/usr/lib/python2.7/dist-packages/keystoneclient/v3/role_assignments.py is in python-keystoneclient 1:3.2.0-4.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 | # Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from keystoneclient import base
from keystoneclient import exceptions
from keystoneclient.i18n import _
class RoleAssignment(base.Resource):
"""Represents an Identity role assignment.
Attributes:
* role: an object which contains a role uuid
* user or group: an object which contains either a user or
group uuid
* scope: an object which has either a project or domain object
containing an uuid
"""
pass
class RoleAssignmentManager(base.CrudManager):
"""Manager class for manipulating Identity roles assignments."""
resource_class = RoleAssignment
collection_key = 'role_assignments'
key = 'role_assignment'
def _check_not_user_and_group(self, user, group):
if user and group:
msg = _('Specify either a user or group, not both')
raise exceptions.ValidationError(msg)
def _check_not_domain_and_project(self, domain, project):
if domain and project:
msg = _('Specify either a domain or project, not both')
raise exceptions.ValidationError(msg)
def list(self, user=None, group=None, project=None, domain=None, role=None,
effective=False, os_inherit_extension_inherited_to=None,
include_subtree=False, include_names=False):
"""List role assignments.
If no arguments are provided, all role assignments in the
system will be listed.
If both user and group are provided, a ValidationError will be
raised. If both domain and project are provided, it will also
raise a ValidationError.
:param user: User to be used as query filter. (optional)
:param group: Group to be used as query filter. (optional)
:param project: Project to be used as query filter.
(optional)
:param domain: Domain to be used as query
filter. (optional)
:param role: Role to be used as query filter. (optional)
:param boolean effective: return effective role
assignments. (optional)
:param string os_inherit_extension_inherited_to:
return inherited role assignments for either 'projects' or
'domains'. (optional)
:param boolean include_subtree: Include subtree (optional)
:param boolean include_names: Display names instead
of IDs. (optional)
"""
self._check_not_user_and_group(user, group)
self._check_not_domain_and_project(domain, project)
query_params = {}
if user:
query_params['user.id'] = base.getid(user)
if group:
query_params['group.id'] = base.getid(group)
if project:
query_params['scope.project.id'] = base.getid(project)
if domain:
query_params['scope.domain.id'] = base.getid(domain)
if role:
query_params['role.id'] = base.getid(role)
if effective:
query_params['effective'] = effective
if include_names:
query_params['include_names'] = include_names
if os_inherit_extension_inherited_to:
query_params['scope.OS-INHERIT:inherited_to'] = (
os_inherit_extension_inherited_to)
if include_subtree:
query_params['include_subtree'] = include_subtree
return super(RoleAssignmentManager, self).list(**query_params)
def create(self, **kwargs):
raise exceptions.MethodNotImplemented(
_('Create not supported for role assignments'))
def update(self, **kwargs):
raise exceptions.MethodNotImplemented(
_('Update not supported for role assignments'))
def get(self, **kwargs):
raise exceptions.MethodNotImplemented(
_('Get not supported for role assignments'))
def find(self, **kwargs):
raise exceptions.MethodNotImplemented(
_('Find not supported for role assignments'))
def put(self, **kwargs):
raise exceptions.MethodNotImplemented(
_('Put not supported for role assignments'))
def delete(self, **kwargs):
raise exceptions.MethodNotImplemented(
_('Delete not supported for role assignments'))
|