def validate_groups(group_ids, mapping_id, identity_api): if not group_ids: raise exception.MissingGroups(mapping_id=mapping_id) for group_id in group_ids: try: identity_api.get_group(group_id) except exception.GroupNotFound: raise exception.MappedGroupNotFound(group_id=group_id, mapping_id=mapping_id)
def validate_groups_in_backend(group_ids, mapping_id, identity_api): """Iterate over group ids and make sure they are present in the backend/ This call is not transactional. :param group_ids: IDs of the groups to be checked :type group_ids: list of str :param mapping_id: id of the mapping used for this operation :type mapping_id: str :param identity_api: Identity Manager object used for communication with backend :type identity_api: identity.Manager :raises: exception.MappedGroupNotFound """ for group_id in group_ids: try: identity_api.get_group(group_id) except exception.GroupNotFound: raise exception.MappedGroupNotFound(group_id=group_id, mapping_id=mapping_id)
def transform_to_group_ids(group_names, mapping_id, identity_api, assignment_api): """Transform groups identitified by name/domain to their ids Function accepts list of groups identified by a name and domain giving a list of group ids in return. Example of group_names parameter:: [ { "name": "group_name", "domain": { "id": "domain_id" }, }, { "name": "group_name_2", "domain": { "name": "domain_name" } } ] :param group_names: list of group identified by name and its domain. :type group_names: list :param mapping_id: id of the mapping used for mapping assertion into local credentials :type mapping_id: str :param identity_api: identity_api object :param assignment_api: assignment_api object :returns: generator object with group ids :raises: excepton.MappedGroupNotFound: in case asked group doesn't exist in the backend. """ def resolve_domain(domain): """Return domain id. Input is a dictionary with a domain identified either by a ``id`` or a ``name``. In the latter case system will attempt to fetch domain object from the backend. :returns: domain's id :rtype: str """ domain_id = (domain.get('id') or assignment_api.get_domain_by_name( domain.get('name')).get('id')) return domain_id for group in group_names: try: group_dict = identity_api.get_group_by_name( group['name'], resolve_domain(group['domain'])) yield group_dict['id'] except exception.GroupNotFound: raise exception.MappedGroupNotFound(group_id=group['name'], mapping_id=mapping_id)