You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@libcloud.apache.org by to...@apache.org on 2014/08/14 19:20:24 UTC
git commit: Rename grant_role_to_user to grant_domain_role_to_user
and revoke_role_from user to revoke_domain_role_from_user and also add
methods for granting and removing project roles.
Repository: libcloud
Updated Branches:
refs/heads/trunk b7a6c783d -> 988b1392a
Rename grant_role_to_user to grant_domain_role_to_user and revoke_role_from user to revoke_domain_role_from_user and also add methods for granting and removing project roles.
Project: http://git-wip-us.apache.org/repos/asf/libcloud/repo
Commit: http://git-wip-us.apache.org/repos/asf/libcloud/commit/988b1392
Tree: http://git-wip-us.apache.org/repos/asf/libcloud/tree/988b1392
Diff: http://git-wip-us.apache.org/repos/asf/libcloud/diff/988b1392
Branch: refs/heads/trunk
Commit: 988b1392a7aa061b220318f2fd85f727db2e9f61
Parents: b7a6c78
Author: Tomaz Muraus <to...@apache.org>
Authored: Thu Aug 14 19:16:35 2014 +0200
Committer: Tomaz Muraus <to...@apache.org>
Committed: Thu Aug 14 19:16:35 2014 +0200
----------------------------------------------------------------------
libcloud/common/openstack_identity.py | 69 ++++++++++++++++++--
libcloud/test/common/test_openstack_identity.py | 53 ++++++++++++---
2 files changed, 107 insertions(+), 15 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/libcloud/blob/988b1392/libcloud/common/openstack_identity.py
----------------------------------------------------------------------
diff --git a/libcloud/common/openstack_identity.py b/libcloud/common/openstack_identity.py
index d468e73..c0a3697 100644
--- a/libcloud/common/openstack_identity.py
+++ b/libcloud/common/openstack_identity.py
@@ -1087,11 +1087,14 @@ class OpenStackIdentity_3_0_Connection(OpenStackIdentityConnection):
result = self._to_roles(data=response.object['roles'])
return result
- def grant_role_to_user(self, domain, role, user):
+ def grant_domain_role_to_user(self, domain, role, user):
"""
- Grant role to the domain user.
+ Grant domain role to a user.
- Note: This function appeats to be idempodent.
+ Note: This function appears to be idempodent.
+
+ :param domain: Domain to grant the role to.
+ :type domain: :class:`.OpenStackIdentityDomain`
:param role: Role to grant.
:type role: :class:`.OpenStackIdentityRole`
@@ -1107,15 +1110,71 @@ class OpenStackIdentity_3_0_Connection(OpenStackIdentityConnection):
response = self.authenticated_request(path, method='PUT')
return response.status == httplib.NO_CONTENT
- def revoke_role_from_user(self, domain, user, role):
+ def revoke_domain_role_from_user(self, domain, user, role):
"""
- Revoke role from a domain user.
+ Revoke domain role from a user.
+
+ :param domain: Domain to revoke the role from.
+ :type domain: :class:`.OpenStackIdentityDomain`
+
+ :param role: Role to revoke.
+ :type role: :class:`.OpenStackIdentityRole`
+
+ :param user: User to revoke the role from.
+ :type user: :class:`.OpenStackIdentityUser`
+
+ :return: ``True`` on success.
+ :rtype: ``bool``
"""
path = ('/v3/domains/%s/users/%s/roles/%s' %
(domain.id, user.id, role.id))
response = self.authenticated_request(path, method='DELETE')
return response.status == httplib.NO_CONTENT
+ def grant_project_role_to_user(self, project, role, user):
+ """
+ Grant project role to a user.
+
+ Note: This function appeats to be idempodent.
+
+ :param project: Project to grant the role to.
+ :type project: :class:`.OpenStackIdentityDomain`
+
+ :param role: Role to grant.
+ :type role: :class:`.OpenStackIdentityRole`
+
+ :param user: User to grant the role to.
+ :type user: :class:`.OpenStackIdentityUser`
+
+ :return: ``True`` on success.
+ :rtype: ``bool``
+ """
+ path = ('/v3/projects/%s/users/%s/roles/%s' %
+ (project.id, user.id, role.id))
+ response = self.authenticated_request(path, method='PUT')
+ return response.status == httplib.NO_CONTENT
+
+ def revoke_project_role_from_user(self, project, role, user):
+ """
+ Revoke project role from a user.
+
+ :param project: Project to revoke the role from.
+ :type project: :class:`.OpenStackIdentityDomain`
+
+ :param role: Role to revoke.
+ :type role: :class:`.OpenStackIdentityRole`
+
+ :param user: User to revoke the role from.
+ :type user: :class:`.OpenStackIdentityUser`
+
+ :return: ``True`` on success.
+ :rtype: ``bool``
+ """
+ path = ('/v3/projects/%s/users/%s/roles/%s' %
+ (project.id, user.id, role.id))
+ response = self.authenticated_request(path, method='DELETE')
+ return response.status == httplib.NO_CONTENT
+
def create_user(self, email, password, name, description=None,
domain_id=None, default_project_id=None, enabled=True):
"""
http://git-wip-us.apache.org/repos/asf/libcloud/blob/988b1392/libcloud/test/common/test_openstack_identity.py
----------------------------------------------------------------------
diff --git a/libcloud/test/common/test_openstack_identity.py b/libcloud/test/common/test_openstack_identity.py
index 3cbab15..1c1320e 100644
--- a/libcloud/test/common/test_openstack_identity.py
+++ b/libcloud/test/common/test_openstack_identity.py
@@ -342,24 +342,44 @@ class OpenStackIdentity_3_0_ConnectionTests(unittest.TestCase):
self.assertEqual(user.id, 'c')
self.assertEqual(user.name, 'test2')
- def test_grant_role_to_user(self):
+ def test_grant_domain_role_to_user(self):
domain = self.auth_instance.list_domains()[0]
role = self.auth_instance.list_roles()[0]
user = self.auth_instance.list_users()[0]
- result = self.auth_instance.grant_role_to_user(domain=domain,
- role=role,
- user=user)
+ result = self.auth_instance.grant_domain_role_to_user(domain=domain,
+ role=role,
+ user=user)
self.assertTrue(result)
- def test_revoke_role_from_user(self):
+ def test_revoke_domain_role_from_user(self):
domain = self.auth_instance.list_domains()[0]
role = self.auth_instance.list_roles()[0]
user = self.auth_instance.list_users()[0]
- result = self.auth_instance.revoke_role_from_user(domain=domain,
- role=role,
- user=user)
+ result = self.auth_instance.revoke_domain_role_from_user(domain=domain,
+ role=role,
+ user=user)
+ self.assertTrue(result)
+
+ def test_grant_project_role_to_user(self):
+ project = self.auth_instance.list_projects()[0]
+ role = self.auth_instance.list_roles()[0]
+ user = self.auth_instance.list_users()[0]
+
+ result = self.auth_instance.grant_project_role_to_user(project=project,
+ role=role,
+ user=user)
+ self.assertTrue(result)
+
+ def test_revoke_project_role_from_user(self):
+ project = self.auth_instance.list_projects()[0]
+ role = self.auth_instance.list_roles()[0]
+ user = self.auth_instance.list_users()[0]
+
+ result = self.auth_instance.revoke_project_role_from_user(project=project,
+ role=role,
+ user=user)
self.assertTrue(result)
@@ -531,12 +551,25 @@ class OpenStackIdentity_3_0_MockHttp(MockHttp):
def _v3_domains_default_users_a_roles_a(self, method, url, body, headers):
if method == 'PUT':
- # grant role
+ # grant domain role
+ body = ''
+ return (httplib.NO_CONTENT, body, self.json_content_headers,
+ httplib.responses[httplib.NO_CONTENT])
+ elif method == 'DELETE':
+ # revoke domain role
+ body = ''
+ return (httplib.NO_CONTENT, body, self.json_content_headers,
+ httplib.responses[httplib.NO_CONTENT])
+ raise NotImplementedError()
+
+ def _v3_projects_a_users_a_roles_a(self, method, url, body, headers):
+ if method == 'PUT':
+ # grant project role
body = ''
return (httplib.NO_CONTENT, body, self.json_content_headers,
httplib.responses[httplib.NO_CONTENT])
elif method == 'DELETE':
- # revoke role
+ # revoke project role
body = ''
return (httplib.NO_CONTENT, body, self.json_content_headers,
httplib.responses[httplib.NO_CONTENT])