Merged trunk and fixed conflict with other Brian in Authors
This commit is contained in:
Brian Lamar
@@ -5,6 +5,7 @@ Antony Messerli <ant@openstack.org>
|
||||
Armando Migliaccio <Armando.Migliaccio@eu.citrix.com>
|
||||
Bilal Akhtar <bilalakhtar@ubuntu.com>
|
||||
Brian Lamar <brian.lamar@rackspace.com>
|
||||
Brian Schott <bschott@isi.edu> <bfschott@gmail.com>
|
||||
Chiradeep Vittal <chiradeep@cloud.com>
|
||||
Chmouel Boudjnah <chmouel@chmouel.com>
|
||||
Chris Behrens <cbehrens@codestud.com>
|
||||
|
||||
@@ -47,3 +47,22 @@ Human Alphabetical Order Examples
|
||||
from nova.auth import users
|
||||
from nova.endpoint import api
|
||||
from nova.endpoint import cloud
|
||||
|
||||
Docstrings
|
||||
----------
|
||||
"""Summary of the function, class or method, less than 80 characters.
|
||||
|
||||
New paragraph after newline that explains in more detail any general
|
||||
information about the function, class or method. After this, if defining
|
||||
parameters and return types use the Sphinx format. After that an extra
|
||||
newline then close the quotations.
|
||||
|
||||
When writing the docstring for a class, an extra line should be placed
|
||||
after the closing quotations. For more in-depth explanations for these
|
||||
decisions see http://www.python.org/dev/peps/pep-0257/
|
||||
|
||||
:param foo: the foo parameter
|
||||
:param bar: the bar parameter
|
||||
:returns: description of the return value
|
||||
|
||||
"""
|
||||
|
||||
@@ -74,6 +74,25 @@ LOG = logging.getLogger("nova.ldapdriver")
|
||||
# in which we may want to change the interface a bit more.
|
||||
|
||||
|
||||
def _clean(attr):
|
||||
"""Clean attr for insertion into ldap"""
|
||||
if attr is None:
|
||||
return None
|
||||
if type(attr) is unicode:
|
||||
return str(attr)
|
||||
return attr
|
||||
|
||||
|
||||
def sanitize(fn):
|
||||
"""Decorator to sanitize all args"""
|
||||
def _wrapped(self, *args, **kwargs):
|
||||
args = [_clean(x) for x in args]
|
||||
kwargs = dict((k, _clean(v)) for (k, v) in kwargs)
|
||||
return fn(self, *args, **kwargs)
|
||||
_wrapped.func_name = fn.func_name
|
||||
return _wrapped
|
||||
|
||||
|
||||
class LdapDriver(object):
|
||||
"""Ldap Auth driver
|
||||
|
||||
@@ -106,23 +125,27 @@ class LdapDriver(object):
|
||||
self.conn.unbind_s()
|
||||
return False
|
||||
|
||||
@sanitize
|
||||
def get_user(self, uid):
|
||||
"""Retrieve user by id"""
|
||||
attr = self.__get_ldap_user(uid)
|
||||
return self.__to_user(attr)
|
||||
|
||||
@sanitize
|
||||
def get_user_from_access_key(self, access):
|
||||
"""Retrieve user by access key"""
|
||||
query = '(accessKey=%s)' % access
|
||||
dn = FLAGS.ldap_user_subtree
|
||||
return self.__to_user(self.__find_object(dn, query))
|
||||
|
||||
@sanitize
|
||||
def get_project(self, pid):
|
||||
"""Retrieve project by id"""
|
||||
dn = self.__project_to_dn(pid)
|
||||
attr = self.__find_object(dn, LdapDriver.project_pattern)
|
||||
return self.__to_project(attr)
|
||||
|
||||
@sanitize
|
||||
def get_users(self):
|
||||
"""Retrieve list of users"""
|
||||
attrs = self.__find_objects(FLAGS.ldap_user_subtree,
|
||||
@@ -134,6 +157,7 @@ class LdapDriver(object):
|
||||
users.append(user)
|
||||
return users
|
||||
|
||||
@sanitize
|
||||
def get_projects(self, uid=None):
|
||||
"""Retrieve list of projects"""
|
||||
pattern = LdapDriver.project_pattern
|
||||
@@ -143,6 +167,7 @@ class LdapDriver(object):
|
||||
pattern)
|
||||
return [self.__to_project(attr) for attr in attrs]
|
||||
|
||||
@sanitize
|
||||
def create_user(self, name, access_key, secret_key, is_admin):
|
||||
"""Create a user"""
|
||||
if self.__user_exists(name):
|
||||
@@ -196,6 +221,7 @@ class LdapDriver(object):
|
||||
self.conn.add_s(self.__uid_to_dn(name), attr)
|
||||
return self.__to_user(dict(attr))
|
||||
|
||||
@sanitize
|
||||
def create_project(self, name, manager_uid,
|
||||
description=None, member_uids=None):
|
||||
"""Create a project"""
|
||||
@@ -231,6 +257,7 @@ class LdapDriver(object):
|
||||
self.conn.add_s(dn, attr)
|
||||
return self.__to_project(dict(attr))
|
||||
|
||||
@sanitize
|
||||
def modify_project(self, project_id, manager_uid=None, description=None):
|
||||
"""Modify an existing project"""
|
||||
if not manager_uid and not description:
|
||||
@@ -249,21 +276,25 @@ class LdapDriver(object):
|
||||
dn = self.__project_to_dn(project_id)
|
||||
self.conn.modify_s(dn, attr)
|
||||
|
||||
@sanitize
|
||||
def add_to_project(self, uid, project_id):
|
||||
"""Add user to project"""
|
||||
dn = self.__project_to_dn(project_id)
|
||||
return self.__add_to_group(uid, dn)
|
||||
|
||||
@sanitize
|
||||
def remove_from_project(self, uid, project_id):
|
||||
"""Remove user from project"""
|
||||
dn = self.__project_to_dn(project_id)
|
||||
return self.__remove_from_group(uid, dn)
|
||||
|
||||
@sanitize
|
||||
def is_in_project(self, uid, project_id):
|
||||
"""Check if user is in project"""
|
||||
dn = self.__project_to_dn(project_id)
|
||||
return self.__is_in_group(uid, dn)
|
||||
|
||||
@sanitize
|
||||
def has_role(self, uid, role, project_id=None):
|
||||
"""Check if user has role
|
||||
|
||||
@@ -273,6 +304,7 @@ class LdapDriver(object):
|
||||
role_dn = self.__role_to_dn(role, project_id)
|
||||
return self.__is_in_group(uid, role_dn)
|
||||
|
||||
@sanitize
|
||||
def add_role(self, uid, role, project_id=None):
|
||||
"""Add role for user (or user and project)"""
|
||||
role_dn = self.__role_to_dn(role, project_id)
|
||||
@@ -283,11 +315,13 @@ class LdapDriver(object):
|
||||
else:
|
||||
return self.__add_to_group(uid, role_dn)
|
||||
|
||||
@sanitize
|
||||
def remove_role(self, uid, role, project_id=None):
|
||||
"""Remove role for user (or user and project)"""
|
||||
role_dn = self.__role_to_dn(role, project_id)
|
||||
return self.__remove_from_group(uid, role_dn)
|
||||
|
||||
@sanitize
|
||||
def get_user_roles(self, uid, project_id=None):
|
||||
"""Retrieve list of roles for user (or user and project)"""
|
||||
if project_id is None:
|
||||
@@ -307,6 +341,7 @@ class LdapDriver(object):
|
||||
roles = self.__find_objects(project_dn, query)
|
||||
return [role['cn'][0] for role in roles]
|
||||
|
||||
@sanitize
|
||||
def delete_user(self, uid):
|
||||
"""Delete a user"""
|
||||
if not self.__user_exists(uid):
|
||||
@@ -332,12 +367,14 @@ class LdapDriver(object):
|
||||
# Delete entry
|
||||
self.conn.delete_s(self.__uid_to_dn(uid))
|
||||
|
||||
@sanitize
|
||||
def delete_project(self, project_id):
|
||||
"""Delete a project"""
|
||||
project_dn = self.__project_to_dn(project_id)
|
||||
self.__delete_roles(project_dn)
|
||||
self.__delete_group(project_dn)
|
||||
|
||||
@sanitize
|
||||
def modify_user(self, uid, access_key=None, secret_key=None, admin=None):
|
||||
"""Modify an existing user"""
|
||||
if not access_key and not secret_key and admin is None:
|
||||
|
||||
@@ -17,12 +17,22 @@
|
||||
# under the License.
|
||||
|
||||
import os
|
||||
import sys
|
||||
|
||||
from nova import flags
|
||||
|
||||
import sqlalchemy
|
||||
from migrate.versioning import api as versioning_api
|
||||
from migrate.versioning import exceptions as versioning_exceptions
|
||||
|
||||
try:
|
||||
from migrate.versioning import exceptions as versioning_exceptions
|
||||
except ImportError:
|
||||
try:
|
||||
# python-migration changed location of exceptions after 1.6.3
|
||||
# See LP Bug #717467
|
||||
from migrate import exceptions as versioning_exceptions
|
||||
except ImportError:
|
||||
sys.exit(_("python-migrate is not installed. Exiting."))
|
||||
|
||||
FLAGS = flags.FLAGS
|
||||
|
||||
|
||||
Reference in New Issue
Block a user