valitydev/salt
14
0
Fork 0
mirror of https://github.com/valitydev/salt.git synced 2024-11-08 09:23:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #7209 from KennethWilke/develop

Browse Source 
Added user role handling to keystone module and state
This commit is contained in:
David Boucha 2013-09-12 15:49:45 -07:00
commit 2a3d8f5709
2 changed files with 115 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

92
salt/modules/keystone.py
View File

@ -657,12 +657,98 @@ def user_password_update(user_id=None,
return ret
def user_role_add(user_id=None, user=None,
tenant_id=None, tenant=None,
role_id=None, role=None):
'''
Add role for user in tenant (keystone user-role-add)
CLI Examples:
.. code-block:: bash
salt '*' keystone.user_role_add \
user_id=298ce377245c4ec9b70e1c639c89e654 \
tenant_id=7167a092ece84bae8cead4bf9d15bb3b \
role_id=ce377245c4ec9b70e1c639c89e8cead4
salt '*' keystone.user_role_add user=admin tenant=admin role=admin
'''
kstone = auth()
if user:
user_id = user_get(name=user)[user]['id']
else:
user = user_get(user_id).keys()[0]['name']
if not user_id:
return {'Error': 'Unable to resolve user id'}
if tenant:
tenant_id = tenant_get(name=tenant)[tenant]['id']
else:
tenant = tenant_get(tenant_id).keys()[0]['name']
if not tenant_id:
return {'Error': 'Unable to resolve tenant id'}
if role:
role_id = role_get(name=role)[role]['id']
else:
role = role_get(role_id).keys()[0]['name']
if not role_id:
return {'Error': 'Unable to resolve role id'}
kstone.roles.add_user_role(user_id, role_id, tenant_id)
ret_msg = '"{0}" role added for user "{1}" for "{2}" tenant'
return ret_msg.format(role, user, tenant)
def user_role_remove(user_id=None, user=None,
tenant_id=None, tenant=None,
role_id=None, role=None):
'''
Remove role for user in tenant (keystone user-role-remove)
CLI Examples:
.. code-block:: bash
salt '*' keystone.user_role_remove \
user_id=298ce377245c4ec9b70e1c639c89e654 \
tenant_id=7167a092ece84bae8cead4bf9d15bb3b \
role_id=ce377245c4ec9b70e1c639c89e8cead4
salt '*' keystone.user_role_remove user=admin tenant=admin role=admin
'''
kstone = auth()
if user:
user_id = user_get(name=user)[user]['id']
else:
user = user_get(user_id).keys()[0]['name']
if not user_id:
return {'Error': 'Unable to resolve user id'}
if tenant:
tenant_id = tenant_get(name=tenant)[tenant]['id']
else:
tenant = tenant_get(tenant_id).keys()[0]['name']
if not tenant_id:
return {'Error': 'Unable to resolve tenant id'}
if role:
role_id = role_get(name=role)[role]['id']
else:
role = role_get(role_id).keys()[0]['name']
if not role_id:
return {'Error': 'Unable to resolve role id'}
kstone.roles.remove_user_role(user_id, role_id, tenant_id)
ret_msg = '"{0}" role removed for user "{1}" under "{2}" tenant'
return ret_msg.format(role, user, tenant)
def user_role_list(user_id=None,
tenant_id=None,
user_name=None,
tenant_name=None):
'''
Return a list of available user_roles (keystone user_roles-list)
Return a list of available user_roles (keystone user-roles-list)
CLI Examples:
@ -685,7 +771,7 @@ def user_role_list(user_id=None,
if tenant.name == tenant_name:
tenant_id = tenant.id
break
if not user_id and not tenant_id:
if not user_id or not tenant_id:
return {'Error': 'Unable to resolve user or tenant id'}
for role in kstone.roles.roles_for_user(user=user_id, tenant=tenant_id):
ret[role.name] = {'id': role.id,
@ -728,8 +814,6 @@ def _item_list():
#endpoint-delete Delete a service endpoint
#service-create Add service to Service Catalog
#service-delete Delete service from Service Catalog
#user-role-add Add role to user
#user-role-remove Remove role from user
#discover Discover Keystone servers and show authentication
# protocols and
#bootstrap Grants a new role to a new user on a new tenant, after

29
salt/states/keystone.py
View File

@ -26,7 +26,8 @@ def user_present(name,
password,
email,
tenant=None,
enabled=True):
enabled=True,
roles=None):
'''
Ensure that the keystone user is present with the specified properties.
@ -44,6 +45,9 @@ def user_present(name,
enabled
Availability state for this user
roles
The roles the user should have under tenants
'''
ret = {'name': name,
'changes': {},
@ -72,7 +76,7 @@ def user_present(name,
__salt__['keystone.user_update'](name=name, enabled=enabled)
ret['comment'] = 'User "{0}" has been updated'.format(name)
ret['changes']['Enabled'] = 'Now {0}'.format(enabled)
if user[name]['tenant_id'] != tenant_id:
if tenant and user[name]['tenant_id'] != tenant_id:
__salt__['keystone.user_update'](name=name, tenant=tenant)
ret['comment'] = 'User "{0}" has been updated'.format(name)
ret['changes']['Tenant'] = 'Added to "{0}" tenant'.format(tenant)
@ -82,6 +86,20 @@ def user_present(name,
password=password)
ret['comment'] = 'User "{0}" has been updated'.format(name)
ret['changes']['Password'] = 'Updated'
if roles:
for tenant_role in roles[0].keys():
args = {'user_name': name, 'tenant_name': tenant_role}
tenant_roles = __salt__['keystone.user_role_list'](**args)
for role in roles[0][tenant_role]:
if role not in tenant_roles:
addargs = {'user': name,
'role': role,
'tenant': tenant_role}
newrole = __salt__['keystone.user_role_add'](**addargs)
if 'roles' in ret['changes']:
ret['changes']['roles'].append(newrole)
else:
ret['changes']['roles'] = [newrole]
else:
# Create that user!
__salt__['keystone.user_create'](name=name,
@ -89,6 +107,13 @@ def user_present(name,
email=email,
tenant_id=tenant_id,
enabled=enabled)
if roles:
for tenant_role in roles[0].keys():
for role in roles[0][tenant_role]:
args = {'user': name,
'role': role,
'tenant': tenant_role}
__salt__['keystone.user_role_add'](**args)
ret['comment'] = 'Keystone user {0} has been added'.format(name)
ret['changes']['User'] = 'Created'