summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--keystone-moon/keystone/contrib/moon/controllers.py3
-rw-r--r--keystone-moon/keystone/contrib/moon/core.py63
-rw-r--r--moonclient/moonclient/subjects.py17
-rw-r--r--moonclient/moonclient/tests/tests_intra_extensions.json43
-rw-r--r--moonclient/python_moonclient.egg-info/PKG-INFO37
-rw-r--r--moonclient/python_moonclient.egg-info/SOURCES.txt33
-rw-r--r--moonclient/python_moonclient.egg-info/dependency_links.txt1
-rw-r--r--moonclient/python_moonclient.egg-info/namespace_packages.txt1
-rw-r--r--moonclient/python_moonclient.egg-info/not-zip-safe1
-rw-r--r--moonclient/python_moonclient.egg-info/top_level.txt1
10 files changed, 71 insertions, 129 deletions
diff --git a/keystone-moon/keystone/contrib/moon/controllers.py b/keystone-moon/keystone/contrib/moon/controllers.py
index c860ed6a..596946b2 100644
--- a/keystone-moon/keystone/contrib/moon/controllers.py
+++ b/keystone-moon/keystone/contrib/moon/controllers.py
@@ -340,6 +340,9 @@ class IntraExtensions(controller.V3Controller):
subject_dict = dict()
subject_dict['name'] = kw.get('subject_name', None)
subject_dict['description'] = kw.get('subject_description', None)
+ subject_dict['password'] = kw.get('subject_password', None)
+ subject_dict['email'] = kw.get('subject_email', None)
+ LOG.debug("controllers.add_subject {}".format(subject_dict))
return self.admin_api.add_subject_dict(user_id, intra_extension_id, subject_dict)
@controller.protected()
diff --git a/keystone-moon/keystone/contrib/moon/core.py b/keystone-moon/keystone/contrib/moon/core.py
index 19c1986e..97d18ca5 100644
--- a/keystone-moon/keystone/contrib/moon/core.py
+++ b/keystone-moon/keystone/contrib/moon/core.py
@@ -13,7 +13,7 @@ import time
import types
from keystone.common import manager
-from keystone import config
+from keystone.exception import UserNotFound
from oslo_log import log
from keystone.common import dependency
from keystone import exception
@@ -78,6 +78,22 @@ def filter_input(func_or_str):
return "".join(re.findall("[\w\- +]*", string))
return string
+ def __filter_dict(arg):
+ result = dict()
+ for key in arg.keys():
+ if key == "email":
+ result["email"] = __filter_email(arg[key])
+ elif key == "password":
+ result["password"] = arg['password']
+ else:
+ result[key] = __filter(arg[key])
+ return result
+
+ def __filter_email(string):
+ if string and type(string) in (str, unicode):
+ return "".join(re.findall("[\w@\._\- +]*", string))
+ return string
+
def wrapped(*args, **kwargs):
_args = []
for arg in args:
@@ -88,7 +104,7 @@ def filter_input(func_or_str):
elif isinstance(arg, tuple):
arg = (__filter(item) for item in arg)
elif isinstance(arg, dict):
- arg = {item: __filter(arg[item]) for item in arg.keys()}
+ arg = __filter_dict(arg)
_args.append(arg)
for arg in kwargs:
if type(kwargs[arg]) in (unicode, str):
@@ -100,7 +116,7 @@ def filter_input(func_or_str):
elif isinstance(kwargs[arg], tuple):
kwargs[arg] = (__filter(item) for item in kwargs[arg])
elif isinstance(kwargs[arg], dict):
- kwargs[arg] = {item: __filter(kwargs[arg][item]) for item in kwargs[arg].keys()}
+ kwargs[arg] = __filter_dict(kwargs[arg])
return func_or_str(*_args, **kwargs)
if isinstance(func_or_str, str) or isinstance(func_or_str, unicode):
@@ -110,7 +126,7 @@ def filter_input(func_or_str):
if isinstance(func_or_str, tuple):
return (__filter(item) for item in func_or_str)
if isinstance(func_or_str, dict):
- return {item: __filter(func_or_str[item]) for item in func_or_str.keys()}
+ return __filter_dict(func_or_str)
if isinstance(func_or_str, types.FunctionType):
return wrapped
return None
@@ -1110,11 +1126,32 @@ class IntraExtensionManager(manager.Manager):
def add_subject_dict(self, user_id, intra_extension_id, subject_dict):
subjects_dict = self.driver.get_subjects_dict(intra_extension_id)
for subject_id in subjects_dict:
- print(subjects_dict[subject_id]["name"], subject_dict['name'])
if subjects_dict[subject_id]["name"] == subject_dict['name']:
raise SubjectNameExisting()
- # Next line will raise an error if user is not present in Keystone database
- subject_keystone_dict = self.identity_api.get_user_by_name(subject_dict['name'], "default")
+ try:
+ subject_keystone_dict = self.identity_api.get_user_by_name(subject_dict['name'], "default")
+ except UserNotFound as e:
+ if 'domain_id' not in subject_dict:
+ subject_dict['domain_id'] = "default"
+ if 'project_id' not in subject_dict:
+ tenants = self.tenant_api.get_tenants_dict(user_id)
+ # Get the tenant ID for that intra_extension
+ for tenant_id, tenant_value in tenants.iteritems():
+ if intra_extension_id == tenant_value['intra_admin_extension_id'] or \
+ intra_extension_id == tenant_value['intra_authz_extension_id']:
+ subject_dict['project_id'] = tenant_value['id']
+ break
+ else:
+ # If no tenant is found default to the admin tenant
+ for tenant_id, tenant_value in tenants.iteritems():
+ if tenant_value['name'] == 'admin':
+ subject_dict['project_id'] = tenant_value['id']
+ if 'email' not in subject_dict:
+ subject_dict['email'] = ""
+ if 'password' not in subject_dict:
+ # Default passord to the name of the new user
+ subject_dict['password'] = subject_dict['name']
+ subject_keystone_dict = self.identity_api.create_user(subject_dict)
subject_dict["keystone_id"] = subject_keystone_dict["id"]
subject_dict["keystone_name"] = subject_keystone_dict["name"]
return self.driver.set_subject_dict(intra_extension_id, uuid4().hex, subject_dict)
@@ -1826,12 +1863,14 @@ class IntraExtensionAuthzManager(IntraExtensionManager):
subject_id, subject_value = subject.iteritems().next()
tenants_dict = self.tenant_api.get_tenants_dict(self.root_api.get_root_admin_id())
for tenant_id in tenants_dict:
- if tenants_dict[tenant_id]["intra_authz_extension_id"] == intra_extension_id:
+ if tenants_dict[tenant_id]["intra_admin_extension_id"] and \
+ tenants_dict[tenant_id]["intra_authz_extension_id"] == intra_extension_id:
_subjects = self.driver.get_subjects_dict(tenants_dict[tenant_id]["intra_admin_extension_id"])
if subject_value["name"] not in [_subjects[_id]["name"] for _id in _subjects]:
self.driver.set_subject_dict(tenants_dict[tenant_id]["intra_admin_extension_id"], uuid4().hex, subject_value)
break
- if tenants_dict[tenant_id]["intra_admin_extension_id"] == intra_extension_id:
+ if tenants_dict[tenant_id]["intra_authz_extension_id"] and \
+ tenants_dict[tenant_id]["intra_admin_extension_id"] == intra_extension_id:
_subjects = self.driver.get_subjects_dict(tenants_dict[tenant_id]["intra_authz_extension_id"])
if subject_value["name"] not in [_subjects[_id]["name"] for _id in _subjects]:
self.driver.set_subject_dict(tenants_dict[tenant_id]["intra_authz_extension_id"], uuid4().hex, subject_value)
@@ -1987,12 +2026,14 @@ class IntraExtensionAdminManager(IntraExtensionManager):
subject_id, subject_value = subject.iteritems().next()
tenants_dict = self.tenant_api.get_tenants_dict(self.root_api.get_root_admin_id())
for tenant_id in tenants_dict:
- if tenants_dict[tenant_id]["intra_authz_extension_id"] == intra_extension_id:
+ if tenants_dict[tenant_id]["intra_admin_extension_id"] and \
+ tenants_dict[tenant_id]["intra_authz_extension_id"] == intra_extension_id:
_subjects = self.driver.get_subjects_dict(tenants_dict[tenant_id]["intra_admin_extension_id"])
if subject_value["name"] not in [_subjects[_id]["name"] for _id in _subjects]:
self.driver.set_subject_dict(tenants_dict[tenant_id]["intra_admin_extension_id"], uuid4().hex, subject_value)
break
- if tenants_dict[tenant_id]["intra_admin_extension_id"] == intra_extension_id:
+ if tenants_dict[tenant_id]["intra_authz_extension_id"] and \
+ tenants_dict[tenant_id]["intra_admin_extension_id"] == intra_extension_id:
_subjects = self.driver.get_subjects_dict(tenants_dict[tenant_id]["intra_authz_extension_id"])
if subject_value["name"] not in [_subjects[_id]["name"] for _id in _subjects]:
self.driver.set_subject_dict(tenants_dict[tenant_id]["intra_authz_extension_id"], uuid4().hex, subject_value)
diff --git a/moonclient/moonclient/subjects.py b/moonclient/moonclient/subjects.py
index 6eebcfb8..29ce745d 100644
--- a/moonclient/moonclient/subjects.py
+++ b/moonclient/moonclient/subjects.py
@@ -7,6 +7,7 @@ import logging
from cliff.lister import Lister
from cliff.command import Command
+import getpass
class SubjectsList(Lister):
@@ -56,15 +57,29 @@ class SubjectsAdd(Command):
metavar='<description-str>',
help='Subject description',
)
+ parser.add_argument(
+ '--password',
+ metavar='<password-str>',
+ help='Password for subject (if not given, user will be prompted for one)',
+ )
+ parser.add_argument(
+ '--email',
+ metavar='<email-str>',
+ help='Email for the user',
+ )
return parser
def take_action(self, parsed_args):
if not parsed_args.intraextension:
parsed_args.intraextension = self.app.intraextension
+ if not parsed_args.password:
+ parsed_args.password = getpass.getpass("Password for user {}:".format(parsed_args.subject_name))
data = self.app.get_url("/v3/OS-MOON/intra_extensions/{}/subjects".format(parsed_args.intraextension),
post_data={
"subject_name": parsed_args.subject_name,
- "subject_description": parsed_args.description
+ "subject_description": parsed_args.description,
+ "subject_password": parsed_args.password,
+ "subject_email": parsed_args.email
},
authtoken=True)
return (
diff --git a/moonclient/moonclient/tests/tests_intra_extensions.json b/moonclient/moonclient/tests/tests_intra_extensions.json
deleted file mode 100644
index a6d369aa..00000000
--- a/moonclient/moonclient/tests/tests_intra_extensions.json
+++ /dev/null
@@ -1,43 +0,0 @@
-{
- "command_prefix": "moon",
- "tests_group": {
- "group1": [
- {
- "name": "create_intraextension_authz",
- "command": "intraextension create --policy_model policy_authz func_test",
- "result": "%uuid_authz%",
- "description": "Create an authz intra extension"
- },
- {
- "name": "list_intraextension_authz",
- "command": "intraextension list",
- "result": "$uuid_authz",
- "description": "Check the existence of that authz intra extension"
- },
- {
- "name": "create_intraextension_admin",
- "command": "intraextension create --policy_model policy_admin func_test",
- "result": "%uuid_admin%",
- "description": "Create an admin intra extension"
- },
- {
- "name": "list_intraextension_admin",
- "command": "intraextension list",
- "result": "$uuid_admin",
- "description": "Check the existence of that admin intra extension"
- },
- {
- "name": "set_tenant_authz",
- "command": "intraextension tenant set authz $uuid_authz demo",
- "result": "",
- "description": "Connect the authz intra extension to the tenant demo"
- },
- {
- "name": "set_tenant_admin",
- "command": "intraextension tenant set authz $uuid_authz demo",
- "result": "",
- "description": "Connect the admin intra extension to the tenant demo"
- }
- ]
- }
-} \ No newline at end of file
diff --git a/moonclient/python_moonclient.egg-info/PKG-INFO b/moonclient/python_moonclient.egg-info/PKG-INFO
deleted file mode 100644
index 1045d986..00000000
--- a/moonclient/python_moonclient.egg-info/PKG-INFO
+++ /dev/null
@@ -1,37 +0,0 @@
-Metadata-Version: 1.1
-Name: python-moonclient
-Version: 0.1
-Summary: Python Moon client
-Home-page: https://github.com/...
-Author: Thomas Duval
-Author-email: thomas.duval@orange.com
-License: UNKNOWN
-Download-URL: https://github.com/.../tarball/master
-Description: Moon Client
- ===========
-
- Installation
- ------------
-
- * `sudo python setup.py install`
-
- * `cd ~/devstack || source openrc admin`
-
-
- Manipulation
- ------------
-
- * `moon tenant list`
-
-
-
-Platform: Any
-Classifier: Development Status :: 3 - Alpha
-Classifier: License :: OSI Approved :: Apache Software License
-Classifier: Programming Language :: Python
-Classifier: Programming Language :: Python :: 2
-Classifier: Programming Language :: Python :: 2.7
-Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3.2
-Classifier: Intended Audience :: Developers
-Classifier: Environment :: Console
diff --git a/moonclient/python_moonclient.egg-info/SOURCES.txt b/moonclient/python_moonclient.egg-info/SOURCES.txt
deleted file mode 100644
index 656a639e..00000000
--- a/moonclient/python_moonclient.egg-info/SOURCES.txt
+++ /dev/null
@@ -1,33 +0,0 @@
-MANIFEST.in
-README.rst
-setup.py
-moonclient/__init__.py
-moonclient/action_assignments.py
-moonclient/action_categories.py
-moonclient/action_scopes.py
-moonclient/actions.py
-moonclient/configuration.py
-moonclient/intraextension.py
-moonclient/logs.py
-moonclient/metarules.py
-moonclient/object_assignments.py
-moonclient/object_categories.py
-moonclient/object_scopes.py
-moonclient/objects.py
-moonclient/rules.py
-moonclient/shell.py
-moonclient/subject_assignments.py
-moonclient/subject_categories.py
-moonclient/subject_scopes.py
-moonclient/subjects.py
-moonclient/tenants.py
-moonclient/tests.py
-moonclient/tests/functional_tests.sh
-python_moonclient.egg-info/PKG-INFO
-python_moonclient.egg-info/SOURCES.txt
-python_moonclient.egg-info/dependency_links.txt
-python_moonclient.egg-info/entry_points.txt
-python_moonclient.egg-info/namespace_packages.txt
-python_moonclient.egg-info/not-zip-safe
-python_moonclient.egg-info/requires.txt
-python_moonclient.egg-info/top_level.txt \ No newline at end of file
diff --git a/moonclient/python_moonclient.egg-info/dependency_links.txt b/moonclient/python_moonclient.egg-info/dependency_links.txt
deleted file mode 100644
index 8b137891..00000000
--- a/moonclient/python_moonclient.egg-info/dependency_links.txt
+++ /dev/null
@@ -1 +0,0 @@
-
diff --git a/moonclient/python_moonclient.egg-info/namespace_packages.txt b/moonclient/python_moonclient.egg-info/namespace_packages.txt
deleted file mode 100644
index 8b137891..00000000
--- a/moonclient/python_moonclient.egg-info/namespace_packages.txt
+++ /dev/null
@@ -1 +0,0 @@
-
diff --git a/moonclient/python_moonclient.egg-info/not-zip-safe b/moonclient/python_moonclient.egg-info/not-zip-safe
deleted file mode 100644
index 8b137891..00000000
--- a/moonclient/python_moonclient.egg-info/not-zip-safe
+++ /dev/null
@@ -1 +0,0 @@
-
diff --git a/moonclient/python_moonclient.egg-info/top_level.txt b/moonclient/python_moonclient.egg-info/top_level.txt
deleted file mode 100644
index aeaf6094..00000000
--- a/moonclient/python_moonclient.egg-info/top_level.txt
+++ /dev/null
@@ -1 +0,0 @@
-moonclient