[Pulp-list] user model added

[Bryan Kearney]

On 07/08/2010 06:52 PM, Mike McCune wrote:
> On 07/08/2010 03:45 PM, Mike McCune wrote:
>> Added only the model + base API.
>>
>> Also included certificate.py for parsing certs. the API includes
>> ability to do:
>>
>> def test_user_with_certificate(self):
>> # read in the test cert and extract the UID for the subject
>> # so we can compare after the user is created that it matches
>> test_cert = os.path.abspath(os.path.dirname(__file__)) +
>> "/data/test_cert.pem"
>> idcert = Certificate()
>> idcert.read(test_cert)
>> subject = idcert.subject()
>> cert_uid = subject['UID']
>>
>> # Read the cert into a string off disk and create a
>> # user with said certificate. We should get back a user with an
>> # id that matches the UID in the cert.
>> certfile = open(test_cert)
>> certstring = certfile.read()
>> user = self.uapi.create('cert-test', certificate=certstring)
>>
>> # Check that they match
>> self.assertEquals(user['id'], cert_uid)
>>
>> I'm not even entirely sure this is what we want todo but it should get
>> the ball rolling,
>> Mike
>>
>
> after a bit of thought and discussion with Jeff, the above is totally
> wrong wrt how and what I'm doing with the UID field. The above is the
> UID for the *Consumer* and not the admin user.
>
> We need to parse the identity cert and associate the subject['UID']
> field with our Consumer, not our User object.
>
> So, essentially we should consider moving the above logic over to
> Consumer's create() call to take in a cert string and possibly extract
> the UID and store that as the ID for the consumer.


FWIW.. we have 2 means on authentication on candlepin. Certs get you a 
consumer, and an owner context by default. The role is consumer. 
Username/passwords get you users, with a possible owner context. The 
latter can be supplid by basic auth which is checked only if there is no 
cert.

With the above logic, and test can be hit from the browser directly if 
need be.

-- bk