def user_create(request,
name=None,
email=None,
password=None,
project=None,
enabled=None,
domain=None,
description=None,
**data):
manager = keystoneclient(request, admin=True).users
try:
if VERSIONS.active < 3:
user = manager.create(name, password, email, project, enabled)
return VERSIONS.upgrade_v2_user(user)
else:
return manager.create(
name,
password=password,
email=email,
default_project=project,
enabled=enabled,
domain=domain,
description=description,
**data)
except keystone_exceptions.Conflict:
raise exceptions.Conflict()
def tenant_create(request, name, description=None, enabled=None, domain=None, **kwargs):
manager = VERSIONS.get_project_manager(request, admin=True)
try:
if VERSIONS.active < 3:
return manager.create(name, description, enabled, **kwargs)
else:
return manager.create(name, domain, description=description, enabled=enabled, **kwargs)
except keystone_exceptions.Conflict:
raise exceptions.Conflict()
def user_update(request, user, **data):
manager = keystoneclient(request, admin=True).users
error = None
if not keystone_can_edit_user():
raise keystone_exceptions.ClientException(405, _("Identity service does not allow editing user data."))
# The v2 API updates user model and default project separately
if VERSIONS.active < 3:
# Update user details
try:
user = manager.update(user, **data)
except keystone_exceptions.Conflict:
raise exceptions.Conflict()
except Exception:
error = exceptions.handle(request, ignore=True)
if "project" in data:
project = data.pop('project')
# Update default tenant
try:
user_update_tenant(request, user, project)
user.tenantId = project
except Exception:
error = exceptions.handle(request, ignore=True)
# Check for existing roles
# Show a warning if no role exists for the project
user_roles = roles_for_user(request, user, project)
if not user_roles:
messages.warning(request,
_('User %s has no role defined for '
'that project.') % data.get('name', None))
if error is not None:
raise error
# v3 API is so much simpler...
else:
try:
user = manager.update(user, **data)
except keystone_exceptions.Conflict:
raise exceptions.Conflict()
def swift_delete_container(request, name):
# It cannot be deleted if it's not empty. The batch remove of objects
# be done in swiftclient instead of Horizon.
objects, more = swift_get_objects(request, name)
if objects:
error_msg = _("The container cannot be deleted " "since it is not empty.")
exc = exceptions.Conflict(error_msg)
raise exc
swift_api(request).delete_container(name)
return True
def swift_delete_folder(request, container_name, object_name):
objects, more = swift_get_objects(request, container_name, prefix=object_name)
# In case the given object is pseudo folder,
# it can be deleted only if it is empty.
# swift_get_objects will return at least
# one object (i.e container_name) even if the
# given pseudo folder is empty. So if swift_get_objects
# returns more than one object then only it will be
# considered as non empty folder.
if len(objects) > 1:
error_msg = _("The pseudo folder cannot be deleted " "since it is not empty.")
exc = exceptions.Conflict(error_msg)
raise exc
swift_api(request).delete_object(container_name, object_name)
return True
def mapping_create(request, mapping_id, rules):
manager = keystoneclient(request, admin=True).federation.mappings
try:
return manager.create(mapping_id=mapping_id, rules=rules)
except keystone_exceptions.Conflict:
raise exceptions.Conflict()
def identity_provider_update(request, idp_id, description=None, enabled=False, remote_ids=None):
manager = keystoneclient(request, admin=True).federation.identity_providers
try:
return manager.update(idp_id, description=description, enabled=enabled, remote_ids=remote_ids)
except keystone_exceptions.Conflict:
raise exceptions.Conflict()
def protocol_create(request, protocol_id, identity_provider, mapping):
manager = keystoneclient(request).federation.protocols
try:
return manager.create(protocol_id, identity_provider, mapping)
except keystone_exceptions.Conflict:
raise exceptions.Conflict()