password=auth['AuthString'],
tenant=auth['Tenant'])
self.api.client_shell.authenticate()
- self.caller = self.api.client_shell.keystone.users.find(name=auth['Username'])
+ self.caller = Person(self.api, object=self.api.client_shell.keystone.users.find(name=auth['Username']))
self.caller_tenant = self.api.client_shell.keystone.tenants.find(name=auth['Tenant'])
caller_roles = self.api.client_shell.keystone.roles.roles_for_user(self.caller, self.caller_tenant)
role_names = [role.name for role in caller_roles]
+ self.caller['roles'] = role_names
if not set(role_names).intersection(self.roles):
method_message="method %s has roles [%s]"%(self.name,','.join(self.roles))
person_message="caller %s has roles [%s]"%(self.caller.name,','.join(role_names))
from PLC.Auth import Auth
can_update = lambda (field, value): field in \
- ['first_name', 'last_name', 'title',
- 'email', 'password', 'phone', 'url', 'bio']
+ ['name', 'email', 'password', 'enabled']
class AddPerson(Method):
"""
person = Person(self.api, person_fields)
person.sync()
- # Logging variables
- self.event_objects = {'Person': [person['person_id']]}
- self.message = 'Person %d added' % person['person_id']
-
- return person['person_id']
+ return person.id
accepts = [
Auth(),
- Mixed(Person.fields['person_id'],
- Person.fields['email'])
+ Person.fields['email']
]
returns = Parameter(int, '1 if successful')
- def call(self, auth, person_id_or_email):
+ def call(self, auth, person_id):
# Get account information
- persons = Persons(self.api, [person_id_or_email])
+ persons = Persons(self.api, person_id)
if not persons:
raise PLCInvalidArgument, "No such account"
person = persons[0]
- if person['peer_id'] is not None:
- raise PLCInvalidArgument, "Not a local account"
-
# Authenticated function
assert self.caller is not None
person.delete()
- # Logging variables
- self.event_objects = {'Person': [person['person_id']]}
- self.message = 'Person %d deleted' % person['person_id']
-
return 1
self[field] = getattr(self.object, field)
def todict(self):
- d = {}
- for field in self.fields:
- if self.object and hasattr(self.object, field):
- d[field] = getattr(self.object, field)
- return d
+ return dict(self)
def validate(self):
# Validate values before committing
'email': Parameter(str, "Primary e-mail address", max = 254),
'enabled': Parameter(bool, "Has been enabled"),
'password': Parameter(str, "Account password in crypt() form", max = 254),
+ 'tenant_id': Parameter(str, "Tenant identifier"),
'last_updated': Parameter(int, "Date and time of last update", ro = True),
'date_created': Parameter(int, "Date and time when account was created", ro = True),
'roles': Parameter([str], "List of roles"),
- 'site_ids': Parameter([int], "List of site identifiers"),
- 'key_ids': Parameter([int], "List of key identifiers"),
- 'slice_ids': Parameter([int], "List of slice identifiers"),
+ 'keys': Parameter([int], "List of key identifiers"),
+ 'slices': Parameter([int], "List of slice identifiers"),
}
def validate_email(self, email):
assert isinstance(person, Person)
- if self['person_id'] == person['person_id']:
+ if self.id == person.id:
return True
if 'admin' in self['roles']:
return True
if 'pi' in self['roles']:
- if set(self['site_ids']).intersection(person['site_ids']):
+ if set(self['tenants']).intersection(person['tenants']):
# non-admin users cannot update a person who is neither a PI or ADMIN
return (not set(['pi','admin']).intersection(person['roles']))
def sync(self, insert=False, validate=True):
NovaObject.sync(self, insert, validate)
if insert == True or id not in self:
- self.object = self.api.client_shell.keystone.tenants.create(**self)
+ self.object = self.api.client_shell.keystone.users.create(**self)
+ def get_roles(self):
+ roles = []
+ if self.tenant:
+ roles = self.api.client_shell.keystone.roles.roles_for_user(self.object, self.tenant)
+ return [role.name for role in roles]
+
+ def get_tenants(self):
+ tenants = []
+ if self.tenantId:
+ tenants = [self.tenantId]
+ return tenants
class Persons(NovaTable):
"""
elif isinstance(person_filter, (list, tuple, set)):
# Separate the list into integers and strings
persons = self.api.client_shell.keystone.users.findall()
- persons = [person for person in persons if person.id in site_filter]
+ persons = [person for person in persons if person.id in person_filter]
elif isinstance(person_filter, dict):
- persons = [self.api.client_shell.keystone.users.findall(**site_filter)]
+ persons = self.api.client_shell.keystone.users.findall(**person_filter)
elif isinstance (person_filter, StringTypes):
- persons = [self.api.client_shell.keystone.users.find(**site_filter)]
+ persons = [self.api.client_shell.keystone.users.find(id=person_filter)]
else:
raise PLCInvalidArgument, "Wrong person filter %r"%person_filter
for person in persons:
person = Person(self.api, object = person)
+ person.tenant=None
+ if person.tenantId:
+ person.tenant = self.api.client_shell.keystone.tenants.find(id=person.tenantId)
+ person['roles'] = person.get_roles()
+ person['tenants'] = person.get_tenants()
self.append(person)
import string
from PLC.Faults import *
+from PLC.Logger import logger
from PLC.Parameter import Parameter, Mixed
from PLC.NovaTable import NovaObject, NovaTable
from PLC.Slices import Slice, Slices
fields = {
'enabled': Parameter(bool, "Has been enabled"),
'id': Parameter(str, "Site identifier"),
- 'tenant_name': Parameter(str, "Full site name", max = 254),
+ 'name': Parameter(str, "Full site name", max = 254),
'description': Parameter(str, "Description", max = 254),
#'max_slices': Parameter(int, "Maximum number of slices that the site is able to create"),
#'max_slivers': Parameter(int, "Maximum number of slivers that the site is able to create"),
elif isinstance(site_filter, StringTypes):
sites = [self.api.client_shell.keystone.tenants.find(id=site_filter)]
elif isinstance(site_filter, dict):
- sites = [self.api.client_shell.keystone.tenants.findall(**site_filter)]
+ sites = self.api.client_shell.keystone.tenants.findall(**site_filter)
elif isinstance(site_filter, (list, tuple, set)):
sites = self.api.client_shell.keystone.tenants.findall()
sites = [site for site in sites if site.id in site_filter]