170 lines
6.2 KiB
Python
170 lines
6.2 KiB
Python
|
# Copyright 2011 OpenStack Foundation
|
||
|
# Copyright 2011 Nebula, Inc.
|
||
|
# All Rights Reserved.
|
||
|
#
|
||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||
|
# not use this file except in compliance with the License. You may obtain
|
||
|
# a copy of the License at
|
||
|
#
|
||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||
|
#
|
||
|
# Unless required by applicable law or agreed to in writing, software
|
||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||
|
# License for the specific language governing permissions and limitations
|
||
|
# under the License.
|
||
|
|
||
|
from keystoneauth1 import plugin
|
||
|
from six.moves import urllib
|
||
|
|
||
|
from keystoneclient import base
|
||
|
from keystoneclient import exceptions
|
||
|
|
||
|
|
||
|
class Tenant(base.Resource):
|
||
|
"""Represents a Keystone tenant.
|
||
|
|
||
|
Attributes:
|
||
|
* id: a uuid that identifies the tenant
|
||
|
* name: tenant name
|
||
|
* description: tenant description
|
||
|
* enabled: boolean to indicate if tenant is enabled
|
||
|
|
||
|
"""
|
||
|
|
||
|
def __repr__(self):
|
||
|
"""Return string representation of tenant resource information."""
|
||
|
return "<Tenant %s>" % self._info
|
||
|
|
||
|
def delete(self):
|
||
|
return self.manager.delete(self)
|
||
|
|
||
|
def update(self, name=None, description=None, enabled=None):
|
||
|
# Preserve the existing settings; keystone legacy resets these?
|
||
|
new_name = name if name else self.name
|
||
|
if description is not None:
|
||
|
new_description = description
|
||
|
else:
|
||
|
new_description = self.description
|
||
|
new_enabled = enabled if enabled is not None else self.enabled
|
||
|
|
||
|
try:
|
||
|
retval = self.manager.update(self.id, tenant_name=new_name,
|
||
|
description=new_description,
|
||
|
enabled=new_enabled)
|
||
|
self = retval
|
||
|
except Exception:
|
||
|
retval = None
|
||
|
return retval
|
||
|
|
||
|
def add_user(self, user, role):
|
||
|
return self.manager.role_manager.add_user_role(base.getid(user),
|
||
|
base.getid(role),
|
||
|
self.id)
|
||
|
|
||
|
def remove_user(self, user, role):
|
||
|
return self.manager.role_manager.remove_user_role(base.getid(user),
|
||
|
base.getid(role),
|
||
|
self.id)
|
||
|
|
||
|
def list_users(self):
|
||
|
return self.manager.list_users(self.id)
|
||
|
|
||
|
|
||
|
class TenantManager(base.ManagerWithFind):
|
||
|
"""Manager class for manipulating Keystone tenants."""
|
||
|
|
||
|
resource_class = Tenant
|
||
|
|
||
|
def __init__(self, client, role_manager, user_manager):
|
||
|
super(TenantManager, self).__init__(client)
|
||
|
self.role_manager = role_manager
|
||
|
self.user_manager = user_manager
|
||
|
|
||
|
def get(self, tenant_id):
|
||
|
return self._get("/tenants/%s" % tenant_id, "tenant")
|
||
|
|
||
|
def create(self, tenant_name, description=None, enabled=True, **kwargs):
|
||
|
"""Create a new tenant."""
|
||
|
params = {"tenant": {"name": tenant_name,
|
||
|
"description": description,
|
||
|
"enabled": enabled}}
|
||
|
|
||
|
# Allow Extras Passthru and ensure we don't clobber primary arguments.
|
||
|
for k, v in kwargs.items():
|
||
|
if k not in params['tenant']:
|
||
|
params['tenant'][k] = v
|
||
|
|
||
|
return self._post('/tenants', params, "tenant")
|
||
|
|
||
|
def list(self, limit=None, marker=None):
|
||
|
"""Get a list of tenants.
|
||
|
|
||
|
:param integer limit: maximum number to return. (optional)
|
||
|
:param string marker: use when specifying a limit and making
|
||
|
multiple calls for querying. (optional)
|
||
|
|
||
|
:rtype: list of :class:`Tenant`
|
||
|
|
||
|
"""
|
||
|
params = {}
|
||
|
if limit:
|
||
|
params['limit'] = limit
|
||
|
if marker:
|
||
|
params['marker'] = marker
|
||
|
|
||
|
query = ""
|
||
|
if params:
|
||
|
query = "?" + urllib.parse.urlencode(params)
|
||
|
|
||
|
# NOTE(jamielennox): try doing a regular admin query first. If there is
|
||
|
# no endpoint that can satisfy the request (eg an unscoped token) then
|
||
|
# issue it against the auth_url.
|
||
|
try:
|
||
|
tenant_list = self._list('/tenants%s' % query, 'tenants')
|
||
|
except exceptions.EndpointNotFound:
|
||
|
endpoint_filter = {'interface': plugin.AUTH_INTERFACE}
|
||
|
tenant_list = self._list('/tenants%s' % query, 'tenants',
|
||
|
endpoint_filter=endpoint_filter)
|
||
|
|
||
|
return tenant_list
|
||
|
|
||
|
def update(self, tenant_id, tenant_name=None, description=None,
|
||
|
enabled=None, **kwargs):
|
||
|
"""Update a tenant with a new name and description."""
|
||
|
body = {"tenant": {'id': tenant_id}}
|
||
|
if tenant_name is not None:
|
||
|
body['tenant']['name'] = tenant_name
|
||
|
if enabled is not None:
|
||
|
body['tenant']['enabled'] = enabled
|
||
|
if description is not None:
|
||
|
body['tenant']['description'] = description
|
||
|
|
||
|
# Allow Extras Passthru and ensure we don't clobber primary arguments.
|
||
|
for k, v in kwargs.items():
|
||
|
if k not in body['tenant']:
|
||
|
body['tenant'][k] = v
|
||
|
|
||
|
# Keystone's API uses a POST rather than a PUT here.
|
||
|
return self._post("/tenants/%s" % tenant_id, body, "tenant")
|
||
|
|
||
|
def delete(self, tenant):
|
||
|
"""Delete a tenant."""
|
||
|
return self._delete("/tenants/%s" % (base.getid(tenant)))
|
||
|
|
||
|
def list_users(self, tenant):
|
||
|
"""List users for a tenant."""
|
||
|
return self.user_manager.list(base.getid(tenant))
|
||
|
|
||
|
def add_user(self, tenant, user, role):
|
||
|
"""Add a user to a tenant with the given role."""
|
||
|
return self.role_manager.add_user_role(base.getid(user),
|
||
|
base.getid(role),
|
||
|
base.getid(tenant))
|
||
|
|
||
|
def remove_user(self, tenant, user, role):
|
||
|
"""Remove the specified role from the user on the tenant."""
|
||
|
return self.role_manager.remove_user_role(base.getid(user),
|
||
|
base.getid(role),
|
||
|
base.getid(tenant))
|