def test_user_endpoint_as_admin(self):
user, password = '******', 'p@ssw0rd'
auth._client_set(user, password, tenant_name='test_default_tenant') \
.AndReturn('FAKE_CLIENT_SET')
auth.admin_role_id('FAKE_CLIENT_SET').AndReturn('AR_ID')
auth.current_user_id().AndReturn('FAKE_UID')
self.mox.ReplayAll()
rv = self.app.test_client().get(
'/hello', headers={'Authorization': _basic_auth(user, password)})
self.assertEquals(rv.status_code, 200, rv.data)
def test_user_endpoint_as_admin(self):
user, password = '******', 'p@ssw0rd'
auth._client_set(user, password, tenant_name='test_default_tenant') \
.AndReturn('FAKE_CLIENT_SET')
auth.admin_role_id('FAKE_CLIENT_SET').AndReturn('AR_ID')
auth.current_user_id().AndReturn('FAKE_UID')
self.mox.ReplayAll()
rv = self.app.test_client().get(
'/hello',
headers={'Authorization': _basic_auth(user, password)}
)
self.assertEquals(rv.status_code, 200, rv.data)
def _user_is_visible(user, admin_mode):
if admin_mode or user.id == auth.current_user_id():
return True
try:
user_projects = set(
(role.tenant.get('id') for role in user.list_roles()))
user_projects.intersection_update(auth.current_user_project_ids())
return len(user_projects) > 0
except osc_exc.HttpException:
return False
def delete_users_ssh_key(user_id, key_name):
if user_id != auth.current_user_id():
auth.assert_admin()
mgr = auth.admin_client_set().compute_ext.user_keypairs
try:
mgr.delete(user_id, key_name)
except osc_exc.NotFound:
abort(404)
return make_json_response(None, 204)
def delete_users_ssh_key(user_id, key_name):
if user_id != auth.current_user_id():
auth.assert_admin()
mgr = auth.admin_client_set().compute_ext.user_keypairs
try:
mgr.delete(user_id, key_name)
except osc_exc.NotFound:
abort(404)
return make_json_response(None, 204)
def _user_is_visible(user, admin_mode):
if admin_mode or user.id == auth.current_user_id():
return True
try:
user_projects = set((role.tenant.get('id')
for role in user.list_roles()))
user_projects.intersection_update(auth.current_user_project_ids())
return len(user_projects) > 0
except osc_exc.HttpException:
return False
def create_users_ssh_key(user_id):
data = parse_request_data(required=_SCHEMA.required)
if user_id != auth.current_user_id():
auth.assert_admin()
fetch_user(user_id, g.is_admin) # check that user exists and is visible
mgr = auth.admin_client_set().compute_ext.user_keypairs
try:
kp = mgr.create(user_id, data['name'], data['public-key'])
except osc_exc.BadRequest, e:
raise exc.InvalidRequest(str(e))
def create_users_ssh_key(user_id):
data = parse_request_data(required=_SCHEMA.required)
if user_id != auth.current_user_id():
auth.assert_admin()
fetch_user(user_id, g.is_admin) # check that user exists and is visible
mgr = auth.admin_client_set().compute_ext.user_keypairs
try:
kp = mgr.create(user_id, data['name'], data['public-key'])
except osc_exc.BadRequest, e:
raise exc.InvalidRequest(str(e))
def remove_project_user(project_id, user_id):
tenant = get_tenant(project_id)
if user_id != current_user_id():
assert_admin()
try:
user_mgr = admin_client_set().identity_admin.users
roles = user_mgr.list_roles(user_id, project_id)
except osc_exc.NotFound:
abort(404)
if not roles:
abort(404) # user was not member of the project
for role in roles:
try:
tenant.remove_user(user_id, role.id)
except osc_exc.NotFound:
pass # already deleted by someone else
return make_json_response(None, status_code=204)
def remove_project_user(project_id, user_id):
tenant = get_tenant(project_id)
if user_id != current_user_id():
assert_admin()
try:
user_mgr = admin_client_set().identity_admin.users
roles = user_mgr.list_roles(user_id, project_id)
except osc_exc.NotFound:
abort(404)
if not roles:
abort(404) # user was not member of the project
for role in roles:
try:
tenant.remove_user(user_id, role.id)
except osc_exc.NotFound:
pass # already deleted by someone else
return make_json_response(None, status_code=204)
def get_current_user():
"""Current user resource shortcut"""
return get_user(current_user_id())
def get_current_user():
"""Current user resource shortcut"""
return get_user(current_user_id())
def current_user_():
return auth.current_user_id()
def test_current_user_id(self):
self.mox.ReplayAll()
self.fake_client_set.http_client.access['user'] = {'id': 'THE_UID'}
with self.app.test_request_context():
self.install_fake_auth()
self.assertEquals('THE_UID', auth.current_user_id())
def current_user_():
return auth.current_user_id()
def test_current_user_id(self):
self.mox.ReplayAll()
self.fake_client_set.http_client.access['user'] = { 'id' : 'THE_UID' }
with self.app.test_request_context():
self.install_fake_auth()
self.assertEquals('THE_UID', auth.current_user_id())
