297 lines
11 KiB
Python
297 lines
11 KiB
Python
# Copyright 2011 OpenStack Foundation
|
|
# Copyright 2011 Nebula, Inc.
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
from debtcollector import renames
|
|
|
|
from keystoneclient import base
|
|
from keystoneclient import exceptions
|
|
from keystoneclient.i18n import _
|
|
|
|
|
|
class User(base.Resource):
|
|
"""Represents an Identity user.
|
|
|
|
Attributes:
|
|
* id: a uuid that identifies the user
|
|
|
|
"""
|
|
|
|
pass
|
|
|
|
|
|
class UserManager(base.CrudManager):
|
|
"""Manager class for manipulating Identity users."""
|
|
|
|
resource_class = User
|
|
collection_key = 'users'
|
|
key = 'user'
|
|
|
|
def _require_user_and_group(self, user, group):
|
|
if not (user and group):
|
|
msg = _('Specify both a user and a group')
|
|
raise exceptions.ValidationError(msg)
|
|
|
|
@renames.renamed_kwarg('project', 'default_project', version='1.7.0',
|
|
removal_version='2.0.0')
|
|
def create(self, name, domain=None, project=None, password=None,
|
|
email=None, description=None, enabled=True,
|
|
default_project=None, **kwargs):
|
|
"""Create a user.
|
|
|
|
:param str name: the name of the user.
|
|
:param domain: the domain of the user.
|
|
:type domain: str or :class:`keystoneclient.v3.domains.Domain`
|
|
:param project: the default project of the user.
|
|
(deprecated, see warning below)
|
|
:type project: str or :class:`keystoneclient.v3.projects.Project`
|
|
:param str password: the password for the user.
|
|
:param str email: the email address of the user.
|
|
:param str description: a description of the user.
|
|
:param bool enabled: whether the user is enabled.
|
|
:param default_project: the default project of the user.
|
|
:type default_project: str or
|
|
:class:`keystoneclient.v3.projects.Project`
|
|
:param kwargs: any other attribute provided will be passed to the
|
|
server.
|
|
|
|
:returns: the created user returned from server.
|
|
:rtype: :class:`keystoneclient.v3.users.User`
|
|
|
|
.. warning::
|
|
|
|
The project argument is deprecated as of the 1.7.0 release in favor
|
|
of default_project and may be removed in the 2.0.0 release.
|
|
|
|
If both default_project and project is provided, the default_project
|
|
will be used.
|
|
|
|
"""
|
|
default_project_id = base.getid(default_project) or base.getid(project)
|
|
user_data = base.filter_none(name=name,
|
|
domain_id=base.getid(domain),
|
|
default_project_id=default_project_id,
|
|
password=password,
|
|
email=email,
|
|
description=description,
|
|
enabled=enabled,
|
|
**kwargs)
|
|
|
|
return self._post('/users', {'user': user_data}, 'user',
|
|
log=not bool(password))
|
|
|
|
@renames.renamed_kwarg('project', 'default_project', version='1.7.0',
|
|
removal_version='2.0.0')
|
|
def list(self, project=None, domain=None, group=None, default_project=None,
|
|
**kwargs):
|
|
"""List users.
|
|
|
|
:param project: the default project of the users to be filtered on.
|
|
(deprecated, see warning below)
|
|
:type project: str or :class:`keystoneclient.v3.projects.Project`
|
|
:param domain: the domain of the users to be filtered on.
|
|
:type domain: str or :class:`keystoneclient.v3.domains.Domain`
|
|
:param group: the group in which the users are member of.
|
|
:type group: str or :class:`keystoneclient.v3.groups.Group`
|
|
:param default_project: the default project of the users to be filtered
|
|
on.
|
|
:type default_project: str or
|
|
:class:`keystoneclient.v3.projects.Project`
|
|
:param kwargs: any other attribute provided will filter users on.
|
|
|
|
:returns: a list of users.
|
|
:rtype: list of :class:`keystoneclient.v3.users.User`.
|
|
|
|
.. warning::
|
|
|
|
The project argument is deprecated as of the 1.7.0 release in favor
|
|
of default_project and may be removed in the 2.0.0 release.
|
|
|
|
If both default_project and project is provided, the default_project
|
|
will be used.
|
|
|
|
"""
|
|
default_project_id = base.getid(default_project) or base.getid(project)
|
|
if group:
|
|
base_url = '/groups/%s' % base.getid(group)
|
|
else:
|
|
base_url = None
|
|
|
|
return super(UserManager, self).list(
|
|
base_url=base_url,
|
|
domain_id=base.getid(domain),
|
|
default_project_id=default_project_id,
|
|
**kwargs)
|
|
|
|
def get(self, user):
|
|
"""Retrieve a user.
|
|
|
|
:param user: the user to be retrieved from the server.
|
|
:type user: str or :class:`keystoneclient.v3.users.User`
|
|
|
|
:returns: the specified user returned from server.
|
|
:rtype: :class:`keystoneclient.v3.users.User`
|
|
|
|
"""
|
|
return super(UserManager, self).get(
|
|
user_id=base.getid(user))
|
|
|
|
@renames.renamed_kwarg('project', 'default_project', version='1.7.0',
|
|
removal_version='2.0.0')
|
|
def update(self, user, name=None, domain=None, project=None, password=None,
|
|
email=None, description=None, enabled=None,
|
|
default_project=None, **kwargs):
|
|
"""Update a user.
|
|
|
|
:param user: the user to be updated on the server.
|
|
:type user: str or :class:`keystoneclient.v3.users.User`
|
|
:param str name: the new name of the user.
|
|
:param domain: the new domain of the user.
|
|
:type domain: str or :class:`keystoneclient.v3.domains.Domain`
|
|
:param project: the new default project of the user.
|
|
(deprecated, see warning below)
|
|
:type project: str or :class:`keystoneclient.v3.projects.Project`
|
|
:param str password: the new password of the user.
|
|
:param str email: the new email of the user.
|
|
:param str description: the newdescription of the user.
|
|
:param bool enabled: whether the user is enabled.
|
|
:param default_project: the new default project of the user.
|
|
:type default_project: str or
|
|
:class:`keystoneclient.v3.projects.Project`
|
|
:param kwargs: any other attribute provided will be passed to server.
|
|
|
|
:returns: the updated user returned from server.
|
|
:rtype: :class:`keystoneclient.v3.users.User`
|
|
|
|
.. warning::
|
|
|
|
The project argument is deprecated as of the 1.7.0 release in favor
|
|
of default_project and may be removed in the 2.0.0 release.
|
|
|
|
If both default_project and project is provided, the default_project
|
|
will be used.
|
|
|
|
"""
|
|
default_project_id = base.getid(default_project) or base.getid(project)
|
|
user_data = base.filter_none(name=name,
|
|
domain_id=base.getid(domain),
|
|
default_project_id=default_project_id,
|
|
password=password,
|
|
email=email,
|
|
description=description,
|
|
enabled=enabled,
|
|
**kwargs)
|
|
|
|
return self._update('/users/%s' % base.getid(user),
|
|
{'user': user_data},
|
|
'user',
|
|
method='PATCH',
|
|
log=False)
|
|
|
|
def update_password(self, old_password, new_password):
|
|
"""Update the password for the user the token belongs to.
|
|
|
|
:param str old_password: the user's old password
|
|
:param str new_password: the user's new password
|
|
|
|
:returns: Response object with 204 status.
|
|
:rtype: :class:`requests.models.Response`
|
|
|
|
"""
|
|
if not (old_password and new_password):
|
|
msg = _('Specify both the current password and a new password')
|
|
raise exceptions.ValidationError(msg)
|
|
|
|
if old_password == new_password:
|
|
msg = _('Old password and new password must be different.')
|
|
raise exceptions.ValidationError(msg)
|
|
|
|
params = {'user': {'password': new_password,
|
|
'original_password': old_password}}
|
|
|
|
base_url = '/users/%s/password' % self.client.user_id
|
|
|
|
return self._update(base_url, params, method='POST', log=False)
|
|
|
|
def add_to_group(self, user, group):
|
|
"""Add the specified user as a member of the specified group.
|
|
|
|
:param user: the user to be added to the group.
|
|
:type user: str or :class:`keystoneclient.v3.users.User`
|
|
:param group: the group to put the user in.
|
|
:type group: str or :class:`keystoneclient.v3.groups.Group`
|
|
|
|
:returns: Response object with 204 status.
|
|
:rtype: :class:`requests.models.Response`
|
|
|
|
"""
|
|
self._require_user_and_group(user, group)
|
|
|
|
base_url = '/groups/%s' % base.getid(group)
|
|
return super(UserManager, self).put(
|
|
base_url=base_url,
|
|
user_id=base.getid(user))
|
|
|
|
def check_in_group(self, user, group):
|
|
"""Check if the specified user is a member of the specified group.
|
|
|
|
:param user: the user to be verified in the group.
|
|
:type user: str or :class:`keystoneclient.v3.users.User`
|
|
:param group: the group to check the user in.
|
|
:type group: str or :class:`keystoneclient.v3.groups.Group`
|
|
|
|
:returns: Response object with 204 status.
|
|
:rtype: :class:`requests.models.Response`
|
|
|
|
"""
|
|
self._require_user_and_group(user, group)
|
|
|
|
base_url = '/groups/%s' % base.getid(group)
|
|
return super(UserManager, self).head(
|
|
base_url=base_url,
|
|
user_id=base.getid(user))
|
|
|
|
def remove_from_group(self, user, group):
|
|
"""Remove the specified user from the specified group.
|
|
|
|
:param user: the user to be removed from the group.
|
|
:type user: str or :class:`keystoneclient.v3.users.User`
|
|
:param group: the group to remove the user from.
|
|
:type group: str or :class:`keystoneclient.v3.groups.Group`
|
|
|
|
:returns: Response object with 204 status.
|
|
:rtype: :class:`requests.models.Response`
|
|
|
|
"""
|
|
self._require_user_and_group(user, group)
|
|
|
|
base_url = '/groups/%s' % base.getid(group)
|
|
return super(UserManager, self).delete(
|
|
base_url=base_url,
|
|
user_id=base.getid(user))
|
|
|
|
def delete(self, user):
|
|
"""Delete a user.
|
|
|
|
:param user: the user to be deleted on the server.
|
|
:type user: str or :class:`keystoneclient.v3.users.User`
|
|
|
|
:returns: Response object with 204 status.
|
|
:rtype: :class:`requests.models.Response`
|
|
|
|
"""
|
|
return super(UserManager, self).delete(
|
|
user_id=base.getid(user))
|