37
38
'Policies': {'Type': 'List'}}
39
def __init__(self, name, json_snippet, stack):
40
super(User, self).__init__(name, json_snippet, stack)
42
40
def _validate_policies(self, policies):
43
41
for policy in (policies or []):
44
42
# When we support AWS IAM style policies, we will have to accept
84
82
self.resource_id_set(uid)
86
def handle_update(self, json_snippet):
87
return self.UPDATE_REPLACE
89
84
def handle_delete(self):
90
85
if self.resource_id is None:
91
86
logger.error("Cannot delete User resource before user created!")
93
self.keystone().delete_stack_user(self.resource_id)
89
self.keystone().delete_stack_user(self.resource_id)
90
except clients.hkc.kc.exceptions.NotFound:
93
def handle_suspend(self):
94
if self.resource_id is None:
95
logger.error("Cannot suspend User resource before user created!")
97
self.keystone().disable_stack_user(self.resource_id)
99
def handle_resume(self):
100
if self.resource_id is None:
101
logger.error("Cannot resume User resource before user created!")
103
self.keystone().enable_stack_user(self.resource_id)
95
105
def FnGetRefId(self):
96
106
return unicode(self.physical_resource_name())
98
108
def FnGetAtt(self, key):
99
#TODO Implement Arn attribute
109
#TODO(asalkeld) Implement Arn attribute
100
110
raise exception.InvalidTemplateAttribute(
101
resource=self.physical_resource_name(), key=key)
111
resource=self.name, key=key)
103
113
def access_allowed(self, resource_name):
104
114
policies = (self.properties['Policies'] or [])
141
151
return self.stack.resource_by_refid(self.properties['UserName'])
143
153
def handle_create(self):
145
user_id = self._get_user().resource_id
146
except AttributeError:
154
user = self._get_user()
147
156
raise exception.NotFound('could not find user %s' %
148
157
self.properties['UserName'])
150
kp = self.keystone().get_ec2_keypair(user_id)
159
kp = self.keystone().get_ec2_keypair(user.resource_id)
152
161
raise exception.Error("Error creating ec2 keypair for user %s" %
155
self.resource_id_set(kp.access)
156
self._secret = kp.secret
158
def handle_update(self, json_snippet):
159
return self.UPDATE_REPLACE
164
self.resource_id_set(kp.access)
165
self._secret = kp.secret
161
167
def handle_delete(self):
169
if self.resource_id is None:
172
user = self._get_user()
174
logger.warning('Error deleting %s - user not found' % str(self))
176
user_id = user.resource_id
179
self.keystone().delete_ec2_keypair(user_id, self.resource_id)
180
except clients.hkc.kc.exceptions.NotFound:
162
183
self.resource_id_set(None)
164
user_id = self._get_user().resource_id
165
if user_id and self.resource_id:
166
self.keystone().delete_ec2_keypair(user_id, self.resource_id)
168
185
def _secret_accesskey(self):
217
234
properties_schema = {'AllowedResources': {'Type': 'List',
218
235
'Required': True}}
220
def __init__(self, name, json_snippet, stack):
221
super(AccessPolicy, self).__init__(name, json_snippet, stack)
223
237
def handle_create(self):
224
238
resources = self.properties['AllowedResources']
225
239
# All of the provided resource names must exist in this stack
230
244
raise exception.ResourceNotFound(resource_name=resource,
231
245
stack_name=self.stack.name)
233
def handle_update(self, json_snippet):
234
return self.UPDATE_REPLACE
236
247
def access_allowed(self, resource_name):
237
248
return resource_name in self.properties['AllowedResources']