diff options
-rw-r--r-- | keystone-moon/keystone/contrib/moon/controllers.py | 3 | ||||
-rw-r--r-- | keystone-moon/keystone/contrib/moon/core.py | 63 | ||||
-rw-r--r-- | moonclient/moonclient/subjects.py | 17 | ||||
-rw-r--r-- | moonclient/moonclient/tests/tests_intra_extensions.json | 43 | ||||
-rw-r--r-- | moonclient/python_moonclient.egg-info/PKG-INFO | 37 | ||||
-rw-r--r-- | moonclient/python_moonclient.egg-info/SOURCES.txt | 33 | ||||
-rw-r--r-- | moonclient/python_moonclient.egg-info/dependency_links.txt | 1 | ||||
-rw-r--r-- | moonclient/python_moonclient.egg-info/namespace_packages.txt | 1 | ||||
-rw-r--r-- | moonclient/python_moonclient.egg-info/not-zip-safe | 1 | ||||
-rw-r--r-- | moonclient/python_moonclient.egg-info/top_level.txt | 1 |
10 files changed, 71 insertions, 129 deletions
diff --git a/keystone-moon/keystone/contrib/moon/controllers.py b/keystone-moon/keystone/contrib/moon/controllers.py index c860ed6a..596946b2 100644 --- a/keystone-moon/keystone/contrib/moon/controllers.py +++ b/keystone-moon/keystone/contrib/moon/controllers.py @@ -340,6 +340,9 @@ class IntraExtensions(controller.V3Controller): subject_dict = dict() subject_dict['name'] = kw.get('subject_name', None) subject_dict['description'] = kw.get('subject_description', None) + subject_dict['password'] = kw.get('subject_password', None) + subject_dict['email'] = kw.get('subject_email', None) + LOG.debug("controllers.add_subject {}".format(subject_dict)) return self.admin_api.add_subject_dict(user_id, intra_extension_id, subject_dict) @controller.protected() diff --git a/keystone-moon/keystone/contrib/moon/core.py b/keystone-moon/keystone/contrib/moon/core.py index 19c1986e..97d18ca5 100644 --- a/keystone-moon/keystone/contrib/moon/core.py +++ b/keystone-moon/keystone/contrib/moon/core.py @@ -13,7 +13,7 @@ import time import types from keystone.common import manager -from keystone import config +from keystone.exception import UserNotFound from oslo_log import log from keystone.common import dependency from keystone import exception @@ -78,6 +78,22 @@ def filter_input(func_or_str): return "".join(re.findall("[\w\- +]*", string)) return string + def __filter_dict(arg): + result = dict() + for key in arg.keys(): + if key == "email": + result["email"] = __filter_email(arg[key]) + elif key == "password": + result["password"] = arg['password'] + else: + result[key] = __filter(arg[key]) + return result + + def __filter_email(string): + if string and type(string) in (str, unicode): + return "".join(re.findall("[\w@\._\- +]*", string)) + return string + def wrapped(*args, **kwargs): _args = [] for arg in args: @@ -88,7 +104,7 @@ def filter_input(func_or_str): elif isinstance(arg, tuple): arg = (__filter(item) for item in arg) elif isinstance(arg, dict): - arg = {item: __filter(arg[item]) for item in arg.keys()} + arg = __filter_dict(arg) _args.append(arg) for arg in kwargs: if type(kwargs[arg]) in (unicode, str): @@ -100,7 +116,7 @@ def filter_input(func_or_str): elif isinstance(kwargs[arg], tuple): kwargs[arg] = (__filter(item) for item in kwargs[arg]) elif isinstance(kwargs[arg], dict): - kwargs[arg] = {item: __filter(kwargs[arg][item]) for item in kwargs[arg].keys()} + kwargs[arg] = __filter_dict(kwargs[arg]) return func_or_str(*_args, **kwargs) if isinstance(func_or_str, str) or isinstance(func_or_str, unicode): @@ -110,7 +126,7 @@ def filter_input(func_or_str): if isinstance(func_or_str, tuple): return (__filter(item) for item in func_or_str) if isinstance(func_or_str, dict): - return {item: __filter(func_or_str[item]) for item in func_or_str.keys()} + return __filter_dict(func_or_str) if isinstance(func_or_str, types.FunctionType): return wrapped return None @@ -1110,11 +1126,32 @@ class IntraExtensionManager(manager.Manager): def add_subject_dict(self, user_id, intra_extension_id, subject_dict): subjects_dict = self.driver.get_subjects_dict(intra_extension_id) for subject_id in subjects_dict: - print(subjects_dict[subject_id]["name"], subject_dict['name']) if subjects_dict[subject_id]["name"] == subject_dict['name']: raise SubjectNameExisting() - # Next line will raise an error if user is not present in Keystone database - subject_keystone_dict = self.identity_api.get_user_by_name(subject_dict['name'], "default") + try: + subject_keystone_dict = self.identity_api.get_user_by_name(subject_dict['name'], "default") + except UserNotFound as e: + if 'domain_id' not in subject_dict: + subject_dict['domain_id'] = "default" + if 'project_id' not in subject_dict: + tenants = self.tenant_api.get_tenants_dict(user_id) + # Get the tenant ID for that intra_extension + for tenant_id, tenant_value in tenants.iteritems(): + if intra_extension_id == tenant_value['intra_admin_extension_id'] or \ + intra_extension_id == tenant_value['intra_authz_extension_id']: + subject_dict['project_id'] = tenant_value['id'] + break + else: + # If no tenant is found default to the admin tenant + for tenant_id, tenant_value in tenants.iteritems(): + if tenant_value['name'] == 'admin': + subject_dict['project_id'] = tenant_value['id'] + if 'email' not in subject_dict: + subject_dict['email'] = "" + if 'password' not in subject_dict: + # Default passord to the name of the new user + subject_dict['password'] = subject_dict['name'] + subject_keystone_dict = self.identity_api.create_user(subject_dict) subject_dict["keystone_id"] = subject_keystone_dict["id"] subject_dict["keystone_name"] = subject_keystone_dict["name"] return self.driver.set_subject_dict(intra_extension_id, uuid4().hex, subject_dict) @@ -1826,12 +1863,14 @@ class IntraExtensionAuthzManager(IntraExtensionManager): subject_id, subject_value = subject.iteritems().next() tenants_dict = self.tenant_api.get_tenants_dict(self.root_api.get_root_admin_id()) for tenant_id in tenants_dict: - if tenants_dict[tenant_id]["intra_authz_extension_id"] == intra_extension_id: + if tenants_dict[tenant_id]["intra_admin_extension_id"] and \ + tenants_dict[tenant_id]["intra_authz_extension_id"] == intra_extension_id: _subjects = self.driver.get_subjects_dict(tenants_dict[tenant_id]["intra_admin_extension_id"]) if subject_value["name"] not in [_subjects[_id]["name"] for _id in _subjects]: self.driver.set_subject_dict(tenants_dict[tenant_id]["intra_admin_extension_id"], uuid4().hex, subject_value) break - if tenants_dict[tenant_id]["intra_admin_extension_id"] == intra_extension_id: + if tenants_dict[tenant_id]["intra_authz_extension_id"] and \ + tenants_dict[tenant_id]["intra_admin_extension_id"] == intra_extension_id: _subjects = self.driver.get_subjects_dict(tenants_dict[tenant_id]["intra_authz_extension_id"]) if subject_value["name"] not in [_subjects[_id]["name"] for _id in _subjects]: self.driver.set_subject_dict(tenants_dict[tenant_id]["intra_authz_extension_id"], uuid4().hex, subject_value) @@ -1987,12 +2026,14 @@ class IntraExtensionAdminManager(IntraExtensionManager): subject_id, subject_value = subject.iteritems().next() tenants_dict = self.tenant_api.get_tenants_dict(self.root_api.get_root_admin_id()) for tenant_id in tenants_dict: - if tenants_dict[tenant_id]["intra_authz_extension_id"] == intra_extension_id: + if tenants_dict[tenant_id]["intra_admin_extension_id"] and \ + tenants_dict[tenant_id]["intra_authz_extension_id"] == intra_extension_id: _subjects = self.driver.get_subjects_dict(tenants_dict[tenant_id]["intra_admin_extension_id"]) if subject_value["name"] not in [_subjects[_id]["name"] for _id in _subjects]: self.driver.set_subject_dict(tenants_dict[tenant_id]["intra_admin_extension_id"], uuid4().hex, subject_value) break - if tenants_dict[tenant_id]["intra_admin_extension_id"] == intra_extension_id: + if tenants_dict[tenant_id]["intra_authz_extension_id"] and \ + tenants_dict[tenant_id]["intra_admin_extension_id"] == intra_extension_id: _subjects = self.driver.get_subjects_dict(tenants_dict[tenant_id]["intra_authz_extension_id"]) if subject_value["name"] not in [_subjects[_id]["name"] for _id in _subjects]: self.driver.set_subject_dict(tenants_dict[tenant_id]["intra_authz_extension_id"], uuid4().hex, subject_value) diff --git a/moonclient/moonclient/subjects.py b/moonclient/moonclient/subjects.py index 6eebcfb8..29ce745d 100644 --- a/moonclient/moonclient/subjects.py +++ b/moonclient/moonclient/subjects.py @@ -7,6 +7,7 @@ import logging from cliff.lister import Lister from cliff.command import Command +import getpass class SubjectsList(Lister): @@ -56,15 +57,29 @@ class SubjectsAdd(Command): metavar='<description-str>', help='Subject description', ) + parser.add_argument( + '--password', + metavar='<password-str>', + help='Password for subject (if not given, user will be prompted for one)', + ) + parser.add_argument( + '--email', + metavar='<email-str>', + help='Email for the user', + ) return parser def take_action(self, parsed_args): if not parsed_args.intraextension: parsed_args.intraextension = self.app.intraextension + if not parsed_args.password: + parsed_args.password = getpass.getpass("Password for user {}:".format(parsed_args.subject_name)) data = self.app.get_url("/v3/OS-MOON/intra_extensions/{}/subjects".format(parsed_args.intraextension), post_data={ "subject_name": parsed_args.subject_name, - "subject_description": parsed_args.description + "subject_description": parsed_args.description, + "subject_password": parsed_args.password, + "subject_email": parsed_args.email }, authtoken=True) return ( diff --git a/moonclient/moonclient/tests/tests_intra_extensions.json b/moonclient/moonclient/tests/tests_intra_extensions.json deleted file mode 100644 index a6d369aa..00000000 --- a/moonclient/moonclient/tests/tests_intra_extensions.json +++ /dev/null @@ -1,43 +0,0 @@ -{ - "command_prefix": "moon", - "tests_group": { - "group1": [ - { - "name": "create_intraextension_authz", - "command": "intraextension create --policy_model policy_authz func_test", - "result": "%uuid_authz%", - "description": "Create an authz intra extension" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "create_intraextension_admin", - "command": "intraextension create --policy_model policy_admin func_test", - "result": "%uuid_admin%", - "description": "Create an admin intra extension" - }, - { - "name": "list_intraextension_admin", - "command": "intraextension list", - "result": "$uuid_admin", - "description": "Check the existence of that admin intra extension" - }, - { - "name": "set_tenant_authz", - "command": "intraextension tenant set authz $uuid_authz demo", - "result": "", - "description": "Connect the authz intra extension to the tenant demo" - }, - { - "name": "set_tenant_admin", - "command": "intraextension tenant set authz $uuid_authz demo", - "result": "", - "description": "Connect the admin intra extension to the tenant demo" - } - ] - } -}
\ No newline at end of file diff --git a/moonclient/python_moonclient.egg-info/PKG-INFO b/moonclient/python_moonclient.egg-info/PKG-INFO deleted file mode 100644 index 1045d986..00000000 --- a/moonclient/python_moonclient.egg-info/PKG-INFO +++ /dev/null @@ -1,37 +0,0 @@ -Metadata-Version: 1.1 -Name: python-moonclient -Version: 0.1 -Summary: Python Moon client -Home-page: https://github.com/... -Author: Thomas Duval -Author-email: thomas.duval@orange.com -License: UNKNOWN -Download-URL: https://github.com/.../tarball/master -Description: Moon Client - =========== - - Installation - ------------ - - * `sudo python setup.py install` - - * `cd ~/devstack || source openrc admin` - - - Manipulation - ------------ - - * `moon tenant list` - - - -Platform: Any -Classifier: Development Status :: 3 - Alpha -Classifier: License :: OSI Approved :: Apache Software License -Classifier: Programming Language :: Python -Classifier: Programming Language :: Python :: 2 -Classifier: Programming Language :: Python :: 2.7 -Classifier: Programming Language :: Python :: 3 -Classifier: Programming Language :: Python :: 3.2 -Classifier: Intended Audience :: Developers -Classifier: Environment :: Console diff --git a/moonclient/python_moonclient.egg-info/SOURCES.txt b/moonclient/python_moonclient.egg-info/SOURCES.txt deleted file mode 100644 index 656a639e..00000000 --- a/moonclient/python_moonclient.egg-info/SOURCES.txt +++ /dev/null @@ -1,33 +0,0 @@ -MANIFEST.in -README.rst -setup.py -moonclient/__init__.py -moonclient/action_assignments.py -moonclient/action_categories.py -moonclient/action_scopes.py -moonclient/actions.py -moonclient/configuration.py -moonclient/intraextension.py -moonclient/logs.py -moonclient/metarules.py -moonclient/object_assignments.py -moonclient/object_categories.py -moonclient/object_scopes.py -moonclient/objects.py -moonclient/rules.py -moonclient/shell.py -moonclient/subject_assignments.py -moonclient/subject_categories.py -moonclient/subject_scopes.py -moonclient/subjects.py -moonclient/tenants.py -moonclient/tests.py -moonclient/tests/functional_tests.sh -python_moonclient.egg-info/PKG-INFO -python_moonclient.egg-info/SOURCES.txt -python_moonclient.egg-info/dependency_links.txt -python_moonclient.egg-info/entry_points.txt -python_moonclient.egg-info/namespace_packages.txt -python_moonclient.egg-info/not-zip-safe -python_moonclient.egg-info/requires.txt -python_moonclient.egg-info/top_level.txt
\ No newline at end of file diff --git a/moonclient/python_moonclient.egg-info/dependency_links.txt b/moonclient/python_moonclient.egg-info/dependency_links.txt deleted file mode 100644 index 8b137891..00000000 --- a/moonclient/python_moonclient.egg-info/dependency_links.txt +++ /dev/null @@ -1 +0,0 @@ - diff --git a/moonclient/python_moonclient.egg-info/namespace_packages.txt b/moonclient/python_moonclient.egg-info/namespace_packages.txt deleted file mode 100644 index 8b137891..00000000 --- a/moonclient/python_moonclient.egg-info/namespace_packages.txt +++ /dev/null @@ -1 +0,0 @@ - diff --git a/moonclient/python_moonclient.egg-info/not-zip-safe b/moonclient/python_moonclient.egg-info/not-zip-safe deleted file mode 100644 index 8b137891..00000000 --- a/moonclient/python_moonclient.egg-info/not-zip-safe +++ /dev/null @@ -1 +0,0 @@ - diff --git a/moonclient/python_moonclient.egg-info/top_level.txt b/moonclient/python_moonclient.egg-info/top_level.txt deleted file mode 100644 index aeaf6094..00000000 --- a/moonclient/python_moonclient.egg-info/top_level.txt +++ /dev/null @@ -1 +0,0 @@ -moonclient |