OpenStack Compute (nova)

Merge lp:~vishvananda/nova/lp720252 into lp:~hudson-openstack/nova/trunk

  1. lp720252
  2. Merge into trunk
Proposed by Vish Ishaya
Status: Merged
Approved by: Devin Carlen
Approved revision: 684
Merged at revision: 687
Proposed branch: lp:~vishvananda/nova/lp720252
Merge into: lp:~hudson-openstack/nova/trunk
Diff against target: 160 lines (+37/-0)
1 file modified
nova/auth/ldapdriver.py (+37/-0)
To merge this branch: bzr merge lp:~vishvananda/nova/lp720252
Reviewer Review Type Date Requested Status
Devin Carlen (community) Approve
Jay Pipes (community) Approve
Review via email: mp+50050@code.launchpad.net

Description of the change

Fixes ldapdriver so that it works properly with admin client. It now sanitizes all unicode data to strings before passing it into ldap driver. This may need to be rethought to work properly for internationalization.

To post a comment you must log in.
Revision history for this message
Jay Pipes (jaypipes) wrote :

nice approach. lgtm.

review: Approve
Revision history for this message
Devin Carlen (devcamcar) wrote :

lgtm

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'nova/auth/ldapdriver.py'
--- nova/auth/ldapdriver.py 2011-01-25 19:17:01 +0000
+++ nova/auth/ldapdriver.py 2011-02-16 20:51:20 +0000
@@ -74,6 +74,25 @@
74# in which we may want to change the interface a bit more.74# in which we may want to change the interface a bit more.
7575
7676
77def _clean(attr):
78 """Clean attr for insertion into ldap"""
79 if attr is None:
80 return None
81 if type(attr) is unicode:
82 return str(attr)
83 return attr
84
85
86def sanitize(fn):
87 """Decorator to sanitize all args"""
88 def _wrapped(self, *args, **kwargs):
89 args = [_clean(x) for x in args]
90 kwargs = dict((k, _clean(v)) for (k, v) in kwargs)
91 return fn(self, *args, **kwargs)
92 _wrapped.func_name = fn.func_name
93 return _wrapped
94
95
77class LdapDriver(object):96class LdapDriver(object):
78 """Ldap Auth driver97 """Ldap Auth driver
7998
@@ -106,23 +125,27 @@
106 self.conn.unbind_s()125 self.conn.unbind_s()
107 return False126 return False
108127
128 @sanitize
109 def get_user(self, uid):129 def get_user(self, uid):
110 """Retrieve user by id"""130 """Retrieve user by id"""
111 attr = self.__get_ldap_user(uid)131 attr = self.__get_ldap_user(uid)
112 return self.__to_user(attr)132 return self.__to_user(attr)
113133
134 @sanitize
114 def get_user_from_access_key(self, access):135 def get_user_from_access_key(self, access):
115 """Retrieve user by access key"""136 """Retrieve user by access key"""
116 query = '(accessKey=%s)' % access137 query = '(accessKey=%s)' % access
117 dn = FLAGS.ldap_user_subtree138 dn = FLAGS.ldap_user_subtree
118 return self.__to_user(self.__find_object(dn, query))139 return self.__to_user(self.__find_object(dn, query))
119140
141 @sanitize
120 def get_project(self, pid):142 def get_project(self, pid):
121 """Retrieve project by id"""143 """Retrieve project by id"""
122 dn = self.__project_to_dn(pid)144 dn = self.__project_to_dn(pid)
123 attr = self.__find_object(dn, LdapDriver.project_pattern)145 attr = self.__find_object(dn, LdapDriver.project_pattern)
124 return self.__to_project(attr)146 return self.__to_project(attr)
125147
148 @sanitize
126 def get_users(self):149 def get_users(self):
127 """Retrieve list of users"""150 """Retrieve list of users"""
128 attrs = self.__find_objects(FLAGS.ldap_user_subtree,151 attrs = self.__find_objects(FLAGS.ldap_user_subtree,
@@ -134,6 +157,7 @@
134 users.append(user)157 users.append(user)
135 return users158 return users
136159
160 @sanitize
137 def get_projects(self, uid=None):161 def get_projects(self, uid=None):
138 """Retrieve list of projects"""162 """Retrieve list of projects"""
139 pattern = LdapDriver.project_pattern163 pattern = LdapDriver.project_pattern
@@ -143,6 +167,7 @@
143 pattern)167 pattern)
144 return [self.__to_project(attr) for attr in attrs]168 return [self.__to_project(attr) for attr in attrs]
145169
170 @sanitize
146 def create_user(self, name, access_key, secret_key, is_admin):171 def create_user(self, name, access_key, secret_key, is_admin):
147 """Create a user"""172 """Create a user"""
148 if self.__user_exists(name):173 if self.__user_exists(name):
@@ -196,6 +221,7 @@
196 self.conn.add_s(self.__uid_to_dn(name), attr)221 self.conn.add_s(self.__uid_to_dn(name), attr)
197 return self.__to_user(dict(attr))222 return self.__to_user(dict(attr))
198223
224 @sanitize
199 def create_project(self, name, manager_uid,225 def create_project(self, name, manager_uid,
200 description=None, member_uids=None):226 description=None, member_uids=None):
201 """Create a project"""227 """Create a project"""
@@ -231,6 +257,7 @@
231 self.conn.add_s(dn, attr)257 self.conn.add_s(dn, attr)
232 return self.__to_project(dict(attr))258 return self.__to_project(dict(attr))
233259
260 @sanitize
234 def modify_project(self, project_id, manager_uid=None, description=None):261 def modify_project(self, project_id, manager_uid=None, description=None):
235 """Modify an existing project"""262 """Modify an existing project"""
236 if not manager_uid and not description:263 if not manager_uid and not description:
@@ -249,21 +276,25 @@
249 dn = self.__project_to_dn(project_id)276 dn = self.__project_to_dn(project_id)
250 self.conn.modify_s(dn, attr)277 self.conn.modify_s(dn, attr)
251278
279 @sanitize
252 def add_to_project(self, uid, project_id):280 def add_to_project(self, uid, project_id):
253 """Add user to project"""281 """Add user to project"""
254 dn = self.__project_to_dn(project_id)282 dn = self.__project_to_dn(project_id)
255 return self.__add_to_group(uid, dn)283 return self.__add_to_group(uid, dn)
256284
285 @sanitize
257 def remove_from_project(self, uid, project_id):286 def remove_from_project(self, uid, project_id):
258 """Remove user from project"""287 """Remove user from project"""
259 dn = self.__project_to_dn(project_id)288 dn = self.__project_to_dn(project_id)
260 return self.__remove_from_group(uid, dn)289 return self.__remove_from_group(uid, dn)
261290
291 @sanitize
262 def is_in_project(self, uid, project_id):292 def is_in_project(self, uid, project_id):
263 """Check if user is in project"""293 """Check if user is in project"""
264 dn = self.__project_to_dn(project_id)294 dn = self.__project_to_dn(project_id)
265 return self.__is_in_group(uid, dn)295 return self.__is_in_group(uid, dn)
266296
297 @sanitize
267 def has_role(self, uid, role, project_id=None):298 def has_role(self, uid, role, project_id=None):
268 """Check if user has role299 """Check if user has role
269300
@@ -273,6 +304,7 @@
273 role_dn = self.__role_to_dn(role, project_id)304 role_dn = self.__role_to_dn(role, project_id)
274 return self.__is_in_group(uid, role_dn)305 return self.__is_in_group(uid, role_dn)
275306
307 @sanitize
276 def add_role(self, uid, role, project_id=None):308 def add_role(self, uid, role, project_id=None):
277 """Add role for user (or user and project)"""309 """Add role for user (or user and project)"""
278 role_dn = self.__role_to_dn(role, project_id)310 role_dn = self.__role_to_dn(role, project_id)
@@ -283,11 +315,13 @@
283 else:315 else:
284 return self.__add_to_group(uid, role_dn)316 return self.__add_to_group(uid, role_dn)
285317
318 @sanitize
286 def remove_role(self, uid, role, project_id=None):319 def remove_role(self, uid, role, project_id=None):
287 """Remove role for user (or user and project)"""320 """Remove role for user (or user and project)"""
288 role_dn = self.__role_to_dn(role, project_id)321 role_dn = self.__role_to_dn(role, project_id)
289 return self.__remove_from_group(uid, role_dn)322 return self.__remove_from_group(uid, role_dn)
290323
324 @sanitize
291 def get_user_roles(self, uid, project_id=None):325 def get_user_roles(self, uid, project_id=None):
292 """Retrieve list of roles for user (or user and project)"""326 """Retrieve list of roles for user (or user and project)"""
293 if project_id is None:327 if project_id is None:
@@ -307,6 +341,7 @@
307 roles = self.__find_objects(project_dn, query)341 roles = self.__find_objects(project_dn, query)
308 return [role['cn'][0] for role in roles]342 return [role['cn'][0] for role in roles]
309343
344 @sanitize
310 def delete_user(self, uid):345 def delete_user(self, uid):
311 """Delete a user"""346 """Delete a user"""
312 if not self.__user_exists(uid):347 if not self.__user_exists(uid):
@@ -332,12 +367,14 @@
332 # Delete entry367 # Delete entry
333 self.conn.delete_s(self.__uid_to_dn(uid))368 self.conn.delete_s(self.__uid_to_dn(uid))
334369
370 @sanitize
335 def delete_project(self, project_id):371 def delete_project(self, project_id):
336 """Delete a project"""372 """Delete a project"""
337 project_dn = self.__project_to_dn(project_id)373 project_dn = self.__project_to_dn(project_id)
338 self.__delete_roles(project_dn)374 self.__delete_roles(project_dn)
339 self.__delete_group(project_dn)375 self.__delete_group(project_dn)
340376
377 @sanitize
341 def modify_user(self, uid, access_key=None, secret_key=None, admin=None):378 def modify_user(self, uid, access_key=None, secret_key=None, admin=None):
342 """Modify an existing user"""379 """Modify an existing user"""
343 if not access_key and not secret_key and admin is None:380 if not access_key and not secret_key and admin is None: