"Fossies" - the Fresh Open Source Software Archive

Member "keystone-17.0.0/keystone/assignment/backends/base.py" (13 May 2020, 7489 Bytes) of package /linux/misc/openstack/keystone-17.0.0.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Python source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. For more information about "base.py" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report: 16.0.1_vs_17.0.0.

    1 # Copyright 2012 OpenStack Foundation
    2 #
    3 # Licensed under the Apache License, Version 2.0 (the "License"); you may
    4 # not use this file except in compliance with the License. You may obtain
    5 # a copy of the License at
    6 #
    7 #      http://www.apache.org/licenses/LICENSE-2.0
    8 #
    9 # Unless required by applicable law or agreed to in writing, software
   10 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
   11 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
   12 # License for the specific language governing permissions and limitations
   13 # under the License.
   14 
   15 import abc
   16 
   17 import keystone.conf
   18 from keystone import exception
   19 
   20 
   21 CONF = keystone.conf.CONF
   22 
   23 
   24 class AssignmentDriverBase(object, metaclass=abc.ABCMeta):
   25 
   26     def _get_list_limit(self):
   27         return CONF.assignment.list_limit or CONF.list_limit
   28 
   29     @abc.abstractmethod
   30     def add_role_to_user_and_project(self, user_id, project_id, role_id):
   31         """Add a role to a user within given project.
   32 
   33         :raises keystone.exception.Conflict: If a duplicate role assignment
   34             exists.
   35 
   36         """
   37         raise exception.NotImplemented()  # pragma: no cover
   38 
   39     @abc.abstractmethod
   40     def remove_role_from_user_and_project(self, user_id, project_id, role_id):
   41         """Remove a role from a user within given project.
   42 
   43         :raises keystone.exception.RoleNotFound: If the role doesn't exist.
   44 
   45         """
   46         raise exception.NotImplemented()  # pragma: no cover
   47 
   48     # assignment/grant crud
   49 
   50     @abc.abstractmethod
   51     def create_grant(self, role_id, user_id=None, group_id=None,
   52                      domain_id=None, project_id=None,
   53                      inherited_to_projects=False):
   54         """Create a new assignment/grant.
   55 
   56         If the assignment is to a domain, then optionally it may be
   57         specified as inherited to owned projects (this requires
   58         the OS-INHERIT extension to be enabled).
   59 
   60         """
   61         raise exception.NotImplemented()  # pragma: no cover
   62 
   63     @abc.abstractmethod
   64     def list_grant_role_ids(self, user_id=None, group_id=None,
   65                             domain_id=None, project_id=None,
   66                             inherited_to_projects=False):
   67         """List role ids for assignments/grants."""
   68         raise exception.NotImplemented()  # pragma: no cover
   69 
   70     @abc.abstractmethod
   71     def check_grant_role_id(self, role_id, user_id=None, group_id=None,
   72                             domain_id=None, project_id=None,
   73                             inherited_to_projects=False):
   74         """Check an assignment/grant role id.
   75 
   76         :raises keystone.exception.RoleAssignmentNotFound: If the role
   77             assignment doesn't exist.
   78         :returns: None or raises an exception if grant not found
   79 
   80         """
   81         raise exception.NotImplemented()  # pragma: no cover
   82 
   83     @abc.abstractmethod
   84     def delete_grant(self, role_id, user_id=None, group_id=None,
   85                      domain_id=None, project_id=None,
   86                      inherited_to_projects=False):
   87         """Delete assignments/grants.
   88 
   89         :raises keystone.exception.RoleAssignmentNotFound: If the role
   90             assignment doesn't exist.
   91 
   92         """
   93         raise exception.NotImplemented()  # pragma: no cover
   94 
   95     @abc.abstractmethod
   96     def list_role_assignments(self, role_id=None,
   97                               user_id=None, group_ids=None,
   98                               domain_id=None, project_ids=None,
   99                               inherited_to_projects=None):
  100         """Return a list of role assignments for actors on targets.
  101 
  102         Available parameters represent values in which the returned role
  103         assignments attributes need to be filtered on.
  104 
  105         """
  106         raise exception.NotImplemented()  # pragma: no cover
  107 
  108     @abc.abstractmethod
  109     def delete_project_assignments(self, project_id):
  110         """Delete all assignments for a project.
  111 
  112         :raises keystone.exception.ProjectNotFound: If the project doesn't
  113             exist.
  114 
  115         """
  116         raise exception.NotImplemented()  # pragma: no cover
  117 
  118     @abc.abstractmethod
  119     def delete_role_assignments(self, role_id):
  120         """Delete all assignments for a role."""
  121         raise exception.NotImplemented()  # pragma: no cover
  122 
  123     @abc.abstractmethod
  124     def delete_user_assignments(self, user_id):
  125         """Delete all assignments for a user.
  126 
  127         :raises keystone.exception.RoleNotFound: If the role doesn't exist.
  128 
  129         """
  130         raise exception.NotImplemented()  # pragma: no cover
  131 
  132     @abc.abstractmethod
  133     def delete_group_assignments(self, group_id):
  134         """Delete all assignments for a group.
  135 
  136         :raises keystone.exception.RoleNotFound: If the role doesn't exist.
  137 
  138         """
  139         raise exception.NotImplemented()  # pragma: no cover
  140 
  141     @abc.abstractmethod
  142     def delete_domain_assignments(self, domain_id):
  143         """Delete all assignments for a domain."""
  144         raise exception.NotImplemented()
  145 
  146     @abc.abstractmethod
  147     def create_system_grant(self, role_id, actor_id, target_id,
  148                             assignment_type, inherited):
  149         """Grant a user or group  a role on the system.
  150 
  151         :param role_id: the unique ID of the role to grant to the user
  152         :param actor_id: the unique ID of the user or group
  153         :param target_id: the unique ID or string representing the target
  154         :param assignment_type: a string describing the relationship of the
  155                                 assignment
  156         :param inherited: a boolean denoting if the assignment is inherited or
  157                           not
  158 
  159         """
  160         raise exception.NotImplemented()  # pragma: no cover
  161 
  162     @abc.abstractmethod
  163     def list_system_grants(self, actor_id, target_id, assignment_type):
  164         """Return a list of all system assignments for a specific entity.
  165 
  166         :param actor_id: the unique ID of the actor
  167         :param target_id: the unique ID of the target
  168         :param assignment_type: the type of assignment to return
  169 
  170         """
  171         raise exception.NotImplemented()  # pragma: no cover
  172 
  173     @abc.abstractmethod
  174     def list_system_grants_by_role(self, role_id):
  175         """Return a list of system assignments associated to a role.
  176 
  177         :param role_id: the unique ID of the role to grant to the user
  178 
  179         """
  180         raise exception.NotImplemented()  # pragma: no cover
  181 
  182     @abc.abstractmethod
  183     def check_system_grant(self, role_id, actor_id, target_id, inherited):
  184         """Check if a user or group has a specific role on the system.
  185 
  186         :param role_id: the unique ID of the role to grant to the user
  187         :param actor_id: the unique ID of the user or group
  188         :param target_id: the unique ID or string representing the target
  189         :param inherited: a boolean denoting if the assignment is inherited or
  190                           not
  191 
  192         """
  193         raise exception.NotImplemented()  # pragma: no cover
  194 
  195     @abc.abstractmethod
  196     def delete_system_grant(self, role_id, actor_id, target_id, inherited):
  197         """Remove a system assignment from a user or group.
  198 
  199         :param role_id: the unique ID of the role to grant to the user
  200         :param actor_id: the unique ID of the user or group
  201         :param target_id: the unique ID or string representing the target
  202         :param inherited: a boolean denoting if the assignment is inherited or
  203                           not
  204 
  205         """
  206         raise exception.NotImplemented()  # pragma: no cover