def proxy_domain_users_list():
'''Return a list of all users in the proxy domain.'''
admin = k.client_for_admin()
domain = domain_for_proxy()
if domain:
return b.execute_with_retries(admin.users.list, domain=domain.id)
return []
def proxy_domain_users_list():
'''Return a list of all users in the proxy domain.'''
admin = k.client_for_admin()
domain = domain_for_proxy()
if domain:
return admin.users.list(domain=domain.id)
return []
def proxy_user_delete(username=None, user_id=None):
'''Delete the user from the proxy domain.
:param username: The name of the user to delete.
:param user_id: The id of the user to delete, if provided this overrides
the username.
:raises NotFoundException: If there is an error locating the user in the
proxy domain.
'''
admin = k.client_for_admin()
if not user_id:
domain = domain_for_proxy()
user_list = b.execute_with_retries(admin.users.list,
domain=domain.id,
name=username)
if len(user_list) == 0:
raise ex.NotFoundException(
value=username, message_template=_('Failed to find user %s'))
if len(user_list) > 1:
raise ex.NotFoundException(
value=username,
message_template=_('Unexpected results found when searching '
'for user %s'))
user_id = user_list[0].id
b.execute_with_retries(admin.users.delete, user_id)
LOG.debug('Deleted proxy user id {user_id}'.format(user_id=user_id))
def proxy_user_delete(username=None, user_id=None):
'''Delete the user from the proxy domain.
:param username: The name of the user to delete.
:param user_id: The id of the user to delete, if provided this overrides
the username.
:raises NotFoundException: If there is an error locating the user in the
proxy domain.
'''
admin = k.client_for_admin()
if not user_id:
domain = domain_for_proxy()
user_list = b.execute_with_retries(
admin.users.list, domain=domain.id, name=username)
if len(user_list) == 0:
raise ex.NotFoundException(
value=username,
message_template=_('Failed to find user %s'))
if len(user_list) > 1:
raise ex.NotFoundException(
value=username,
message_template=_('Unexpected results found when searching '
'for user %s'))
user_id = user_list[0].id
b.execute_with_retries(admin.users.delete, user_id)
LOG.debug('Deleted proxy user id {user_id}'.format(user_id=user_id))
def check_cinder_exists():
services = [
service.name
for service in keystone.client_for_admin().services.list()
]
if 'cinder' not in services:
raise ex.InvalidReferenceException(_("Cinder is not supported"))
def proxy_domain_users_list():
'''Return a list of all users in the proxy domain.'''
admin = k.client_for_admin()
domain = domain_for_proxy()
if domain:
return admin.users.list(domain=domain.id)
return []
def proxy_domain_users_list():
'''Return a list of all users in the proxy domain.'''
admin = k.client_for_admin()
domain = domain_for_proxy()
if domain:
return b.execute_with_retries(admin.users.list, domain=domain.id)
return []
def domain_for_proxy():
'''Return the proxy domain or None
If configured to use the proxy domain, this function will return that
domain. If not configured to use the proxy domain, this function will
return None. If the proxy domain can't be found this will raise an
exception.
:returns: A Keystone Domain object or None.
:raises ConfigurationError: If the domain is requested but not specified.
:raises NotFoundException: If the domain name is specified but cannot be
found.
'''
if CONF.use_domain_for_proxy_users is False:
return None
if CONF.proxy_user_domain_name is None:
raise ex.ConfigurationError(_('Proxy domain requested but not '
'specified.'))
admin = k.client_for_admin()
global PROXY_DOMAIN
if not PROXY_DOMAIN:
domain_list = admin.domains.list(name=CONF.proxy_user_domain_name)
if len(domain_list) == 0:
raise ex.NotFoundException(value=CONF.proxy_user_domain_name,
message=_('Failed to find domain %s'))
# the domain name should be globally unique in Keystone
if len(domain_list) > 1:
raise ex.NotFoundException(value=CONF.proxy_user_domain_name,
message=_('Unexpected results found '
'when searching for domain '
'%s'))
PROXY_DOMAIN = domain_list[0]
return PROXY_DOMAIN
def domain_for_proxy():
'''Return the proxy domain or None
If configured to use the proxy domain, this function will return that
domain. If not configured to use the proxy domain, this function will
return None. If the proxy domain can't be found this will raise an
exception.
:returns: A Keystone Domain object or None.
:raises ConfigurationError: If the domain is requested but not specified.
:raises NotFoundException: If the domain name is specified but cannot be
found.
'''
if CONF.use_domain_for_proxy_users is False:
return None
if CONF.proxy_user_domain_name is None:
raise ex.ConfigurationError(_('Proxy domain requested but not '
'specified.'))
admin = k.client_for_admin()
global PROXY_DOMAIN
if not PROXY_DOMAIN:
domain_list = admin.domains.list(name=CONF.proxy_user_domain_name)
if len(domain_list) == 0:
raise ex.NotFoundException(value=CONF.proxy_user_domain_name,
message=_('Failed to find domain %s'))
# the domain name should be globally unique in Keystone
if len(domain_list) > 1:
raise ex.NotFoundException(value=CONF.proxy_user_domain_name,
message=_('Unexpected results found '
'when searching for domain '
'%s'))
PROXY_DOMAIN = domain_list[0]
return PROXY_DOMAIN
def create_trust(cluster):
client = keystone.client()
ctx = context.current()
trustee_id = keystone.client_for_admin().user_id
trust = client.trusts.create(trustor_user=client.user_id,
trustee_user=trustee_id,
impersonation=True,
role_names=ctx.roles,
project=client.tenant_id)
conductor.cluster_update(ctx, cluster, {'trust_id': trust.id})
def create_trust(cluster):
client = keystone.client()
ctx = context.current()
trustee_id = keystone.client_for_admin().user_id
trust = client.trusts.create(
trustor_user=client.user_id,
trustee_user=trustee_id,
impersonation=True,
role_names=ctx.roles,
project=client.tenant_id,
)
conductor.cluster_update(ctx, cluster, {"trust_id": trust.id})
def proxy_user_create(username):
'''Create a new user in the proxy domain
Creates the username specified with a random password.
:param username: The name of the new user.
:returns: The password created for the user.
'''
admin = k.client_for_admin()
domain = domain_for_proxy()
password = six.text_type(uuid.uuid4())
admin.users.create(name=username, password=password, domain=domain.id)
LOG.debug(_('created proxy user {0}').format(username))
return password
def proxy_user_create(username):
'''Create a new user in the proxy domain
Creates the username specified with a random password.
:param username: The name of the new user.
:returns: The password created for the user.
'''
admin = k.client_for_admin()
domain = domain_for_proxy()
password = six.text_type(uuid.uuid4())
admin.users.create(name=username, password=password, domain=domain.id)
LOG.debug(_('created proxy user {0}').format(username))
return password
def create_trust_for_cluster(cluster, expires=True):
"""Create a trust for a cluster
This delegates a trust from the current user to the Sahara admin user
based on the current context roles, and then adds the trust identifier
to the cluster object.
:param expires: The trust will expire if this is set to True.
"""
trustor = keystone.client()
ctx = context.current()
trustee = keystone.client_for_admin()
trust_id = create_trust(trustor=trustor, trustee=trustee, role_names=ctx.roles, expires=expires)
conductor.cluster_update(ctx, cluster, {"trust_id": trust_id})
def proxy_user_create(username):
'''Create a new user in the proxy domain
Creates the username specified with a random password.
:param username: The name of the new user.
:returns: The password created for the user.
'''
admin = k.client_for_admin()
domain = domain_for_proxy()
password = uuidutils.generate_uuid()
b.execute_with_retries(
admin.users.create, name=username, password=password, domain=domain.id)
LOG.debug('Created proxy user {username}'.format(username=username))
return password
def create_trust_for_cluster(cluster):
'''Create a trust for a cluster
This delegates a trust from the current user to the Sahara admin user
based on the current context roles, and then adds the trust identifier
to the cluster object.
'''
trustor = keystone.client()
ctx = context.current()
trustee = keystone.client_for_admin()
trust_id = create_trust(trustor=trustor,
trustee=trustee,
role_names=ctx.roles)
conductor.cluster_update(ctx, cluster, {'trust_id': trust_id})
def create_trust_for_cluster(cluster):
'''Create a trust for a cluster
This delegates a trust from the current user to the Sahara admin user
based on the current context roles, and then adds the trust identifier
to the cluster object.
'''
trustor = keystone.client()
ctx = context.current()
trustee = keystone.client_for_admin()
trust_id = create_trust(trustor=trustor,
trustee=trustee,
role_names=ctx.roles)
conductor.cluster_update(ctx,
cluster,
{'trust_id': trust_id})
def check_cinder_exists():
services = [service.name for service in
keystone.client_for_admin().services.list()]
if 'cinder' not in services:
raise ex.InvalidException(_("Cinder is not supported"))
