def create_user(self, user_info):
"""
Create a user.
:param user_info: full user info.
:raises AuthconnOperationException: if user creation failed.
:return: returns the id of the user in keystone.
"""
try:
new_user = self.keystone.users.create(
user_info["username"],
password=user_info["password"],
domain=self.user_domain_name,
_admin=user_info["_admin"])
if "project_role_mappings" in user_info.keys():
for mapping in user_info["project_role_mappings"]:
self.assign_role_to_user(new_user.id, mapping["project"],
mapping["role"])
return {"username": new_user.name, "_id": new_user.id}
except Conflict as e:
# self.logger.exception("Error during user creation using keystone: {}".format(e))
raise AuthconnOperationException(e, http_code=HTTPStatus.CONFLICT)
except ClientException as e:
# self.logger.exception("Error during user creation using keystone: {}".format(e))
raise AuthconnOperationException(
"Error during user creation using Keystone: {}".format(e))
def get_user_list(self, filter_q=None):
"""
Get user list.
:param filter_q: dictionary to filter user list by name (username is also admited) and/or _id
:return: returns a list of users.
"""
try:
filter_name = None
if filter_q:
filter_name = filter_q.get("name") or filter_q.get("username")
users = self.keystone.users.list(name=filter_name)
users = [
{
"username": user.name,
"_id": user.id,
"id": user.id,
"_admin": user.to_dict().get("_admin", {}) # TODO: REVISE
} for user in users if user.name != self.admin_username
]
if filter_q and filter_q.get("_id"):
users = [
user for user in users if filter_q["_id"] == user["_id"]
]
for user in users:
user["project_role_mappings"] = []
user["projects"] = []
projects = self.keystone.projects.list(user=user["_id"])
for project in projects:
user["projects"].append(project.name)
roles = self.keystone.roles.list(user=user["_id"],
project=project.id)
for role in roles:
prm = {
"project": project.id,
"project_name": project.name,
"role_name": role.name,
"role": role.id,
}
user["project_role_mappings"].append(prm)
return users
except ClientException as e:
# self.logger.exception("Error during user listing using keystone: {}".format(e))
raise AuthconnOperationException(
"Error during user listing using Keystone: {}".format(e))
def remove_role_from_user(self, user, project, role):
"""
Remove a role from a user in a project.
:param user: username.
:param project: project name or id.
:param role: role name or id.
:raises AuthconnOperationException: if role assignment revocation failed.
"""
try:
if is_valid_uuid(user):
user_obj = self.keystone.users.get(user)
else:
user_obj_list = self.keystone.users.list(name=user)
if not user_obj_list:
raise AuthconnNotFoundException(
"User '{}' not found".format(user))
user_obj = user_obj_list[0]
if is_valid_uuid(project):
project_obj = self.keystone.projects.get(project)
else:
project_obj_list = self.keystone.projects.list(name=project)
if not project_obj_list:
raise AuthconnNotFoundException(
"Project '{}' not found".format(project))
project_obj = project_obj_list[0]
if is_valid_uuid(role):
role_obj = self.keystone.roles.get(role)
else:
role_obj_list = self.keystone.roles.list(name=role)
if not role_obj_list:
raise AuthconnNotFoundException(
"Role '{}' not found".format(role))
role_obj = role_obj_list[0]
self.keystone.roles.revoke(role_obj,
user=user_obj,
project=project_obj)
except ClientException as e:
# self.logger.exception("Error during user role revocation using keystone: {}".format(e))
raise AuthconnOperationException(
"Error during role '{}' revocation to user '{}' and project '{}' using "
"Keystone: {}".format(role, user, project, e))
def update_project(self, project_id, project_info):
"""
Change the name of a project
:param project_id: project to be changed
:param project_info: full project info
:return: None
"""
try:
self.keystone.projects.update(project_id,
name=project_info["name"],
_admin=project_info["_admin"],
quotas=project_info.get(
"quotas", {}))
except ClientException as e:
# self.logger.exception("Error during project update using keystone: {}".format(e))
raise AuthconnOperationException(
"Error during project update using Keystone: {}".format(e))
def delete_user(self, user_id):
"""
Delete user.
:param user_id: user identifier.
:raises AuthconnOperationException: if user deletion failed.
"""
try:
result, detail = self.keystone.users.delete(user_id)
if result.status_code != 204:
raise ClientException("error {} {}".format(
result.status_code, detail))
return True
except ClientException as e:
# self.logger.exception("Error during user deletion using keystone: {}".format(e))
raise AuthconnOperationException(
"Error during user deletion using Keystone: {}".format(e))
def create_project(self, project_info):
"""
Create a project.
:param project_info: full project info.
:return: the internal id of the created project
:raises AuthconnOperationException: if project creation failed.
"""
try:
result = self.keystone.projects.create(
project_info["name"],
self.project_domain_name,
_admin=project_info["_admin"],
quotas=project_info.get("quotas", {}))
return result.id
except ClientException as e:
# self.logger.exception("Error during project creation using keystone: {}".format(e))
raise AuthconnOperationException(
"Error during project creation using Keystone: {}".format(e))
def delete_role(self, role_id):
"""
Delete a role.
:param role_id: role identifier.
:raises AuthconnOperationException: if role deletion failed.
"""
try:
result, detail = self.keystone.roles.delete(role_id)
if result.status_code != 204:
raise ClientException("error {} {}".format(
result.status_code, detail))
return True
except ClientException as e:
# self.logger.exception("Error during role deletion using keystone: {}".format(e))
raise AuthconnOperationException(
"Error during role deletion using Keystone: {}".format(e))
def create_role(self, role_info):
"""
Create a role.
:param role_info: full role info.
:raises AuthconnOperationException: if role creation failed.
"""
try:
result = self.keystone.roles.create(
role_info["name"],
permissions=role_info.get("permissions"),
_admin=role_info.get("_admin"))
return result.id
except Conflict as ex:
raise AuthconnConflictException(str(ex))
except ClientException as e:
# self.logger.exception("Error during role creation using keystone: {}".format(e))
raise AuthconnOperationException(
"Error during role creation using Keystone: {}".format(e))
def delete_project(self, project_id):
"""
Delete a project.
:param project_id: project identifier.
:raises AuthconnOperationException: if project deletion failed.
"""
try:
# projects = self.keystone.projects.list()
# project_obj = [project for project in projects if project.id == project_id][0]
# result, _ = self.keystone.projects.delete(project_obj)
result, detail = self.keystone.projects.delete(project_id)
if result.status_code != 204:
raise ClientException("error {} {}".format(
result.status_code, detail))
return True
except ClientException as e:
# self.logger.exception("Error during project deletion using keystone: {}".format(e))
raise AuthconnOperationException(
"Error during project deletion using Keystone: {}".format(e))
def update_user(self, user_info):
"""
Change the user name and/or password.
:param user_info: user info modifications
:raises AuthconnOperationException: if change failed.
"""
try:
user = user_info.get("_id") or user_info.get("username")
if is_valid_uuid(user):
user_obj_list = [self.keystone.users.get(user)]
else:
user_obj_list = self.keystone.users.list(name=user)
if not user_obj_list:
raise AuthconnNotFoundException(
"User '{}' not found".format(user))
user_obj = user_obj_list[0]
user_id = user_obj.id
if user_info.get("password") or user_info.get("username") \
or user_info.get("add_project_role_mappings") or user_info.get("remove_project_role_mappings"):
ctime = user_obj._admin.get("created", 0) if hasattr(
user_obj, "_admin") else 0
self.keystone.users.update(user_id,
password=user_info.get("password"),
name=user_info.get("username"),
_admin={
"created": ctime,
"modified": time.time()
})
for mapping in user_info.get("remove_project_role_mappings", []):
self.remove_role_from_user(user_id, mapping["project"],
mapping["role"])
for mapping in user_info.get("add_project_role_mappings", []):
self.assign_role_to_user(user_id, mapping["project"],
mapping["role"])
except ClientException as e:
# self.logger.exception("Error during user password/name update using keystone: {}".format(e))
raise AuthconnOperationException(
"Error during user update using Keystone: {}".format(e))
def update_role(self, role_info):
"""
Change the name of a role
:param role_info: full role info
:return: None
"""
try:
rid = role_info["_id"]
if not is_valid_uuid(rid): # Is this required?
role_obj_list = self.keystone.roles.list(name=rid)
if not role_obj_list:
raise AuthconnNotFoundException(
"Role '{}' not found".format(rid))
rid = role_obj_list[0].id
self.keystone.roles.update(
rid,
name=role_info["name"],
permissions=role_info.get("permissions"),
_admin=role_info.get("_admin"))
except ClientException as e:
# self.logger.exception("Error during role update using keystone: {}".format(e))
raise AuthconnOperationException(
"Error during role updating using Keystone: {}".format(e))