From b8c756ecdd7cced1db4300935484e8c83701c82e Mon Sep 17 00:00:00 2001
From: WuKong <rebirthmonkey@gmail.com>
Date: Tue, 30 Jun 2015 18:47:29 +0200
Subject: migrate moon code from github to opnfv

Change-Id: Ice53e368fd1114d56a75271aa9f2e598e3eba604
Signed-off-by: WuKong <rebirthmonkey@gmail.com>
---
 .../keystone/assignment/role_backends/ldap.py      | 125 +++++++++++++++++++++
 1 file changed, 125 insertions(+)
 create mode 100644 keystone-moon/keystone/assignment/role_backends/ldap.py

(limited to 'keystone-moon/keystone/assignment/role_backends/ldap.py')

diff --git a/keystone-moon/keystone/assignment/role_backends/ldap.py b/keystone-moon/keystone/assignment/role_backends/ldap.py
new file mode 100644
index 00000000..d5a06a4c
--- /dev/null
+++ b/keystone-moon/keystone/assignment/role_backends/ldap.py
@@ -0,0 +1,125 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from __future__ import absolute_import
+
+from oslo_config import cfg
+from oslo_log import log
+
+from keystone import assignment
+from keystone.common import ldap as common_ldap
+from keystone.common import models
+from keystone import exception
+from keystone.i18n import _
+from keystone.identity.backends import ldap as ldap_identity
+
+
+CONF = cfg.CONF
+LOG = log.getLogger(__name__)
+
+
+class Role(assignment.RoleDriver):
+
+    def __init__(self):
+        super(Role, self).__init__()
+        self.LDAP_URL = CONF.ldap.url
+        self.LDAP_USER = CONF.ldap.user
+        self.LDAP_PASSWORD = CONF.ldap.password
+        self.suffix = CONF.ldap.suffix
+
+        # This is the only deep dependency from resource back
+        # to identity.  The assumption is that if you are using
+        # LDAP for resource, you are using it for identity as well.
+        self.user = ldap_identity.UserApi(CONF)
+        self.role = RoleApi(CONF, self.user)
+
+    def get_role(self, role_id):
+        return self.role.get(role_id)
+
+    def list_roles(self, hints):
+        return self.role.get_all()
+
+    def list_roles_from_ids(self, ids):
+        return [self.get_role(id) for id in ids]
+
+    def create_role(self, role_id, role):
+        self.role.check_allow_create()
+        try:
+            self.get_role(role_id)
+        except exception.NotFound:
+            pass
+        else:
+            msg = _('Duplicate ID, %s.') % role_id
+            raise exception.Conflict(type='role', details=msg)
+
+        try:
+            self.role.get_by_name(role['name'])
+        except exception.NotFound:
+            pass
+        else:
+            msg = _('Duplicate name, %s.') % role['name']
+            raise exception.Conflict(type='role', details=msg)
+
+        return self.role.create(role)
+
+    def delete_role(self, role_id):
+        self.role.check_allow_delete()
+        return self.role.delete(role_id)
+
+    def update_role(self, role_id, role):
+        self.role.check_allow_update()
+        self.get_role(role_id)
+        return self.role.update(role_id, role)
+
+
+# NOTE(heny-nash): A mixin class to enable the sharing of the LDAP structure
+# between here and the assignment LDAP.
+class RoleLdapStructureMixin(object):
+    DEFAULT_OU = 'ou=Roles'
+    DEFAULT_STRUCTURAL_CLASSES = []
+    DEFAULT_OBJECTCLASS = 'organizationalRole'
+    DEFAULT_MEMBER_ATTRIBUTE = 'roleOccupant'
+    NotFound = exception.RoleNotFound
+    options_name = 'role'
+    attribute_options_names = {'name': 'name'}
+    immutable_attrs = ['id']
+    model = models.Role
+
+
+# TODO(termie): turn this into a data object and move logic to driver
+class RoleApi(RoleLdapStructureMixin, common_ldap.BaseLdap):
+
+    def __init__(self, conf, user_api):
+        super(RoleApi, self).__init__(conf)
+        self._user_api = user_api
+
+    def get(self, role_id, role_filter=None):
+        model = super(RoleApi, self).get(role_id, role_filter)
+        return model
+
+    def create(self, values):
+        return super(RoleApi, self).create(values)
+
+    def update(self, role_id, role):
+        new_name = role.get('name')
+        if new_name is not None:
+            try:
+                old_role = self.get_by_name(new_name)
+                if old_role['id'] != role_id:
+                    raise exception.Conflict(
+                        _('Cannot duplicate name %s') % old_role)
+            except exception.NotFound:
+                pass
+        return super(RoleApi, self).update(role_id, role)
+
+    def delete(self, role_id):
+        super(RoleApi, self).delete(role_id)
-- 
cgit 1.2.3-korg