def add_user(self, role_id, user_id, tenant_id=None):
user = self.user_api.get(user_id)
if user is None:
raise exception.UserNotFound(user_id=user_id)
role_dn = self._subrole_id_to_dn(role_id, tenant_id)
conn = self.get_connection()
user_dn = self.user_api._id_to_dn(user_id)
try:
conn.modify_s(role_dn,
[(ldap.MOD_ADD, self.member_attribute, user_dn)])
except ldap.TYPE_OR_VALUE_EXISTS:
raise exception.Error('User %s already has role %s in tenant %s' %
(user_id, role_id, tenant_id))
except ldap.NO_SUCH_OBJECT:
if tenant_id is None or self.get(role_id) is None:
raise Exception("Role %s not found" % (role_id, ))
attrs = [('objectClass', [self.object_class]),
(self.member_attribute, [user_dn])]
if self.use_dumb_member:
attrs[1][1].append(self.DUMB_MEMBER_DN)
try:
conn.add_s(role_dn, attrs)
except Exception as inst:
raise inst
return UserRoleAssociation(id=self._create_ref(role_id, tenant_id,
user_id),
role_id=role_id,
user_id=user_id,
tenant_id=tenant_id)
def test_unicode_message(self):
message = u'Comment \xe7a va'
e = exception.Error(message)
try:
self.assertEqual(message, six.text_type(e))
except UnicodeEncodeError:
self.fail("unicode error message not supported")
def rolegrant_delete(self, id):
role_id, tenant_id, user_id = self._explode_ref(id)
user_dn = self.user_api._id_to_dn(user_id)
role_dn = self._subrole_id_to_dn(role_id, tenant_id)
conn = self.get_connection()
try:
conn.modify_s(role_dn, [(ldap.MOD_DELETE, '', [user_dn])])
except ldap.NO_SUCH_ATTRIBUTE:
raise exception.Error("No such user in role")
def process_response(self, request, response):
"""Transform the response from JSON to XML."""
outgoing_xml = 'application/xml' in str(request.accept)
if outgoing_xml and response.body:
response.content_type = 'application/xml'
try:
response.body = serializer.to_xml(json.loads(response.body))
except:
raise exception.Error(message=response.body)
return response
def update_resource_data(cls, resource_data, status):
if status is cls.STABLE:
# We currently do not add a status if the resource is stable, the
# absence of the status property can be taken as meaning that the
# resource is stable.
return
if status is cls.DEPRECATED or status is cls.EXPERIMENTAL:
resource_data['hints'] = {'status': status}
return
raise exception.Error(message=_(
'Unexpected status requested for JSON Home response, %s') % status)
def process_response(self, request, response):
"""Transform the response from JSON to XML."""
outgoing_xml = 'application/xml' in str(request.accept)
if outgoing_xml and response.body:
response.content_type = 'application/xml'
try:
body_obj = jsonutils.loads(response.body)
response.body = serializer.to_xml(body_obj, xmlns=self.xmlns)
except Exception:
LOG.exception('Serializer failed')
raise exception.Error(message=response.body)
return response
def calculate_type(user_id, group_id, project_id, domain_id):
if user_id and project_id:
return AssignmentType.USER_PROJECT
elif user_id and domain_id:
return AssignmentType.USER_DOMAIN
elif group_id and project_id:
return AssignmentType.GROUP_PROJECT
elif group_id and domain_id:
return AssignmentType.GROUP_DOMAIN
else:
message_data = ', '.join(
[user_id, group_id, project_id, domain_id])
raise exception.Error(message=_(
'Unexpected combination of grant attributes - '
'User, Group, Project, Domain: %s') % message_data)
def update(self, id, values):
if values['id'] != id:
return None
old_obj = self.get(id)
if old_obj.get('name') != values['name']:
raise exception.Error('Changing Name not permitted')
try:
new_tenant = values['tenant_id']
except KeyError:
pass
else:
if old_obj.get('tenant_id') != new_tenant:
if old_obj['tenant_id']:
self.tenant_api.remove_user(old_obj['tenant_id'], id)
if new_tenant:
self.tenant_api.add_user(new_tenant, id)
_ensure_hashed_password(values)
super(UserApi, self).update(id, values, old_obj)
def denormalize_role(ref):
assignment = {}
if ref.type == AssignmentType.USER_PROJECT:
assignment['user_id'] = ref.actor_id
assignment['project_id'] = ref.target_id
elif ref.type == AssignmentType.USER_DOMAIN:
assignment['user_id'] = ref.actor_id
assignment['domain_id'] = ref.target_id
elif ref.type == AssignmentType.GROUP_PROJECT:
assignment['group_id'] = ref.actor_id
assignment['project_id'] = ref.target_id
elif ref.type == AssignmentType.GROUP_DOMAIN:
assignment['group_id'] = ref.actor_id
assignment['domain_id'] = ref.target_id
else:
raise exception.Error(message=_(
'Unexpected assignment type encountered, %s') %
ref.type)
assignment['role_id'] = ref.role_id
if ref.inherited:
assignment['inherited_to_projects'] = 'projects'
return assignment
def update(self, id, values):
old_obj = self.get(id)
if old_obj['name'] != values['name']:
raise exception.Error('Changing Name not permitted')
super(TenantApi, self).update(id, values, old_obj)
def _add_resource(self,
mapper,
controller,
path,
rel,
get_action=None,
head_action=None,
get_head_action=None,
put_action=None,
post_action=None,
patch_action=None,
delete_action=None,
get_post_action=None,
path_vars=None,
status=None):
if get_head_action:
getattr(controller, get_head_action) # ensure the attribute exists
mapper.connect(path,
controller=controller,
action=get_head_action,
conditions=dict(method=['GET', 'HEAD']))
if get_action:
getattr(controller, get_action) # ensure the attribute exists
mapper.connect(path,
controller=controller,
action=get_action,
conditions=dict(method=['GET']))
if head_action:
getattr(controller, head_action) # ensure the attribute exists
mapper.connect(path,
controller=controller,
action=head_action,
conditions=dict(method=['HEAD']))
if put_action:
getattr(controller, put_action) # ensure the attribute exists
mapper.connect(path,
controller=controller,
action=put_action,
conditions=dict(method=['PUT']))
if post_action:
getattr(controller, post_action) # ensure the attribute exists
mapper.connect(path,
controller=controller,
action=post_action,
conditions=dict(method=['POST']))
if patch_action:
getattr(controller, patch_action) # ensure the attribute exists
mapper.connect(path,
controller=controller,
action=patch_action,
conditions=dict(method=['PATCH']))
if delete_action:
getattr(controller, delete_action) # ensure the attribute exists
mapper.connect(path,
controller=controller,
action=delete_action,
conditions=dict(method=['DELETE']))
if get_post_action:
getattr(controller, get_post_action) # ensure the attribute exists
mapper.connect(path,
controller=controller,
action=get_post_action,
conditions=dict(method=['GET', 'POST']))
resource_data = dict()
if path_vars:
resource_data['href-template'] = path
resource_data['href-vars'] = path_vars
else:
resource_data['href'] = path
if status:
if not json_home.Status.is_supported(status):
raise exception.Error(message=_(
'Unexpected status requested for JSON Home response, %s') %
status)
resource_data.setdefault('hints', {})
resource_data['hints']['status'] = status
self.v3_resources.append((rel, resource_data))
