#!/usr/bin/python # Copyright (c) 2010 OpenStack, LLC. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or # implied. # See the License for the specific language governing permissions and # limitations under the License. import gettext from optparse import OptionParser from os.path import basename from sys import argv, exit from urlparse import urlparse from swift.common.bufferedhttp import http_connect_raw as http_connect if __name__ == '__main__': gettext.install('swift', unicode=1) parser = OptionParser( usage='Usage: %prog [options] ') parser.add_option('-a', '--admin', dest='admin', action='store_true', default=False, help='Give the user administrator access; otherwise ' 'the user will only have access to containers specifically allowed ' 'with ACLs.') parser.add_option('-r', '--reseller-admin', dest='reseller_admin', action='store_true', default=False, help='Give the user full reseller ' 'administrator access, giving them full access to all accounts within ' 'the reseller, including the ability to create new accounts. Creating ' 'a new reseller admin requires super_admin rights.') parser.add_option('-s', '--suffix', dest='suffix', default='', help='The suffix to use with the reseller prefix as the ' 'storage account name (default: ) Note: If ' 'the account already exists, this will have no effect on existing ' 'service URLs. Those will need to be updated with ' 'swauth-set-account-service') parser.add_option('-A', '--admin-url', dest='admin_url', default='http://127.0.0.1:8080/auth/', help='The URL to the auth ' 'subsystem (default: http://127.0.0.1:8080/auth/') parser.add_option('-U', '--admin-user', dest='admin_user', default='.super_admin', help='The user with admin rights to add users ' '(default: .super_admin).') parser.add_option('-K', '--admin-key', dest='admin_key', help='The key for the user with admin rights to add users.') args = argv[1:] if not args: args.append('-h') (options, args) = parser.parse_args(args) if len(args) != 3: parser.parse_args(['-h']) account, user, password = args parsed = urlparse(options.admin_url) if parsed.scheme not in ('http', 'https'): raise Exception('Cannot handle protocol scheme %s for url %s' % (parsed.scheme, repr(options.admin_url))) if not parsed.path: parsed.path = '/' elif parsed.path[-1] != '/': parsed.path += '/' # Ensure the account exists path = '%sv2/%s' % (parsed.path, account) headers = {'X-Auth-Admin-User': options.admin_user, 'X-Auth-Admin-Key': options.admin_key} if options.suffix: headers['X-Account-Suffix'] = options.suffix conn = http_connect(parsed.hostname, parsed.port, 'PUT', path, headers, ssl=(parsed.scheme == 'https')) resp = conn.getresponse() if resp.status // 100 != 2: print 'Account creation failed: %s %s' % (resp.status, resp.reason) # Add the user path = '%sv2/%s/%s' % (parsed.path, account, user) headers = {'X-Auth-Admin-User': options.admin_user, 'X-Auth-Admin-Key': options.admin_key, 'X-Auth-User-Key': password} if options.admin: headers['X-Auth-User-Admin'] = 'true' if options.reseller_admin: headers['X-Auth-User-Reseller-Admin'] = 'true' conn = http_connect(parsed.hostname, parsed.port, 'PUT', path, headers, ssl=(parsed.scheme == 'https')) resp = conn.getresponse() if resp.status // 100 != 2: print 'User creation failed: %s %s' % (resp.status, resp.reason)