92 lines
3.1 KiB
Python
92 lines
3.1 KiB
Python
# Copyright 2011 OpenStack Foundation
|
|
# Copyright 2011 Nebula, Inc.
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
from keystoneclient import base
|
|
|
|
|
|
class Role(base.Resource):
|
|
"""Represents a Keystone role."""
|
|
|
|
def __repr__(self):
|
|
"""Return string representation of role resource information."""
|
|
return "<Role %s>" % self._info
|
|
|
|
def delete(self):
|
|
return self.manager.delete(self)
|
|
|
|
|
|
class RoleManager(base.ManagerWithFind):
|
|
"""Manager class for manipulating Keystone roles."""
|
|
|
|
resource_class = Role
|
|
|
|
def get(self, role):
|
|
return self._get("/OS-KSADM/roles/%s" % base.getid(role), "role")
|
|
|
|
def create(self, name):
|
|
"""Create a role."""
|
|
params = {"role": {"name": name}}
|
|
return self._post('/OS-KSADM/roles', params, "role")
|
|
|
|
def delete(self, role):
|
|
"""Delete a role."""
|
|
return self._delete("/OS-KSADM/roles/%s" % base.getid(role))
|
|
|
|
def list(self):
|
|
"""List all available roles."""
|
|
return self._list("/OS-KSADM/roles", "roles")
|
|
|
|
def roles_for_user(self, user, tenant=None):
|
|
user_id = base.getid(user)
|
|
if tenant:
|
|
tenant_id = base.getid(tenant)
|
|
route = "/tenants/%s/users/%s/roles"
|
|
return self._list(route % (tenant_id, user_id), "roles")
|
|
else:
|
|
return self._list("/users/%s/roles" % user_id, "roles")
|
|
|
|
def add_user_role(self, user, role, tenant=None):
|
|
"""Add a role to a user.
|
|
|
|
If tenant is specified, the role is added just for that tenant,
|
|
otherwise the role is added globally.
|
|
"""
|
|
user_id = base.getid(user)
|
|
role_id = base.getid(role)
|
|
if tenant:
|
|
route = "/tenants/%s/users/%s/roles/OS-KSADM/%s"
|
|
params = (base.getid(tenant), user_id, role_id)
|
|
return self._update(route % params, None, "role")
|
|
else:
|
|
route = "/users/%s/roles/OS-KSADM/%s"
|
|
return self._update(route % (user_id, role_id), None, "roles")
|
|
|
|
def remove_user_role(self, user, role, tenant=None):
|
|
"""Remove a role from a user.
|
|
|
|
If tenant is specified, the role is removed just for that tenant,
|
|
otherwise the role is removed from the user's global roles.
|
|
"""
|
|
user_id = base.getid(user)
|
|
role_id = base.getid(role)
|
|
if tenant:
|
|
route = "/tenants/%s/users/%s/roles/OS-KSADM/%s"
|
|
params = (base.getid(tenant), user_id, role_id)
|
|
return self._delete(route % params)
|
|
else:
|
|
route = "/users/%s/roles/OS-KSADM/%s"
|
|
return self._delete(route % (user_id, role_id))
|