def _get_roles_for_group_and_project(group_id, project_id): self.get_project(project_id) group_dn = self.group._id_to_dn(group_id) return [self.role._dn_to_id(a.role_dn) for a in self.role.get_role_assignments (self.project._id_to_dn(project_id)) if common_ldap.is_dn_equal(a.user_dn, group_dn)]
def _get_roles_for_just_user_and_project(user_id, tenant_id): self.get_project(tenant_id) user_dn = self.user._id_to_dn(user_id) return [self.role._dn_to_id(a.role_dn) for a in self.role.get_role_assignments (self.project._id_to_dn(tenant_id)) if common_ldap.is_dn_equal(a.user_dn, user_dn)]
def _get_roles_for_group_and_project(group_id, project_id): self.get_project(project_id) group_dn = self.group._id_to_dn(group_id) # NOTE(marcos-fermin-lobo): In Active Directory, for functions # such as "self.role.get_role_assignments", it returns # the key "CN" or "OU" in uppercase. # The group_dn var has "CN" and "OU" in lowercase. # For this reason, it is necessary to use the "upper()" # function so both are consistent. return [self.role._dn_to_id(a.role_dn) for a in self.role.get_role_assignments (self.project._id_to_dn(project_id)) if common_ldap.is_dn_equal(a.user_dn, group_dn)]
def _get_roles_for_group_and_project(group_id, project_id): self.get_project(project_id) group_dn = self.group._id_to_dn(group_id) # NOTE(marcos-fermin-lobo): In Active Directory, for functions # such as "self.role.get_role_assignments", it returns # the key "CN" or "OU" in uppercase. # The group_dn var has "CN" and "OU" in lowercase. # For this reason, it is necessary to use the "upper()" # function so both are consistent. return [ self.role._dn_to_id(a.role_dn) for a in self.role.get_role_assignments( self.project._id_to_dn(project_id)) if common_ldap.is_dn_equal(a.user_dn, group_dn) ]
def test_dn_parsed_dns(self): # is_dn_equal can also accept parsed DNs. dn_str1 = ldap.dn.str2dn('cn=Babs Jansen,ou=OpenStack+cn=OpenSource') dn_str2 = ldap.dn.str2dn('CN=Babs Jansen,cn=OpenSource+ou=OpenStack') self.assertTrue(ks_ldap.is_dn_equal(dn_str1, dn_str2))
def test_dn_equal_rdns(self): # is_dn_equal returns True if the DNs have the same number of RDNs # and each RDN is the same. dn1 = 'cn=Babs Jansen,ou=OpenStack+cn=OpenSource' dn2 = 'CN=Babs Jansen,cn=OpenSource+ou=OpenStack' self.assertTrue(ks_ldap.is_dn_equal(dn1, dn2))
def test_dn_diff_length(self): # is_dn_equal returns False if the DNs don't have the same number of # RDNs dn1 = 'cn=Babs Jansen,ou=OpenStack' dn2 = 'cn=Babs Jansen,ou=OpenStack,dc=example.com' self.assertFalse(ks_ldap.is_dn_equal(dn1, dn2))
def test_dn_equal_unicode(self): # is_dn_equal can accept unicode dn = u'cn=fäké,ou=OpenStack' self.assertTrue(ks_ldap.is_dn_equal(dn, dn))
def test_dn_same(self): # is_dn_equal returns True if the DNs are the same. dn = 'cn=Babs Jansen,ou=OpenStack' self.assertTrue(ks_ldap.is_dn_equal(dn, dn))