summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--keystone-moon/keystone/contrib/moon/controllers.py3
-rw-r--r--keystone-moon/keystone/contrib/moon/core.py63
-rw-r--r--moonclient/moonclient/subjects.py17
3 files changed, 71 insertions, 12 deletions
diff --git a/keystone-moon/keystone/contrib/moon/controllers.py b/keystone-moon/keystone/contrib/moon/controllers.py
index c860ed6a..596946b2 100644
--- a/keystone-moon/keystone/contrib/moon/controllers.py
+++ b/keystone-moon/keystone/contrib/moon/controllers.py
@@ -340,6 +340,9 @@ class IntraExtensions(controller.V3Controller):
subject_dict = dict()
subject_dict['name'] = kw.get('subject_name', None)
subject_dict['description'] = kw.get('subject_description', None)
+ subject_dict['password'] = kw.get('subject_password', None)
+ subject_dict['email'] = kw.get('subject_email', None)
+ LOG.debug("controllers.add_subject {}".format(subject_dict))
return self.admin_api.add_subject_dict(user_id, intra_extension_id, subject_dict)
@controller.protected()
diff --git a/keystone-moon/keystone/contrib/moon/core.py b/keystone-moon/keystone/contrib/moon/core.py
index 19c1986e..97d18ca5 100644
--- a/keystone-moon/keystone/contrib/moon/core.py
+++ b/keystone-moon/keystone/contrib/moon/core.py
@@ -13,7 +13,7 @@ import time
import types
from keystone.common import manager
-from keystone import config
+from keystone.exception import UserNotFound
from oslo_log import log
from keystone.common import dependency
from keystone import exception
@@ -78,6 +78,22 @@ def filter_input(func_or_str):
return "".join(re.findall("[\w\- +]*", string))
return string
+ def __filter_dict(arg):
+ result = dict()
+ for key in arg.keys():
+ if key == "email":
+ result["email"] = __filter_email(arg[key])
+ elif key == "password":
+ result["password"] = arg['password']
+ else:
+ result[key] = __filter(arg[key])
+ return result
+
+ def __filter_email(string):
+ if string and type(string) in (str, unicode):
+ return "".join(re.findall("[\w@\._\- +]*", string))
+ return string
+
def wrapped(*args, **kwargs):
_args = []
for arg in args:
@@ -88,7 +104,7 @@ def filter_input(func_or_str):
elif isinstance(arg, tuple):
arg = (__filter(item) for item in arg)
elif isinstance(arg, dict):
- arg = {item: __filter(arg[item]) for item in arg.keys()}
+ arg = __filter_dict(arg)
_args.append(arg)
for arg in kwargs:
if type(kwargs[arg]) in (unicode, str):
@@ -100,7 +116,7 @@ def filter_input(func_or_str):
elif isinstance(kwargs[arg], tuple):
kwargs[arg] = (__filter(item) for item in kwargs[arg])
elif isinstance(kwargs[arg], dict):
- kwargs[arg] = {item: __filter(kwargs[arg][item]) for item in kwargs[arg].keys()}
+ kwargs[arg] = __filter_dict(kwargs[arg])
return func_or_str(*_args, **kwargs)
if isinstance(func_or_str, str) or isinstance(func_or_str, unicode):
@@ -110,7 +126,7 @@ def filter_input(func_or_str):
if isinstance(func_or_str, tuple):
return (__filter(item) for item in func_or_str)
if isinstance(func_or_str, dict):
- return {item: __filter(func_or_str[item]) for item in func_or_str.keys()}
+ return __filter_dict(func_or_str)
if isinstance(func_or_str, types.FunctionType):
return wrapped
return None
@@ -1110,11 +1126,32 @@ class IntraExtensionManager(manager.Manager):
def add_subject_dict(self, user_id, intra_extension_id, subject_dict):
subjects_dict = self.driver.get_subjects_dict(intra_extension_id)
for subject_id in subjects_dict:
- print(subjects_dict[subject_id]["name"], subject_dict['name'])
if subjects_dict[subject_id]["name"] == subject_dict['name']:
raise SubjectNameExisting()
- # Next line will raise an error if user is not present in Keystone database
- subject_keystone_dict = self.identity_api.get_user_by_name(subject_dict['name'], "default")
+ try:
+ subject_keystone_dict = self.identity_api.get_user_by_name(subject_dict['name'], "default")
+ except UserNotFound as e:
+ if 'domain_id' not in subject_dict:
+ subject_dict['domain_id'] = "default"
+ if 'project_id' not in subject_dict:
+ tenants = self.tenant_api.get_tenants_dict(user_id)
+ # Get the tenant ID for that intra_extension
+ for tenant_id, tenant_value in tenants.iteritems():
+ if intra_extension_id == tenant_value['intra_admin_extension_id'] or \
+ intra_extension_id == tenant_value['intra_authz_extension_id']:
+ subject_dict['project_id'] = tenant_value['id']
+ break
+ else:
+ # If no tenant is found default to the admin tenant
+ for tenant_id, tenant_value in tenants.iteritems():
+ if tenant_value['name'] == 'admin':
+ subject_dict['project_id'] = tenant_value['id']
+ if 'email' not in subject_dict:
+ subject_dict['email'] = ""
+ if 'password' not in subject_dict:
+ # Default passord to the name of the new user
+ subject_dict['password'] = subject_dict['name']
+ subject_keystone_dict = self.identity_api.create_user(subject_dict)
subject_dict["keystone_id"] = subject_keystone_dict["id"]
subject_dict["keystone_name"] = subject_keystone_dict["name"]
return self.driver.set_subject_dict(intra_extension_id, uuid4().hex, subject_dict)
@@ -1826,12 +1863,14 @@ class IntraExtensionAuthzManager(IntraExtensionManager):
subject_id, subject_value = subject.iteritems().next()
tenants_dict = self.tenant_api.get_tenants_dict(self.root_api.get_root_admin_id())
for tenant_id in tenants_dict:
- if tenants_dict[tenant_id]["intra_authz_extension_id"] == intra_extension_id:
+ if tenants_dict[tenant_id]["intra_admin_extension_id"] and \
+ tenants_dict[tenant_id]["intra_authz_extension_id"] == intra_extension_id:
_subjects = self.driver.get_subjects_dict(tenants_dict[tenant_id]["intra_admin_extension_id"])
if subject_value["name"] not in [_subjects[_id]["name"] for _id in _subjects]:
self.driver.set_subject_dict(tenants_dict[tenant_id]["intra_admin_extension_id"], uuid4().hex, subject_value)
break
- if tenants_dict[tenant_id]["intra_admin_extension_id"] == intra_extension_id:
+ if tenants_dict[tenant_id]["intra_authz_extension_id"] and \
+ tenants_dict[tenant_id]["intra_admin_extension_id"] == intra_extension_id:
_subjects = self.driver.get_subjects_dict(tenants_dict[tenant_id]["intra_authz_extension_id"])
if subject_value["name"] not in [_subjects[_id]["name"] for _id in _subjects]:
self.driver.set_subject_dict(tenants_dict[tenant_id]["intra_authz_extension_id"], uuid4().hex, subject_value)
@@ -1987,12 +2026,14 @@ class IntraExtensionAdminManager(IntraExtensionManager):
subject_id, subject_value = subject.iteritems().next()
tenants_dict = self.tenant_api.get_tenants_dict(self.root_api.get_root_admin_id())
for tenant_id in tenants_dict:
- if tenants_dict[tenant_id]["intra_authz_extension_id"] == intra_extension_id:
+ if tenants_dict[tenant_id]["intra_admin_extension_id"] and \
+ tenants_dict[tenant_id]["intra_authz_extension_id"] == intra_extension_id:
_subjects = self.driver.get_subjects_dict(tenants_dict[tenant_id]["intra_admin_extension_id"])
if subject_value["name"] not in [_subjects[_id]["name"] for _id in _subjects]:
self.driver.set_subject_dict(tenants_dict[tenant_id]["intra_admin_extension_id"], uuid4().hex, subject_value)
break
- if tenants_dict[tenant_id]["intra_admin_extension_id"] == intra_extension_id:
+ if tenants_dict[tenant_id]["intra_authz_extension_id"] and \
+ tenants_dict[tenant_id]["intra_admin_extension_id"] == intra_extension_id:
_subjects = self.driver.get_subjects_dict(tenants_dict[tenant_id]["intra_authz_extension_id"])
if subject_value["name"] not in [_subjects[_id]["name"] for _id in _subjects]:
self.driver.set_subject_dict(tenants_dict[tenant_id]["intra_authz_extension_id"], uuid4().hex, subject_value)
diff --git a/moonclient/moonclient/subjects.py b/moonclient/moonclient/subjects.py
index 6eebcfb8..29ce745d 100644
--- a/moonclient/moonclient/subjects.py
+++ b/moonclient/moonclient/subjects.py
@@ -7,6 +7,7 @@ import logging
from cliff.lister import Lister
from cliff.command import Command
+import getpass
class SubjectsList(Lister):
@@ -56,15 +57,29 @@ class SubjectsAdd(Command):
metavar='<description-str>',
help='Subject description',
)
+ parser.add_argument(
+ '--password',
+ metavar='<password-str>',
+ help='Password for subject (if not given, user will be prompted for one)',
+ )
+ parser.add_argument(
+ '--email',
+ metavar='<email-str>',
+ help='Email for the user',
+ )
return parser
def take_action(self, parsed_args):
if not parsed_args.intraextension:
parsed_args.intraextension = self.app.intraextension
+ if not parsed_args.password:
+ parsed_args.password = getpass.getpass("Password for user {}:".format(parsed_args.subject_name))
data = self.app.get_url("/v3/OS-MOON/intra_extensions/{}/subjects".format(parsed_args.intraextension),
post_data={
"subject_name": parsed_args.subject_name,
- "subject_description": parsed_args.description
+ "subject_description": parsed_args.description,
+ "subject_password": parsed_args.password,
+ "subject_email": parsed_args.email
},
authtoken=True)
return (