feature-password-group-swift (#37)

* implement password_group

* implement password_group tests

* implement password_group tests

* some delete actions in the API return HTTP/1.1 204 No Content

* import password_group

* Update Password Group (Swift) support

* Fix various errors from PR #37

Author: padthaitofuhot

README.rst

@@ -205,7 +205,7 @@ The following table shows the supported endpoints per API version.
 +--------------------------+---------+---------+
 | Authentication Provider  |    ~    |    ~    |
 +--------------------------+---------+---------+
-| Password Group (Swift)   |    ✗    |    ✗    |
+| Password Group (Swift)   |    ✓    |    ✓    |
 +--------------------------+---------+---------+
 | Secret Key               |    ✓    |    ✓    |
 +--------------------------+---------+---------+

ecsclient/baseclient.py

@@ -164,7 +164,8 @@ def _request(self, url, json_payload='{}', http_verb='GET', params=None):
                     timeout=self.request_timeout,
                     params=params)
 
-            if req.status_code != 200:
+            # Because some delete actions in the API return HTTP/1.1 204 No Content
+            if not (200 <= req.status_code < 300):
                 log.error("Status code NOT OK")
                 raise ECSClientException.from_response(req)
             try:

ecsclient/common/user_management/password_group.py

@@ -0,0 +1,135 @@
+# coding=utf-8
+import logging
+
+log = logging.getLogger(__name__)
+
+
+class PasswordGroup(object):
+    def __init__(self, connection):
+        """
+        Initialize a new instance
+        """
+        self.conn = connection
+
+    def get(self, user_id, namespace=None):
+        """
+        Gets all Swift user groups for a specified user identifier.
+        If namespace is provided then returns only groups for the specified namespace.
+
+        Required role(s):
+
+        SYSTEM_ADMIN
+        SYSTEM_MONITOR
+        NAMESPACE_ADMIN
+
+        Example JSON result from the API:
+
+        {
+            "groups_list": [
+                "admin"
+            ]
+        }
+
+        :param user_id: Username for which group names should be returned.
+        :param namespace: Namespace limiting returned groups (optional).
+        """
+        msg = "Getting Swift groups for user '{}'".format(user_id)
+        url = 'object/user-password/{}'.format(user_id)
+
+        if namespace:
+            url += '/{}'.format(namespace)
+            msg += " in namespace '{}'".format(namespace)
+
+        log.info(msg)
+        return self.conn.get(url=url)
+
+    def create(self, user_id, password, groups_list, namespace=None):
+        """
+        Creates password and group for a specific user.
+
+        Required role(s):
+
+        SYSTEM_ADMIN
+        NAMESPACE_ADMIN
+
+        There is no response body for this call
+
+        Expect: HTTP/1.1 200 OK
+
+        :param user_id: Valid user identifier to create a key for. If not provided, the authenticated
+        user will be used instead.
+        :param namespace: Namespace for the user if the user belongs to a namespace.
+        :param password: Swift password associated with this user.
+        :param groups_list: List of Swift groups with which to associate this user. If user is a member
+        of the "admin" group, user will be able to perform all container operations.
+        If a member of any other group, authorization will depend on the access that is set on the container.
+        """
+
+        url = 'object/user-password/{}'.format(user_id)
+        msg = "Creating Swift password for user '{}' in namespace '{}'".format(user_id, namespace)
+
+        payload = {'namespace': namespace,
+                   'password': password,
+                   'groups_list': groups_list}
+
+        log.info(msg)
+        return self.conn.put(url, json_payload=payload)
+
+    def update(self, user_id, password, groups_list, namespace=None):
+        """
+        Updates password and group information for a specific user identifier.
+
+        Required role(s):
+
+        SYSTEM_ADMIN
+        NAMESPACE_ADMIN
+
+        There is no response body for this call
+
+        Expect: HTTP/1.1 200 OK
+
+        :param user_id: Valid user identifier to create a key for. If not provided,
+        the authenticated user will be used instead.
+        :param namespace: Namespace for the user if the user belongs to a namespace.
+        :param password: Swift password associated with this user.
+        :param groups_list: List of Swift groups with which to associate this user. If user is a member
+        of the "admin" group, user will be able to perform all container operations.
+        If a member of any other group, authorization will depend on the access that is set on the container.
+        """
+
+        url = 'object/user-password/{}'.format(user_id)
+        msg = "Updating Swift password for user '{}' in namespace '{}'".format(user_id, namespace)
+
+        payload = {'namespace': namespace,
+                   'password': password,
+                   'groups_list': groups_list}
+
+        log.info(msg)
+        return self.conn.post(url, json_payload=payload)
+
+    def delete(self, user_id, namespace=None):
+        """
+        Deletes password group for a specified user.
+
+        Required role(s):
+
+        SYSTEM_ADMIN
+        NAMESPACE_ADMIN
+
+        Example JSON result from the API:
+
+        There is no response body for this call
+
+        Expect: HTTP/1.1 204 No Response
+
+        :param user_id: Valid user identifier to get delete the keys from.
+        :param namespace: Namespace for the user if the user belongs to a namespace.
+        """
+
+        url = 'object/user-password/{}/deactivate'.format(user_id)
+        msg = "Deleting Swift password for user '{}' in namespace '{}'".format(user_id, namespace)
+
+        payload = {'namespace': namespace}
+
+        log.info(msg)
+        return self.conn.post(url, json_payload=payload)

ecsclient/schemas.py

@@ -768,3 +768,21 @@
         "mgmt_user_info"
     ]
 }
+
+GROUP_LIST = {
+    "type": "object",
+    "properties": {
+        "groups_list": {
+            "type": "array",
+            "items": {
+                "type": "string",
+                "minLength": 1
+            },
+            "minItems": 1,
+            "uniqueItems": True
+        }
+    },
+    "required": [
+        "groups_list"
+    ]
+}

ecsclient/v3/client.py

@@ -1,14 +1,17 @@
 import logging
 
 from ecsclient import baseclient
-from ecsclient.v3.configuration import certificate, configuration_properties, licensing, feature, syslog, snmp
+from ecsclient.v3.configuration import certificate, configuration_properties, \
+    licensing, feature, syslog, snmp
 from ecsclient.v3.cas import cas
 from ecsclient.v3.metering import billing
 from ecsclient.v3.monitoring import capacity, dashboard, events
 from ecsclient.v3.multitenancy import namespace
 from ecsclient.v3.geo_replication import replication_group, temporary_failed_zone
-from ecsclient.v2.provisioning import base_url, bucket, data_store, storage_pool, virtual_data_center, node
-from ecsclient.v3.user_management import authentication_provider, management_user, object_user, secret_key
+from ecsclient.v2.provisioning import base_url, bucket, data_store, storage_pool, \
+    virtual_data_center, node
+from ecsclient.v3.user_management import authentication_provider, management_user, \
+    object_user, secret_key, password_group
 from ecsclient.v3.other import user_info
 
 # Initialize logger
@@ -68,7 +71,7 @@ def __init__(self, *args, **kwargs):
 
         # User Management
         self.authentication_provider = authentication_provider.AuthenticationProvider(self)
-        # TODO: self.password_group = password_group.PasswordGroup(self)
+        self.password_group = password_group.PasswordGroup(self)
         self.secret_key = secret_key.SecretKey(self)
         self.management_user = management_user.ManagementUser(self)
         self.object_user = object_user.ObjectUser(self)

ecsclient/v3/user_management/__init__.py

@@ -1,7 +1,8 @@
 from ecsclient.common.user_management import authentication_provider, secret_key, \
-    management_user, object_user
+    password_group, management_user, object_user
 
 authentication_provider = authentication_provider
 secret_key = secret_key
+password_group = password_group
 management_user = management_user
 object_user = object_user

tests/functional/test_password_group.py

@@ -0,0 +1,77 @@
+import time
+
+from ecsclient import schemas
+from ecsclient.common.exceptions import ECSClientException
+from tests import functional
+
+
+class TestPasswordGroup(functional.BaseTestCase):
+    def __init__(self, *args, **kwargs):
+        super(TestPasswordGroup, self).__init__(*args, **kwargs)
+        self.namespace_1 = "functional-tests-namespace-%s" % int(time.time())
+        self.object_user_1 = "functional-tests-objectuser-%s" % int(time.time())
+        self.object_user_2 = self.object_user_1 + '_second'
+        self.password_1 = "fake-password-123"
+        self.password_2 = "fake-password-456"
+        self.groups_list_1 = ['admin']
+        self.groups_list_2 = ['admin', 'user']
+
+    def setUp(self):
+        super(TestPasswordGroup, self).setUp()
+        self.client.namespace.create(self.namespace_1)
+        self.client.object_user.create(self.object_user_1, self.namespace_1)
+        self.client.password_group.create(self.object_user_1,
+                                          self.password_1,
+                                          self.groups_list_1,
+                                          namespace=self.namespace_1)
+
+    def tearDown(self):
+        super(TestPasswordGroup, self).tearDown()
+        for object_user in [self.object_user_1,
+                            self.object_user_2]:
+            try:
+                self.client.object_user.delete(object_user)
+            except ECSClientException:
+                pass
+        self.client.namespace.delete(self.namespace_1)
+
+    def test_password_group_create_for_user(self):
+        self.client.password_group.create(user_id=self.object_user_2,
+                                          namespace=self.namespace_1,
+                                          password=self.password_2,
+                                          groups_list=self.groups_list_2)
+
+        response = self.client.password_group.get(user_id=self.object_user_2,
+                                                  namespace=self.namespace_1)
+
+        self.assertValidSchema(response, schemas.GROUP_LIST)
+        self.assertEqual(response['groups_list'], self.groups_list_2)
+
+    def test_password_group_get_by_user(self):
+        response = self.client.password_group.get(user_id=self.object_user_1,
+                                                  namespace=self.namespace_1)
+
+        self.assertValidSchema(response, schemas.GROUP_LIST)
+        self.assertEqual(response['groups_list'], self.groups_list_1)
+
+    def test_password_group_update_for_user(self):
+        self.assertNotEqual(self.groups_list_1, self.groups_list_2)
+
+        response = self.client.password_group.get(user_id=self.object_user_1,
+                                                  namespace=self.namespace_1)
+        self.assertEqual(response['groups_list'], self.groups_list_1)
+
+        self.client.password_group.update(user_id=self.object_user_1,
+                                          namespace=self.namespace_1,
+                                          password=self.password_2,
+                                          groups_list=self.groups_list_2)
+
+        response = self.client.password_group.get(user_id=self.object_user_1,
+                                                  namespace=self.namespace_1)
+        self.assertEqual(response['groups_list'], self.groups_list_2)
+
+    def test_password_group_delete_for_user(self):
+        self.client.password_group.delete(user_id=self.object_user_1,
+                                          namespace=self.namespace_1)
+        f = self.client.password_group.get
+        self.assertRaises(ECSClientException, f, self.object_user_1)