← Back to branch summary

~ubuntu-branches/ubuntu/quantal/nova/quantal-proposed

« back to all changes in this revision

Viewing changes to nova/auth/dbdriver.py

  • Committer: Package Import Robot
  • Author(s): Chuck Short
  • Date: 2012-08-16 14:04:11 UTC
  • mto: This revision was merged to the branch mainline in revision 84.
  • Revision ID: package-import@ubuntu.com-20120816140411-0mr4n241wmk30t9l
Tags: upstream-2012.2~f3
ImportĀ upstreamĀ versionĀ 2012.2~f3

Show diffs side-by-side

added added

removed removed

Lines of Context:
nova/auth/dbdriver.py
1
 
# vim: tabstop=4 shiftwidth=4 softtabstop=4
2
 
 
3
 
# Copyright 2010 United States Government as represented by the
4
 
# Administrator of the National Aeronautics and Space Administration.
5
 
# All Rights Reserved.
6
 
#
7
 
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
8
 
#    not use this file except in compliance with the License. You may obtain
9
 
#    a copy of the License at
10
 
#
11
 
#         http://www.apache.org/licenses/LICENSE-2.0
12
 
#
13
 
#    Unless required by applicable law or agreed to in writing, software
14
 
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15
 
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
16
 
#    License for the specific language governing permissions and limitations
17
 
#    under the License.
18
 
 
19
 
"""
20
 
Auth driver using the DB as its backend.
21
 
"""
22
 
 
23
 
from nova import context
24
 
from nova import db
25
 
from nova import exception
26
 
 
27
 
 
28
 
class DbDriver(object):
29
 
    """DB Auth driver
30
 
 
31
 
    Defines enter and exit and therefore supports the with/as syntax.
32
 
    """
33
 
 
34
 
    def __init__(self):
35
 
        """Imports the LDAP module"""
36
 
        pass
37
 
 
38
 
    def __enter__(self):
39
 
        return self
40
 
 
41
 
    def __exit__(self, exc_type, exc_value, traceback):
42
 
        pass
43
 
 
44
 
    def get_user(self, uid):
45
 
        """Retrieve user by id"""
46
 
        user = db.user_get(context.get_admin_context(), uid)
47
 
        return self._db_user_to_auth_user(user)
48
 
 
49
 
    def get_user_from_access_key(self, access):
50
 
        """Retrieve user by access key"""
51
 
        user = db.user_get_by_access_key(context.get_admin_context(), access)
52
 
        return self._db_user_to_auth_user(user)
53
 
 
54
 
    def get_project(self, pid):
55
 
        """Retrieve project by id"""
56
 
        project = db.project_get(context.get_admin_context(), pid)
57
 
        return self._db_project_to_auth_projectuser(project)
58
 
 
59
 
    def get_users(self):
60
 
        """Retrieve list of users"""
61
 
        return [self._db_user_to_auth_user(user)
62
 
                for user in db.user_get_all(context.get_admin_context())]
63
 
 
64
 
    def get_projects(self, uid=None):
65
 
        """Retrieve list of projects"""
66
 
        if uid:
67
 
            result = db.project_get_by_user(context.get_admin_context(), uid)
68
 
        else:
69
 
            result = db.project_get_all(context.get_admin_context())
70
 
        return [self._db_project_to_auth_projectuser(proj) for proj in result]
71
 
 
72
 
    def create_user(self, name, access_key, secret_key, is_admin):
73
 
        """Create a user"""
74
 
        values = {'id': name,
75
 
                  'access_key': access_key,
76
 
                  'secret_key': secret_key,
77
 
                  'is_admin': is_admin}
78
 
        try:
79
 
            user_ref = db.user_create(context.get_admin_context(), values)
80
 
            return self._db_user_to_auth_user(user_ref)
81
 
        except (exception.Duplicate, exception.DBError) as e:
82
 
            raise exception.UserExists(user=name)
83
 
 
84
 
    def _db_user_to_auth_user(self, user_ref):
85
 
        return {'id': user_ref['id'],
86
 
                'name': user_ref['id'],
87
 
                'access': user_ref['access_key'],
88
 
                'secret': user_ref['secret_key'],
89
 
                'admin': user_ref['is_admin']}
90
 
 
91
 
    def _db_project_to_auth_projectuser(self, project_ref):
92
 
        member_ids = [member['id'] for member in project_ref['members']]
93
 
        return {'id': project_ref['id'],
94
 
                'name': project_ref['name'],
95
 
                'project_manager_id': project_ref['project_manager'],
96
 
                'description': project_ref['description'],
97
 
                'member_ids': member_ids}
98
 
 
99
 
    def create_project(self, name, manager_uid,
100
 
                       description=None, member_uids=None):
101
 
        """Create a project"""
102
 
        manager = db.user_get(context.get_admin_context(), manager_uid)
103
 
 
104
 
        # description is a required attribute
105
 
        if description is None:
106
 
            description = name
107
 
 
108
 
        # First, we ensure that all the given users exist before we go
109
 
        # on to create the project. This way we won't have to destroy
110
 
        # the project again because a user turns out to be invalid.
111
 
        members = set([manager])
112
 
        if member_uids is not None:
113
 
            for member_uid in member_uids:
114
 
                member = db.user_get(context.get_admin_context(), member_uid)
115
 
                members.add(member)
116
 
 
117
 
        values = {'id': name,
118
 
                  'name': name,
119
 
                  'project_manager': manager['id'],
120
 
                  'description': description}
121
 
 
122
 
        try:
123
 
            project = db.project_create(context.get_admin_context(), values)
124
 
        except exception.DBError:
125
 
            raise exception.ProjectExists(project=name)
126
 
 
127
 
        for member in members:
128
 
            db.project_add_member(context.get_admin_context(),
129
 
                                  project['id'],
130
 
                                  member['id'])
131
 
 
132
 
        # This looks silly, but ensures that the members element has been
133
 
        # correctly populated
134
 
        project_ref = db.project_get(context.get_admin_context(),
135
 
                                     project['id'])
136
 
        return self._db_project_to_auth_projectuser(project_ref)
137
 
 
138
 
    def modify_project(self, project_id, manager_uid=None, description=None):
139
 
        """Modify an existing project"""
140
 
        if not manager_uid and not description:
141
 
            return
142
 
        values = {}
143
 
        if manager_uid:
144
 
            manager = db.user_get(context.get_admin_context(), manager_uid)
145
 
            values['project_manager'] = manager['id']
146
 
        if description:
147
 
            values['description'] = description
148
 
 
149
 
        db.project_update(context.get_admin_context(), project_id, values)
150
 
        if not self.is_in_project(manager_uid, project_id):
151
 
            self.add_to_project(manager_uid, project_id)
152
 
 
153
 
    def add_to_project(self, uid, project_id):
154
 
        """Add user to project"""
155
 
        user, project = self._validate_user_and_project(uid, project_id)
156
 
        db.project_add_member(context.get_admin_context(),
157
 
                              project['id'],
158
 
                              user['id'])
159
 
 
160
 
    def remove_from_project(self, uid, project_id):
161
 
        """Remove user from project"""
162
 
        user, project = self._validate_user_and_project(uid, project_id)
163
 
        db.project_remove_member(context.get_admin_context(),
164
 
                                 project['id'],
165
 
                                 user['id'])
166
 
 
167
 
    def is_in_project(self, uid, project_id):
168
 
        """Check if user is in project"""
169
 
        user, project = self._validate_user_and_project(uid, project_id)
170
 
        return user in project.members
171
 
 
172
 
    def has_role(self, uid, role, project_id=None):
173
 
        """Check if user has role
174
 
 
175
 
        If project is specified, it checks for local role, otherwise it
176
 
        checks for global role
177
 
        """
178
 
 
179
 
        return role in self.get_user_roles(uid, project_id)
180
 
 
181
 
    def add_role(self, uid, role, project_id=None):
182
 
        """Add role for user (or user and project)"""
183
 
        if not project_id:
184
 
            db.user_add_role(context.get_admin_context(), uid, role)
185
 
            return
186
 
        db.user_add_project_role(context.get_admin_context(),
187
 
                                 uid, project_id, role)
188
 
 
189
 
    def remove_role(self, uid, role, project_id=None):
190
 
        """Remove role for user (or user and project)"""
191
 
        if not project_id:
192
 
            db.user_remove_role(context.get_admin_context(), uid, role)
193
 
            return
194
 
        db.user_remove_project_role(context.get_admin_context(),
195
 
                                    uid, project_id, role)
196
 
 
197
 
    def get_user_roles(self, uid, project_id=None):
198
 
        """Retrieve list of roles for user (or user and project)"""
199
 
        if project_id is None:
200
 
            roles = db.user_get_roles(context.get_admin_context(), uid)
201
 
            return roles
202
 
        else:
203
 
            roles = db.user_get_roles_for_project(context.get_admin_context(),
204
 
                                                  uid, project_id)
205
 
            return roles
206
 
 
207
 
    def delete_user(self, id):
208
 
        """Delete a user"""
209
 
        user = db.user_get(context.get_admin_context(), id)
210
 
        db.user_delete(context.get_admin_context(), user['id'])
211
 
 
212
 
    def delete_project(self, project_id):
213
 
        """Delete a project"""
214
 
        db.project_delete(context.get_admin_context(), project_id)
215
 
 
216
 
    def modify_user(self, uid, access_key=None, secret_key=None, admin=None):
217
 
        """Modify an existing user"""
218
 
        if not access_key and not secret_key and admin is None:
219
 
            return
220
 
        values = {}
221
 
        if access_key:
222
 
            values['access_key'] = access_key
223
 
        if secret_key:
224
 
            values['secret_key'] = secret_key
225
 
        if admin is not None:
226
 
            values['is_admin'] = admin
227
 
        db.user_update(context.get_admin_context(), uid, values)
228
 
 
229
 
    def _validate_user_and_project(self, user_id, project_id):
230
 
        user = db.user_get(context.get_admin_context(), user_id)
231
 
        project = db.project_get(context.get_admin_context(), project_id)
232
 
        return user, project