def endpoint_group_list(request, use_idm_account=False):
if use_idm_account:
manager = internal_keystoneclient(request).endpoint_groups
else:
manager = keystone.keystoneclient(
request, admin=True).endpoint_groups
return manager.list()
def region_list(request, use_idm_account=False):
if use_idm_account:
manager = internal_keystoneclient(request).regions
else:
manager = keystone.keystoneclient(
request, admin=True).regions
return manager.list()
def application_delete(request, application_id, use_idm_account=True):
if use_idm_account:
manager = internal_keystoneclient(request)
else:
manager = keystone.keystoneclient(request, admin=True)
return manager.oauth2.consumers.delete(application_id)
def list_endpoint_groups_for_project(request, project, use_idm_account=True):
if use_idm_account:
manager = internal_keystoneclient(request).endpoint_groups
else:
manager = keystone.keystoneclient(
request, admin=True).endpoint_groups
return manager.list_endpoint_groups_for_project(
project=project)
def remove_role_from_organization(request, role, organization, application,
use_idm_account=False):
if use_idm_account:
manager = internal_keystoneclient(request).fiware_roles.roles
else:
manager = keystone.keystoneclient(
request, admin=True).fiware_roles.roles
return manager.remove_from_organization(role, organization, application)
def add_role_to_user(request, role, user, organization,
application, use_idm_account=False):
if use_idm_account:
manager = internal_keystoneclient(request).fiware_roles.roles
else:
manager = keystone.keystoneclient(
request, admin=True).fiware_roles.roles
return manager.add_to_user(role, user, organization, application)
def organization_role_assignments(request, organization=None,
application=None, use_idm_account=True):
if use_idm_account:
manager = internal_keystoneclient(request)
else:
manager = keystone.keystoneclient(request, admin=True)
manager = manager.fiware_roles.role_assignments
return manager.list_organization_role_assignments(
organization=organization, application=application)
def application_create(request, name, redirect_uris, scopes=['all_info'],
client_type='confidential', description=None,
grant_type='authorization_code', **kwargs):
""" Registers a new consumer in the Keystone OAuth2 extension.
In FIWARE applications is the name OAuth2 consumers/clients receive.
"""
manager = keystone.keystoneclient(request, admin=True).oauth2.consumers
return manager.create(request=name, redirect_uris=redirect_uris, description=description, scopes=scopes,
client_type=client_type, grant_type=grant_type)
def check_endpoint_group_in_project(request, project, endpoint_group,
use_idm_account=False):
if use_idm_account:
manager = internal_keystoneclient(request).endpoint_groups
else:
manager = keystone.keystoneclient(
request, admin=True).endpoint_groups
return manager.check_endpoint_group_in_project(
project=project,
endpoint_group=endpoint_group)
def user_update(request, user, use_idm_account=False, **data):
if use_idm_account:
manager = internal_keystoneclient(request).users
else:
manager = keystone.keystoneclient(
request, admin=True).users
if not data['password']:
data.pop('password')
user = manager.update(user, **data)
if data.get('password') and user.id == request.user.id:
return logging.warn(
request,
"Password changed. Please log in again to continue."
)
def get_fiware_default_app(request, app_name, use_idm_account=True):
if cache.get(app_name) is None:
try:
if use_idm_account:
manager = internal_keystoneclient(request)
else:
manager = keystone.keystoneclient(request, admin=True)
apps = manager.oauth2.consumers.list()
except Exception:
apps = []
ks_exceptions.handle(request)
for app in apps:
if app.name == app_name:
pickle_app = PickleObject(name=app.name, id=app.id)
cache.set(app_name, pickle_app, DEFAULT_OBJECTS_CACHE_TIME)
break
return cache.get(app_name)
def request_authorization_for_application(request, application, redirect_uri,
response_type, scope=['all_info'], state=None):
""" Sends the consumer/client credentials to the authorization server to ask
a resource owner for authorization in a certain scope.
:returns: a dict with all the data response from the provider, use it to populate
a nice form for the user, for example.
"""
LOG.debug('Requesting authorization for application: {0} with redirect_uri: {1} \
and scope: {2} by user {3}'.format(application, redirect_uri, scope, request.user))
manager = keystone.keystoneclient(request, admin=True).oauth2.authorization_codes
response_dict = manager.request_authorization(consumer=application,
redirect_uri=redirect_uri,
response_type=response_type,
scope=scope,
state=state)
return response_dict
def get_fiware_cloud_app(request, use_idm_account=True):
cloud_app = getattr(settings, "FIWARE_CLOUD_APP", None)
if cloud_app and cache.get('cloud_app') is None:
try:
if use_idm_account:
manager = internal_keystoneclient(request)
else:
manager = keystone.keystoneclient(request, admin=True)
apps = manager.oauth2.consumers.list()
except Exception:
apps = []
ks_exceptions.handle(request)
for app in apps:
if app.id == cloud_app or app.name == cloud_app:
pickle_app = PickleObject(name=app.name, id=app.id)
cache.set('cloud_app', pickle_app, DEFAULT_OBJECTS_CACHE_TIME)
break
return cache.get('cloud_app')
def authorize_application(request, application, scopes=None, redirect=False):
""" Give authorization from a resource owner to the consumer/client on the
requested scopes.
Example use case: when the user is redirected from the application website to
us, the provider/resource owner we present a nice form. If the user accepts, we
delegate to our Keystone backend, where the client credentials will be checked an
an authorization_code returned if everything is correct.
:returns: an authorization_code object, following the same pattern as other
keystoneclient objects
"""
if not scopes:
scopes = ['all_info']
LOG.debug('Authorizing application: %s by user: %s', application, request.user)
manager = keystone.keystoneclient(request, admin=True).oauth2.authorization_codes
authorization_code = manager.authorize(consumer=application,
scopes=scopes,
redirect=redirect)
return authorization_code
def application_get(request, application_id, use_idm_account=True):
if use_idm_account:
manager = internal_keystoneclient(request).oauth2.consumers
else:
manager = keystone.keystoneclient(request, admin=True).oauth2.consumers
return manager.get(application_id)
def list_organization_allowed_applications_to_manage_roles(
request, organization):
manager = keystone.keystoneclient(request, admin=True).fiware_roles.allowed
return manager.list_organization_allowed_applications_to_manage_roles(
organization)
def list_organization_allowed_roles_to_assign(request, organization):
manager = keystone.keystoneclient(request, admin=True).fiware_roles.allowed
return manager.list_organization_allowed_roles_to_assign(organization)
def list_organization_allowed_roles_to_assign(request, organization):
manager = keystone.keystoneclient(
request, admin=True).fiware_roles.allowed
return manager.list_organization_allowed_roles_to_assign(organization)
def list_organization_allowed_applications_to_manage_roles(request, organization):
manager = keystone.keystoneclient(
request, admin=True).fiware_roles.allowed
return manager.list_organization_allowed_applications_to_manage_roles(
organization)