diff options
Diffstat (limited to 'moonv4/moon_db/moon_db/api/keystone.py')
-rw-r--r-- | moonv4/moon_db/moon_db/api/keystone.py | 106 |
1 files changed, 106 insertions, 0 deletions
diff --git a/moonv4/moon_db/moon_db/api/keystone.py b/moonv4/moon_db/moon_db/api/keystone.py new file mode 100644 index 00000000..b5d7e3a6 --- /dev/null +++ b/moonv4/moon_db/moon_db/api/keystone.py @@ -0,0 +1,106 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +import os +import requests +import json +from uuid import uuid4 +from oslo_log import log as logging +from oslo_config import cfg +from moon_utilities import exceptions +from moon_db.api.managers import Managers +from moon_utilities.security_functions import filter_input, login, logout + +LOG = logging.getLogger(__name__) +CONF = cfg.CONF + + +class KeystoneManager(Managers): + + def __init__(self, connector=None): + self.driver = connector.driver + Managers.KeystoneManager = self + self.__url = CONF.keystone.url + self.__user = CONF.keystone.user + self.__password = CONF.keystone.password + self.__domain = CONF.keystone.domain + self.__project = CONF.keystone.project + try: + os.environ.pop("http_proxy") + os.environ.pop("https_proxy") + except KeyError: + pass + + def __get(self, endpoint, _exception=exceptions.KeystoneError): + _headers = login() + req = requests.get("{}{}".format(self.__url, endpoint), headers=_headers, verify=False) + if req.status_code not in (200, 201): + LOG.error(req.text) + raise _exception + data = req.json() + logout(_headers) + return data + + def __post(self, endpoint, data=None, _exception=exceptions.KeystoneError): + _headers = login() + req = requests.post("{}{}".format(self.__url, endpoint), + data=json.dumps(data), + headers=_headers, verify=False) + if req.status_code == 409: + LOG.warning(req.text) + raise exceptions.KeystoneUserConflict + if req.status_code not in (200, 201): + LOG.error(req.text) + raise _exception + data = req.json() + logout(_headers) + return data + + def list_projects(self): + return self.__get(endpoint="/projects/", _exception=exceptions.KeystoneProjectError) + + @filter_input + def create_project(self, tenant_dict): + if "name" not in tenant_dict: + raise exceptions.KeystoneProjectError("Cannot get the project name.") + _project = { + "project": { + "description": tenant_dict['description'] if 'description' in tenant_dict else "", + "domain_id": tenant_dict['domain'] if 'domain' in tenant_dict else "default", + "enabled": True, + "is_domain": False, + "name": tenant_dict['name'] + } + } + return self.__post(endpoint="/projects/", + data=_project, + _exception=exceptions.KeystoneProjectError) + + @filter_input + def get_user_by_name(self, username, domain_id="default"): + return self.__get(endpoint="/users?name={}&domain_id={}".format(username, domain_id), + _exception=exceptions.KeystoneUserError) + + @filter_input + def create_user(self, subject_dict): + _user = { + "user": { + "enabled": True, + "name": subject_dict['name'] if 'name' in subject_dict else uuid4().hex, + } + } + if 'project' in subject_dict: + _user['user']['default_project_id'] = subject_dict['project'] + if 'domain' in subject_dict: + _user['user']['domain_id'] = subject_dict['domain'] + if 'password' in subject_dict: + _user['user']['password'] = subject_dict['password'] + try: + return self.__post(endpoint="/users/", + data=_user, + _exception=exceptions.KeystoneUserError) + except exceptions.KeystoneUserConflict: + return True + |