1
# vim: tabstop=4 shiftwidth=4 softtabstop=4
3
# Copyright 2010 United States Government as represented by the
4
# Administrator of the National Aeronautics and Space Administration.
7
# Licensed under the Apache License, Version 2.0 (the "License"); you may
8
# not use this file except in compliance with the License. You may obtain
9
# a copy of the License at
11
# http://www.apache.org/licenses/LICENSE-2.0
13
# Unless required by applicable law or agreed to in writing, software
14
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
16
# License for the specific language governing permissions and limitations
20
Auth driver using the DB as its backend.
23
from nova import context
25
from nova import exception
28
class DbDriver(object):
31
Defines enter and exit and therefore supports the with/as syntax.
35
"""Imports the LDAP module"""
41
def __exit__(self, exc_type, exc_value, traceback):
44
def get_user(self, uid):
45
"""Retrieve user by id"""
46
user = db.user_get(context.get_admin_context(), uid)
47
return self._db_user_to_auth_user(user)
49
def get_user_from_access_key(self, access):
50
"""Retrieve user by access key"""
51
user = db.user_get_by_access_key(context.get_admin_context(), access)
52
return self._db_user_to_auth_user(user)
54
def get_project(self, pid):
55
"""Retrieve project by id"""
56
project = db.project_get(context.get_admin_context(), pid)
57
return self._db_project_to_auth_projectuser(project)
60
"""Retrieve list of users"""
61
return [self._db_user_to_auth_user(user)
62
for user in db.user_get_all(context.get_admin_context())]
64
def get_projects(self, uid=None):
65
"""Retrieve list of projects"""
67
result = db.project_get_by_user(context.get_admin_context(), uid)
69
result = db.project_get_all(context.get_admin_context())
70
return [self._db_project_to_auth_projectuser(proj) for proj in result]
72
def create_user(self, name, access_key, secret_key, is_admin):
75
'access_key': access_key,
76
'secret_key': secret_key,
79
user_ref = db.user_create(context.get_admin_context(), values)
80
return self._db_user_to_auth_user(user_ref)
81
except (exception.Duplicate, exception.DBError) as e:
82
raise exception.UserExists(user=name)
84
def _db_user_to_auth_user(self, user_ref):
85
return {'id': user_ref['id'],
86
'name': user_ref['id'],
87
'access': user_ref['access_key'],
88
'secret': user_ref['secret_key'],
89
'admin': user_ref['is_admin']}
91
def _db_project_to_auth_projectuser(self, project_ref):
92
member_ids = [member['id'] for member in project_ref['members']]
93
return {'id': project_ref['id'],
94
'name': project_ref['name'],
95
'project_manager_id': project_ref['project_manager'],
96
'description': project_ref['description'],
97
'member_ids': member_ids}
99
def create_project(self, name, manager_uid,
100
description=None, member_uids=None):
101
"""Create a project"""
102
manager = db.user_get(context.get_admin_context(), manager_uid)
104
# description is a required attribute
105
if description is None:
108
# First, we ensure that all the given users exist before we go
109
# on to create the project. This way we won't have to destroy
110
# the project again because a user turns out to be invalid.
111
members = set([manager])
112
if member_uids is not None:
113
for member_uid in member_uids:
114
member = db.user_get(context.get_admin_context(), member_uid)
117
values = {'id': name,
119
'project_manager': manager['id'],
120
'description': description}
123
project = db.project_create(context.get_admin_context(), values)
124
except exception.DBError:
125
raise exception.ProjectExists(project=name)
127
for member in members:
128
db.project_add_member(context.get_admin_context(),
132
# This looks silly, but ensures that the members element has been
133
# correctly populated
134
project_ref = db.project_get(context.get_admin_context(),
136
return self._db_project_to_auth_projectuser(project_ref)
138
def modify_project(self, project_id, manager_uid=None, description=None):
139
"""Modify an existing project"""
140
if not manager_uid and not description:
144
manager = db.user_get(context.get_admin_context(), manager_uid)
145
values['project_manager'] = manager['id']
147
values['description'] = description
149
db.project_update(context.get_admin_context(), project_id, values)
150
if not self.is_in_project(manager_uid, project_id):
151
self.add_to_project(manager_uid, project_id)
153
def add_to_project(self, uid, project_id):
154
"""Add user to project"""
155
user, project = self._validate_user_and_project(uid, project_id)
156
db.project_add_member(context.get_admin_context(),
160
def remove_from_project(self, uid, project_id):
161
"""Remove user from project"""
162
user, project = self._validate_user_and_project(uid, project_id)
163
db.project_remove_member(context.get_admin_context(),
167
def is_in_project(self, uid, project_id):
168
"""Check if user is in project"""
169
user, project = self._validate_user_and_project(uid, project_id)
170
return user in project.members
172
def has_role(self, uid, role, project_id=None):
173
"""Check if user has role
175
If project is specified, it checks for local role, otherwise it
176
checks for global role
179
return role in self.get_user_roles(uid, project_id)
181
def add_role(self, uid, role, project_id=None):
182
"""Add role for user (or user and project)"""
184
db.user_add_role(context.get_admin_context(), uid, role)
186
db.user_add_project_role(context.get_admin_context(),
187
uid, project_id, role)
189
def remove_role(self, uid, role, project_id=None):
190
"""Remove role for user (or user and project)"""
192
db.user_remove_role(context.get_admin_context(), uid, role)
194
db.user_remove_project_role(context.get_admin_context(),
195
uid, project_id, role)
197
def get_user_roles(self, uid, project_id=None):
198
"""Retrieve list of roles for user (or user and project)"""
199
if project_id is None:
200
roles = db.user_get_roles(context.get_admin_context(), uid)
203
roles = db.user_get_roles_for_project(context.get_admin_context(),
207
def delete_user(self, id):
209
user = db.user_get(context.get_admin_context(), id)
210
db.user_delete(context.get_admin_context(), user['id'])
212
def delete_project(self, project_id):
213
"""Delete a project"""
214
db.project_delete(context.get_admin_context(), project_id)
216
def modify_user(self, uid, access_key=None, secret_key=None, admin=None):
217
"""Modify an existing user"""
218
if not access_key and not secret_key and admin is None:
222
values['access_key'] = access_key
224
values['secret_key'] = secret_key
225
if admin is not None:
226
values['is_admin'] = admin
227
db.user_update(context.get_admin_context(), uid, values)
229
def _validate_user_and_project(self, user_id, project_id):
230
user = db.user_get(context.get_admin_context(), user_id)
231
project = db.project_get(context.get_admin_context(), project_id)