Add role inference calls, domains
Also rework get_by_name_or_uuid method to work with multiple keys
and add get_by_name_or_uuid decorator for role assign, unassgin and check.
Change-Id: I808ce0c1aa1a7231875256ae6f22e986d78f8f00
Related-Issue: PROD-21388
diff --git a/_modules/keystonev3/roles.py b/_modules/keystonev3/roles.py
index bd85c16..3f6c06a 100644
--- a/_modules/keystonev3/roles.py
+++ b/_modules/keystonev3/roles.py
@@ -1,5 +1,6 @@
-from keystonev3.common import get_by_name_or_uuid, send
-from keystonev3.common import KeystoneException
+from keystonev3.common import send
+from keystonev3.arg_converter import get_by_name_or_uuid_multiple
+
try:
from urllib.parse import urlencode
@@ -7,69 +8,64 @@
from urllib import urlencode
-@send('get')
-def role_list(**kwargs):
- url = '/roles?{}'.format(urlencode(kwargs))
- return url, None
-
-
-@send('get')
-def role_assignment_list(**kwargs):
- url = '/role_assignments?{}'.format(urlencode(kwargs))
- return url, None
-
-
+@get_by_name_or_uuid_multiple([('project', 'project_id'), ('user', 'user_id'),
+ ('role', 'role_id')])
@send('put')
-def role_add(user_id, role_id, project_id=None, domain_id=None, **kwargs):
- if (project_id and domain_id) or (not project_id and not domain_id):
- raise KeystoneException('Role can be assigned either to project '
- 'or domain.')
- if project_id:
- url = '/projects/{}/users/{}/roles/{}'.format(project_id, user_id,
- role_id)
- elif domain_id:
- url = '/domains/{}/users/{}/roles/{}'.format(domain_id, user_id,
- role_id)
+def role_assign_for_user_on_project(project_id, user_id, role_id, **kwargs):
+ url = '/projects/{}/users/{}/roles/{}'.format(project_id, user_id, role_id)
return url, None
+@get_by_name_or_uuid_multiple([('domain', 'domain_id'), ('user', 'user_id'),
+ ('role', 'role_id')])
+@send('put')
+def role_assign_for_user_on_domain(domain_id, user_id, role_id, **kwargs):
+ url = '/domains/{}/users/{}/roles/{}'.format(domain_id, user_id, role_id)
+ return url, None
+
+
+@get_by_name_or_uuid_multiple([('project', 'project_id'), ('user', 'user_id'),
+ ('role', 'role_id')])
@send('delete')
-def role_delete(user_id, role_id, project_id=None, domain_id=None, **kwargs):
- if (project_id and domain_id) or (not project_id and not domain_id):
- raise KeystoneException('Role can be unassigned either from project '
- 'or domain.')
- if project_id:
- url = '/projects/{}/users/{}/roles/{}'.format(project_id, user_id,
- role_id)
- elif domain_id:
- url = '/domains/{}/users/{}/roles/{}'.format(domain_id, user_id,
- role_id)
+def role_unassign_for_user_on_project(project_id, user_id, role_id, **kwargs):
+ url = '/projects/{}/users/{}/roles/{}'.format(project_id, user_id, role_id)
return url, None
+@get_by_name_or_uuid_multiple([('domain', 'domain_id'), ('user', 'user_id'),
+ ('role', 'role_id')])
+@send('delete')
+def role_unassign_for_user_on_domain(domain_id, user_id, role_id, **kwargs):
+ url = '/domains/{}/users/{}/roles/{}'.format(domain_id, user_id, role_id)
+ return url, None
+
+
+@get_by_name_or_uuid_multiple([('project', 'project_id'), ('user', 'user_id'),
+ ('role', 'role_id')])
@send('head')
-def role_assignment_check(user_id, role_id, project_id=None,
- domain_id=None, **kwargs):
- if (project_id and domain_id) or (not project_id and not domain_id):
- raise KeystoneException('Role can be assigned either to project '
- 'or domain.')
- if project_id:
- url = '/projects/{}/users/{}/roles/{}'.format(project_id, user_id,
- role_id)
- elif domain_id:
- url = '/domains/{}/users/{}/roles/{}'.format(domain_id, user_id,
- role_id)
+def role_assign_check_for_user_on_project(project_id, user_id, role_id,
+ **kwargs):
+ url = '/projects/{}/users/{}/roles/{}'.format(project_id, user_id, role_id)
return url, None
-@get_by_name_or_uuid(role_list, 'roles', 'role_id')
+@get_by_name_or_uuid_multiple([('domain', 'domain_id'), ('user', 'user_id'),
+ ('role', 'role_id')])
+@send('head')
+def role_assign_check_for_user_on_domain(domain_id, user_id, role_id,
+ **kwargs):
+ url = '/domains/{}/users/{}/roles/{}'.format(domain_id, user_id, role_id)
+ return url, None
+
+
+@get_by_name_or_uuid_multiple([('role', 'role_id')])
@send('get')
def role_get_details(role_id, **kwargs):
url = '/roles/{}?{}'.format(role_id, urlencode(kwargs))
return url, None
-@get_by_name_or_uuid(role_list, 'roles', 'role_id')
+@get_by_name_or_uuid_multiple([('role', 'role_id')])
@send('patch')
def role_update(role_id, **kwargs):
url = '/roles/{}'.format(role_id)
@@ -79,9 +75,9 @@
return url, json
-@get_by_name_or_uuid(role_list, 'roles', 'role_id')
+@get_by_name_or_uuid_multiple([('role', 'role_id')])
@send('delete')
-def role_remove(role_id, **kwargs):
+def role_delete(role_id, **kwargs):
url = '/roles/{}'.format(role_id)
return url, None
@@ -93,3 +89,42 @@
'role': kwargs,
}
return url, json
+
+
+@get_by_name_or_uuid_multiple([('role', 'prior_role_id')])
+@send('get')
+def role_inference_rule_for_role_list(prior_role_id, **kwargs):
+ url = '/roles/{}/implies'.format(prior_role_id)
+ return url, None
+
+
+@get_by_name_or_uuid_multiple([('role', 'prior_role_id'),
+ ('role', 'implies_role_id')])
+@send('put')
+def role_inference_rule_create(prior_role_id, implies_role_id, **kwargs):
+ url = '/roles/{}/implies/{}'.format(prior_role_id, implies_role_id)
+ return url, None
+
+
+@get_by_name_or_uuid_multiple([('role', 'prior_role_id'),
+ ('role', 'implies_role_id')])
+@send('get')
+def role_inference_rule_get(prior_role_id, implies_role_id, **kwargs):
+ url = '/roles/{}/implies/{}'.format(prior_role_id, implies_role_id)
+ return url, None
+
+
+@get_by_name_or_uuid_multiple([('role', 'prior_role_id'),
+ ('role', 'implies_role_id')])
+@send('head')
+def role_inference_rule_confirm(prior_role_id, implies_role_id, **kwargs):
+ url = '/roles/{}/implies/{}'.format(prior_role_id, implies_role_id)
+ return url, None
+
+
+@get_by_name_or_uuid_multiple([('role', 'prior_role_id'),
+ ('role', 'implies_role_id')])
+@send('delete')
+def role_inference_rule_delete(prior_role_id, implies_role_id, **kwargs):
+ url = '/roles/{}/implies/{}'.format(prior_role_id, implies_role_id)
+ return url, None