From cc2b0b7ae5bfc4cf3d24eeaf92646363f693fc2c Mon Sep 17 00:00:00 2001 From: Thiago da Silva Date: Tue, 3 Dec 2013 18:42:23 -0500 Subject: renaming swauth tools to gswauth cli tools for account and user mgmt have been renamed from swauth-* to gswauth-* Updated other configuration and test files accordingly Change-Id: Iced3bb27fbd09da45754ddb264f8fb4528ab423c Signed-off-by: Thiago da Silva Reviewed-on: http://review.gluster.org/6417 Reviewed-by: pushpesh sharma Tested-by: pushpesh sharma Reviewed-by: Shilpa MJ Tested-by: Shilpa MJ Reviewed-by: Luis Pabon Reviewed-on: http://review.gluster.org/6466 Tested-by: Luis Pabon --- .../common/middleware/gswauth/bin/gswauth-add-user | 107 +++++++++++++++++++++ 1 file changed, 107 insertions(+) create mode 100755 gluster/swift/common/middleware/gswauth/bin/gswauth-add-user (limited to 'gluster/swift/common/middleware/gswauth/bin/gswauth-add-user') diff --git a/gluster/swift/common/middleware/gswauth/bin/gswauth-add-user b/gluster/swift/common/middleware/gswauth/bin/gswauth-add-user new file mode 100755 index 0000000..3ede12a --- /dev/null +++ b/gluster/swift/common/middleware/gswauth/bin/gswauth-add-user @@ -0,0 +1,107 @@ +#!/usr/bin/env python +# Copyright (c) 2010-2011 OpenStack, LLC. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import gettext +from optparse import OptionParser +from os.path import basename +from sys import argv, exit + +from swift.common.bufferedhttp import http_connect_raw as http_connect +from swift.common.utils import urlparse + + +if __name__ == '__main__': + gettext.install('gswauth', unicode=1) + parser = OptionParser( + usage='Usage: %prog [options] ') + parser.add_option('-a', '--admin', dest='admin', action='store_true', + default=False, help='Give the user administrator access; otherwise ' + 'the user will only have access to containers specifically allowed ' + 'with ACLs.') + parser.add_option('-r', '--reseller-admin', dest='reseller_admin', + action='store_true', default=False, help='Give the user full reseller ' + 'administrator access, giving them full access to all accounts within ' + 'the reseller, including the ability to create new accounts. Creating ' + 'a new reseller admin requires super_admin rights.') + parser.add_option('-s', '--suffix', dest='suffix', + default='', help='The suffix to use with the reseller prefix as the ' + 'storage account name (default: ) Note: If ' + 'the account already exists, this will have no effect on existing ' + 'service URLs. Those will need to be updated with ' + 'gswauth-set-account-service') + parser.add_option('-A', '--admin-url', dest='admin_url', + default='http://127.0.0.1:8080/auth/', help='The URL to the auth ' + 'subsystem (default: http://127.0.0.1:8080/auth/') + parser.add_option('-U', '--admin-user', dest='admin_user', + default='.super_admin', help='The user with admin rights to add users ' + '(default: .super_admin).') + parser.add_option('-K', '--admin-key', dest='admin_key', + help='The key for the user with admin rights to add users.') + args = argv[1:] + if not args: + args.append('-h') + (options, args) = parser.parse_args(args) + if len(args) != 3: + parser.parse_args(['-h']) + account, user, password = args + parsed = urlparse(options.admin_url) + if parsed.scheme not in ('http', 'https'): + raise Exception('Cannot handle protocol scheme %s for url %s' % + (parsed.scheme, repr(options.admin_url))) + parsed_path = parsed.path + if not parsed_path: + parsed_path = '/' + elif parsed_path[-1] != '/': + parsed_path += '/' + # Ensure the account exists + path = '%sv2/%s' % (parsed_path, account) + headers = {'X-Auth-Admin-User': options.admin_user, + 'X-Auth-Admin-Key': options.admin_key} + if options.suffix: + headers['X-Account-Suffix'] = options.suffix + conn = http_connect(parsed.hostname, parsed.port, 'GET', path, headers, + ssl=(parsed.scheme == 'https')) + resp = conn.getresponse() + if resp.status // 100 != 2: + headers['Content-Length'] = '0' + conn = http_connect(parsed.hostname, parsed.port, 'PUT', path, headers, + ssl=(parsed.scheme == 'https')) + resp = conn.getresponse() + if resp.status // 100 != 2: + print 'Account creation failed: %s %s' % (resp.status, resp.reason) + # Add the user + path = '%sv2/%s/%s' % (parsed_path, account, user) + headers = {'X-Auth-Admin-User': options.admin_user, + 'X-Auth-Admin-Key': options.admin_key, + 'X-Auth-User-Key': password, + 'Content-Length': '0'} + if options.admin: + headers['X-Auth-User-Admin'] = 'true' + if options.reseller_admin: + headers['X-Auth-User-Reseller-Admin'] = 'true' + conn = http_connect(parsed.hostname, parsed.port, 'PUT', path, headers, + ssl=(parsed.scheme == 'https')) + resp = conn.getresponse() + if resp.status // 100 != 2: + if resp.status == 401: + exit('User creation failed: %s %s: Invalid user/key provided' % + (resp.status, resp.reason)) + elif resp.status == 403: + exit('User creation failed: %s %s: Insufficient priveleges' % + (resp.status, resp.reason)) + else: + exit('User creation failed: %s %s' % + (resp.status, resp.reason)) -- cgit