diff options
Diffstat (limited to 'keystone-moon/keystone/assignment/role_backends/ldap.py')
| -rw-r--r-- | keystone-moon/keystone/assignment/role_backends/ldap.py | 125 |
1 files changed, 0 insertions, 125 deletions
diff --git a/keystone-moon/keystone/assignment/role_backends/ldap.py b/keystone-moon/keystone/assignment/role_backends/ldap.py deleted file mode 100644 index 6e5e038e..00000000 --- a/keystone-moon/keystone/assignment/role_backends/ldap.py +++ /dev/null @@ -1,125 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from __future__ import absolute_import - -from oslo_config import cfg -from oslo_log import log - -from keystone import assignment -from keystone.common import ldap as common_ldap -from keystone.common import models -from keystone import exception -from keystone.i18n import _ -from keystone.identity.backends import ldap as ldap_identity - - -CONF = cfg.CONF -LOG = log.getLogger(__name__) - - -class Role(assignment.RoleDriverV8): - - def __init__(self): - super(Role, self).__init__() - self.LDAP_URL = CONF.ldap.url - self.LDAP_USER = CONF.ldap.user - self.LDAP_PASSWORD = CONF.ldap.password - self.suffix = CONF.ldap.suffix - - # This is the only deep dependency from resource back - # to identity. The assumption is that if you are using - # LDAP for resource, you are using it for identity as well. - self.user = ldap_identity.UserApi(CONF) - self.role = RoleApi(CONF, self.user) - - def get_role(self, role_id): - return self.role.get(role_id) - - def list_roles(self, hints): - return self.role.get_all() - - def list_roles_from_ids(self, ids): - return [self.get_role(id) for id in ids] - - def create_role(self, role_id, role): - self.role.check_allow_create() - try: - self.get_role(role_id) - except exception.NotFound: - pass - else: - msg = _('Duplicate ID, %s.') % role_id - raise exception.Conflict(type='role', details=msg) - - try: - self.role.get_by_name(role['name']) - except exception.NotFound: - pass - else: - msg = _('Duplicate name, %s.') % role['name'] - raise exception.Conflict(type='role', details=msg) - - return self.role.create(role) - - def delete_role(self, role_id): - self.role.check_allow_delete() - return self.role.delete(role_id) - - def update_role(self, role_id, role): - self.role.check_allow_update() - self.get_role(role_id) - return self.role.update(role_id, role) - - -# NOTE(heny-nash): A mixin class to enable the sharing of the LDAP structure -# between here and the assignment LDAP. -class RoleLdapStructureMixin(object): - DEFAULT_OU = 'ou=Roles' - DEFAULT_STRUCTURAL_CLASSES = [] - DEFAULT_OBJECTCLASS = 'organizationalRole' - DEFAULT_MEMBER_ATTRIBUTE = 'roleOccupant' - NotFound = exception.RoleNotFound - options_name = 'role' - attribute_options_names = {'name': 'name'} - immutable_attrs = ['id'] - model = models.Role - - -# TODO(termie): turn this into a data object and move logic to driver -class RoleApi(RoleLdapStructureMixin, common_ldap.BaseLdap): - - def __init__(self, conf, user_api): - super(RoleApi, self).__init__(conf) - self._user_api = user_api - - def get(self, role_id, role_filter=None): - model = super(RoleApi, self).get(role_id, role_filter) - return model - - def create(self, values): - return super(RoleApi, self).create(values) - - def update(self, role_id, role): - new_name = role.get('name') - if new_name is not None: - try: - old_role = self.get_by_name(new_name) - if old_role['id'] != role_id: - raise exception.Conflict( - _('Cannot duplicate name %s') % old_role) - except exception.NotFound: - pass - return super(RoleApi, self).update(role_id, role) - - def delete(self, role_id): - super(RoleApi, self).delete(role_id) |