1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16 """
17 Resource class and its manager for projects in Identity V3 API
18 """
19
20 from yakumo import base
21 from yakumo.constant import UNDEF
22 from yakumo import exception
23 from yakumo import mapper
24
25 from .group import Resource as Group
26 from .role import Resource as Role
27 from .user import Resource as User
28
29
30 ATTRIBUTE_MAPPING = [
31 ('id', 'id', mapper.Noop),
32 ('name', 'name', mapper.Noop),
33 ('description', 'description', mapper.Noop),
34 ('parent', 'parent_id', mapper.Resource('keystone.project')),
35 ('domain', 'domain_id', mapper.Resource('keystone.domain')),
36 ('is_enabled', 'enabled', mapper.Noop),
37 ]
38
39
41 """resource class for projects on Identity V3 API"""
42
45 """
46 Update properties of a project
47
48 @keyword name: Project name
49 @type name: str
50 @keyword description: Description
51 @type description: str
52 @keyword parent: Parent project
53 @type parent: yakumo.keystone.v3.project.Resource
54 @keyword domain: Domain
55 @type domain: yakumo.keystone.v3.domain.Resource
56 @keyword is_enabled: Whether project is enabled or not
57 @type is_enabled: bool
58 @rtype: None
59 """
60 super(Resource, self).update(
61 name=name,
62 description=description,
63 parent=parent,
64 domain=domain,
65 is_enabled=is_enabled)
66
67 - def check_roles(self, users=None, groups=None, roles=None):
68 """
69 Check roles of users and/or groups for a project
70
71 @keyword users: List of users
72 @type users: [keystone.user.Resource]
73 @keyword groups: List of groups
74 @type groups: [keystone.group.Resource]
75 @keyword roles: List of roles
76 @type roles: [keystone.role.Resource]
77 @return: Whether users/groups have roles
78 @rtype: None
79 """
80 if users is None:
81 users = []
82 if isinstance(users, User):
83 users = [users]
84 if groups is None:
85 groups = []
86 if isinstance(groups, Group):
87 groups = [groups]
88 if roles is None:
89 roles = []
90 if isinstance(roles, Role):
91 roles = [roles]
92
93 ret = []
94 for user in users:
95 try:
96 for role in roles:
97 self._http.head(self._url_resource_path, self._id,
98 "users", user.get_id(),
99 "roles", role.get_id())
100 ret.append(True)
101 except exception.NotFound:
102 ret.append(False)
103 for group in groups:
104 try:
105 for role in roles:
106 self._http.head(self._url_resource_path, self._id,
107 "groups", group.get_id(),
108 "roles", role.get_id())
109 ret.append(True)
110 except exception.NotFound:
111 ret.append(False)
112 return ret
113
114 - def grant_roles(self, users=None, groups=None, roles=None):
115 """
116 Grant roles to users and/or groups for a project
117
118 @keyword users: List of users
119 @type users: [keystone.user.Resource]
120 @keyword groups: List of groups
121 @type groups: [keystone.group.Resource]
122 @keyword roles: List of roles
123 @type roles: [keystone.role.Resource]
124 @rtype: None
125 """
126 if users is None:
127 users = []
128 if isinstance(users, User):
129 users = [users]
130 if groups is None:
131 groups = []
132 if isinstance(groups, Group):
133 groups = [groups]
134 if roles is None:
135 roles = []
136 if isinstance(roles, Role):
137 roles = [roles]
138 for role in roles:
139 for user in users:
140 self._http.put(self._url_resource_path, self._id,
141 "users", user.get_id(),
142 "roles", role.get_id())
143 for group in groups:
144 self._http.put(self._url_resource_path, self._id,
145 "groups", group.get_id(),
146 "roles", role.get_id())
147
148 - def revoke_roles(self, users=None, groups=None, roles=None):
149 """
150 Revoke roles from users and/or groups for a project
151
152 @keyword users: List of users
153 @type users: [keystone.user.Resource]
154 @keyword groups: List of groups
155 @type groups: [keystone.group.Resource]
156 @keyword roles: List of roles
157 @type roles: [keystone.role.Resource]
158 @rtype: None
159 """
160 if users is None:
161 users = []
162 if isinstance(users, User):
163 users = [users]
164 if groups is None:
165 groups = []
166 if isinstance(groups, Group):
167 groups = [groups]
168 if roles is None:
169 roles = []
170 if isinstance(roles, Role):
171 roles = [roles]
172 for role in roles:
173 for user in users:
174 self._http.delete(self._url_resource_path, self._id,
175 "users", user.get_id(),
176 "roles", role.get_id())
177 for group in groups:
178 self._http.delete(self._url_resource_path, self._id,
179 "groups", group.get_id(),
180 "roles", role.get_id())
181
182
184 """manager class for projects on Identity V3 API"""
185
186 resource_class = Resource
187 service_type = 'identity'
188 _attr_mapping = ATTRIBUTE_MAPPING
189 _json_resource_key = 'project'
190 _json_resources_key = 'projects'
191 _update_method = 'patch'
192 _url_resource_path = '/projects'
193
196 """
197 Register a project
198
199 @keyword name: Project name
200 @type name: str
201 @keyword description: Description
202 @type description: str
203 @keyword parent: Parent project
204 @type parent: yakumo.keystone.v3.project.Resource
205 @keyword domain: Domain
206 @type domain: yakumo.keystone.v3.domain.Resource
207 @keyword is_enabled: Whether project is enabled or not
208 @type is_enabled: bool
209 @return: Created project
210 @rtype: yakumo.keystone.v3.project.Resource
211 """
212 return super(Manager, self).create(
213 name=name,
214 description=description,
215 parent=parent,
216 domain=domain,
217 is_enabled=is_enabled)
218