Gitiles
Code Review Sign In
spfactory.storpool.com / tempest / bae5419aa09b69100f50ddf76f60e8528ef89963 / . / tempest / services / identity / v3 / json / identity_client.py
blob: 593bd15db58fb824e4307e3791ac808ec74b2c63 [file] [log] [blame]
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]1# Copyright 2013 OpenStack Foundation
2# All Rights Reserved.
3#
4# Licensed under the Apache License, Version 2.0 (the "License"); you may
5# not use this file except in compliance with the License. You may obtain
6# a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13# License for the specific language governing permissions and limitations
14# under the License.
15
16import json
nayna-patel2db83b32014-05-15 11:41:03 +0000[diff] [blame]17import urllib
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]18
Haiwei Xuaad85db2014-03-05 05:17:39 +0900[diff] [blame]19from tempest.common import rest_client
Matthew Treinish684d8992014-01-30 16:27:40 +0000[diff] [blame]20from tempest import config
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]21from tempest import exceptions
Matthew Treinish684d8992014-01-30 16:27:40 +0000[diff] [blame]22
23CONF = config.CONF
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]24
25
Haiwei Xuaad85db2014-03-05 05:17:39 +0900[diff] [blame]26class IdentityV3ClientJSON(rest_client.RestClient):
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]27
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]28 def __init__(self, auth_provider):
29 super(IdentityV3ClientJSON, self).__init__(auth_provider)
Matthew Treinish684d8992014-01-30 16:27:40 +0000[diff] [blame]30 self.service = CONF.identity.catalog_type
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]31 self.endpoint_url = 'adminURL'
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]32 self.api_version = "v3"
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]33
34 def create_user(self, user_name, **kwargs):
35 """Creates a user."""
36 password = kwargs.get('password', None)
37 email = kwargs.get('email', None)
38 en = kwargs.get('enabled', True)
39 project_id = kwargs.get('project_id', None)
40 description = kwargs.get('description', None)
41 domain_id = kwargs.get('domain_id', 'default')
42 post_body = {
43 'project_id': project_id,
44 'description': description,
45 'domain_id': domain_id,
46 'email': email,
47 'enabled': en,
48 'name': user_name,
49 'password': password
50 }
51 post_body = json.dumps({'user': post_body})
Valeriy Ponomaryov88686d82014-02-16 12:24:51 +0200[diff] [blame]52 resp, body = self.post('users', post_body)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]53 self.expected_success(201, resp.status)
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]54 body = json.loads(body)
55 return resp, body['user']
56
57 def update_user(self, user_id, name, **kwargs):
58 """Updates a user."""
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]59 _, body = self.get_user(user_id)
nayna-patel755d8142013-07-16 06:45:34 +0000[diff] [blame]60 email = kwargs.get('email', body['email'])
61 en = kwargs.get('enabled', body['enabled'])
62 project_id = kwargs.get('project_id', body['project_id'])
63 description = kwargs.get('description', body['description'])
64 domain_id = kwargs.get('domain_id', body['domain_id'])
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]65 post_body = {
66 'name': name,
67 'email': email,
68 'enabled': en,
69 'project_id': project_id,
70 'id': user_id,
71 'domain_id': domain_id,
72 'description': description
73 }
74 post_body = json.dumps({'user': post_body})
Valeriy Ponomaryov88686d82014-02-16 12:24:51 +0200[diff] [blame]75 resp, body = self.patch('users/%s' % user_id, post_body)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]76 self.expected_success(200, resp.status)
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]77 body = json.loads(body)
78 return resp, body['user']
79
80 def list_user_projects(self, user_id):
81 """Lists the projects on which a user has roles assigned."""
Valeriy Ponomaryov88686d82014-02-16 12:24:51 +0200[diff] [blame]82 resp, body = self.get('users/%s/projects' % user_id)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]83 self.expected_success(200, resp.status)
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]84 body = json.loads(body)
85 return resp, body['projects']
86
nayna-patel2db83b32014-05-15 11:41:03 +0000[diff] [blame]87 def get_users(self, params=None):
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]88 """Get the list of users."""
nayna-patel2db83b32014-05-15 11:41:03 +0000[diff] [blame]89 url = 'users'
90 if params:
91 url += '?%s' % urllib.urlencode(params)
92 resp, body = self.get(url)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]93 self.expected_success(200, resp.status)
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]94 body = json.loads(body)
95 return resp, body['users']
96
97 def get_user(self, user_id):
98 """GET a user."""
99 resp, body = self.get("users/%s" % user_id)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]100 self.expected_success(200, resp.status)
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]101 body = json.loads(body)
102 return resp, body['user']
103
104 def delete_user(self, user_id):
105 """Deletes a User."""
106 resp, body = self.delete("users/%s" % user_id)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]107 self.expected_success(204, resp.status)
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]108 return resp, body
109
110 def create_project(self, name, **kwargs):
111 """Creates a project."""
112 description = kwargs.get('description', None)
113 en = kwargs.get('enabled', True)
114 domain_id = kwargs.get('domain_id', 'default')
115 post_body = {
116 'description': description,
117 'domain_id': domain_id,
118 'enabled': en,
119 'name': name
120 }
121 post_body = json.dumps({'project': post_body})
Valeriy Ponomaryov88686d82014-02-16 12:24:51 +0200[diff] [blame]122 resp, body = self.post('projects', post_body)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]123 self.expected_success(201, resp.status)
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]124 body = json.loads(body)
125 return resp, body['project']
126
Nayna Patele6331362013-08-12 06:59:48 +0000[diff] [blame]127 def list_projects(self):
128 resp, body = self.get("projects")
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]129 self.expected_success(200, resp.status)
Nayna Patele6331362013-08-12 06:59:48 +0000[diff] [blame]130 body = json.loads(body)
131 return resp, body['projects']
132
133 def update_project(self, project_id, **kwargs):
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]134 _, body = self.get_project(project_id)
Nayna Patele6331362013-08-12 06:59:48 +0000[diff] [blame]135 name = kwargs.get('name', body['name'])
136 desc = kwargs.get('description', body['description'])
137 en = kwargs.get('enabled', body['enabled'])
138 domain_id = kwargs.get('domain_id', body['domain_id'])
139 post_body = {
140 'id': project_id,
141 'name': name,
142 'description': desc,
143 'enabled': en,
144 'domain_id': domain_id,
145 }
146 post_body = json.dumps({'project': post_body})
Valeriy Ponomaryov88686d82014-02-16 12:24:51 +0200[diff] [blame]147 resp, body = self.patch('projects/%s' % project_id, post_body)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]148 self.expected_success(200, resp.status)
Nayna Patele6331362013-08-12 06:59:48 +0000[diff] [blame]149 body = json.loads(body)
150 return resp, body['project']
151
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]152 def get_project(self, project_id):
153 """GET a Project."""
154 resp, body = self.get("projects/%s" % project_id)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]155 self.expected_success(200, resp.status)
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]156 body = json.loads(body)
157 return resp, body['project']
158
159 def delete_project(self, project_id):
160 """Delete a project."""
161 resp, body = self.delete('projects/%s' % str(project_id))
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]162 self.expected_success(204, resp.status)
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]163 return resp, body
164
165 def create_role(self, name):
166 """Create a Role."""
167 post_body = {
168 'name': name
169 }
170 post_body = json.dumps({'role': post_body})
Valeriy Ponomaryov88686d82014-02-16 12:24:51 +0200[diff] [blame]171 resp, body = self.post('roles', post_body)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]172 self.expected_success(201, resp.status)
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]173 body = json.loads(body)
174 return resp, body['role']
175
176 def get_role(self, role_id):
177 """GET a Role."""
178 resp, body = self.get('roles/%s' % str(role_id))
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]179 self.expected_success(200, resp.status)
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]180 body = json.loads(body)
181 return resp, body['role']
182
wanglianmina3e84ea2014-03-26 17:30:33 +0800[diff] [blame]183 def list_roles(self):
184 """Get the list of Roles."""
185 resp, body = self.get("roles")
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]186 self.expected_success(200, resp.status)
wanglianmina3e84ea2014-03-26 17:30:33 +0800[diff] [blame]187 body = json.loads(body)
188 return resp, body['roles']
189
nayna-patel755d8142013-07-16 06:45:34 +0000[diff] [blame]190 def update_role(self, name, role_id):
191 """Create a Role."""
192 post_body = {
193 'name': name
194 }
195 post_body = json.dumps({'role': post_body})
Valeriy Ponomaryov88686d82014-02-16 12:24:51 +0200[diff] [blame]196 resp, body = self.patch('roles/%s' % str(role_id), post_body)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]197 self.expected_success(200, resp.status)
nayna-patel755d8142013-07-16 06:45:34 +0000[diff] [blame]198 body = json.loads(body)
199 return resp, body['role']
200
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]201 def delete_role(self, role_id):
202 """Delete a role."""
203 resp, body = self.delete('roles/%s' % str(role_id))
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]204 self.expected_success(204, resp.status)
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]205 return resp, body
206
207 def assign_user_role(self, project_id, user_id, role_id):
208 """Add roles to a user on a project."""
209 resp, body = self.put('projects/%s/users/%s/roles/%s' %
Valeriy Ponomaryov88686d82014-02-16 12:24:51 +0200[diff] [blame]210 (project_id, user_id, role_id), None)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]211 self.expected_success(204, resp.status)
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]212 return resp, body
nayna-patel4df72dc2013-05-29 10:27:24 +0000[diff] [blame]213
214 def create_domain(self, name, **kwargs):
215 """Creates a domain."""
216 description = kwargs.get('description', None)
217 en = kwargs.get('enabled', True)
218 post_body = {
219 'description': description,
220 'enabled': en,
221 'name': name
222 }
223 post_body = json.dumps({'domain': post_body})
Valeriy Ponomaryov88686d82014-02-16 12:24:51 +0200[diff] [blame]224 resp, body = self.post('domains', post_body)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]225 self.expected_success(201, resp.status)
nayna-patel4df72dc2013-05-29 10:27:24 +0000[diff] [blame]226 body = json.loads(body)
227 return resp, body['domain']
228
229 def delete_domain(self, domain_id):
230 """Delete a domain."""
231 resp, body = self.delete('domains/%s' % str(domain_id))
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]232 self.expected_success(204, resp.status)
nayna-patel4df72dc2013-05-29 10:27:24 +0000[diff] [blame]233 return resp, body
234
235 def list_domains(self):
236 """List Domains."""
237 resp, body = self.get('domains')
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]238 self.expected_success(200, resp.status)
nayna-patel4df72dc2013-05-29 10:27:24 +0000[diff] [blame]239 body = json.loads(body)
240 return resp, body['domains']
241
242 def update_domain(self, domain_id, **kwargs):
243 """Updates a domain."""
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]244 _, body = self.get_domain(domain_id)
nayna-patel4df72dc2013-05-29 10:27:24 +0000[diff] [blame]245 description = kwargs.get('description', body['description'])
246 en = kwargs.get('enabled', body['enabled'])
247 name = kwargs.get('name', body['name'])
248 post_body = {
249 'description': description,
250 'enabled': en,
251 'name': name
252 }
253 post_body = json.dumps({'domain': post_body})
Valeriy Ponomaryov88686d82014-02-16 12:24:51 +0200[diff] [blame]254 resp, body = self.patch('domains/%s' % domain_id, post_body)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]255 self.expected_success(200, resp.status)
nayna-patel4df72dc2013-05-29 10:27:24 +0000[diff] [blame]256 body = json.loads(body)
257 return resp, body['domain']
258
259 def get_domain(self, domain_id):
260 """Get Domain details."""
261 resp, body = self.get('domains/%s' % domain_id)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]262 self.expected_success(200, resp.status)
nayna-patel4df72dc2013-05-29 10:27:24 +0000[diff] [blame]263 body = json.loads(body)
264 return resp, body['domain']
nayna-patelb35f7232013-06-28 07:08:44 +0000[diff] [blame]265
266 def get_token(self, resp_token):
267 """Get token details."""
268 headers = {'X-Subject-Token': resp_token}
269 resp, body = self.get("auth/tokens", headers=headers)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]270 self.expected_success(200, resp.status)
nayna-patelb35f7232013-06-28 07:08:44 +0000[diff] [blame]271 body = json.loads(body)
272 return resp, body['token']
273
274 def delete_token(self, resp_token):
275 """Deletes token."""
276 headers = {'X-Subject-Token': resp_token}
277 resp, body = self.delete("auth/tokens", headers=headers)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]278 self.expected_success(204, resp.status)
nayna-patelb35f7232013-06-28 07:08:44 +0000[diff] [blame]279 return resp, body
280
nayna-patel755d8142013-07-16 06:45:34 +0000[diff] [blame]281 def create_group(self, name, **kwargs):
282 """Creates a group."""
283 description = kwargs.get('description', None)
284 domain_id = kwargs.get('domain_id', 'default')
285 project_id = kwargs.get('project_id', None)
286 post_body = {
287 'description': description,
288 'domain_id': domain_id,
289 'project_id': project_id,
290 'name': name
291 }
292 post_body = json.dumps({'group': post_body})
Valeriy Ponomaryov88686d82014-02-16 12:24:51 +0200[diff] [blame]293 resp, body = self.post('groups', post_body)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]294 self.expected_success(201, resp.status)
nayna-patel755d8142013-07-16 06:45:34 +0000[diff] [blame]295 body = json.loads(body)
296 return resp, body['group']
297
Zhi Kun Liue8136f02014-01-07 18:56:28 +0800[diff] [blame]298 def get_group(self, group_id):
299 """Get group details."""
Valeriy Ponomaryov88686d82014-02-16 12:24:51 +0200[diff] [blame]300 resp, body = self.get('groups/%s' % group_id)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]301 self.expected_success(200, resp.status)
Zhi Kun Liue8136f02014-01-07 18:56:28 +0800[diff] [blame]302 body = json.loads(body)
303 return resp, body['group']
304
305 def update_group(self, group_id, **kwargs):
306 """Updates a group."""
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]307 _, body = self.get_group(group_id)
Zhi Kun Liue8136f02014-01-07 18:56:28 +0800[diff] [blame]308 name = kwargs.get('name', body['name'])
309 description = kwargs.get('description', body['description'])
310 post_body = {
311 'name': name,
312 'description': description
313 }
314 post_body = json.dumps({'group': post_body})
Valeriy Ponomaryov88686d82014-02-16 12:24:51 +0200[diff] [blame]315 resp, body = self.patch('groups/%s' % group_id, post_body)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]316 self.expected_success(200, resp.status)
Zhi Kun Liue8136f02014-01-07 18:56:28 +0800[diff] [blame]317 body = json.loads(body)
318 return resp, body['group']
319
nayna-patel755d8142013-07-16 06:45:34 +0000[diff] [blame]320 def delete_group(self, group_id):
321 """Delete a group."""
322 resp, body = self.delete('groups/%s' % str(group_id))
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]323 self.expected_success(204, resp.status)
nayna-patel755d8142013-07-16 06:45:34 +0000[diff] [blame]324 return resp, body
325
Zhi Kun Liue8136f02014-01-07 18:56:28 +0800[diff] [blame]326 def add_group_user(self, group_id, user_id):
327 """Add user into group."""
328 resp, body = self.put('groups/%s/users/%s' % (group_id, user_id),
Valeriy Ponomaryov88686d82014-02-16 12:24:51 +0200[diff] [blame]329 None)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]330 self.expected_success(204, resp.status)
Zhi Kun Liue8136f02014-01-07 18:56:28 +0800[diff] [blame]331 return resp, body
332
333 def list_group_users(self, group_id):
334 """List users in group."""
Valeriy Ponomaryov88686d82014-02-16 12:24:51 +0200[diff] [blame]335 resp, body = self.get('groups/%s/users' % group_id)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]336 self.expected_success(200, resp.status)
Zhi Kun Liue8136f02014-01-07 18:56:28 +0800[diff] [blame]337 body = json.loads(body)
338 return resp, body['users']
339
wanglianmin29b0f4c2014-03-06 19:09:16 +0800[diff] [blame]340 def list_user_groups(self, user_id):
341 """Lists groups which a user belongs to."""
342 resp, body = self.get('users/%s/groups' % user_id)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]343 self.expected_success(200, resp.status)
wanglianmin29b0f4c2014-03-06 19:09:16 +0800[diff] [blame]344 body = json.loads(body)
345 return resp, body['groups']
346
Zhi Kun Liue8136f02014-01-07 18:56:28 +0800[diff] [blame]347 def delete_group_user(self, group_id, user_id):
348 """Delete user in group."""
Valeriy Ponomaryov88686d82014-02-16 12:24:51 +0200[diff] [blame]349 resp, body = self.delete('groups/%s/users/%s' % (group_id, user_id))
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]350 self.expected_success(204, resp.status)
Zhi Kun Liue8136f02014-01-07 18:56:28 +0800[diff] [blame]351 return resp, body
352
nayna-patel755d8142013-07-16 06:45:34 +0000[diff] [blame]353 def assign_user_role_on_project(self, project_id, user_id, role_id):
354 """Add roles to a user on a project."""
355 resp, body = self.put('projects/%s/users/%s/roles/%s' %
Valeriy Ponomaryov88686d82014-02-16 12:24:51 +0200[diff] [blame]356 (project_id, user_id, role_id), None)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]357 self.expected_success(204, resp.status)
nayna-patel755d8142013-07-16 06:45:34 +0000[diff] [blame]358 return resp, body
359
360 def assign_user_role_on_domain(self, domain_id, user_id, role_id):
361 """Add roles to a user on a domain."""
362 resp, body = self.put('domains/%s/users/%s/roles/%s' %
Valeriy Ponomaryov88686d82014-02-16 12:24:51 +0200[diff] [blame]363 (domain_id, user_id, role_id), None)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]364 self.expected_success(204, resp.status)
nayna-patel755d8142013-07-16 06:45:34 +0000[diff] [blame]365 return resp, body
366
367 def list_user_roles_on_project(self, project_id, user_id):
368 """list roles of a user on a project."""
369 resp, body = self.get('projects/%s/users/%s/roles' %
370 (project_id, user_id))
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]371 self.expected_success(200, resp.status)
nayna-patel755d8142013-07-16 06:45:34 +0000[diff] [blame]372 body = json.loads(body)
373 return resp, body['roles']
374
375 def list_user_roles_on_domain(self, domain_id, user_id):
376 """list roles of a user on a domain."""
377 resp, body = self.get('domains/%s/users/%s/roles' %
378 (domain_id, user_id))
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]379 self.expected_success(200, resp.status)
nayna-patel755d8142013-07-16 06:45:34 +0000[diff] [blame]380 body = json.loads(body)
381 return resp, body['roles']
382
383 def revoke_role_from_user_on_project(self, project_id, user_id, role_id):
384 """Delete role of a user on a project."""
385 resp, body = self.delete('projects/%s/users/%s/roles/%s' %
386 (project_id, user_id, role_id))
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]387 self.expected_success(204, resp.status)
nayna-patel755d8142013-07-16 06:45:34 +0000[diff] [blame]388 return resp, body
389
390 def revoke_role_from_user_on_domain(self, domain_id, user_id, role_id):
391 """Delete role of a user on a domain."""
392 resp, body = self.delete('domains/%s/users/%s/roles/%s' %
393 (domain_id, user_id, role_id))
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]394 self.expected_success(204, resp.status)
nayna-patel755d8142013-07-16 06:45:34 +0000[diff] [blame]395 return resp, body
396
397 def assign_group_role_on_project(self, project_id, group_id, role_id):
398 """Add roles to a user on a project."""
399 resp, body = self.put('projects/%s/groups/%s/roles/%s' %
Valeriy Ponomaryov88686d82014-02-16 12:24:51 +0200[diff] [blame]400 (project_id, group_id, role_id), None)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]401 self.expected_success(204, resp.status)
nayna-patel755d8142013-07-16 06:45:34 +0000[diff] [blame]402 return resp, body
403
404 def assign_group_role_on_domain(self, domain_id, group_id, role_id):
405 """Add roles to a user on a domain."""
406 resp, body = self.put('domains/%s/groups/%s/roles/%s' %
Valeriy Ponomaryov88686d82014-02-16 12:24:51 +0200[diff] [blame]407 (domain_id, group_id, role_id), None)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]408 self.expected_success(204, resp.status)
nayna-patel755d8142013-07-16 06:45:34 +0000[diff] [blame]409 return resp, body
410
411 def list_group_roles_on_project(self, project_id, group_id):
412 """list roles of a user on a project."""
413 resp, body = self.get('projects/%s/groups/%s/roles' %
414 (project_id, group_id))
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]415 self.expected_success(200, resp.status)
nayna-patel755d8142013-07-16 06:45:34 +0000[diff] [blame]416 body = json.loads(body)
417 return resp, body['roles']
418
419 def list_group_roles_on_domain(self, domain_id, group_id):
420 """list roles of a user on a domain."""
421 resp, body = self.get('domains/%s/groups/%s/roles' %
422 (domain_id, group_id))
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]423 self.expected_success(200, resp.status)
nayna-patel755d8142013-07-16 06:45:34 +0000[diff] [blame]424 body = json.loads(body)
425 return resp, body['roles']
426
427 def revoke_role_from_group_on_project(self, project_id, group_id, role_id):
428 """Delete role of a user on a project."""
429 resp, body = self.delete('projects/%s/groups/%s/roles/%s' %
430 (project_id, group_id, role_id))
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]431 self.expected_success(204, resp.status)
nayna-patel755d8142013-07-16 06:45:34 +0000[diff] [blame]432 return resp, body
433
434 def revoke_role_from_group_on_domain(self, domain_id, group_id, role_id):
435 """Delete role of a user on a domain."""
436 resp, body = self.delete('domains/%s/groups/%s/roles/%s' %
437 (domain_id, group_id, role_id))
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]438 self.expected_success(204, resp.status)
nayna-patel755d8142013-07-16 06:45:34 +0000[diff] [blame]439 return resp, body
440
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]441 def create_trust(self, trustor_user_id, trustee_user_id, project_id,
442 role_names, impersonation, expires_at):
443 """Creates a trust."""
444 roles = [{'name': n} for n in role_names]
445 post_body = {
446 'trustor_user_id': trustor_user_id,
447 'trustee_user_id': trustee_user_id,
448 'project_id': project_id,
449 'impersonation': impersonation,
450 'roles': roles,
451 'expires_at': expires_at
452 }
453 post_body = json.dumps({'trust': post_body})
Valeriy Ponomaryov88686d82014-02-16 12:24:51 +0200[diff] [blame]454 resp, body = self.post('OS-TRUST/trusts', post_body)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]455 self.expected_success(201, resp.status)
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]456 body = json.loads(body)
457 return resp, body['trust']
458
459 def delete_trust(self, trust_id):
460 """Deletes a trust."""
461 resp, body = self.delete("OS-TRUST/trusts/%s" % trust_id)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]462 self.expected_success(204, resp.status)
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]463 return resp, body
464
465 def get_trusts(self, trustor_user_id=None, trustee_user_id=None):
466 """GET trusts."""
467 if trustor_user_id:
468 resp, body = self.get("OS-TRUST/trusts?trustor_user_id=%s"
469 % trustor_user_id)
470 elif trustee_user_id:
471 resp, body = self.get("OS-TRUST/trusts?trustee_user_id=%s"
472 % trustee_user_id)
473 else:
474 resp, body = self.get("OS-TRUST/trusts")
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]475 self.expected_success(200, resp.status)
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]476 body = json.loads(body)
477 return resp, body['trusts']
478
479 def get_trust(self, trust_id):
480 """GET trust."""
481 resp, body = self.get("OS-TRUST/trusts/%s" % trust_id)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]482 self.expected_success(200, resp.status)
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]483 body = json.loads(body)
484 return resp, body['trust']
485
486 def get_trust_roles(self, trust_id):
487 """GET roles delegated by a trust."""
488 resp, body = self.get("OS-TRUST/trusts/%s/roles" % trust_id)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]489 self.expected_success(200, resp.status)
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]490 body = json.loads(body)
491 return resp, body['roles']
492
493 def get_trust_role(self, trust_id, role_id):
494 """GET role delegated by a trust."""
495 resp, body = self.get("OS-TRUST/trusts/%s/roles/%s"
496 % (trust_id, role_id))
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]497 self.expected_success(200, resp.status)
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]498 body = json.loads(body)
499 return resp, body['role']
500
501 def check_trust_role(self, trust_id, role_id):
502 """HEAD Check if role is delegated by a trust."""
503 resp, body = self.head("OS-TRUST/trusts/%s/roles/%s"
504 % (trust_id, role_id))
Morgan Fainberg883311d2014-07-03 13:13:10 -0700[diff] [blame]505 self.expected_success(200, resp.status)
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]506 return resp, body
507
nayna-patelb35f7232013-06-28 07:08:44 +0000[diff] [blame]508
Haiwei Xuaad85db2014-03-05 05:17:39 +0900[diff] [blame]509class V3TokenClientJSON(rest_client.RestClient):
nayna-patelb35f7232013-06-28 07:08:44 +0000[diff] [blame]510
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]511 def __init__(self):
512 super(V3TokenClientJSON, self).__init__(None)
513 auth_url = CONF.identity.uri_v3
Matthew Treinishdb2c5972014-01-31 22:18:59 +0000[diff] [blame]514 if not auth_url and CONF.identity_feature_enabled.api_v3:
515 raise exceptions.InvalidConfiguration('you must specify a v3 uri '
516 'if using the v3 identity '
517 'api')
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]518 if 'auth/tokens' not in auth_url:
519 auth_url = auth_url.rstrip('/') + '/auth/tokens'
nayna-patelb35f7232013-06-28 07:08:44 +0000[diff] [blame]520
521 self.auth_url = auth_url
nayna-patelb35f7232013-06-28 07:08:44 +0000[diff] [blame]522
Brant Knudsonc5553292014-03-15 11:06:05 -0500[diff] [blame]523 def auth(self, user=None, password=None, tenant=None, user_type='id',
524 domain=None, token=None):
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]525 """
526 :param user: user id or name, as specified in user_type
527 :param domain: the user and tenant domain
Brant Knudsonc5553292014-03-15 11:06:05 -0500[diff] [blame]528 :param token: a token to re-scope.
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]529
530 Accepts different combinations of credentials. Restrictions:
531 - tenant and domain are only name (no id)
532 - user domain and tenant domain are assumed identical
533 - domain scope is not supported here
534 Sample sample valid combinations:
Brant Knudsonc5553292014-03-15 11:06:05 -0500[diff] [blame]535 - token
536 - token, tenant, domain
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]537 - user_id, password
538 - username, password, domain
539 - username, password, tenant, domain
540 Validation is left to the server side.
541 """
nayna-patelb35f7232013-06-28 07:08:44 +0000[diff] [blame]542 creds = {
543 'auth': {
544 'identity': {
Brant Knudsonc5553292014-03-15 11:06:05 -0500[diff] [blame]545 'methods': [],
nayna-patelb35f7232013-06-28 07:08:44 +0000[diff] [blame]546 }
547 }
548 }
Brant Knudsonc5553292014-03-15 11:06:05 -0500[diff] [blame]549 id_obj = creds['auth']['identity']
550 if token:
551 id_obj['methods'].append('token')
552 id_obj['token'] = {
553 'id': token
554 }
555 if user and password:
556 id_obj['methods'].append('password')
557 id_obj['password'] = {
558 'user': {
559 'password': password,
560 }
561 }
562 if user_type == 'id':
563 id_obj['password']['user']['id'] = user
564 else:
565 id_obj['password']['user']['name'] = user
566 if domain is not None:
567 _domain = dict(name=domain)
568 id_obj['password']['user']['domain'] = _domain
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]569 if tenant is not None:
Brant Knudsonc5553292014-03-15 11:06:05 -0500[diff] [blame]570 _domain = dict(name=domain)
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]571 project = dict(name=tenant, domain=_domain)
572 scope = dict(project=project)
573 creds['auth']['scope'] = scope
574
nayna-patelb35f7232013-06-28 07:08:44 +0000[diff] [blame]575 body = json.dumps(creds)
Valeriy Ponomaryov88686d82014-02-16 12:24:51 +0200[diff] [blame]576 resp, body = self.post(self.auth_url, body=body)
nayna-patelb35f7232013-06-28 07:08:44 +0000[diff] [blame]577 return resp, body
578
Sergey Murashov4fccd322014-03-22 09:58:52 +0400[diff] [blame]579 def request(self, method, url, extra_headers=False, headers=None,
580 body=None):
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]581 """A simple HTTP request interface."""
Valeriy Ponomaryov88686d82014-02-16 12:24:51 +0200[diff] [blame]582 if headers is None:
583 # Always accept 'json', for xml token client too.
584 # Because XML response is not easily
585 # converted to the corresponding JSON one
586 headers = self.get_headers(accept_type="json")
Sergey Murashov4fccd322014-03-22 09:58:52 +0400[diff] [blame]587 elif extra_headers:
588 try:
589 headers.update(self.get_headers(accept_type="json"))
590 except (ValueError, TypeError):
591 headers = self.get_headers(accept_type="json")
592
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]593 resp, resp_body = self.http_obj.request(url, method,
594 headers=headers, body=body)
Sean Dague89a85912014-03-19 16:37:29 -0400[diff] [blame]595 self._log_request(method, url, resp)
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]596
597 if resp.status in [401, 403]:
598 resp_body = json.loads(resp_body)
599 raise exceptions.Unauthorized(resp_body['error']['message'])
600 elif resp.status not in [200, 201, 204]:
601 raise exceptions.IdentityError(
602 'Unexpected status code {0}'.format(resp.status))
603
604 return resp, json.loads(resp_body)
605
606 def get_token(self, user, password, tenant, domain='Default',
607 auth_data=False):
608 """
609 :param user: username
610 Returns (token id, token data) for supplied credentials
611 """
612 resp, body = self.auth(user, password, tenant, user_type='name',
613 domain=domain)
614
615 token = resp.get('x-subject-token')
616 if auth_data:
617 return token, body['token']
618 else:
619 return token