Example #1
0
 def delete_tenant(self, tenant_id):
     try:
         old_tenant = self.db.get('tenant-%s' % tenant_id)
     except exception.NotFound:
         raise exception.TenantNotFound(tenant_id=tenant_id)
     self.db.delete('tenant_name-%s' % old_tenant['name'])
     self.db.delete('tenant-%s' % tenant_id)
Example #2
0
    def add_role_to_user(self, context, user_id, role_id, tenant_id=None):
        """Add a role to a user and tenant pair.

        Since we're trying to ignore the idea of user-only roles we're
        not implementing them in hopes that the idea will die off.

        """
        self.assert_admin(context)
        if tenant_id is None:
            raise exception.NotImplemented(message='User roles not supported: '
                                           'tenant_id required')
        if self.identity_api.get_user(context, user_id) is None:
            raise exception.UserNotFound(user_id=user_id)
        if self.identity_api.get_tenant(context, tenant_id) is None:
            raise exception.TenantNotFound(tenant_id=tenant_id)
        if self.identity_api.get_role(context, role_id) is None:
            raise exception.RoleNotFound(role_id=role_id)

        # This still has the weird legacy semantics that adding a role to
        # a user also adds them to a tenant
        self.identity_api.add_user_to_tenant(context, tenant_id, user_id)
        self.identity_api.add_role_to_user_and_tenant(context, user_id,
                                                      tenant_id, role_id)
        role_ref = self.identity_api.get_role(context, role_id)
        return {'role': role_ref}
Example #3
0
    def get_tenant_users(self, context, tenant_id, **kw):
        self.assert_admin(context)
        if self.identity_api.get_tenant(context, tenant_id) is None:
            raise exception.TenantNotFound(tenant_id=tenant_id)

        user_refs = self.identity_api.get_tenant_users(context, tenant_id)
        return {'users': user_refs}
Example #4
0
    def remove_role_from_user(self, context, user_id, role_id, tenant_id=None):
        """Remove a role from a user and tenant pair.

        Since we're trying to ignore the idea of user-only roles we're
        not implementing them in hopes that the idea will die off.

        """
        self.assert_admin(context)
        if tenant_id is None:
            raise exception.NotImplemented(message='User roles not supported: '
                                           'tenant_id required')
        if self.identity_api.get_user(context, user_id) is None:
            raise exception.UserNotFound(user_id=user_id)
        if self.identity_api.get_tenant(context, tenant_id) is None:
            raise exception.TenantNotFound(tenant_id=tenant_id)
        if self.identity_api.get_role(context, role_id) is None:
            raise exception.RoleNotFound(role_id=role_id)

        # This still has the weird legacy semantics that adding a role to
        # a user also adds them to a tenant, so we must follow up on that
        self.identity_api.remove_role_from_user_and_tenant(
            context, user_id, tenant_id, role_id)
        roles = self.identity_api.get_roles_for_user_and_tenant(
            context, user_id, tenant_id)
        if not roles:
            self.identity_api.remove_user_from_tenant(context, tenant_id,
                                                      user_id)
        self.token_api.revoke_tokens(context, user_id, tenant_id)
Example #5
0
    def get_tenant(self, context, tenant_id):
        # TODO(termie): this stuff should probably be moved to middleware
        self.assert_admin(context)
        tenant = self.identity_api.get_tenant(context, tenant_id)
        if tenant is None:
            raise exception.TenantNotFound(tenant_id=tenant_id)

        return {'tenant': tenant}
Example #6
0
    def update_tenant(self, context, tenant_id, tenant):
        self.assert_admin(context)
        if self.identity_api.get_tenant(context, tenant_id) is None:
            raise exception.TenantNotFound(tenant_id=tenant_id)

        tenant_ref = self.identity_api.update_tenant(context, tenant_id,
                                                     tenant)
        return {'tenant': tenant_ref}
Example #7
0
 def get_by_name(self, name, filter=None):  # pylint: disable=W0221,W0613
     search_filter = ('(%s=%s)' % (self.attribute_mapping['name'],
                                   ldap_filter.escape_filter_chars(name)))
     tenants = self.get_all(search_filter)
     try:
         return tenants[0]
     except IndexError:
         raise exception.TenantNotFound(tenant_id=name)
Example #8
0
 def delete_tenant(self, tenant_id):
     session = self.get_session()
     with session.begin():
         session.query(UserTenantMembership)\
                .filter_by(tenant_id=tenant_id).delete(False)
         session.query(Metadata)\
                .filter_by(tenant_id=tenant_id).delete(False)
         if not session.query(Tenant).filter_by(id=tenant_id).delete(False):
             raise exception.TenantNotFound(tenant_id=tenant_id)
Example #9
0
 def update(self, id, values):
     try:
         old_obj = self.get(id)
     except exception.NotFound:
         raise exception.TenantNotFound(tenant_id=id)
     if old_obj['name'] != values['name']:
         msg = 'Changing Name not supported by LDAP'
         raise exception.NotImplemented(message=msg)
     super(TenantApi, self).update(id, values, old_obj)
Example #10
0
    def _assert_valid_tenant_id(self, context, tenant_id):
        """Ensure a valid tenant id.

        :param context: standard context
        :param user_id: expected credential owner
        :raises exception.UserNotFound: on failure

        """
        tenant_ref = self.identity_api.get_tenant(context=context,
                                                  tenant_id=tenant_id)
        if not tenant_ref:
            raise exception.TenantNotFound(tenant_id=tenant_id)
Example #11
0
    def delete_tenant(self, tenant_id):
        session = self.get_session()

        try:
            tenant_ref = session.query(Tenant).filter_by(id=tenant_id).one()
        except sql.NotFound:
            raise exception.TenantNotFound(tenant_id=tenant_id)

        with session.begin():
            q = session.query(UserTenantMembership)
            q = q.filter_by(tenant_id=tenant_id)
            q.delete(False)

            q = session.query(UserProjectMetadata)
            q = q.filter_by(tenant_id=tenant_id)
            q.delete(False)

            if not session.query(Tenant).filter_by(id=tenant_id).delete(False):
                raise exception.TenantNotFound(tenant_id=tenant_id)

            session.delete(tenant_ref)
            session.flush()
Example #12
0
 def create_user(self, context, user):
     user = self._normalize_dict(user)
     self.assert_admin(context)
     tenant_id = user.get('tenantId', None)
     if (tenant_id is not None
             and self.identity_api.get_tenant(context, tenant_id) is None):
         raise exception.TenantNotFound(tenant_id=tenant_id)
     user_id = uuid.uuid4().hex
     user_ref = user.copy()
     user_ref['id'] = user_id
     new_user_ref = self.identity_api.create_user(context, user_id,
                                                  user_ref)
     if tenant_id:
         self.identity_api.add_user_to_tenant(context, tenant_id, user_id)
     return {'user': new_user_ref}
Example #13
0
 def update_project(self, project_id, project):
     session = self.get_session()
     with session.begin():
         ref = session.query(Tenant).filter_by(id=project_id).first()
         if ref is None:
             raise exception.TenantNotFound(project_id=project_id)
         old_dict = ref.to_dict()
         for k in project:
             old_dict[k] = project[k]
         new_project = Tenant.from_dict(old_dict)
         for attr in Tenant.attributes:
             if attr != 'id':
                 setattr(ref, attr, getattr(new_project, attr))
         ref.extra = new_project.extra
         session.flush()
     return ref.to_dict()
Example #14
0
    def update_tenant(self, tenant_id, tenant):
        if 'name' in tenant:
            tenant['name'] = clean.tenant_name(tenant['name'])
        session = self.get_session()
        with session.begin():
            tenant_ref = session.query(Tenant).filter_by(id=tenant_id).first()
            if tenant_ref is None:
                raise exception.TenantNotFound(tenant_id=tenant_id)
            old_tenant_dict = tenant_ref.to_dict()
            for k in tenant:
                old_tenant_dict[k] = tenant[k]
            new_tenant = Tenant.from_dict(old_tenant_dict)

            tenant_ref.name = new_tenant.name
            tenant_ref.extra = new_tenant.extra
            session.flush()
        return tenant_ref
Example #15
0
    def create_user(self, context, user):
        user = self._normalize_dict(user)
        self.assert_admin(context)

        if not 'name' in user or not user['name']:
            msg = 'Name field is required and cannot be empty'
            raise exception.ValidationError(message=msg)

        tenant_id = user.get('tenantId', None)
        if (tenant_id is not None
                and self.identity_api.get_tenant(context, tenant_id) is None):
            raise exception.TenantNotFound(tenant_id=tenant_id)
        user_id = uuid.uuid4().hex
        user_ref = user.copy()
        user_ref['id'] = user_id
        new_user_ref = self.identity_api.create_user(context, user_id,
                                                     user_ref)
        if tenant_id:
            self.identity_api.add_user_to_tenant(context, tenant_id, user_id)
        return {'user': new_user_ref}
Example #16
0
    def update_tenant(self, tenant_id, tenant):
        session = self.get_session()

        if 'name' in tenant:
            tenant['name'] = clean.tenant_name(tenant['name'])

        try:
            tenant_ref = session.query(Tenant).filter_by(id=tenant_id).one()
        except sql.NotFound:
            raise exception.TenantNotFound(tenant_id=tenant_id)

        with session.begin():
            old_tenant_dict = tenant_ref.to_dict()
            for k in tenant:
                old_tenant_dict[k] = tenant[k]
            new_tenant = Tenant.from_dict(old_tenant_dict)
            tenant_ref.name = new_tenant.name
            tenant_ref.extra = new_tenant.extra
            session.flush()
        return tenant_ref.to_dict(include_extra_dict=True)
    def get_user_roles(self, context, user_id, tenant_id=None):
        """Get the roles for a user and tenant pair.

        Since we're trying to ignore the idea of user-only roles we're
        not implementing them in hopes that the idea will die off.

        """
        if tenant_id is None:
            raise exception.NotImplemented(message='User roles not supported: '
                                                   'tenant ID required')

        user = self.identity_api.get_user(context, user_id)
        if user is None:
            raise exception.UserNotFound(user_id=user_id)
        tenant = self.identity_api.get_tenant(context, tenant_id)
        if tenant is None:
            raise exception.TenantNotFound(tenant_id=tenant_id)

        roles = self.identity_api.get_roles_for_user_and_tenant(
                context, user_id, tenant_id)
        return {'roles': [self.identity_api.get_role(context, x)
                          for x in roles]}
Example #18
0
 def update_tenant(self, tenant_id, tenant):
     if 'name' in tenant:
         tenant['name'] = clean.tenant_name(tenant['name'])
         try:
             existing = self.db.get('tenant_name-%s' % tenant['name'])
             if existing and tenant_id != existing['id']:
                 msg = 'Duplicate name, %s.' % tenant['name']
                 raise exception.Conflict(type='tenant', details=msg)
         except exception.NotFound:
             pass
     # get the old name and delete it too
     try:
         old_tenant = self.db.get('tenant-%s' % tenant_id)
     except exception.NotFound:
         raise exception.TenantNotFound(tenant_id=tenant_id)
     new_tenant = old_tenant.copy()
     new_tenant.update(tenant)
     new_tenant['id'] = tenant_id
     self.db.delete('tenant_name-%s' % old_tenant['name'])
     self.db.set('tenant-%s' % tenant_id, new_tenant)
     self.db.set('tenant_name-%s' % new_tenant['name'], new_tenant)
     return new_tenant
Example #19
0
 def get_tenant_by_name(self, tenant_name):
     session = self.get_session()
     tenant_ref = session.query(Tenant).filter_by(name=tenant_name).first()
     if not tenant_ref:
         raise exception.TenantNotFound(tenant_id=tenant_name)
     return tenant_ref.to_dict()
Example #20
0
 def get_tenant(self, tenant_id):
     session = self.get_session()
     tenant_ref = session.query(Tenant).filter_by(id=tenant_id).first()
     if tenant_ref is None:
         raise exception.TenantNotFound(tenant_id=tenant_id)
     return tenant_ref.to_dict()
Example #21
0
    def delete_tenant(self, context, tenant_id, **kw):
        self.assert_admin(context)
        if self.identity_api.get_tenant(context, tenant_id) is None:
            raise exception.TenantNotFound(tenant_id=tenant_id)

        self.identity_api.delete_tenant(context, tenant_id)
Example #22
0
 def get_tenant(self, tenant_id):
     try:
         return self.tenant.get(tenant_id)
     except exception.NotFound:
         raise exception.TenantNotFound(tenant_id=tenant_id)
Example #23
0
 def get_tenant_by_name(self, tenant_name):
     try:
         return self.tenant.get_by_name(tenant_name)
     except exception.NotFound:
         raise exception.TenantNotFound(tenant_id=tenant_name)
Example #24
0
 def get(self, id, filter=None):
     """Replaces exception.NotFound with exception.TenantNotFound."""
     try:
         return super(TenantApi, self).get(id, filter)
     except exception.NotFound:
         raise exception.TenantNotFound(tenant_id=id)
Example #25
0
 def delete_tenant(self, tenant_id):
     try:
         return self.tenant.delete(tenant_id)
     except ldap.NO_SUCH_OBJECT:
         raise exception.TenantNotFound(tenant_id=tenant_id)