECT: if tenant_id is None or self.get(role_id) is None: raise Exception("Role %s not found" % (role_id, )) attrs = [('objectClass', [self.object_class]), (self.member_attribute, [user_dn])] if self.use_dumb_member: attrs[1][1].append(self.DUMB_MEMBER_DN) try: conn.add_s(role_dn, attrs) except Exception as inst: raise inst return UserRoleAssociation(id=self._create_ref(role_id, tenant_id, user_id), role_id=role_id, user_id=user_id, tenant_id=tenant_id)
def test_unicode_message(self): message = u'Comment \xe7a va' e = exception.Error(message) try: self.assertEqual(message, six.text_type(e)) except UnicodeEncodeError: self.fail("unicode error message not supported")
def rolegrant_delete(self, id): role_id, tenant_id, user_id = self._explode_ref(id) user_dn = self.user_api._id_to_dn(user_id) role_dn = self._subrole_id_to_dn(role_id, tenant_id) conn = self.get_connection() try: conn.modify_s(role_dn, [(ldap.MOD_DELETE, '', [user_dn])]) except ldap.NO_SUCH_ATTRIBUTE: raise exception.Error("No such user in role")
def process_response(self, request, response): """Transform the response from JSON to XML.""" outgoing_xml = 'application/xml' in str(request.accept) if outgoing_xml and response.body: response.content_type = 'application/xml' try: response.body = serializer.to_xml(json.loads(response.body)) except: raise exception.Error(message=response.body) return response
def update_resource_data(cls, resource_data, status): if status is cls.STABLE: # We currently do not add a status if the resource is stable, the # absence of the status property can be taken as meaning that the # resource is stable. return if status is cls.DEPRECATED or status is cls.EXPERIMENTAL: resource_data['hints'] = {'status': status} return raise exception.Error(message=_( 'Unexpected status requested for JSON Home response, %s') % status)
def process_response(self, request, response): """Transform the response from JSON to XML.""" outgoing_xml = 'application/xml' in str(request.accept) if outgoing_xml and response.body: response.content_type = 'application/xml' try: body_obj = jsonutils.loads(response.body) response.body = serializer.to_xml(body_obj, xmlns=self.xmlns) except Exception: LOG.exception('Serializer failed') raise exception.Error(message=response.body) return response
def calculate_type(user_id, group_id, project_id, domain_id): if user_id and project_id: return AssignmentType.USER_PROJECT elif user_id and domain_id: return AssignmentType.USER_DOMAIN elif group_id and project_id: return AssignmentType.GROUP_PROJECT elif group_id and domain_id: return AssignmentType.GROUP_DOMAIN else: message_data = ', '.join( [user_id, group_id, project_id, domain_id]) raise exception.Error(message=_( 'Unexpected combination of grant attributes - ' 'User, Group, Project, Domain: %s') % message_data)
def update(self, id, values): if values['id'] != id: return None old_obj = self.get(id) if old_obj.get('name') != values['name']: raise exception.Error('Changing Name not permitted') try: new_tenant = values['tenant_id'] except KeyError: pass else: if old_obj.get('tenant_id') != new_tenant: if old_obj['tenant_id']: self.tenant_api.remove_user(old_obj['tenant_id'], id) if new_tenant: self.tenant_api.add_user(new_tenant, id) _ensure_hashed_password(values) super(UserApi, self).update(id, values, old_obj)
def denormalize_role(ref): assignment = {} if ref.type == AssignmentType.USER_PROJECT: assignment['user_id'] = ref.actor_id assignment['project_id'] = ref.target_id elif ref.type == AssignmentType.USER_DOMAIN: assignment['user_id'] = ref.actor_id assignment['domain_id'] = ref.target_id elif ref.type == AssignmentType.GROUP_PROJECT: assignment['group_id'] = ref.actor_id assignment['project_id'] = ref.target_id elif ref.type == AssignmentType.GROUP_DOMAIN: assignment['group_id'] = ref.actor_id assignment['domain_id'] = ref.target_id else: raise exception.Error(message=_( 'Unexpected assignment type encountered, %s') % ref.type) assignment['role_id'] = ref.role_id if ref.inherited: assignment['inherited_to_projects'] = 'projects' return assignment
def update(self, id, values): old_obj = self.get(id) if old_obj['name'] != values['name']: raise exception.Error('Changing Name not permitted') super(TenantApi, self).update(id, values, old_obj)
def _add_resource(self, mapper, controller, path, rel, get_action=None, head_action=None, get_head_action=None, put_action=None, post_action=None, patch_action=None, delete_action=None, get_post_action=None, path_vars=None, status=None): if get_head_action: getattr(controller, get_head_action) # ensure the attribute exists mapper.connect(path, controller=controller, action=get_head_action, conditions=dict(method=['GET', 'HEAD'])) if get_action: getattr(controller, get_action) # ensure the attribute exists mapper.connect(path, controller=controller, action=get_action, conditions=dict(method=['GET'])) if head_action: getattr(controller, head_action) # ensure the attribute exists mapper.connect(path, controller=controller, action=head_action, conditions=dict(method=['HEAD'])) if put_action: getattr(controller, put_action) # ensure the attribute exists mapper.connect(path, controller=controller, action=put_action, conditions=dict(method=['PUT'])) if post_action: getattr(controller, post_action) # ensure the attribute exists mapper.connect(path, controller=controller, action=post_action, conditions=dict(method=['POST'])) if patch_action: getattr(controller, patch_action) # ensure the attribute exists mapper.connect(path, controller=controller, action=patch_action, conditions=dict(method=['PATCH'])) if delete_action: getattr(controller, delete_action) # ensure the attribute exists mapper.connect(path, controller=controller, action=delete_action, conditions=dict(method=['DELETE'])) if get_post_action: getattr(controller, get_post_action) # ensure the attribute exists mapper.connect(path, controller=controller, action=get_post_action, conditions=dict(method=['GET', 'POST'])) resource_data = dict() if path_vars: resource_data['href-template'] = path resource_data['href-vars'] = path_vars else: resource_data['href'] = path if status: if not json_home.Status.is_supported(status): raise exception.Error(message=_( 'Unexpected status requested for JSON Home response, %s') % status) resource_data.setdefault('hints', {}) resource_data['hints']['status'] = status self.v3_resources.append((rel, resource_data))