--- /dev/null
+# Copyright (c) 2017 Cable Television Laboratories, Inc. ("CableLabs")
+# and others. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+class Role:
+ """
+ SNAPS domain object for Roles. Should contain attributes that
+ are shared amongst cloud providers
+ """
+ def __init__(self, name, role_id):
+ """
+ Constructor
+ :param name: the user's name
+ :param id: the user's id
+ """
+ self.name = name
+ self.id = role_id
+
+ def __eq__(self, other):
+ return self.name == other.name and self.id == other.id
--- /dev/null
+# Copyright (c) 2017 Cable Television Laboratories, Inc. ("CableLabs")
+# and others. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import unittest
+from snaps.domain.role import Role
+
+
+class RoleDomainObjectTests(unittest.TestCase):
+ """
+ Tests the construction of the snaps.domain.test.Role class
+ """
+
+ def test_construction_positional(self):
+ role = Role('foo', '123-456')
+ self.assertEqual('foo', role.name)
+ self.assertEqual('123-456', role.id)
+
+ def test_construction_named(self):
+ role = Role(role_id='123-456', name='foo')
+ self.assertEqual('foo', role.name)
+ self.assertEqual('123-456', role.id)
import requests
from snaps.domain.project import Project
+from snaps.domain.role import Role
from snaps.domain.user import User
logger = logging.getLogger('keystone_utils')
keystone.projects.delete(project.id)
-def get_os_user(keystone, user):
+def __get_os_user(keystone, user):
"""
Returns the OpenStack user object
:param keystone: the Keystone client object
domain=user_settings.domain_name, enabled=user_settings.enabled)
for role_name, role_project in user_settings.roles.items():
- os_role = get_os_role_by_name(keystone, role_name)
+ os_role = _get_os_role_by_name(keystone, role_name)
os_project = get_project(keystone=keystone, project_name=role_project)
if os_role and os_project:
- existing_roles = get_os_roles_by_user(keystone, os_user,
- os_project)
+ existing_roles = _get_os_roles_by_user(keystone, os_user,
+ os_project)
found = False
for role in existing_roles:
if role.id == os_role.id:
keystone.users.delete(user.id)
-def get_os_role_by_name(keystone, name):
+def _get_os_role_by_name(keystone, name):
"""
Returns an OpenStack role object of a given name or None if not exists
:param keystone: the keystone client
:param name: the role name
- :return: the OpenStack role object
+ :return: the SNAPS-OO Role domain object
"""
roles = keystone.roles.list()
for role in roles:
if role.name == name:
- return role
+ return Role(name=role.name, role_id=role.id)
-def get_os_roles_by_user(keystone, user, project):
+def _get_os_roles_by_user(keystone, user, project):
"""
Returns a list of OpenStack role object associated with a user
:param keystone: the keystone client
:param user: the OpenStack user object
:param project: the OpenStack project object (only required for v2)
- :return: a list of OpenStack role objects
+ :return: a list of SNAPS-OO Role domain objects
"""
if keystone.version == V2_VERSION:
- os_user = get_os_user(keystone, user)
+ os_user = __get_os_user(keystone, user)
roles = keystone.roles.roles_for_user(os_user, project)
- return roles
else:
- return keystone.roles.list(user=user, project=project)
+ roles = keystone.roles.list(user=user, project=project)
+
+ out = list()
+ for role in roles:
+ out.append(Role(name=role.name, role_id=role.id))
+ return out
-def get_os_role_by_id(keystone, role_id):
+def __get_os_role_by_id(keystone, role_id):
"""
Returns an OpenStack role object of a given name or None if not exists
:param keystone: the keystone client
:param role_id: the role ID
- :return: the OpenStack role object
+ :return: a SNAPS-OO Role domain object
"""
- return keystone.roles.get(role_id)
+ role = keystone.roles.get(role_id)
+ return Role(name=role.name, role_id=role.id)
def create_role(keystone, name):
Creates an OpenStack role
:param keystone: the keystone client
:param name: the role name
- :return:
+ :return: a SNAPS-OO Role domain object
"""
- return keystone.roles.create(name)
+ role = keystone.roles.create(name)
+ return Role(name=role.name, role_id=role.id)
def delete_role(keystone, role):
"""
Deletes an OpenStack role
:param keystone: the keystone client
- :param role: the role to delete
+ :param role: the SNAPS-OO Role domain object to delete
:return:
"""
- keystone.roles.delete(role)
+ keystone.roles.delete(role.id)
def grant_user_role_to_project(keystone, role, user, project):
"""
Grants user and role to a project
:param keystone: the Keystone client
- :param role: the role used to join a project/user
+ :param role: the SNAPS-OO Role domain object used to join a project/user
:param user: the user to add to the project (SNAPS-OO User Domain object
:param project: the project to which to add a user
:return:
"""
+
+ os_role = __get_os_role_by_id(keystone, role.id)
if keystone.version == V2_VERSION:
- keystone.roles.add_user_role(user, role, tenant=project)
+ keystone.roles.add_user_role(user, os_role, tenant=project)
else:
- keystone.roles.grant(role, user=user, project=project)
+ keystone.roles.grant(os_role, user=user, project=project)