def add_to_group(self, user, group): self._require_user_and_group(user, group) base_url = '/groups/%s' % base.getid(group) return super(UserManager, self).put( base_url=base_url, user_id=base.getid(user))
def list(self, project=None, domain=None, group=None, default_project=None, **kwargs): """List users. If project, domain or group are provided, then filter users with those attributes. If ``**kwargs`` are provided, then filter users with attributes matching ``**kwargs``. .. warning:: The project argument is deprecated, use default_project instead. If both default_project and project is provided, the default_project will be used. """ if project: LOG.warning(_LW("The project argument is deprecated, " "use default_project instead.")) default_project_id = base.getid(default_project) or base.getid(project) if group: base_url = '/groups/%s' % base.getid(group) else: base_url = None return super(UserManager, self).list( base_url=base_url, domain_id=base.getid(domain), default_project_id=default_project_id, **kwargs)
def update(self, user, name=None, domain=None, project=None, password=None, email=None, description=None, enabled=None, default_project=None, **kwargs): """Update a user. .. warning:: The project argument is deprecated as of the 1.7.0 release in favor of default_project and may be removed in the 2.0.0 release. If both default_project and project is provided, the default_project will be used. """ default_project_id = base.getid(default_project) or base.getid(project) user_data = base.filter_none(name=name, domain_id=base.getid(domain), default_project_id=default_project_id, password=password, email=email, description=description, enabled=enabled, **kwargs) return self._update('/users/%s' % base.getid(user), {'user': user_data}, 'user', method='PATCH', log=False)
def update(self, credential, user, type=None, blob=None, project=None, **kwargs): """Update a credential. :param credential: the credential to be updated on the server :type credential: str or :class:`keystoneclient.v3.credentials.Credential` :param user: the new user to which the credential belongs :type user: str or :class:`keystoneclient.v3.users.User` :param str type: the new type of the credential, valid values are: ``ec2``, ``cert`` or ``totp`` :param str blob: the new blob of the credential data and may be removed in the future release. :param project: the new project which limits the scope of the credential, this attribute is mandatory if the credential type is ec2 :type project: str or :class:`keystoneclient.v3.projects.Project` :param kwargs: any other attribute provided will be passed to the server :returns: the updated credential :rtype: :class:`keystoneclient.v3.credentials.Credential` """ return super(CredentialManager, self).update( credential_id=base.getid(credential), user_id=base.getid(user), type=type, blob=blob, project_id=base.getid(project), **kwargs)
def create(self, trustee_user, trustor_user, role_names=None, project=None, impersonation=False, expires_at=None): """Create a Trust. :param string trustee_user: user who's authorization is being delegated :param string trustor_user: user who is capable of consuming the trust :param string role_names: subset of trustor's roles to be granted :param string project: project which the trustor is delegating :param boolean impersonation: enable explicit impersonation :param datetime.datetime expires_at: expiry time """ # Convert role_names list into list-of-dict API format if role_names: roles = [{'name': n} for n in role_names] else: roles = None # Convert datetime.datetime expires_at to iso format string if expires_at: expires_str = timeutils.isotime(at=expires_at, subsecond=True) else: expires_str = None return super(TrustManager, self).create( expires_at=expires_str, impersonation=impersonation, project_id=base.getid(project), roles=roles, trustee_user_id=base.getid(trustee_user), trustor_user_id=base.getid(trustor_user))
def create(self, name, domain=None, project=None, password=None, email=None, description=None, enabled=True, default_project=None, **kwargs): """Create a user. .. warning:: The project argument is deprecated as of the 1.7.0 release in favor of default_project and may be removed in the 2.0.0 release. If both default_project and project is provided, the default_project will be used. """ default_project_id = base.getid(default_project) or base.getid(project) user_data = base.filter_none(name=name, domain_id=base.getid(domain), default_project_id=default_project_id, password=password, email=email, description=description, enabled=enabled, **kwargs) return self._post('/users', {'user': user_data}, 'user', log=not bool(password))
def create(self, user, type, blob=None, data=None, project=None, **kwargs): return super(CredentialManager, self).create( user_id=base.getid(user), type=type, blob=self._get_data_blob(blob, data), project_id=base.getid(project), **kwargs)
def create(self, name, domain, description=None, enabled=True, parent=None, **kwargs): """Create a project. :param str name: the name of the project. :param domain: the domain of the project. :type domain: str or :class:`keystoneclient.v3.domains.Domain` :param str description: the description of the project. :param bool enabled: whether the project is enabled. :param parent: the parent of the project in the hierarchy. :type parent: str or :class:`keystoneclient.v3.projects.Project` :param kwargs: any other attribute provided will be passed to the server. :returns: the created project returned from server. :rtype: :class:`keystoneclient.v3.projects.Project` """ # NOTE(rodrigods): the API must be backwards compatible, so if an # application was passing a 'parent_id' before as kwargs, the call # should not fail. If both 'parent' and 'parent_id' are provided, # 'parent' will be preferred. if parent: kwargs['parent_id'] = base.getid(parent) return super(ProjectManager, self).create( domain_id=base.getid(domain), name=name, description=description, enabled=enabled, **kwargs)
def list_user_role_assignments(self, user=None, organization=None, application=None, default_organization=False): """Lists role assignments for users. If no arguments are provided, all role assignments in the system will be listed. :param user: User to be used as query filter. (optional) :param organization: Project to be used as query filter. (optional) :param application: Application to be used as query filter. (optional) :param default_organization: If set to true, the endpoint will filter role assignments only in the default_project_id and the organization param is ignored. (optional) """ query_params = {} if user: query_params['user_id'] = base.getid(user) if organization: query_params['organization_id'] = base.getid(organization) if application: query_params['application_id'] = base.getid(application) if default_organization: query_params['default_organization'] = True base_url = self.base_url + '/users' return super(RoleAssignmentManager, self).list(base_url=base_url, **query_params)
def create(self, service, resource_name, default_limit, description=None, region=None, **kwargs): """Create a registered limit. :param service: a UUID that identifies the service for the limit. :type service: str :param resource_name: the name of the resource to limit. :type resource_name: str :param default_limit: the default limit for projects to assume. :type default_limit: int :param description: a string that describes the limit :type description: str :param region: a UUID that identifies the region for the limit. :type region: str :returns: a reference of the created registered limit. :rtype: :class:`keystoneclient.v3.registered_limits.RegisteredLimit` """ # NOTE(lbragstad): Keystone's registered limit API supports creation of # limits in batches. This client accepts a single limit and passes it # to the identity service as a list of a single item. limit_data = base.filter_none( service_id=base.getid(service), resource_name=resource_name, default_limit=default_limit, description=description, region_id=base.getid(region), **kwargs ) body = {self.collection_key: [limit_data]} resp, body = self.client.post('/registered_limits', body=body) registered_limit = body[self.collection_key].pop() return self.resource_class(self, registered_limit)
def create(self, name, domain=None, project=None, password=None, email=None, description=None, enabled=True, default_project=None, **kwargs): """Create a user. .. warning:: The project argument is deprecated, use default_project instead. If both default_project and project is provided, the default_project will be used. """ if project: LOG.warning("The project argument is deprecated, " "use default_project instead.") default_project_id = base.getid(default_project) or base.getid(project) return super(UserManager, self).create( name=name, domain_id=base.getid(domain), default_project_id=default_project_id, password=password, email=email, description=description, enabled=enabled, **kwargs)
def list(self, domain=None, user=None, **kwargs): """List projects. :param domain: the domain of the projects to be filtered on. :type domain: str or :class:`keystoneclient.v3.domains.Domain` :param user: filter in projects the specified user has role assignments on. :type user: str or :class:`keystoneclient.v3.users.User` :param kwargs: any other attribute provided will filter projects on. Project tags filter keyword: ``tags``, ``tags_any``, ``not_tags``, and ``not_tags_any``. tag attribute type string. Pass in a comma separated string to filter with multiple tags. :returns: a list of projects. :rtype: list of :class:`keystoneclient.v3.projects.Project` """ base_url = '/users/%s' % base.getid(user) if user else None projects = super(ProjectManager, self).list( base_url=base_url, domain_id=base.getid(domain), fallback_to_auth=True, **kwargs) for p in projects: p.tags = self._encode_tags(getattr(p, 'tags', [])) return projects
def remove_from_role(self, role, permission): self._require_role_and_permission(role, permission) base_url = self.base_url + '/roles/%s' % base.getid(role) return super(PermissionManager, self).delete( base_url=base_url, permission_id=base.getid(permission))
def add_to_role(self, role, permission): self._require_role_and_permission(role, permission) base_url = self.base_url + '/roles/%s' % base.getid(role) return super(PermissionManager, self).put( base_url=base_url, permission_id=base.getid(permission))
def check_in_group(self, user, group): self._require_user_and_group(user, group) base_url = '/groups/%s' % base.getid(group) return super(UserManager, self).head( base_url=base_url, user_id=base.getid(user))
def create(self, name, domain, description=None, enabled=True, parent=None, **kwargs): """Create a project. :param str name: project name. :param domain: the project domain. :type domain: :py:class:`keystoneclient.v3.domains.Domain` or str :param str description: the project description. (optional) :param boolean enabled: if the project is enabled. (optional) :param parent: the project's parent in the hierarchy. (optional) :type parent: :py:class:`keystoneclient.v3.projects.Project` or str """ # NOTE(rodrigods): the API must be backwards compatible, so if an # application was passing a 'parent_id' before as kwargs, the call # should not fail. If both 'parent' and 'parent_id' are provided, # 'parent' will be preferred. if parent: kwargs['parent_id'] = base.getid(parent) return super(ProjectManager, self).create( domain_id=base.getid(domain), name=name, description=description, enabled=enabled, **kwargs)
def remove_from_group(self, user, group): self._require_user_and_group(user, group) base_url = '/groups/%s' % base.getid(group) return super(UserManager, self).delete( base_url=base_url, user_id=base.getid(user))
def test_getid(self): self.assertEqual(base.getid(4), 4) class TmpObject(object): id = 4 self.assertEqual(base.getid(TmpObject), 4)
def list(self, project=None, domain=None, group=None, default_project=None, **kwargs): """List users. If project, domain or group are provided, then filter users with those attributes. If ``**kwargs`` are provided, then filter users with attributes matching ``**kwargs``. .. warning:: The project argument is deprecated as of the 1.7.0 release in favor of default_project and may be removed in the 2.0.0 release. If both default_project and project is provided, the default_project will be used. """ default_project_id = base.getid(default_project) or base.getid(project) if group: base_url = '/groups/%s' % base.getid(group) else: base_url = None return super(UserManager, self).list( base_url=base_url, domain_id=base.getid(domain), default_project_id=default_project_id, **kwargs)
def update(self, user, name=None, domain=None, project=None, password=None, email=None, description=None, enabled=None, default_project=None, **kwargs): """Update a user. .. warning:: The project argument is deprecated, use default_project instead. If both default_project and project is provided, the default_project will be used. """ if project: LOG.warning(_LW("The project argument is deprecated, " "use default_project instead.")) default_project_id = base.getid(default_project) or base.getid(project) user_data = base.filter_none(name=name, domain_id=base.getid(domain), default_project_id=default_project_id, password=password, email=email, description=description, enabled=enabled, **kwargs) return self._update('/users/%s' % base.getid(user), {'user': user_data}, 'user', method='PATCH', log=False)
def create(self, user, type, blob, project=None, **kwargs): """Create a credential. :param user: the user to which the credential belongs :type user: str or :class:`keystoneclient.v3.users.User` :param str type: the type of the credential, valid values are: ``ec2``, ``cert`` or ``totp`` :param str blob: the arbitrary blob of the credential data, to be parsed according to the type :param project: the project which limits the scope of the credential, this attribbute is mandatory if the credential type is ec2 :type project: str or :class:`keystoneclient.v3.projects.Project` :param kwargs: any other attribute provided will be passed to the server :returns: the created credential :rtype: :class:`keystoneclient.v3.credentials.Credential` """ return super(CredentialManager, self).create( user_id=base.getid(user), type=type, blob=blob, project_id=base.getid(project), **kwargs)
def create(self, name, domain=None, project=None, password=None, email=None, description=None, enabled=True, default_project=None, **kwargs): """Create a user. .. warning:: The project argument is deprecated, use default_project instead. If both default_project and project is provided, the default_project will be used. """ if project: LOG.warning(_LW("The project argument is deprecated, " "use default_project instead.")) default_project_id = base.getid(default_project) or base.getid(project) user_data = base.filter_none(name=name, domain_id=base.getid(domain), default_project_id=default_project_id, password=password, email=email, description=description, enabled=enabled, **kwargs) return self._create('/users', {'user': user_data}, 'user', log=not bool(password))
def list(self, trustee_user=None, trustor_user=None, **kwargs): """List Trusts.""" trustee_user_id = base.getid(trustee_user) trustor_user_id = base.getid(trustor_user) return super(TrustManager, self).list(trustee_user_id=trustee_user_id, trustor_user_id=trustor_user_id, **kwargs)
def update_password(self, user, password): """Update password.""" params = {"user": {"id": base.getid(user), "password": password}} return self._update("/users/%s/OS-KSADM/password" % base.getid(user), params, "user", log=False)
def create(self, project, service, resource_name, resource_limit, description=None, region=None, **kwargs): """Create a project-specific limit. :param project: the project to create a limit for. :type project: str or :class:`keystoneclient.v3.projects.Project` :param service: the service that owns the resource to limit. :type service: str or :class:`keystoneclient.v3.services.Service` :param resource_name: the name of the resource to limit :type resource_name: str :param resource_limit: the quantity of the limit :type resource_limit: int :param description: a description of the limit :type description: str :param region: region the limit applies to :type region: str or :class:`keystoneclient.v3.regions.Region` :returns: a reference of the created limit :rtype: :class:`keystoneclient.v3.limits.Limit` """ limit_data = base.filter_none( project_id=base.getid(project), service_id=base.getid(service), resource_name=resource_name, resource_limit=resource_limit, description=description, region_id=base.getid(region), **kwargs ) body = {self.collection_key: [limit_data]} resp, body = self.client.post('/limits', body=body) limit = body[self.collection_key].pop() return self.resource_class(self, limit)
def update(self, registered_limit, service=None, resource_name=None, default_limit=None, description=None, region=None, **kwargs): """Update a registered limit. :param registered_limit: the UUID or reference of the registered limit to update. :param registered_limit: str or :class:`keystoneclient.v3.registered_limits.RegisteredLimit` :param service: a UUID that identifies the service for the limit. :type service: str :param resource_name: the name of the resource to limit. :type resource_name: str :param default_limit: the default limit for projects to assume. :type default_limit: int :param description: a string that describes the limit :type description: str :param region: a UUID that identifies the region for the limit. :type region: str :returns: a reference of the updated registered limit. :rtype: :class:`keystoneclient.v3.registered_limits.RegisteredLimit` """ return super(RegisteredLimitManager, self).update( registered_limit_id=base.getid(registered_limit), service_id=base.getid(service), resource_name=resource_name, default_limit=default_limit, description=description, region=region, **kwargs )
def update_enabled(self, user, enabled): """Update enabled-ness.""" params = {"user": {"id": base.getid(user), "enabled": enabled}} self._update("/users/%s/OS-KSADM/enabled" % base.getid(user), params, "user")
def update(self, credential, user, type=None, blob=None, data=None, project=None, **kwargs): """Update a credential. :param credential: Credential to update :type credential: :class:`Credential` or str :param user: User :type user: :class:`keystoneclient.v3.users.User` or str :param str type: credential type, should be either ``ec2`` or ``cert`` :param JSON blob: Credential data :param JSON data: Deprecated as of the 1.7.0 release in favor of blob and may be removed in the 2.0.0 release. :param project: Project :type project: :class:`keystoneclient.v3.projects.Project` or str :param kwargs: Extra attributes passed to create. :raises ValueError: if one of ``blob`` or ``data`` is not specified. """ return super(CredentialManager, self).update( credential_id=base.getid(credential), user_id=base.getid(user), type=type, blob=self._get_data_blob(blob, data), project_id=base.getid(project), **kwargs)
def update(self, limit, project=None, service=None, resource_name=None, resource_limit=None, description=None, **kwargs): """Update a project-specific limit. :param limit: a limit to update :param project: the project ID of the limit to update :type project: str or :class:`keystoneclient.v3.projects.Project` :param resource_limit: the limit of the limit's resource to update :type: resource_limit: int :param description: a description of the limit :type description: str :returns: a reference of the updated limit. :rtype: :class:`keystoneclient.v3.limits.Limit` """ return super(LimitManager, self).update( limit_id=base.getid(limit), project_id=base.getid(project), service_id=base.getid(service), resource_name=resource_name, resource_limit=resource_limit, description=description, **kwargs )
def update(self, credential, user, type=None, data=None, project=None): return super(CredentialManager, self).update( credential_id=base.getid(credential), user_id=base.getid(user), type=type, data=data, project_id=base.getid(project))
def check_in_group(self, user, group): self._require_user_and_group(user, group) base_url = '/groups/%s' % base.getid(group) return super(UserManager, self).head(base_url=base_url, user_id=base.getid(user))
def endpoints(self, token): return self._get("/tokens/%s/endpoints" % base.getid(token), "token")
def delete(self, domain): return super(DomainManager, self).delete(domain_id=base.getid(domain))
def update(self, entity, blob=None, type=None): return super(PolicyManager, self).update(policy_id=base.getid(entity), blob=blob, type=type)
def update_password(self, user, password): """Update password.""" params = {"user": {"id": base.getid(user), "password": password}} return self._update("/users/%s/OS-KSADM/password" % base.getid(user), params, "user")
def get(self, user): return self._get("/users/%s" % base.getid(user), "user")
def list_roles(self, user, tenant=None): return self.api.roles.roles_for_user(base.getid(user), base.getid(tenant))
def delete(self, trust): """Delete a trust.""" return super(TrustManager, self).delete(trust_id=base.getid(trust))
def add_to_group(self, user, group): self._require_user_and_group(user, group) base_url = '/groups/%s' % base.getid(group) return super(UserManager, self).put(base_url=base_url, user_id=base.getid(user))
def get(self, user): return super(UserManager, self).get(user_id=base.getid(user))
def update(self, role, name=None): return super(RoleManager, self).update(role_id=base.getid(role), name=name)
def get(self, role): return super(RoleManager, self).get(role_id=base.getid(role))
def delete(self, user): """Delete a user.""" return self._delete("/users/%s" % base.getid(user))
def remove_from_group(self, user, group): self._require_user_and_group(user, group) base_url = '/groups/%s' % base.getid(group) return super(UserManager, self).delete(base_url=base_url, user_id=base.getid(user))
def list_roles(self, tenant=None): return self.manager.list_roles(self.id, base.getid(tenant))
def delete(self, user): return super(UserManager, self).delete(user_id=base.getid(user))
def list_users(self, tenant): """ List users for a tenant. """ return self.api.users.list(base.getid(tenant))
def get(self, policy): return super(PolicyManager, self).get(policy_id=base.getid(policy))
def add_user(self, user, role): return self.manager.api.roles.add_user_role(base.getid(user), base.getid(role), self.id)
def delete(self, policy): return super(PolicyManager, self).delete(policy_id=base.getid(policy))
def list_users(self, tenant): """List users for a tenant.""" return self.user_manager.list(base.getid(tenant))
def get(self, domain): return super(DomainManager, self).get(domain_id=base.getid(domain))
def add_user(self, tenant, user, role): """Add a user to a tenant with the given role.""" return self.role_manager.add_user_role(base.getid(user), base.getid(role), base.getid(tenant))
def delete(self, token): return self._delete("/tokens/%s" % base.getid(token))
def remove_user(self, tenant, user, role): """Remove the specified role from the user on the tenant.""" return self.role_manager.remove_user_role(base.getid(user), base.getid(role), base.getid(tenant))
def delete(self, tenant): """ Delete a tenant. """ return self._delete("/tenants/%s" % (base.getid(tenant)))
def remove_user(self, user, role): return self.manager.role_manager.remove_user_role(base.getid(user), base.getid(role), self.id)
def delete(self, role): return super(RoleManager, self).delete(role_id=base.getid(role))
def get(self, trust): """Get a specific trust.""" return super(TrustManager, self).get(trust_id=base.getid(trust))