Hot-keys on this page

r m x p   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

# Copyright 2011 OpenStack LLC. 

# Copyright 2011 Nebula, Inc. 

# All Rights Reserved. 

# 

#    Licensed under the Apache License, Version 2.0 (the "License"); you may 

#    not use this file except in compliance with the License. You may obtain 

#    a copy of the License at 

# 

#         http://www.apache.org/licenses/LICENSE-2.0 

# 

#    Unless required by applicable law or agreed to in writing, software 

#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 

#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 

#    License for the specific language governing permissions and limitations 

#    under the License. 

 

from keystoneclient import base 

 

 

class Role(base.Resource): 

    """Represents a Keystone role""" 

    def __repr__(self): 

        return "<Role %s>" % self._info 

 

    def delete(self): 

        return self.manager.delete(self) 

 

 

class RoleManager(base.ManagerWithFind): 

    """Manager class for manipulating Keystone roles""" 

    resource_class = Role 

 

    def get(self, role): 

        return self._get("/OS-KSADM/roles/%s" % base.getid(role), "role") 

 

    def create(self, name): 

        """ 

        Create a role. 

        """ 

        params = {"role": {"name": name}} 

        return self._create('/OS-KSADM/roles', params, "role") 

 

    def delete(self, role): 

        """ 

        Delete a role. 

        """ 

        return self._delete("/OS-KSADM/roles/%s" % base.getid(role)) 

 

    def list(self): 

        """ 

        List all available roles. 

        """ 

        return self._list("/OS-KSADM/roles", "roles") 

 

    def roles_for_user(self, user, tenant=None): 

        user_id = base.getid(user) 

        if tenant: 

            tenant_id = base.getid(tenant) 

            route = "/tenants/%s/users/%s/roles" 

            return self._list(route % (tenant_id, user_id), "roles") 

        else: 

            return self._list("/users/%s/roles" % user_id, "roles") 

 

    def add_user_role(self, user, role, tenant=None): 

        """ Adds a role to a user. 

 

        If tenant is specified, the role is added just for that tenant, 

        otherwise the role is added globally. 

        """ 

        user_id = base.getid(user) 

        role_id = base.getid(role) 

        if tenant: 

            route = "/tenants/%s/users/%s/roles/OS-KSADM/%s" 

            params = (base.getid(tenant), user_id, role_id) 

            return self._update(route % params, None, "role") 

        else: 

            route = "/users/%s/roles/OS-KSADM/%s" 

            return self._update(route % (user_id, role_id), None, "roles") 

 

    def remove_user_role(self, user, role, tenant=None): 

        """ Removes a role from a user. 

 

        If tenant is specified, the role is removed just for that tenant, 

        otherwise the role is removed from the user's global roles. 

        """ 

        user_id = base.getid(user) 

        role_id = base.getid(role) 

        if tenant: 

            route = "/tenants/%s/users/%s/roles/OS-KSADM/%s" 

            params = (base.getid(tenant), user_id, role_id) 

            return self._delete(route % params) 

        else: 

            route = "/users/%s/roles/OS-KSADM/%s" 

            return self._delete(route % (user_id, role_id))