def endpoint_group_list(request, use_idm_account=False): if use_idm_account: manager = internal_keystoneclient(request).endpoint_groups else: manager = keystone.keystoneclient( request, admin=True).endpoint_groups return manager.list()
def region_list(request, use_idm_account=False): if use_idm_account: manager = internal_keystoneclient(request).regions else: manager = keystone.keystoneclient( request, admin=True).regions return manager.list()
def application_delete(request, application_id, use_idm_account=True): if use_idm_account: manager = internal_keystoneclient(request) else: manager = keystone.keystoneclient(request, admin=True) return manager.oauth2.consumers.delete(application_id)
def list_endpoint_groups_for_project(request, project, use_idm_account=True): if use_idm_account: manager = internal_keystoneclient(request).endpoint_groups else: manager = keystone.keystoneclient( request, admin=True).endpoint_groups return manager.list_endpoint_groups_for_project( project=project)
def remove_role_from_organization(request, role, organization, application, use_idm_account=False): if use_idm_account: manager = internal_keystoneclient(request).fiware_roles.roles else: manager = keystone.keystoneclient( request, admin=True).fiware_roles.roles return manager.remove_from_organization(role, organization, application)
def add_role_to_user(request, role, user, organization, application, use_idm_account=False): if use_idm_account: manager = internal_keystoneclient(request).fiware_roles.roles else: manager = keystone.keystoneclient( request, admin=True).fiware_roles.roles return manager.add_to_user(role, user, organization, application)
def organization_role_assignments(request, organization=None, application=None, use_idm_account=True): if use_idm_account: manager = internal_keystoneclient(request) else: manager = keystone.keystoneclient(request, admin=True) manager = manager.fiware_roles.role_assignments return manager.list_organization_role_assignments( organization=organization, application=application)
def application_create(request, name, redirect_uris, scopes=['all_info'], client_type='confidential', description=None, grant_type='authorization_code', **kwargs): """ Registers a new consumer in the Keystone OAuth2 extension. In FIWARE applications is the name OAuth2 consumers/clients receive. """ manager = keystone.keystoneclient(request, admin=True).oauth2.consumers return manager.create(request=name, redirect_uris=redirect_uris, description=description, scopes=scopes, client_type=client_type, grant_type=grant_type)
def check_endpoint_group_in_project(request, project, endpoint_group, use_idm_account=False): if use_idm_account: manager = internal_keystoneclient(request).endpoint_groups else: manager = keystone.keystoneclient( request, admin=True).endpoint_groups return manager.check_endpoint_group_in_project( project=project, endpoint_group=endpoint_group)
def user_update(request, user, use_idm_account=False, **data): if use_idm_account: manager = internal_keystoneclient(request).users else: manager = keystone.keystoneclient( request, admin=True).users if not data['password']: data.pop('password') user = manager.update(user, **data) if data.get('password') and user.id == request.user.id: return logging.warn( request, "Password changed. Please log in again to continue." )
def get_fiware_default_app(request, app_name, use_idm_account=True): if cache.get(app_name) is None: try: if use_idm_account: manager = internal_keystoneclient(request) else: manager = keystone.keystoneclient(request, admin=True) apps = manager.oauth2.consumers.list() except Exception: apps = [] ks_exceptions.handle(request) for app in apps: if app.name == app_name: pickle_app = PickleObject(name=app.name, id=app.id) cache.set(app_name, pickle_app, DEFAULT_OBJECTS_CACHE_TIME) break return cache.get(app_name)
def request_authorization_for_application(request, application, redirect_uri, response_type, scope=['all_info'], state=None): """ Sends the consumer/client credentials to the authorization server to ask a resource owner for authorization in a certain scope. :returns: a dict with all the data response from the provider, use it to populate a nice form for the user, for example. """ LOG.debug('Requesting authorization for application: {0} with redirect_uri: {1} \ and scope: {2} by user {3}'.format(application, redirect_uri, scope, request.user)) manager = keystone.keystoneclient(request, admin=True).oauth2.authorization_codes response_dict = manager.request_authorization(consumer=application, redirect_uri=redirect_uri, response_type=response_type, scope=scope, state=state) return response_dict
def get_fiware_cloud_app(request, use_idm_account=True): cloud_app = getattr(settings, "FIWARE_CLOUD_APP", None) if cloud_app and cache.get('cloud_app') is None: try: if use_idm_account: manager = internal_keystoneclient(request) else: manager = keystone.keystoneclient(request, admin=True) apps = manager.oauth2.consumers.list() except Exception: apps = [] ks_exceptions.handle(request) for app in apps: if app.id == cloud_app or app.name == cloud_app: pickle_app = PickleObject(name=app.name, id=app.id) cache.set('cloud_app', pickle_app, DEFAULT_OBJECTS_CACHE_TIME) break return cache.get('cloud_app')
def authorize_application(request, application, scopes=None, redirect=False): """ Give authorization from a resource owner to the consumer/client on the requested scopes. Example use case: when the user is redirected from the application website to us, the provider/resource owner we present a nice form. If the user accepts, we delegate to our Keystone backend, where the client credentials will be checked an an authorization_code returned if everything is correct. :returns: an authorization_code object, following the same pattern as other keystoneclient objects """ if not scopes: scopes = ['all_info'] LOG.debug('Authorizing application: %s by user: %s', application, request.user) manager = keystone.keystoneclient(request, admin=True).oauth2.authorization_codes authorization_code = manager.authorize(consumer=application, scopes=scopes, redirect=redirect) return authorization_code
def application_get(request, application_id, use_idm_account=True): if use_idm_account: manager = internal_keystoneclient(request).oauth2.consumers else: manager = keystone.keystoneclient(request, admin=True).oauth2.consumers return manager.get(application_id)
def list_organization_allowed_applications_to_manage_roles( request, organization): manager = keystone.keystoneclient(request, admin=True).fiware_roles.allowed return manager.list_organization_allowed_applications_to_manage_roles( organization)
def list_organization_allowed_roles_to_assign(request, organization): manager = keystone.keystoneclient(request, admin=True).fiware_roles.allowed return manager.list_organization_allowed_roles_to_assign(organization)
def list_organization_allowed_roles_to_assign(request, organization): manager = keystone.keystoneclient( request, admin=True).fiware_roles.allowed return manager.list_organization_allowed_roles_to_assign(organization)
def list_organization_allowed_applications_to_manage_roles(request, organization): manager = keystone.keystoneclient( request, admin=True).fiware_roles.allowed return manager.list_organization_allowed_applications_to_manage_roles( organization)