def validate_groups(group_ids, mapping_id, identity_api):
if not group_ids:
raise exception.MissingGroups(mapping_id=mapping_id)
for group_id in group_ids:
try:
identity_api.get_group(group_id)
except exception.GroupNotFound:
raise exception.MappedGroupNotFound(group_id=group_id,
mapping_id=mapping_id)
def validate_groups_in_backend(group_ids, mapping_id, identity_api):
"""Iterate over group ids and make sure they are present in the backend/
This call is not transactional.
:param group_ids: IDs of the groups to be checked
:type group_ids: list of str
:param mapping_id: id of the mapping used for this operation
:type mapping_id: str
:param identity_api: Identity Manager object used for communication with
backend
:type identity_api: identity.Manager
:raises: exception.MappedGroupNotFound
"""
for group_id in group_ids:
try:
identity_api.get_group(group_id)
except exception.GroupNotFound:
raise exception.MappedGroupNotFound(group_id=group_id,
mapping_id=mapping_id)
def transform_to_group_ids(group_names, mapping_id, identity_api,
assignment_api):
"""Transform groups identitified by name/domain to their ids
Function accepts list of groups identified by a name and domain giving
a list of group ids in return.
Example of group_names parameter::
[
{
"name": "group_name",
"domain": {
"id": "domain_id"
},
},
{
"name": "group_name_2",
"domain": {
"name": "domain_name"
}
}
]
:param group_names: list of group identified by name and its domain.
:type group_names: list
:param mapping_id: id of the mapping used for mapping assertion into
local credentials
:type mapping_id: str
:param identity_api: identity_api object
:param assignment_api: assignment_api object
:returns: generator object with group ids
:raises: excepton.MappedGroupNotFound: in case asked group doesn't
exist in the backend.
"""
def resolve_domain(domain):
"""Return domain id.
Input is a dictionary with a domain identified either by a ``id`` or a
``name``. In the latter case system will attempt to fetch domain object
from the backend.
:returns: domain's id
:rtype: str
"""
domain_id = (domain.get('id') or assignment_api.get_domain_by_name(
domain.get('name')).get('id'))
return domain_id
for group in group_names:
try:
group_dict = identity_api.get_group_by_name(
group['name'], resolve_domain(group['domain']))
yield group_dict['id']
except exception.GroupNotFound:
raise exception.MappedGroupNotFound(group_id=group['name'],
mapping_id=mapping_id)
