def proxy_domain_users_list(): '''Return a list of all users in the proxy domain.''' admin = k.client_for_admin() domain = domain_for_proxy() if domain: return b.execute_with_retries(admin.users.list, domain=domain.id) return []
def proxy_domain_users_list(): '''Return a list of all users in the proxy domain.''' admin = k.client_for_admin() domain = domain_for_proxy() if domain: return admin.users.list(domain=domain.id) return []
def proxy_user_delete(username=None, user_id=None): '''Delete the user from the proxy domain. :param username: The name of the user to delete. :param user_id: The id of the user to delete, if provided this overrides the username. :raises NotFoundException: If there is an error locating the user in the proxy domain. ''' admin = k.client_for_admin() if not user_id: domain = domain_for_proxy() user_list = b.execute_with_retries(admin.users.list, domain=domain.id, name=username) if len(user_list) == 0: raise ex.NotFoundException( value=username, message_template=_('Failed to find user %s')) if len(user_list) > 1: raise ex.NotFoundException( value=username, message_template=_('Unexpected results found when searching ' 'for user %s')) user_id = user_list[0].id b.execute_with_retries(admin.users.delete, user_id) LOG.debug('Deleted proxy user id {user_id}'.format(user_id=user_id))
def proxy_user_delete(username=None, user_id=None): '''Delete the user from the proxy domain. :param username: The name of the user to delete. :param user_id: The id of the user to delete, if provided this overrides the username. :raises NotFoundException: If there is an error locating the user in the proxy domain. ''' admin = k.client_for_admin() if not user_id: domain = domain_for_proxy() user_list = b.execute_with_retries( admin.users.list, domain=domain.id, name=username) if len(user_list) == 0: raise ex.NotFoundException( value=username, message_template=_('Failed to find user %s')) if len(user_list) > 1: raise ex.NotFoundException( value=username, message_template=_('Unexpected results found when searching ' 'for user %s')) user_id = user_list[0].id b.execute_with_retries(admin.users.delete, user_id) LOG.debug('Deleted proxy user id {user_id}'.format(user_id=user_id))
def check_cinder_exists(): services = [ service.name for service in keystone.client_for_admin().services.list() ] if 'cinder' not in services: raise ex.InvalidReferenceException(_("Cinder is not supported"))
def proxy_domain_users_list(): '''Return a list of all users in the proxy domain.''' admin = k.client_for_admin() domain = domain_for_proxy() if domain: return admin.users.list(domain=domain.id) return []
def proxy_domain_users_list(): '''Return a list of all users in the proxy domain.''' admin = k.client_for_admin() domain = domain_for_proxy() if domain: return b.execute_with_retries(admin.users.list, domain=domain.id) return []
def domain_for_proxy(): '''Return the proxy domain or None If configured to use the proxy domain, this function will return that domain. If not configured to use the proxy domain, this function will return None. If the proxy domain can't be found this will raise an exception. :returns: A Keystone Domain object or None. :raises ConfigurationError: If the domain is requested but not specified. :raises NotFoundException: If the domain name is specified but cannot be found. ''' if CONF.use_domain_for_proxy_users is False: return None if CONF.proxy_user_domain_name is None: raise ex.ConfigurationError(_('Proxy domain requested but not ' 'specified.')) admin = k.client_for_admin() global PROXY_DOMAIN if not PROXY_DOMAIN: domain_list = admin.domains.list(name=CONF.proxy_user_domain_name) if len(domain_list) == 0: raise ex.NotFoundException(value=CONF.proxy_user_domain_name, message=_('Failed to find domain %s')) # the domain name should be globally unique in Keystone if len(domain_list) > 1: raise ex.NotFoundException(value=CONF.proxy_user_domain_name, message=_('Unexpected results found ' 'when searching for domain ' '%s')) PROXY_DOMAIN = domain_list[0] return PROXY_DOMAIN
def domain_for_proxy(): '''Return the proxy domain or None If configured to use the proxy domain, this function will return that domain. If not configured to use the proxy domain, this function will return None. If the proxy domain can't be found this will raise an exception. :returns: A Keystone Domain object or None. :raises ConfigurationError: If the domain is requested but not specified. :raises NotFoundException: If the domain name is specified but cannot be found. ''' if CONF.use_domain_for_proxy_users is False: return None if CONF.proxy_user_domain_name is None: raise ex.ConfigurationError(_('Proxy domain requested but not ' 'specified.')) admin = k.client_for_admin() global PROXY_DOMAIN if not PROXY_DOMAIN: domain_list = admin.domains.list(name=CONF.proxy_user_domain_name) if len(domain_list) == 0: raise ex.NotFoundException(value=CONF.proxy_user_domain_name, message=_('Failed to find domain %s')) # the domain name should be globally unique in Keystone if len(domain_list) > 1: raise ex.NotFoundException(value=CONF.proxy_user_domain_name, message=_('Unexpected results found ' 'when searching for domain ' '%s')) PROXY_DOMAIN = domain_list[0] return PROXY_DOMAIN
def create_trust(cluster): client = keystone.client() ctx = context.current() trustee_id = keystone.client_for_admin().user_id trust = client.trusts.create(trustor_user=client.user_id, trustee_user=trustee_id, impersonation=True, role_names=ctx.roles, project=client.tenant_id) conductor.cluster_update(ctx, cluster, {'trust_id': trust.id})
def create_trust(cluster): client = keystone.client() ctx = context.current() trustee_id = keystone.client_for_admin().user_id trust = client.trusts.create( trustor_user=client.user_id, trustee_user=trustee_id, impersonation=True, role_names=ctx.roles, project=client.tenant_id, ) conductor.cluster_update(ctx, cluster, {"trust_id": trust.id})
def proxy_user_create(username): '''Create a new user in the proxy domain Creates the username specified with a random password. :param username: The name of the new user. :returns: The password created for the user. ''' admin = k.client_for_admin() domain = domain_for_proxy() password = six.text_type(uuid.uuid4()) admin.users.create(name=username, password=password, domain=domain.id) LOG.debug(_('created proxy user {0}').format(username)) return password
def proxy_user_create(username): '''Create a new user in the proxy domain Creates the username specified with a random password. :param username: The name of the new user. :returns: The password created for the user. ''' admin = k.client_for_admin() domain = domain_for_proxy() password = six.text_type(uuid.uuid4()) admin.users.create(name=username, password=password, domain=domain.id) LOG.debug(_('created proxy user {0}').format(username)) return password
def create_trust_for_cluster(cluster, expires=True): """Create a trust for a cluster This delegates a trust from the current user to the Sahara admin user based on the current context roles, and then adds the trust identifier to the cluster object. :param expires: The trust will expire if this is set to True. """ trustor = keystone.client() ctx = context.current() trustee = keystone.client_for_admin() trust_id = create_trust(trustor=trustor, trustee=trustee, role_names=ctx.roles, expires=expires) conductor.cluster_update(ctx, cluster, {"trust_id": trust_id})
def proxy_user_create(username): '''Create a new user in the proxy domain Creates the username specified with a random password. :param username: The name of the new user. :returns: The password created for the user. ''' admin = k.client_for_admin() domain = domain_for_proxy() password = uuidutils.generate_uuid() b.execute_with_retries( admin.users.create, name=username, password=password, domain=domain.id) LOG.debug('Created proxy user {username}'.format(username=username)) return password
def create_trust_for_cluster(cluster): '''Create a trust for a cluster This delegates a trust from the current user to the Sahara admin user based on the current context roles, and then adds the trust identifier to the cluster object. ''' trustor = keystone.client() ctx = context.current() trustee = keystone.client_for_admin() trust_id = create_trust(trustor=trustor, trustee=trustee, role_names=ctx.roles) conductor.cluster_update(ctx, cluster, {'trust_id': trust_id})
def create_trust_for_cluster(cluster): '''Create a trust for a cluster This delegates a trust from the current user to the Sahara admin user based on the current context roles, and then adds the trust identifier to the cluster object. ''' trustor = keystone.client() ctx = context.current() trustee = keystone.client_for_admin() trust_id = create_trust(trustor=trustor, trustee=trustee, role_names=ctx.roles) conductor.cluster_update(ctx, cluster, {'trust_id': trust_id})
def check_cinder_exists(): services = [service.name for service in keystone.client_for_admin().services.list()] if 'cinder' not in services: raise ex.InvalidException(_("Cinder is not supported"))