Пример #1
0
    def create_user(self, name, email, password=None, enabled=True):
        """
        ADMIN ONLY. Creates a new user for this tenant (account). The username
        and email address must be supplied. You may optionally supply the
        password for this user; if not, the API server generates a password and
        return it in the 'password' attribute of the resulting User object.
        NOTE: this is the ONLY time the password is returned; after the initial
        user creation, there is NO WAY to retrieve the user's password.

        You may also specify that the user should be created but not active by
        passing False to the enabled parameter.
        """
        # NOTE: the OpenStack docs say that the name key in the following dict
        # is supposed to be 'username', but the service actually expects 'name'.
        data = {"user": {
                "username": name,
                "email": email,
                "enabled": enabled,
                }}
        if password:
            data["user"]["OS-KSADM:password"] = password
        resp, resp_body = self.method_post("users", data=data, admin=True)
        if resp.status_code == 201:
            return User(self, resp_body.get("user", resp_body))
        elif resp.status_code in (401, 403, 404):
            raise exc.AuthorizationFailure("You are not authorized to create "
                    "users.")
        elif resp.status_code == 409:
            raise exc.DuplicateUser("User '%s' already exists." % name)
        elif resp.status_code == 400:
            message = resp_body["badRequest"]["message"]
            if "Expecting valid email address" in message:
                raise exc.InvalidEmail("%s is not valid" % email)
            else:
                raise exc.BadRequest(message)
Пример #2
0
 def list_users(self):
     """
     ADMIN ONLY. Returns a list of objects for all users for the tenant
     (account) if this request is issued by a user holding the admin role
     (identity:user-admin).
     """
     resp = self.method_get("users", admin=True)
     if resp.status_code in (401, 403, 404):
         raise exc.AuthorizationFailure("You are not authorized to list "
                                        "users.")
     users = resp.json()
     # The API is inconsistent; if only one user exists, it will not return
     # a list.
     if "users" in users:
         users = users["users"]
     else:
         users = [users]
     # The returned values may contain password data. Strip that out.
     for user in users:
         bad_keys = [
             key for key in user.keys() if "password" in key.lower()
         ]
         for bad_key in bad_keys:
             user.pop(bad_key)
     return [User(self, user) for user in users]
Пример #3
0
 def get_token_endpoints(self):
     """
     ADMIN ONLY. Returns a list of all endpoints for the current auth token.
     """
     resp, resp_body = self.method_get("tokens/%s/endpoints" % self.token,
             admin=True)
     if resp.status_code in (401, 403, 404):
         raise exc.AuthorizationFailure("You are not authorized to list "
                 "token endpoints.")
     return resp_body.get("access", {}).get("endpoints")
Пример #4
0
 def revoke_token(self, token):
     """
     ADMIN ONLY. Returns True or False, depending on whether deletion of the
     specified token was successful.
     """
     resp, resp_body = self.method_delete("tokens/%s" % token, admin=True)
     if resp.status_code in (401, 403):
         raise exc.AuthorizationFailure("You must be an admin to make this "
                 "call.")
     return 200 <= resp.status_code < 300
Пример #5
0
 def list_tokens(self):
     """
     ADMIN ONLY. Returns a dict containing tokens, endpoints, user info, and
     role metadata.
     """
     resp, resp_body = self.method_get("tokens/%s" % self.token, admin=True)
     if resp.status_code in (401, 403):
         raise exc.AuthorizationFailure("You must be an admin to make this "
                 "call.")
     return resp_body.get("access")
Пример #6
0
 def check_token(self, token=None):
     """
     ADMIN ONLY. Returns True or False, depending on whether the current
     token is valid.
     """
     if token is None:
         token = self.token
     resp, resp_body = self.method_head("tokens/%s" % token, admin=True)
     if resp.status_code in (401, 403):
         raise exc.AuthorizationFailure("You must be an admin to make this "
                 "call.")
     return 200 <= resp.status_code < 300
Пример #7
0
 def _list_tenants(self, admin):
     """
     Returns either a list of all tenants (admin=True), or the tenant for
     the currently-authenticated user (admin=False).
     """
     resp, resp_body = self.method_get("tenants", admin=admin)
     if 200 <= resp.status_code < 300:
         tenants = resp_body.get("tenants", [])
         return [Tenant(self, tenant) for tenant in tenants]
     elif resp.status_code in (401, 403):
         raise exc.AuthorizationFailure("You are not authorized to list "
                 "tenants.")
     else:
         raise exc.TenantNotFound("Could not get a list of tenants.")
Пример #8
0
 def list_roles_for_user(self, user):
     """
     ADMIN ONLY. Returns a list of roles for the specified user. Each role
     will be a 3-tuple, consisting of (role_id, role_name,
     role_description).
     """
     user_id = utils.get_id(user)
     uri = "users/%s/roles" % user_id
     resp, resp_body = self.method_get(uri)
     if resp.status_code in (401, 403):
         raise exc.AuthorizationFailure("You are not authorized to list "
                 "user roles.")
     roles = resp_body.get("roles")
     return roles
Пример #9
0
 def delete_user(self, user):
     """
     ADMIN ONLY. Removes the user from the system. There is no 'undo'
     available, so you should be certain that the user specified is the user
     you wish to delete.
     """
     user_id = utils.get_id(user)
     uri = "users/%s" % user_id
     resp, resp_body = self.method_delete(uri)
     if resp.status_code == 404:
         raise exc.UserNotFound("User '%s' does not exist." % user)
     elif resp.status_code in (401, 403):
         raise exc.AuthorizationFailure("You are not authorized to delete "
                 "users.")
Пример #10
0
 def update_user(self, user, email=None, username=None,
         uid=None, enabled=None):
     """
     ADMIN ONLY. Updates the user attributes with the supplied values.
     """
     user_id = utils.get_id(user)
     uri = "users/%s" % user_id
     upd = {"id": user_id}
     if email is not None:
         upd["email"] = email
     if username is not None:
         upd["username"] = username
     if enabled is not None:
         upd["enabled"] = enabled
     data = {"user": upd}
     resp, resp_body = self.method_put(uri, data=data)
     if resp.status_code in (401, 403, 404):
         raise exc.AuthorizationFailure("You are not authorized to update "
                 "users.")
     return User(self, resp_body)