Repository: libcloud Updated Branches: refs/heads/trunk b7a6c783d -> 988b1392a
Rename grant_role_to_user to grant_domain_role_to_user and revoke_role_from user to revoke_domain_role_from_user and also add methods for granting and removing project roles. Project: http://git-wip-us.apache.org/repos/asf/libcloud/repo Commit: http://git-wip-us.apache.org/repos/asf/libcloud/commit/988b1392 Tree: http://git-wip-us.apache.org/repos/asf/libcloud/tree/988b1392 Diff: http://git-wip-us.apache.org/repos/asf/libcloud/diff/988b1392 Branch: refs/heads/trunk Commit: 988b1392a7aa061b220318f2fd85f727db2e9f61 Parents: b7a6c78 Author: Tomaz Muraus <to...@apache.org> Authored: Thu Aug 14 19:16:35 2014 +0200 Committer: Tomaz Muraus <to...@apache.org> Committed: Thu Aug 14 19:16:35 2014 +0200 ---------------------------------------------------------------------- libcloud/common/openstack_identity.py | 69 ++++++++++++++++++-- libcloud/test/common/test_openstack_identity.py | 53 ++++++++++++--- 2 files changed, 107 insertions(+), 15 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/libcloud/blob/988b1392/libcloud/common/openstack_identity.py ---------------------------------------------------------------------- diff --git a/libcloud/common/openstack_identity.py b/libcloud/common/openstack_identity.py index d468e73..c0a3697 100644 --- a/libcloud/common/openstack_identity.py +++ b/libcloud/common/openstack_identity.py @@ -1087,11 +1087,14 @@ class OpenStackIdentity_3_0_Connection(OpenStackIdentityConnection): result = self._to_roles(data=response.object['roles']) return result - def grant_role_to_user(self, domain, role, user): + def grant_domain_role_to_user(self, domain, role, user): """ - Grant role to the domain user. + Grant domain role to a user. - Note: This function appeats to be idempodent. + Note: This function appears to be idempodent. + + :param domain: Domain to grant the role to. + :type domain: :class:`.OpenStackIdentityDomain` :param role: Role to grant. :type role: :class:`.OpenStackIdentityRole` @@ -1107,15 +1110,71 @@ class OpenStackIdentity_3_0_Connection(OpenStackIdentityConnection): response = self.authenticated_request(path, method='PUT') return response.status == httplib.NO_CONTENT - def revoke_role_from_user(self, domain, user, role): + def revoke_domain_role_from_user(self, domain, user, role): """ - Revoke role from a domain user. + Revoke domain role from a user. + + :param domain: Domain to revoke the role from. + :type domain: :class:`.OpenStackIdentityDomain` + + :param role: Role to revoke. + :type role: :class:`.OpenStackIdentityRole` + + :param user: User to revoke the role from. + :type user: :class:`.OpenStackIdentityUser` + + :return: ``True`` on success. + :rtype: ``bool`` """ path = ('/v3/domains/%s/users/%s/roles/%s' % (domain.id, user.id, role.id)) response = self.authenticated_request(path, method='DELETE') return response.status == httplib.NO_CONTENT + def grant_project_role_to_user(self, project, role, user): + """ + Grant project role to a user. + + Note: This function appeats to be idempodent. + + :param project: Project to grant the role to. + :type project: :class:`.OpenStackIdentityDomain` + + :param role: Role to grant. + :type role: :class:`.OpenStackIdentityRole` + + :param user: User to grant the role to. + :type user: :class:`.OpenStackIdentityUser` + + :return: ``True`` on success. + :rtype: ``bool`` + """ + path = ('/v3/projects/%s/users/%s/roles/%s' % + (project.id, user.id, role.id)) + response = self.authenticated_request(path, method='PUT') + return response.status == httplib.NO_CONTENT + + def revoke_project_role_from_user(self, project, role, user): + """ + Revoke project role from a user. + + :param project: Project to revoke the role from. + :type project: :class:`.OpenStackIdentityDomain` + + :param role: Role to revoke. + :type role: :class:`.OpenStackIdentityRole` + + :param user: User to revoke the role from. + :type user: :class:`.OpenStackIdentityUser` + + :return: ``True`` on success. + :rtype: ``bool`` + """ + path = ('/v3/projects/%s/users/%s/roles/%s' % + (project.id, user.id, role.id)) + response = self.authenticated_request(path, method='DELETE') + return response.status == httplib.NO_CONTENT + def create_user(self, email, password, name, description=None, domain_id=None, default_project_id=None, enabled=True): """ http://git-wip-us.apache.org/repos/asf/libcloud/blob/988b1392/libcloud/test/common/test_openstack_identity.py ---------------------------------------------------------------------- diff --git a/libcloud/test/common/test_openstack_identity.py b/libcloud/test/common/test_openstack_identity.py index 3cbab15..1c1320e 100644 --- a/libcloud/test/common/test_openstack_identity.py +++ b/libcloud/test/common/test_openstack_identity.py @@ -342,24 +342,44 @@ class OpenStackIdentity_3_0_ConnectionTests(unittest.TestCase): self.assertEqual(user.id, 'c') self.assertEqual(user.name, 'test2') - def test_grant_role_to_user(self): + def test_grant_domain_role_to_user(self): domain = self.auth_instance.list_domains()[0] role = self.auth_instance.list_roles()[0] user = self.auth_instance.list_users()[0] - result = self.auth_instance.grant_role_to_user(domain=domain, - role=role, - user=user) + result = self.auth_instance.grant_domain_role_to_user(domain=domain, + role=role, + user=user) self.assertTrue(result) - def test_revoke_role_from_user(self): + def test_revoke_domain_role_from_user(self): domain = self.auth_instance.list_domains()[0] role = self.auth_instance.list_roles()[0] user = self.auth_instance.list_users()[0] - result = self.auth_instance.revoke_role_from_user(domain=domain, - role=role, - user=user) + result = self.auth_instance.revoke_domain_role_from_user(domain=domain, + role=role, + user=user) + self.assertTrue(result) + + def test_grant_project_role_to_user(self): + project = self.auth_instance.list_projects()[0] + role = self.auth_instance.list_roles()[0] + user = self.auth_instance.list_users()[0] + + result = self.auth_instance.grant_project_role_to_user(project=project, + role=role, + user=user) + self.assertTrue(result) + + def test_revoke_project_role_from_user(self): + project = self.auth_instance.list_projects()[0] + role = self.auth_instance.list_roles()[0] + user = self.auth_instance.list_users()[0] + + result = self.auth_instance.revoke_project_role_from_user(project=project, + role=role, + user=user) self.assertTrue(result) @@ -531,12 +551,25 @@ class OpenStackIdentity_3_0_MockHttp(MockHttp): def _v3_domains_default_users_a_roles_a(self, method, url, body, headers): if method == 'PUT': - # grant role + # grant domain role + body = '' + return (httplib.NO_CONTENT, body, self.json_content_headers, + httplib.responses[httplib.NO_CONTENT]) + elif method == 'DELETE': + # revoke domain role + body = '' + return (httplib.NO_CONTENT, body, self.json_content_headers, + httplib.responses[httplib.NO_CONTENT]) + raise NotImplementedError() + + def _v3_projects_a_users_a_roles_a(self, method, url, body, headers): + if method == 'PUT': + # grant project role body = '' return (httplib.NO_CONTENT, body, self.json_content_headers, httplib.responses[httplib.NO_CONTENT]) elif method == 'DELETE': - # revoke role + # revoke project role body = '' return (httplib.NO_CONTENT, body, self.json_content_headers, httplib.responses[httplib.NO_CONTENT])