def do_user_role_list(kc, args): """List roles granted to a user.""" if args.tenant: tenant_id = utils.find_resource(kc.tenants, args.tenant).id elif args.tenant_id: tenant_id = args.tenant_id else: # use the authenticated tenant id as a default tenant_id = kc.auth_tenant_id if args.user: user_id = utils.find_resource(kc.users, args.user).id elif args.user_id: user_id = args.user_id else: # use the authenticated user id as a default user_id = kc.auth_user_id roles = kc.roles.roles_for_user(user=user_id, tenant=tenant_id) # this makes the command output a bit more intuitive for role in roles: role.user_id = user_id role.tenant_id = tenant_id utils.print_list(roles, ['id', 'name', 'user_id', 'tenant_id'], order_by='name')
def get_course_users(course): ks = get_keystone_session() projects = get_projects(course) instructor_project_name = list(projects['instructors'].keys())[0] instructor_project_id = list(projects['instructors'].values())[0] user_list = ks.users.list() role_assignments_list = ks.role_assignments.list( role=utils.find_resource(ks.roles, 'user').id) role_dict = {} for role in role_assignments_list: # Filter out any "Group" projects if 'roup' not in utils.find_resource(ks.projects, role.scope['project']['id']).name: role_dict[role.user['id']] = role.scope['project']['id'] user_dict = {} for user in user_list: if '100' in user.name or '@' in user.name: if user.id in role_dict: project_name = course + '-' + user.name if project_name in projects['students']: if role_dict[ user.id] == projects['students'][project_name]: user_dict[user.name] = project_name else: if role_dict[user.id] == instructor_project_id: user_dict[user.name] = instructor_project_name return dict(sorted(user_dict.items())) # Return list alphabetically
def do_user_role_add(kc, args): """Add role to user.""" user = utils.find_resource(kc.users, args.user) role = utils.find_resource(kc.roles, args.role) if args.tenant: tenant = utils.find_resource(kc.tenants, args.tenant) elif args.tenant_id: tenant = args.tenant_id else: tenant = None kc.roles.add_user_role(user, role, tenant)
def do_user_role_remove(kc, args): """Remove role from user.""" user = utils.find_resource(kc.users, args.user) role = utils.find_resource(kc.roles, args.role) if args.tenant: tenant = utils.find_resource(kc.tenants, args.tenant) elif args.tenant_id: tenant = args.tenant_id else: tenant = None kc.roles.remove_user_role(user, role, tenant)
def do_user_role_add(kc, args): """Add role to user""" user = utils.find_resource(kc.users, args.user) role = utils.find_resource(kc.roles, args.role) if args.tenant: tenant = utils.find_resource(kc.projects, args.tenant) elif args.tenant_id: tenant = args.tenant_id else: tenant = None if args.domain: domain = utils.find_resource(kc.domains, args.domain) elif args.domain_id: domain = args.domain_id else: domain = None kc.roles.grant(role, user, domain, tenant)
def do_user_list(kc, args): """List users.""" if args.tenant: tenant_id = utils.find_resource(kc.tenants, args.tenant).id else: tenant_id = None users = kc.users.list(tenant_id=tenant_id) utils.print_list(users, ["id", "name", "enabled", "email"], order_by="name")
def get_tenant_id(token, auth_url, tenant): """get tenant uuid by tenant name""" keystone = ks_client.Client(token=token, endpoint=auth_url, timeout=10) try: return utils.find_resource(keystone.tenants, unicode(tenant)).id except: pass
def do_user_password_update(kc, args): """Update user password.""" user = utils.find_resource(kc.users, args.user) new_passwd = args.passwd or utils.prompt_for_password() if new_passwd is None: msg = "\nPlease specify password using the --pass option " "or using the prompt" sys.exit(msg) kc.users.update_password(user, new_passwd)
def do_endpoint_create(kc, args): """Create a new endpoint associated with a service.""" service_id = utils.find_resource(kc.services, args.service).id endpoint = kc.endpoints.create(args.region, service_id, args.publicurl, args.adminurl, args.internalurl) utils.print_dict(endpoint._info)
def do_user_list(kc, args): """List users.""" if args.tenant: tenant_id = utils.find_resource(kc.tenants, args.tenant).id else: tenant_id = None users = kc.users.list(tenant_id=tenant_id) utils.print_list(users, ['id', 'name', 'enabled', 'email'], order_by='name')
def do_user_password_update(kc, args): """Update user password.""" user = utils.find_resource(kc.users, args.user) new_passwd = args.passwd or utils.prompt_for_password() if new_passwd is None: msg = ("\nPlease specify password using the --pass option " "or using the prompt") sys.exit(msg) kc.users.update_password(user, new_passwd)
def do_policy_create(kc, args): """Create new user""" import json service = utils.find_resource(kc.services, args.service) try: with open(args.policy,"r") as f: blob = json.load(f,object_hook=utils.convert) except IOError as e: print "I/O error({0}): {1}".format(e.errno, e.strerror) policy = kc.policies.create(json.dumps(blob), service.id,args.type) utils.print_dict(policy._info,100)
def get_tenant_id(token, auth_url, tenant): """get tenant uuid by tenant name""" keystone = ks_client.Client( token = token, endpoint = auth_url, timeout = 10) try: return utils.find_resource(keystone.tenants, unicode(tenant)).id except: pass
def do_tenant_create(kc, args): """Create new tenant""" domain_id = args.domain_id if not domain_id: domain = utils.find_resource(kc.domains, kc.project_domain_name) domain_id = domain.id tenant = kc.projects.create(args.name, domain_id, description=args.description, enabled=utils.string_to_bool(args.enabled)) utils.print_dict(tenant._info)
def do_user_create(kc, args): """Create new user""" domain_id = args.domain_id if not domain_id: domain = utils.find_resource(kc.domains, kc.project_domain_name) domain_id = domain.id user = kc.users.create(name=args.name, password=args.passwd, email=args.email, project=args.tenant_id, domain=domain_id, enabled=utils.string_to_bool(args.enabled)) utils.print_dict(user._info)
def test_find_resource(self): body = {"users": [{"name": 'entity_one'}]} get_mock = self.useFixture(fixtures.MockPatchObject( self.client, 'get', autospec=True, side_effect=[exceptions.NotFound, (self.request_resp, body)]) ).mock mgr = users.UserManager(self.client) mgr.resource_class = users.User response = base_utils.find_resource(mgr, 'entity_one') get_mock.assert_called_with('/users?name=entity_one') self.assertEqual(response.request_ids[0], TEST_REQUEST_ID)
def do_user_create(kc, args): """Create new user""" if args.tenant: tenant_id = utils.find_resource(kc.tenants, args.tenant).id elif args.tenant_id: tenant_id = args.tenant_id else: tenant_id = None user = kc.users.create(args.name, args.passwd, args.email, tenant_id=tenant_id, enabled=utils.string_to_bool(args.enabled)) utils.print_dict(user._info)
def get_project_role(username, project): # Check if the user has the 'user' role in a given project ks = get_keystone_session() try: user_id = utils.find_resource(ks.users, username).id except keystoneclient.exceptions.CommandError: return False user_role_id = utils.find_resource(ks.roles, 'user').id project_id = get_project_id(project) role = ks.role_assignments.list(user=user_id, role=user_role_id, project=project_id) try: if role[0].scope['project']['id'] == project_id: return True else: return False except IndexError: # "role" value is returned as empty, meaning user doesn't exist period return False
def test_find_resource(self): body = {"users": [{"name": 'entity_one'}]} get_mock = self.useFixture( fixtures.MockPatchObject( self.client, 'get', autospec=True, side_effect=[exceptions.NotFound, (self.request_resp, body)])).mock mgr = users.UserManager(self.client) mgr.resource_class = users.User response = base_utils.find_resource(mgr, 'entity_one') get_mock.assert_called_with('/users?name=entity_one') self.assertEqual(response.request_ids[0], TEST_REQUEST_ID)
def do_tenant_update(kc, args): """Update tenant name, description, enabled status""" tenant = utils.find_resource(kc.projects, args.tenant) kwargs = {} if args.name: kwargs.update({'name': args.name}) if args.description is not None: kwargs.update({'description': args.description}) if args.enabled: kwargs.update({'enabled': utils.string_to_bool(args.enabled)}) if kwargs == {}: print "Tenant not updated, no arguments present." return tenant.update(**kwargs)
def toggle_ta_status(username, course, current_role): from app.email_model import send_ta_info ks = get_keystone_session() project_list = get_projects(course) instructor_project_id = list(project_list['instructors'].values())[0] if current_role == 'student': # Promote the student to TA status if project_list['students'].get(course + '-' + username): from app.neutron_model import async_delete_user_networks, list_project_network_details student_project_id = project_list['students'][course + '-' + username] async_delete_user_networks.delay( list_project_network_details(course), course + '-' + username) ks.projects.delete(project_list['students'][course + '-' + username]) ks.roles.grant(utils.find_resource(ks.roles, 'user').id, user=get_user_id(username), project=instructor_project_id) send_ta_info(username, course) elif current_role == 'ta': # Demote the TA to student status from app.neutron_model import async_create_user_networks, list_project_network_details user_id = get_user_id(username) user_role_id = utils.find_resource(ks.roles, 'user').id ks.roles.revoke(user_role_id, user=user_id, project=instructor_project_id) project_name = course + '-' + username add_project(project_name) ks.roles.grant(user_role_id, user=user_id, project=utils.find_resource(ks.projects, project_name).id) async_create_user_networks.delay(list_project_network_details(course), project_name)
def create_resources(self, keystone_client=None): with self._uuid_cf.batch(queue_size=self._batch_size) as uuid_batch, self._fqname_cf.batch( queue_size=self._batch_size ) as fqname_batch: for project_idx in range(self._project_amount): name = "project-%d" % project_idx fq_name = ["default-domain", name] attr = {"parent_type": "domain"} if keystone_client: try: project = kutils.find_resource(keystone_client.tenants, name) attr["uuid"] = str(uuid.UUID(project.id)) except kexceptions.CommandError: keystone_client.tenants.create(tenant_name=name, description=name, enabled=True) self._create_resource("project", fq_name, attr, uuid_batch, fqname_batch)
def do_bootstrap(kc, args): """Grants an existing role to a new user on a new tenant.""" tenant = kc.tenants.create(tenant_name=args.tenant) print args.role role = utils.find_resource(kc.roles, args.role) user = kc.users.create(name=args.user, password=args.passwd, email=None) kc.roles.add_user_role(user=user, role=role, tenant=tenant) # verify the result user_client = client.Client( username=args.user, password=args.passwd, tenant_name=args.tenant, auth_url=kc.management_url) user_client.authenticate()
def do_tenant_update(kc, args): """Update tenant name, description, enabled status.""" tenant = utils.find_resource(kc.tenants, args.tenant) kwargs = {} if args.name: kwargs.update({"name": args.name}) if args.description is not None: kwargs.update({"description": args.description}) if args.enabled: kwargs.update({"enabled": utils.string_to_bool(args.enabled)}) if kwargs == {}: print("Tenant not updated, no arguments present.") return tenant.update(**kwargs)
def test_find_resource(self): body = {"roles": [{"name": 'entity_one'}, {"name": 'entity_one_1'}]} request_resp = requests.Response() request_resp.headers['x-openstack-request-id'] = TEST_REQUEST_ID get_mock = self.useFixture(fixtures.MockPatchObject( self.client, 'get', autospec=True, side_effect=[exceptions.NotFound, (request_resp, body)]) ).mock mgr = roles.RoleManager(self.client) mgr.resource_class = roles.Role response = base_utils.find_resource(mgr, 'entity_one') get_mock.assert_called_with('/OS-KSADM/roles') self.assertEqual(response.request_ids[0], TEST_REQUEST_ID)
def do_domain_update(kc, args): """Update a domain name, description or/and enabled status.""" kwargs = {} if args.name: kwargs['name'] = args.name if args.description: kwargs['description'] = args.description if args.enabled: kwargs['enabled'] = utils.string_to_bool(args.enabled) if not len(kwargs): print "Domain not updated, no arguments present." return domain = utils.find_resource(kc.domains, args.domain) updt_domain = kc.domains.update(domain=domain, **kwargs) utils.print_dict(updt_domain._info)
def do_tenant_update(kc, args): """Update tenant name, description, enabled status.""" tenant = utils.find_resource(kc.tenants, args.tenant) kwargs = {} if args.name: kwargs.update({'name': args.name}) if args.description is not None: kwargs.update({'description': args.description}) if args.enabled: kwargs.update({'enabled': strutils.bool_from_string(args.enabled)}) if kwargs == {}: print(_("Tenant not updated, no arguments present.")) return tenant.update(**kwargs)
def do_user_create(kc, args): """Create new user.""" if args.tenant: tenant_id = utils.find_resource(kc.tenants, args.tenant).id elif args.tenant_id: tenant_id = args.tenant_id else: tenant_id = None new_passwd = args.passwd if args.passwd is ASK_FOR_PASSWORD: new_passwd = utils.prompt_for_password() user = kc.users.create(args.name, new_passwd, args.email, tenant_id=tenant_id, enabled=strutils.bool_from_string(args.enabled)) utils.print_dict(user._info)
def do_tenant_update(kc, args): """Update tenant name, description, enabled status.""" tenant = utils.find_resource(kc.tenants, args.tenant) kwargs = {} if args.name: kwargs.update({'name': args.name}) if args.description is not None: kwargs.update({'description': args.description}) if args.enabled: kwargs.update({'enabled': strutils.bool_from_string(args.enabled)}) if kwargs == {}: print("Tenant not updated, no arguments present.") return tenant.update(**kwargs)
def add_role(username, project, course): ks = get_keystone_session() uid = get_user_id(username) #pid = get_projects(course)['students'][project] pid = get_project_id(project) user_role_id = utils.find_resource(ks.roles, 'user').id if not uid or not pid: return False if not get_project_role(uid, pid): ks = get_keystone_session() result = ks.roles.grant(user_role_id, user=uid, project=pid) if not result: return False return True
def do_tenant_update(kc, args): """Update tenant name, description, enabled status""" tenant = utils.find_resource(kc.tenants, args.tenant) kwargs = {} if args.name: kwargs.update({'name': args.name}) if args.description: kwargs.update({'description': args.description}) if args.enabled: kwargs.update({'enabled': utils.string_to_bool(args.enabled)}) if args.props: kwargs.update(dict([arg.split('=') for arg in args.props])) if kwargs == {}: print "Tenant not updated, no arguments present." return tenant.update(kwargs)
def test_find_resource(self): body = {"roles": [{"name": 'entity_one'}, {"name": 'entity_one_1'}]} request_resp = requests.Response() request_resp.headers['x-openstack-request-id'] = TEST_REQUEST_ID get_mock = self.useFixture( fixtures.MockPatchObject( self.client, 'get', autospec=True, side_effect=[exceptions.NotFound, (request_resp, body)])).mock mgr = roles.RoleManager(self.client) mgr.resource_class = roles.Role response = base_utils.find_resource(mgr, 'entity_one') get_mock.assert_called_with('/OS-KSADM/roles') self.assertEqual(response.request_ids[0], TEST_REQUEST_ID)
def delete_users(to_delete, course): ks = get_keystone_session() user_list = get_course_users(course) user_role_id = utils.find_resource(ks.roles, 'user').id project_list = get_projects(course) for username in to_delete: if 'nstructors' in to_delete[username]: ks.roles.revoke(role=user_role_id, user=get_user_id(username), project=get_project_id(to_delete[username])) else: from app.neutron_model import async_delete_user_networks, list_project_network_details async_delete_user_networks.delay( list_project_network_details(course), to_delete[username]) ks.projects.delete(project_list['students'][course + '-' + username])
def do_user_create(kc, args): """Create new user""" if args.tenant: tenant_id = utils.find_resource(kc.tenants, args.tenant).id elif args.tenant_id: tenant_id = args.tenant_id else: tenant_id = None new_passwd = args.passwd if args.passwd is ASK_FOR_PASSWORD: new_passwd = utils.prompt_for_password() user = kc.users.create(args.name, new_passwd, args.email, tenant_id=tenant_id, enabled=strutils.bool_from_string(args.enabled)) utils.print_dict(user._info)
def do_user_update(kc, args): """Update user's name, email, and enabled status""" kwargs = {} if args.name: kwargs['name'] = args.name if args.email: kwargs['email'] = args.email if args.enabled: kwargs['enabled'] = utils.string_to_bool(args.enabled) if not len(kwargs): print "User not updated, no arguments present." return user = utils.find_resource(kc.users, args.user) try: kc.users.update(user, **kwargs) print 'User has been updated.' except Exception as e: print 'Unable to update user: %s' % e
def do_user_update(kc, args): """Update user's name, email, and enabled status.""" kwargs = {} if args.name: kwargs['name'] = args.name if args.email is not None: kwargs['email'] = args.email if args.enabled: kwargs['enabled'] = strutils.bool_from_string(args.enabled) if not len(kwargs): print(_("User not updated, no arguments present.")) return user = utils.find_resource(kc.users, args.user) try: kc.users.update(user, **kwargs) print(_('User has been updated.')) except Exception as e: print(_('Unable to update user: %s') % e)
def do_user_update(kc, args): """Update user's name, email, and enabled status.""" kwargs = {} if args.name: kwargs['name'] = args.name if args.email is not None: kwargs['email'] = args.email if args.enabled: kwargs['enabled'] = strutils.bool_from_string(args.enabled) if not len(kwargs): print("User not updated, no arguments present.") return user = utils.find_resource(kc.users, args.user) try: kc.users.update(user, **kwargs) print('User has been updated.') except Exception as e: print('Unable to update user: %s' % e)
def create_resources(self, keystone_client=None): with self._uuid_cf.batch(queue_size=self._batch_size) as uuid_batch,\ self._fqname_cf.batch(queue_size=self._batch_size) as \ fqname_batch: for project_idx in range(self._project_amount): name = 'project-%d' % project_idx fq_name = [ 'default-domain', name, ] attr = { 'parent_type': 'domain', } if keystone_client: try: project = kutils.find_resource(keystone_client.tenants, name) attr['uuid'] = str(uuid.UUID(project.id)) except kexceptions.CommandError: keystone_client.tenants.create(tenant_name=name, description=name, enabled=True) self._create_resource('project', fq_name, attr, uuid_batch, fqname_batch)
def do_user_get(kc, args): """Display user details.""" user = utils.find_resource(kc.users, args.user) utils.print_dict(user._info)
def test_find_by_str_id(self): output = utils.find_resource(self.manager, '1234') self.assertEqual(output, self.manager.resources['1234'])
def do_role_delete(kc, args): """Delete role.""" role = utils.find_resource(kc.roles, args.role) kc.roles.delete(role)
def do_role_get(kc, args): """Display role details.""" role = utils.find_resource(kc.roles, args.role) utils.print_dict(role._info)
def do_service_delete(kc, args): """Delete service from Service Catalog.""" service = utils.find_resource(kc.services, args.service) kc.services.delete(service.id)
def do_service_get(kc, args): """Display service from Service Catalog.""" service = utils.find_resource(kc.services, args.service) utils.print_dict(service._info)
def test_find_by_uuid(self): uuid = '8e8ec658-c7b0-4243-bdf8-6f7f2952c0d0' output = utils.find_resource(self.manager, uuid) self.assertEqual(output, self.manager.resources[uuid])
def test_find_by_int_name(self): output = utils.find_resource(self.manager, 9876) self.assertEqual(output, self.manager.resources['5678'])
def test_find_by_str_name(self): output = utils.find_resource(self.manager, 'entity_one') self.assertEqual(output, self.manager.resources['1234'])