diff options
author | spisarski <s.pisarski@cablelabs.com> | 2017-07-14 13:28:37 -0600 |
---|---|---|
committer | spisarski <s.pisarski@cablelabs.com> | 2017-07-17 09:14:29 -0600 |
commit | 841b5699185442f2cc6f87a776fd707045be5587 (patch) | |
tree | 6e7e5e5c28042a7bc2c0f6a7e58a270bc59cae7e /snaps/openstack/utils/keystone_utils.py | |
parent | 0f47ac44b59932544c45bd6df82a31aedb85b16f (diff) |
Last task necessary to stop users from easily obtaining OS objects.
Changed external interfaces still exposing OpenStack created APIs to
either return SNAPS-OO domain objects or objects contained on the
OpenStack generated objects as to not leak implementation details that
would eventually break the library when new API versions are released.
JIRA: SNAPS-125
Change-Id: Iab6d6d298c4c5da68daed4b1b252313a1595a295
Signed-off-by: spisarski <s.pisarski@cablelabs.com>
Diffstat (limited to 'snaps/openstack/utils/keystone_utils.py')
-rw-r--r-- | snaps/openstack/utils/keystone_utils.py | 30 |
1 files changed, 16 insertions, 14 deletions
diff --git a/snaps/openstack/utils/keystone_utils.py b/snaps/openstack/utils/keystone_utils.py index c671b18..9bfc647 100644 --- a/snaps/openstack/utils/keystone_utils.py +++ b/snaps/openstack/utils/keystone_utils.py @@ -102,7 +102,7 @@ def get_project(keystone=None, os_creds=None, project_name=None): :param os_creds: the OpenStack credentials used to obtain the Keystone client if the keystone parameter is None :param project_name: the name to query - :return: the ID or None + :return: the SNAPS-OO Project domain object or None """ if not project_name: return None @@ -134,14 +134,16 @@ def create_project(keystone, project_settings): :return: SNAPS-OO Project domain object """ if keystone.version == V2_VERSION: - return keystone.tenants.create( + os_project = keystone.tenants.create( project_settings.name, project_settings.description, project_settings.enabled) + else: + os_project = keystone.projects.create( + project_settings.name, project_settings.domain, + description=project_settings.description, + enabled=project_settings.enabled) - return keystone.projects.create( - project_settings.name, project_settings.domain, - description=project_settings.description, - enabled=project_settings.enabled) + return Project(name=os_project.name, project_id=os_project.id) def delete_project(keystone, project): @@ -215,12 +217,12 @@ def create_user(keystone, user_settings): domain=user_settings.domain_name, enabled=user_settings.enabled) for role_name, role_project in user_settings.roles.items(): - os_role = _get_os_role_by_name(keystone, role_name) + os_role = get_role_by_name(keystone, role_name) os_project = get_project(keystone=keystone, project_name=role_project) if os_role and os_project: - existing_roles = _get_os_roles_by_user(keystone, os_user, - os_project) + existing_roles = get_roles_by_user(keystone, os_user, + os_project) found = False for role in existing_roles: if role.id == os_role.id: @@ -244,7 +246,7 @@ def delete_user(keystone, user): keystone.users.delete(user.id) -def _get_os_role_by_name(keystone, name): +def get_role_by_name(keystone, name): """ Returns an OpenStack role object of a given name or None if not exists :param keystone: the keystone client @@ -257,9 +259,9 @@ def _get_os_role_by_name(keystone, name): return Role(name=role.name, role_id=role.id) -def _get_os_roles_by_user(keystone, user, project): +def get_roles_by_user(keystone, user, project): """ - Returns a list of OpenStack role object associated with a user + Returns a list of SNAPS-OO Role domain objects associated with a user :param keystone: the keystone client :param user: the OpenStack user object :param project: the OpenStack project object (only required for v2) @@ -277,7 +279,7 @@ def _get_os_roles_by_user(keystone, user, project): return out -def __get_os_role_by_id(keystone, role_id): +def get_role_by_id(keystone, role_id): """ Returns an OpenStack role object of a given name or None if not exists :param keystone: the keystone client @@ -319,7 +321,7 @@ def grant_user_role_to_project(keystone, role, user, project): :return: """ - os_role = __get_os_role_by_id(keystone, role.id) + os_role = get_role_by_id(keystone, role.id) if keystone.version == V2_VERSION: keystone.roles.add_user_role(user, os_role, tenant=project) else: |