Gitiles
Code Review Sign In
spfactory.storpool.com / tempest / c608c2db147f18b47ffa8307930aced493fa734f / . / tempest / services / identity / v3 / json / identity_client.py
blob: d57b931e61bbbfabfb8c4039be5c17b75f3c084c [file] [log] [blame]
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]1# Copyright 2013 OpenStack Foundation
2# All Rights Reserved.
3#
4# Licensed under the Apache License, Version 2.0 (the "License"); you may
5# not use this file except in compliance with the License. You may obtain
6# a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13# License for the specific language governing permissions and limitations
14# under the License.
15
16import json
nayna-patel2db83b32014-05-15 11:41:03 +0000[diff] [blame]17import urllib
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]18
Haiwei Xuaad85db2014-03-05 05:17:39 +0900[diff] [blame]19from tempest.common import rest_client
Matthew Treinish684d8992014-01-30 16:27:40 +0000[diff] [blame]20from tempest import config
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]21from tempest import exceptions
Matthew Treinish684d8992014-01-30 16:27:40 +0000[diff] [blame]22
23CONF = config.CONF
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]24
25
Haiwei Xuaad85db2014-03-05 05:17:39 +0900[diff] [blame]26class IdentityV3ClientJSON(rest_client.RestClient):
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]27
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]28 def __init__(self, auth_provider):
29 super(IdentityV3ClientJSON, self).__init__(auth_provider)
Matthew Treinish684d8992014-01-30 16:27:40 +0000[diff] [blame]30 self.service = CONF.identity.catalog_type
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]31 self.endpoint_url = 'adminURL'
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]32 self.api_version = "v3"
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]33
34 def create_user(self, user_name, **kwargs):
35 """Creates a user."""
36 password = kwargs.get('password', None)
37 email = kwargs.get('email', None)
38 en = kwargs.get('enabled', True)
39 project_id = kwargs.get('project_id', None)
40 description = kwargs.get('description', None)
41 domain_id = kwargs.get('domain_id', 'default')
42 post_body = {
43 'project_id': project_id,
44 'description': description,
45 'domain_id': domain_id,
46 'email': email,
47 'enabled': en,
48 'name': user_name,
49 'password': password
50 }
51 post_body = json.dumps({'user': post_body})
Valeriy Ponomaryov88686d82014-02-16 12:24:51 +0200[diff] [blame]52 resp, body = self.post('users', post_body)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]53 self.expected_success(201, resp.status)
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]54 body = json.loads(body)
55 return resp, body['user']
56
57 def update_user(self, user_id, name, **kwargs):
58 """Updates a user."""
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]59 _, body = self.get_user(user_id)
nayna-patel755d8142013-07-16 06:45:34 +0000[diff] [blame]60 email = kwargs.get('email', body['email'])
61 en = kwargs.get('enabled', body['enabled'])
62 project_id = kwargs.get('project_id', body['project_id'])
63 description = kwargs.get('description', body['description'])
64 domain_id = kwargs.get('domain_id', body['domain_id'])
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]65 post_body = {
66 'name': name,
67 'email': email,
68 'enabled': en,
69 'project_id': project_id,
70 'id': user_id,
71 'domain_id': domain_id,
72 'description': description
73 }
74 post_body = json.dumps({'user': post_body})
Valeriy Ponomaryov88686d82014-02-16 12:24:51 +0200[diff] [blame]75 resp, body = self.patch('users/%s' % user_id, post_body)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]76 self.expected_success(200, resp.status)
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]77 body = json.loads(body)
78 return resp, body['user']
79
ravikumar-venkatesand35d6442014-05-05 12:14:45 +0000[diff] [blame]80 def update_user_password(self, user_id, password, original_password):
81 """Updates a user password."""
82 update_user = {
83 'password': password,
84 'original_password': original_password
85 }
86 update_user = json.dumps({'user': update_user})
87 resp, _ = self.post('users/%s/password' % user_id, update_user)
88 self.expected_success(204, resp.status)
89 return resp
90
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]91 def list_user_projects(self, user_id):
92 """Lists the projects on which a user has roles assigned."""
Valeriy Ponomaryov88686d82014-02-16 12:24:51 +0200[diff] [blame]93 resp, body = self.get('users/%s/projects' % user_id)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]94 self.expected_success(200, resp.status)
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]95 body = json.loads(body)
96 return resp, body['projects']
97
nayna-patel2db83b32014-05-15 11:41:03 +0000[diff] [blame]98 def get_users(self, params=None):
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]99 """Get the list of users."""
nayna-patel2db83b32014-05-15 11:41:03 +0000[diff] [blame]100 url = 'users'
101 if params:
102 url += '?%s' % urllib.urlencode(params)
103 resp, body = self.get(url)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]104 self.expected_success(200, resp.status)
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]105 body = json.loads(body)
106 return resp, body['users']
107
108 def get_user(self, user_id):
109 """GET a user."""
110 resp, body = self.get("users/%s" % user_id)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]111 self.expected_success(200, resp.status)
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]112 body = json.loads(body)
113 return resp, body['user']
114
115 def delete_user(self, user_id):
116 """Deletes a User."""
117 resp, body = self.delete("users/%s" % user_id)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]118 self.expected_success(204, resp.status)
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]119 return resp, body
120
121 def create_project(self, name, **kwargs):
122 """Creates a project."""
123 description = kwargs.get('description', None)
124 en = kwargs.get('enabled', True)
125 domain_id = kwargs.get('domain_id', 'default')
126 post_body = {
127 'description': description,
128 'domain_id': domain_id,
129 'enabled': en,
130 'name': name
131 }
132 post_body = json.dumps({'project': post_body})
Valeriy Ponomaryov88686d82014-02-16 12:24:51 +0200[diff] [blame]133 resp, body = self.post('projects', post_body)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]134 self.expected_success(201, resp.status)
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]135 body = json.loads(body)
136 return resp, body['project']
137
nayna-patel153e9dd2014-05-16 09:00:05 +0000[diff] [blame]138 def list_projects(self, params=None):
139 url = "projects"
140 if params:
141 url += '?%s' % urllib.urlencode(params)
142 resp, body = self.get(url)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]143 self.expected_success(200, resp.status)
Nayna Patele6331362013-08-12 06:59:48 +0000[diff] [blame]144 body = json.loads(body)
145 return resp, body['projects']
146
147 def update_project(self, project_id, **kwargs):
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]148 _, body = self.get_project(project_id)
Nayna Patele6331362013-08-12 06:59:48 +0000[diff] [blame]149 name = kwargs.get('name', body['name'])
150 desc = kwargs.get('description', body['description'])
151 en = kwargs.get('enabled', body['enabled'])
152 domain_id = kwargs.get('domain_id', body['domain_id'])
153 post_body = {
154 'id': project_id,
155 'name': name,
156 'description': desc,
157 'enabled': en,
158 'domain_id': domain_id,
159 }
160 post_body = json.dumps({'project': post_body})
Valeriy Ponomaryov88686d82014-02-16 12:24:51 +0200[diff] [blame]161 resp, body = self.patch('projects/%s' % project_id, post_body)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]162 self.expected_success(200, resp.status)
Nayna Patele6331362013-08-12 06:59:48 +0000[diff] [blame]163 body = json.loads(body)
164 return resp, body['project']
165
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]166 def get_project(self, project_id):
167 """GET a Project."""
168 resp, body = self.get("projects/%s" % project_id)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]169 self.expected_success(200, resp.status)
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]170 body = json.loads(body)
171 return resp, body['project']
172
173 def delete_project(self, project_id):
174 """Delete a project."""
175 resp, body = self.delete('projects/%s' % str(project_id))
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]176 self.expected_success(204, resp.status)
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]177 return resp, body
178
179 def create_role(self, name):
180 """Create a Role."""
181 post_body = {
182 'name': name
183 }
184 post_body = json.dumps({'role': post_body})
Valeriy Ponomaryov88686d82014-02-16 12:24:51 +0200[diff] [blame]185 resp, body = self.post('roles', post_body)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]186 self.expected_success(201, resp.status)
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]187 body = json.loads(body)
188 return resp, body['role']
189
190 def get_role(self, role_id):
191 """GET a Role."""
192 resp, body = self.get('roles/%s' % str(role_id))
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]193 self.expected_success(200, resp.status)
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]194 body = json.loads(body)
195 return resp, body['role']
196
wanglianmina3e84ea2014-03-26 17:30:33 +0800[diff] [blame]197 def list_roles(self):
198 """Get the list of Roles."""
199 resp, body = self.get("roles")
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]200 self.expected_success(200, resp.status)
wanglianmina3e84ea2014-03-26 17:30:33 +0800[diff] [blame]201 body = json.loads(body)
202 return resp, body['roles']
203
nayna-patel755d8142013-07-16 06:45:34 +0000[diff] [blame]204 def update_role(self, name, role_id):
205 """Create a Role."""
206 post_body = {
207 'name': name
208 }
209 post_body = json.dumps({'role': post_body})
Valeriy Ponomaryov88686d82014-02-16 12:24:51 +0200[diff] [blame]210 resp, body = self.patch('roles/%s' % str(role_id), post_body)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]211 self.expected_success(200, resp.status)
nayna-patel755d8142013-07-16 06:45:34 +0000[diff] [blame]212 body = json.loads(body)
213 return resp, body['role']
214
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]215 def delete_role(self, role_id):
216 """Delete a role."""
217 resp, body = self.delete('roles/%s' % str(role_id))
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]218 self.expected_success(204, resp.status)
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]219 return resp, body
220
221 def assign_user_role(self, project_id, user_id, role_id):
222 """Add roles to a user on a project."""
223 resp, body = self.put('projects/%s/users/%s/roles/%s' %
Valeriy Ponomaryov88686d82014-02-16 12:24:51 +0200[diff] [blame]224 (project_id, user_id, role_id), None)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]225 self.expected_success(204, resp.status)
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]226 return resp, body
nayna-patel4df72dc2013-05-29 10:27:24 +0000[diff] [blame]227
228 def create_domain(self, name, **kwargs):
229 """Creates a domain."""
230 description = kwargs.get('description', None)
231 en = kwargs.get('enabled', True)
232 post_body = {
233 'description': description,
234 'enabled': en,
235 'name': name
236 }
237 post_body = json.dumps({'domain': post_body})
Valeriy Ponomaryov88686d82014-02-16 12:24:51 +0200[diff] [blame]238 resp, body = self.post('domains', post_body)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]239 self.expected_success(201, resp.status)
nayna-patel4df72dc2013-05-29 10:27:24 +0000[diff] [blame]240 body = json.loads(body)
241 return resp, body['domain']
242
243 def delete_domain(self, domain_id):
244 """Delete a domain."""
245 resp, body = self.delete('domains/%s' % str(domain_id))
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]246 self.expected_success(204, resp.status)
nayna-patel4df72dc2013-05-29 10:27:24 +0000[diff] [blame]247 return resp, body
248
249 def list_domains(self):
250 """List Domains."""
251 resp, body = self.get('domains')
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]252 self.expected_success(200, resp.status)
nayna-patel4df72dc2013-05-29 10:27:24 +0000[diff] [blame]253 body = json.loads(body)
254 return resp, body['domains']
255
256 def update_domain(self, domain_id, **kwargs):
257 """Updates a domain."""
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]258 _, body = self.get_domain(domain_id)
nayna-patel4df72dc2013-05-29 10:27:24 +0000[diff] [blame]259 description = kwargs.get('description', body['description'])
260 en = kwargs.get('enabled', body['enabled'])
261 name = kwargs.get('name', body['name'])
262 post_body = {
263 'description': description,
264 'enabled': en,
265 'name': name
266 }
267 post_body = json.dumps({'domain': post_body})
Valeriy Ponomaryov88686d82014-02-16 12:24:51 +0200[diff] [blame]268 resp, body = self.patch('domains/%s' % domain_id, post_body)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]269 self.expected_success(200, resp.status)
nayna-patel4df72dc2013-05-29 10:27:24 +0000[diff] [blame]270 body = json.loads(body)
271 return resp, body['domain']
272
273 def get_domain(self, domain_id):
274 """Get Domain details."""
275 resp, body = self.get('domains/%s' % domain_id)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]276 self.expected_success(200, resp.status)
nayna-patel4df72dc2013-05-29 10:27:24 +0000[diff] [blame]277 body = json.loads(body)
278 return resp, body['domain']
nayna-patelb35f7232013-06-28 07:08:44 +0000[diff] [blame]279
280 def get_token(self, resp_token):
281 """Get token details."""
282 headers = {'X-Subject-Token': resp_token}
283 resp, body = self.get("auth/tokens", headers=headers)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]284 self.expected_success(200, resp.status)
nayna-patelb35f7232013-06-28 07:08:44 +0000[diff] [blame]285 body = json.loads(body)
286 return resp, body['token']
287
288 def delete_token(self, resp_token):
289 """Deletes token."""
290 headers = {'X-Subject-Token': resp_token}
291 resp, body = self.delete("auth/tokens", headers=headers)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]292 self.expected_success(204, resp.status)
nayna-patelb35f7232013-06-28 07:08:44 +0000[diff] [blame]293 return resp, body
294
nayna-patel755d8142013-07-16 06:45:34 +0000[diff] [blame]295 def create_group(self, name, **kwargs):
296 """Creates a group."""
297 description = kwargs.get('description', None)
298 domain_id = kwargs.get('domain_id', 'default')
299 project_id = kwargs.get('project_id', None)
300 post_body = {
301 'description': description,
302 'domain_id': domain_id,
303 'project_id': project_id,
304 'name': name
305 }
306 post_body = json.dumps({'group': post_body})
Valeriy Ponomaryov88686d82014-02-16 12:24:51 +0200[diff] [blame]307 resp, body = self.post('groups', post_body)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]308 self.expected_success(201, resp.status)
nayna-patel755d8142013-07-16 06:45:34 +0000[diff] [blame]309 body = json.loads(body)
310 return resp, body['group']
311
Zhi Kun Liue8136f02014-01-07 18:56:28 +0800[diff] [blame]312 def get_group(self, group_id):
313 """Get group details."""
Valeriy Ponomaryov88686d82014-02-16 12:24:51 +0200[diff] [blame]314 resp, body = self.get('groups/%s' % group_id)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]315 self.expected_success(200, resp.status)
Zhi Kun Liue8136f02014-01-07 18:56:28 +0800[diff] [blame]316 body = json.loads(body)
317 return resp, body['group']
318
319 def update_group(self, group_id, **kwargs):
320 """Updates a group."""
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]321 _, body = self.get_group(group_id)
Zhi Kun Liue8136f02014-01-07 18:56:28 +0800[diff] [blame]322 name = kwargs.get('name', body['name'])
323 description = kwargs.get('description', body['description'])
324 post_body = {
325 'name': name,
326 'description': description
327 }
328 post_body = json.dumps({'group': post_body})
Valeriy Ponomaryov88686d82014-02-16 12:24:51 +0200[diff] [blame]329 resp, body = self.patch('groups/%s' % group_id, post_body)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]330 self.expected_success(200, resp.status)
Zhi Kun Liue8136f02014-01-07 18:56:28 +0800[diff] [blame]331 body = json.loads(body)
332 return resp, body['group']
333
nayna-patel755d8142013-07-16 06:45:34 +0000[diff] [blame]334 def delete_group(self, group_id):
335 """Delete a group."""
336 resp, body = self.delete('groups/%s' % str(group_id))
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]337 self.expected_success(204, resp.status)
nayna-patel755d8142013-07-16 06:45:34 +0000[diff] [blame]338 return resp, body
339
Zhi Kun Liue8136f02014-01-07 18:56:28 +0800[diff] [blame]340 def add_group_user(self, group_id, user_id):
341 """Add user into group."""
342 resp, body = self.put('groups/%s/users/%s' % (group_id, user_id),
Valeriy Ponomaryov88686d82014-02-16 12:24:51 +0200[diff] [blame]343 None)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]344 self.expected_success(204, resp.status)
Zhi Kun Liue8136f02014-01-07 18:56:28 +0800[diff] [blame]345 return resp, body
346
347 def list_group_users(self, group_id):
348 """List users in group."""
Valeriy Ponomaryov88686d82014-02-16 12:24:51 +0200[diff] [blame]349 resp, body = self.get('groups/%s/users' % group_id)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]350 self.expected_success(200, resp.status)
Zhi Kun Liue8136f02014-01-07 18:56:28 +0800[diff] [blame]351 body = json.loads(body)
352 return resp, body['users']
353
wanglianmin29b0f4c2014-03-06 19:09:16 +0800[diff] [blame]354 def list_user_groups(self, user_id):
355 """Lists groups which a user belongs to."""
356 resp, body = self.get('users/%s/groups' % user_id)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]357 self.expected_success(200, resp.status)
wanglianmin29b0f4c2014-03-06 19:09:16 +0800[diff] [blame]358 body = json.loads(body)
359 return resp, body['groups']
360
Zhi Kun Liue8136f02014-01-07 18:56:28 +0800[diff] [blame]361 def delete_group_user(self, group_id, user_id):
362 """Delete user in group."""
Valeriy Ponomaryov88686d82014-02-16 12:24:51 +0200[diff] [blame]363 resp, body = self.delete('groups/%s/users/%s' % (group_id, user_id))
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]364 self.expected_success(204, resp.status)
Zhi Kun Liue8136f02014-01-07 18:56:28 +0800[diff] [blame]365 return resp, body
366
nayna-patel755d8142013-07-16 06:45:34 +0000[diff] [blame]367 def assign_user_role_on_project(self, project_id, user_id, role_id):
368 """Add roles to a user on a project."""
369 resp, body = self.put('projects/%s/users/%s/roles/%s' %
Valeriy Ponomaryov88686d82014-02-16 12:24:51 +0200[diff] [blame]370 (project_id, user_id, role_id), None)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]371 self.expected_success(204, resp.status)
nayna-patel755d8142013-07-16 06:45:34 +0000[diff] [blame]372 return resp, body
373
374 def assign_user_role_on_domain(self, domain_id, user_id, role_id):
375 """Add roles to a user on a domain."""
376 resp, body = self.put('domains/%s/users/%s/roles/%s' %
Valeriy Ponomaryov88686d82014-02-16 12:24:51 +0200[diff] [blame]377 (domain_id, user_id, role_id), None)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]378 self.expected_success(204, resp.status)
nayna-patel755d8142013-07-16 06:45:34 +0000[diff] [blame]379 return resp, body
380
381 def list_user_roles_on_project(self, project_id, user_id):
382 """list roles of a user on a project."""
383 resp, body = self.get('projects/%s/users/%s/roles' %
384 (project_id, user_id))
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]385 self.expected_success(200, resp.status)
nayna-patel755d8142013-07-16 06:45:34 +0000[diff] [blame]386 body = json.loads(body)
387 return resp, body['roles']
388
389 def list_user_roles_on_domain(self, domain_id, user_id):
390 """list roles of a user on a domain."""
391 resp, body = self.get('domains/%s/users/%s/roles' %
392 (domain_id, user_id))
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]393 self.expected_success(200, resp.status)
nayna-patel755d8142013-07-16 06:45:34 +0000[diff] [blame]394 body = json.loads(body)
395 return resp, body['roles']
396
397 def revoke_role_from_user_on_project(self, project_id, user_id, role_id):
398 """Delete role of a user on a project."""
399 resp, body = self.delete('projects/%s/users/%s/roles/%s' %
400 (project_id, user_id, role_id))
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]401 self.expected_success(204, resp.status)
nayna-patel755d8142013-07-16 06:45:34 +0000[diff] [blame]402 return resp, body
403
404 def revoke_role_from_user_on_domain(self, domain_id, user_id, role_id):
405 """Delete role of a user on a domain."""
406 resp, body = self.delete('domains/%s/users/%s/roles/%s' %
407 (domain_id, user_id, role_id))
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]408 self.expected_success(204, resp.status)
nayna-patel755d8142013-07-16 06:45:34 +0000[diff] [blame]409 return resp, body
410
411 def assign_group_role_on_project(self, project_id, group_id, role_id):
412 """Add roles to a user on a project."""
413 resp, body = self.put('projects/%s/groups/%s/roles/%s' %
Valeriy Ponomaryov88686d82014-02-16 12:24:51 +0200[diff] [blame]414 (project_id, group_id, role_id), None)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]415 self.expected_success(204, resp.status)
nayna-patel755d8142013-07-16 06:45:34 +0000[diff] [blame]416 return resp, body
417
418 def assign_group_role_on_domain(self, domain_id, group_id, role_id):
419 """Add roles to a user on a domain."""
420 resp, body = self.put('domains/%s/groups/%s/roles/%s' %
Valeriy Ponomaryov88686d82014-02-16 12:24:51 +0200[diff] [blame]421 (domain_id, group_id, role_id), None)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]422 self.expected_success(204, resp.status)
nayna-patel755d8142013-07-16 06:45:34 +0000[diff] [blame]423 return resp, body
424
425 def list_group_roles_on_project(self, project_id, group_id):
426 """list roles of a user on a project."""
427 resp, body = self.get('projects/%s/groups/%s/roles' %
428 (project_id, group_id))
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]429 self.expected_success(200, resp.status)
nayna-patel755d8142013-07-16 06:45:34 +0000[diff] [blame]430 body = json.loads(body)
431 return resp, body['roles']
432
433 def list_group_roles_on_domain(self, domain_id, group_id):
434 """list roles of a user on a domain."""
435 resp, body = self.get('domains/%s/groups/%s/roles' %
436 (domain_id, group_id))
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]437 self.expected_success(200, resp.status)
nayna-patel755d8142013-07-16 06:45:34 +0000[diff] [blame]438 body = json.loads(body)
439 return resp, body['roles']
440
441 def revoke_role_from_group_on_project(self, project_id, group_id, role_id):
442 """Delete role of a user on a project."""
443 resp, body = self.delete('projects/%s/groups/%s/roles/%s' %
444 (project_id, group_id, role_id))
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]445 self.expected_success(204, resp.status)
nayna-patel755d8142013-07-16 06:45:34 +0000[diff] [blame]446 return resp, body
447
448 def revoke_role_from_group_on_domain(self, domain_id, group_id, role_id):
449 """Delete role of a user on a domain."""
450 resp, body = self.delete('domains/%s/groups/%s/roles/%s' %
451 (domain_id, group_id, role_id))
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]452 self.expected_success(204, resp.status)
nayna-patel755d8142013-07-16 06:45:34 +0000[diff] [blame]453 return resp, body
454
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]455 def create_trust(self, trustor_user_id, trustee_user_id, project_id,
456 role_names, impersonation, expires_at):
457 """Creates a trust."""
458 roles = [{'name': n} for n in role_names]
459 post_body = {
460 'trustor_user_id': trustor_user_id,
461 'trustee_user_id': trustee_user_id,
462 'project_id': project_id,
463 'impersonation': impersonation,
464 'roles': roles,
465 'expires_at': expires_at
466 }
467 post_body = json.dumps({'trust': post_body})
Valeriy Ponomaryov88686d82014-02-16 12:24:51 +0200[diff] [blame]468 resp, body = self.post('OS-TRUST/trusts', post_body)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]469 self.expected_success(201, resp.status)
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]470 body = json.loads(body)
471 return resp, body['trust']
472
473 def delete_trust(self, trust_id):
474 """Deletes a trust."""
475 resp, body = self.delete("OS-TRUST/trusts/%s" % trust_id)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]476 self.expected_success(204, resp.status)
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]477 return resp, body
478
479 def get_trusts(self, trustor_user_id=None, trustee_user_id=None):
480 """GET trusts."""
481 if trustor_user_id:
482 resp, body = self.get("OS-TRUST/trusts?trustor_user_id=%s"
483 % trustor_user_id)
484 elif trustee_user_id:
485 resp, body = self.get("OS-TRUST/trusts?trustee_user_id=%s"
486 % trustee_user_id)
487 else:
488 resp, body = self.get("OS-TRUST/trusts")
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]489 self.expected_success(200, resp.status)
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]490 body = json.loads(body)
491 return resp, body['trusts']
492
493 def get_trust(self, trust_id):
494 """GET trust."""
495 resp, body = self.get("OS-TRUST/trusts/%s" % trust_id)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]496 self.expected_success(200, resp.status)
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]497 body = json.loads(body)
498 return resp, body['trust']
499
500 def get_trust_roles(self, trust_id):
501 """GET roles delegated by a trust."""
502 resp, body = self.get("OS-TRUST/trusts/%s/roles" % trust_id)
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]503 self.expected_success(200, resp.status)
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]504 body = json.loads(body)
505 return resp, body['roles']
506
507 def get_trust_role(self, trust_id, role_id):
508 """GET role delegated by a trust."""
509 resp, body = self.get("OS-TRUST/trusts/%s/roles/%s"
510 % (trust_id, role_id))
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]511 self.expected_success(200, resp.status)
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]512 body = json.loads(body)
513 return resp, body['role']
514
515 def check_trust_role(self, trust_id, role_id):
516 """HEAD Check if role is delegated by a trust."""
517 resp, body = self.head("OS-TRUST/trusts/%s/roles/%s"
518 % (trust_id, role_id))
Morgan Fainberg883311d2014-07-03 13:13:10 -0700[diff] [blame]519 self.expected_success(200, resp.status)
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]520 return resp, body
521
nayna-patelb35f7232013-06-28 07:08:44 +0000[diff] [blame]522
Haiwei Xuaad85db2014-03-05 05:17:39 +0900[diff] [blame]523class V3TokenClientJSON(rest_client.RestClient):
nayna-patelb35f7232013-06-28 07:08:44 +0000[diff] [blame]524
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]525 def __init__(self):
526 super(V3TokenClientJSON, self).__init__(None)
527 auth_url = CONF.identity.uri_v3
Matthew Treinishdb2c5972014-01-31 22:18:59 +0000[diff] [blame]528 if not auth_url and CONF.identity_feature_enabled.api_v3:
529 raise exceptions.InvalidConfiguration('you must specify a v3 uri '
530 'if using the v3 identity '
531 'api')
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]532 if 'auth/tokens' not in auth_url:
533 auth_url = auth_url.rstrip('/') + '/auth/tokens'
nayna-patelb35f7232013-06-28 07:08:44 +0000[diff] [blame]534
535 self.auth_url = auth_url
nayna-patelb35f7232013-06-28 07:08:44 +0000[diff] [blame]536
Brant Knudsonc5553292014-03-15 11:06:05 -0500[diff] [blame]537 def auth(self, user=None, password=None, tenant=None, user_type='id',
538 domain=None, token=None):
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]539 """
540 :param user: user id or name, as specified in user_type
541 :param domain: the user and tenant domain
Brant Knudsonc5553292014-03-15 11:06:05 -0500[diff] [blame]542 :param token: a token to re-scope.
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]543
544 Accepts different combinations of credentials. Restrictions:
545 - tenant and domain are only name (no id)
546 - user domain and tenant domain are assumed identical
547 - domain scope is not supported here
548 Sample sample valid combinations:
Brant Knudsonc5553292014-03-15 11:06:05 -0500[diff] [blame]549 - token
550 - token, tenant, domain
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]551 - user_id, password
552 - username, password, domain
553 - username, password, tenant, domain
554 Validation is left to the server side.
555 """
nayna-patelb35f7232013-06-28 07:08:44 +0000[diff] [blame]556 creds = {
557 'auth': {
558 'identity': {
Brant Knudsonc5553292014-03-15 11:06:05 -0500[diff] [blame]559 'methods': [],
nayna-patelb35f7232013-06-28 07:08:44 +0000[diff] [blame]560 }
561 }
562 }
Brant Knudsonc5553292014-03-15 11:06:05 -0500[diff] [blame]563 id_obj = creds['auth']['identity']
564 if token:
565 id_obj['methods'].append('token')
566 id_obj['token'] = {
567 'id': token
568 }
569 if user and password:
570 id_obj['methods'].append('password')
571 id_obj['password'] = {
572 'user': {
573 'password': password,
574 }
575 }
576 if user_type == 'id':
577 id_obj['password']['user']['id'] = user
578 else:
579 id_obj['password']['user']['name'] = user
580 if domain is not None:
581 _domain = dict(name=domain)
582 id_obj['password']['user']['domain'] = _domain
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]583 if tenant is not None:
Brant Knudsonc5553292014-03-15 11:06:05 -0500[diff] [blame]584 _domain = dict(name=domain)
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]585 project = dict(name=tenant, domain=_domain)
586 scope = dict(project=project)
587 creds['auth']['scope'] = scope
588
nayna-patelb35f7232013-06-28 07:08:44 +0000[diff] [blame]589 body = json.dumps(creds)
Valeriy Ponomaryov88686d82014-02-16 12:24:51 +0200[diff] [blame]590 resp, body = self.post(self.auth_url, body=body)
nayna-patelb35f7232013-06-28 07:08:44 +0000[diff] [blame]591 return resp, body
592
Sergey Murashov4fccd322014-03-22 09:58:52 +0400[diff] [blame]593 def request(self, method, url, extra_headers=False, headers=None,
594 body=None):
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]595 """A simple HTTP request interface."""
Valeriy Ponomaryov88686d82014-02-16 12:24:51 +0200[diff] [blame]596 if headers is None:
597 # Always accept 'json', for xml token client too.
598 # Because XML response is not easily
599 # converted to the corresponding JSON one
600 headers = self.get_headers(accept_type="json")
Sergey Murashov4fccd322014-03-22 09:58:52 +0400[diff] [blame]601 elif extra_headers:
602 try:
603 headers.update(self.get_headers(accept_type="json"))
604 except (ValueError, TypeError):
605 headers = self.get_headers(accept_type="json")
606
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]607 resp, resp_body = self.http_obj.request(url, method,
608 headers=headers, body=body)
Sean Dague89a85912014-03-19 16:37:29 -0400[diff] [blame]609 self._log_request(method, url, resp)
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]610
611 if resp.status in [401, 403]:
612 resp_body = json.loads(resp_body)
613 raise exceptions.Unauthorized(resp_body['error']['message'])
614 elif resp.status not in [200, 201, 204]:
615 raise exceptions.IdentityError(
616 'Unexpected status code {0}'.format(resp.status))
617
618 return resp, json.loads(resp_body)
619
620 def get_token(self, user, password, tenant, domain='Default',
621 auth_data=False):
622 """
623 :param user: username
624 Returns (token id, token data) for supplied credentials
625 """
626 resp, body = self.auth(user, password, tenant, user_type='name',
627 domain=domain)
628
629 token = resp.get('x-subject-token')
630 if auth_data:
631 return token, body['token']
632 else:
633 return token