def _ldap_user_search(self, username_or_email, limit=20, suffix=""): if not username_or_email: return (None, "Empty username/email") # Verify the admin connection works first. We do this here to avoid wrapping # the entire block in the INVALID CREDENTIALS check. try: with self._ldap.get_connection(): pass except ldap.INVALID_CREDENTIALS: return (None, "LDAP Admin dn or password is invalid") with self._ldap.get_connection() as conn: logger.debug("Incoming username or email param: %s", username_or_email.__repr__()) for user_search_dn in self._user_dns: (pairs, err_msg) = self._ldap_user_search_with_rdn( conn, username_or_email, user_search_dn, suffix=suffix ) if pairs is not None and len(pairs) > 0: break if err_msg is not None: return (None, err_msg) logger.debug("Found matching pairs: %s", pairs) results = [LDAPUsers._LDAPResult(*pair) for pair in take(limit, pairs)] # Filter out pairs without DNs. Some LDAP impls will return such pairs. with_dns = [result for result in results if result.dn] return (with_dns, None)
def get_filtered_matching_repositories(lookup_value, filter_username=None, repo_kind="image", offset=0, limit=25, search_fields=None): """ Returns an iterator of all repositories matching the given lookup value, with optional filtering to a specific user. If the user is unspecified, only public repositories will be returned. """ if search_fields is None: search_fields = set( [SEARCH_FIELDS.description.name, SEARCH_FIELDS.name.name]) # Build the unfiltered search query. unfiltered_query = _get_sorted_matching_repositories( lookup_value, repo_kind=repo_kind, search_fields=search_fields, include_private=filter_username is not None, ids_only=filter_username is not None, ) # Add a filter to the iterator, if necessary. if filter_username is not None: filter_user = _get_namespace_user(filter_username) if filter_user is None: return [] # NOTE: We add the offset to the limit here to ensure we have enough results # for the take's we conduct below. iterator = _filter_repositories_visible_to_user( unfiltered_query, filter_user.id, offset + limit, repo_kind) if offset > 0: take(offset, iterator) # Return the results. return list(take(limit, iterator)) return list(unfiltered_query.offset(offset).limit(limit))
def query_users(self, query, limit=20): if len(query) < 3: return ([], self.federated_service, None) try: admin_client, _ = self._get_client(self.admin_username, self.admin_password, self.admin_tenant) found_users = list(take(limit, admin_client.users.list(name=query))) logger.debug("For Keystone query %s found users: %s", query, found_users) if not found_users: return ([], self.federated_service, None) return ([self._user_info(user) for user in found_users], self.federated_service, None) except KeystoneAuthorizationFailure as kaf: logger.exception( "Keystone auth failure for admin user for query %s", query) return ( None, self.federated_service, str(kaf) or "Invalid admin username or password", ) except KeystoneUnauthorized as kut: logger.exception( "Keystone unauthorized for admin user for query %s", query) return ( None, self.federated_service, str(kut) or "Invalid admin username or password", ) except ClientException as cle: logger.exception( "Keystone unauthorized for admin user for query %s", query) return ( None, self.federated_service, str(cle) or "Invalid admin username or password", )