OpenStack Compute (nova)

Merge lp:~vishvananda/nova/lp720252 into lp:~hudson-openstack/nova/trunk

  1. lp720252
  2. Merge into trunk
Proposed by Vish Ishaya
Status: Merged
Approved by: Devin Carlen
Approved revision: 684
Merged at revision: 687
Proposed branch: lp:~vishvananda/nova/lp720252
Merge into: lp:~hudson-openstack/nova/trunk
Diff against target: 160 lines (+37/-0)
1 file modified
nova/auth/ldapdriver.py (+37/-0)
To merge this branch: bzr merge lp:~vishvananda/nova/lp720252
Reviewer Review Type Date Requested Status
Devin Carlen (community) Approve
Jay Pipes (community) Approve
Review via email: mp+50050@code.launchpad.net

Description of the change

Fixes ldapdriver so that it works properly with admin client. It now sanitizes all unicode data to strings before passing it into ldap driver. This may need to be rethought to work properly for internationalization.

To post a comment you must log in.
Revision history for this message
Jay Pipes (jaypipes) wrote :

nice approach. lgtm.

review: Approve
Revision history for this message
Devin Carlen (devcamcar) wrote :

lgtm

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'nova/auth/ldapdriver.py'
2--- nova/auth/ldapdriver.py 2011-01-25 19:17:01 +0000
3+++ nova/auth/ldapdriver.py 2011-02-16 20:51:20 +0000
4@@ -74,6 +74,25 @@
5 # in which we may want to change the interface a bit more.
6
7
8+def _clean(attr):
9+ """Clean attr for insertion into ldap"""
10+ if attr is None:
11+ return None
12+ if type(attr) is unicode:
13+ return str(attr)
14+ return attr
15+
16+
17+def sanitize(fn):
18+ """Decorator to sanitize all args"""
19+ def _wrapped(self, *args, **kwargs):
20+ args = [_clean(x) for x in args]
21+ kwargs = dict((k, _clean(v)) for (k, v) in kwargs)
22+ return fn(self, *args, **kwargs)
23+ _wrapped.func_name = fn.func_name
24+ return _wrapped
25+
26+
27 class LdapDriver(object):
28 """Ldap Auth driver
29
30@@ -106,23 +125,27 @@
31 self.conn.unbind_s()
32 return False
33
34+ @sanitize
35 def get_user(self, uid):
36 """Retrieve user by id"""
37 attr = self.__get_ldap_user(uid)
38 return self.__to_user(attr)
39
40+ @sanitize
41 def get_user_from_access_key(self, access):
42 """Retrieve user by access key"""
43 query = '(accessKey=%s)' % access
44 dn = FLAGS.ldap_user_subtree
45 return self.__to_user(self.__find_object(dn, query))
46
47+ @sanitize
48 def get_project(self, pid):
49 """Retrieve project by id"""
50 dn = self.__project_to_dn(pid)
51 attr = self.__find_object(dn, LdapDriver.project_pattern)
52 return self.__to_project(attr)
53
54+ @sanitize
55 def get_users(self):
56 """Retrieve list of users"""
57 attrs = self.__find_objects(FLAGS.ldap_user_subtree,
58@@ -134,6 +157,7 @@
59 users.append(user)
60 return users
61
62+ @sanitize
63 def get_projects(self, uid=None):
64 """Retrieve list of projects"""
65 pattern = LdapDriver.project_pattern
66@@ -143,6 +167,7 @@
67 pattern)
68 return [self.__to_project(attr) for attr in attrs]
69
70+ @sanitize
71 def create_user(self, name, access_key, secret_key, is_admin):
72 """Create a user"""
73 if self.__user_exists(name):
74@@ -196,6 +221,7 @@
75 self.conn.add_s(self.__uid_to_dn(name), attr)
76 return self.__to_user(dict(attr))
77
78+ @sanitize
79 def create_project(self, name, manager_uid,
80 description=None, member_uids=None):
81 """Create a project"""
82@@ -231,6 +257,7 @@
83 self.conn.add_s(dn, attr)
84 return self.__to_project(dict(attr))
85
86+ @sanitize
87 def modify_project(self, project_id, manager_uid=None, description=None):
88 """Modify an existing project"""
89 if not manager_uid and not description:
90@@ -249,21 +276,25 @@
91 dn = self.__project_to_dn(project_id)
92 self.conn.modify_s(dn, attr)
93
94+ @sanitize
95 def add_to_project(self, uid, project_id):
96 """Add user to project"""
97 dn = self.__project_to_dn(project_id)
98 return self.__add_to_group(uid, dn)
99
100+ @sanitize
101 def remove_from_project(self, uid, project_id):
102 """Remove user from project"""
103 dn = self.__project_to_dn(project_id)
104 return self.__remove_from_group(uid, dn)
105
106+ @sanitize
107 def is_in_project(self, uid, project_id):
108 """Check if user is in project"""
109 dn = self.__project_to_dn(project_id)
110 return self.__is_in_group(uid, dn)
111
112+ @sanitize
113 def has_role(self, uid, role, project_id=None):
114 """Check if user has role
115
116@@ -273,6 +304,7 @@
117 role_dn = self.__role_to_dn(role, project_id)
118 return self.__is_in_group(uid, role_dn)
119
120+ @sanitize
121 def add_role(self, uid, role, project_id=None):
122 """Add role for user (or user and project)"""
123 role_dn = self.__role_to_dn(role, project_id)
124@@ -283,11 +315,13 @@
125 else:
126 return self.__add_to_group(uid, role_dn)
127
128+ @sanitize
129 def remove_role(self, uid, role, project_id=None):
130 """Remove role for user (or user and project)"""
131 role_dn = self.__role_to_dn(role, project_id)
132 return self.__remove_from_group(uid, role_dn)
133
134+ @sanitize
135 def get_user_roles(self, uid, project_id=None):
136 """Retrieve list of roles for user (or user and project)"""
137 if project_id is None:
138@@ -307,6 +341,7 @@
139 roles = self.__find_objects(project_dn, query)
140 return [role['cn'][0] for role in roles]
141
142+ @sanitize
143 def delete_user(self, uid):
144 """Delete a user"""
145 if not self.__user_exists(uid):
146@@ -332,12 +367,14 @@
147 # Delete entry
148 self.conn.delete_s(self.__uid_to_dn(uid))
149
150+ @sanitize
151 def delete_project(self, project_id):
152 """Delete a project"""
153 project_dn = self.__project_to_dn(project_id)
154 self.__delete_roles(project_dn)
155 self.__delete_group(project_dn)
156
157+ @sanitize
158 def modify_user(self, uid, access_key=None, secret_key=None, admin=None):
159 """Modify an existing user"""
160 if not access_key and not secret_key and admin is None: