Merge "Do not name variables as builtins"
This commit is contained in:
Jenkins
Gerrit Code Review
commit
40f3ea8052
@ -177,7 +177,7 @@ class Assignment(assignment.Driver):
|
|||||||
|
|
||||||
def delete_project(self, tenant_id):
|
def delete_project(self, tenant_id):
|
||||||
if self.project.subtree_delete_enabled:
|
if self.project.subtree_delete_enabled:
|
||||||
self.project.deleteTree(id)
|
self.project.deleteTree(tenant_id)
|
||||||
else:
|
else:
|
||||||
tenant_dn = self.project._id_to_dn(tenant_id)
|
tenant_dn = self.project._id_to_dn(tenant_id)
|
||||||
self.role.roles_delete_subtree_by_project(tenant_dn)
|
self.role.roles_delete_subtree_by_project(tenant_dn)
|
||||||
@ -239,7 +239,7 @@ class Assignment(assignment.Driver):
|
|||||||
# role support which will be added under bug 1101287
|
# role support which will be added under bug 1101287
|
||||||
query = '(objectClass=%s)' % self.group.object_class
|
query = '(objectClass=%s)' % self.group.object_class
|
||||||
dn = None
|
dn = None
|
||||||
dn = self.group._id_to_dn(id)
|
dn = self.group._id_to_dn(group_id)
|
||||||
if dn:
|
if dn:
|
||||||
try:
|
try:
|
||||||
conn = self.group.get_connection()
|
conn = self.group.get_connection()
|
||||||
@ -365,9 +365,9 @@ class ProjectApi(common_ldap.EnabledEmuMixIn, common_ldap.BaseLdap):
|
|||||||
res.add(rolegrant.user_dn)
|
res.add(rolegrant.user_dn)
|
||||||
return list(res)
|
return list(res)
|
||||||
|
|
||||||
def update(self, id, values):
|
def update(self, project_id, values):
|
||||||
old_obj = self.get(id)
|
old_obj = self.get(project_id)
|
||||||
return super(ProjectApi, self).update(id, values, old_obj)
|
return super(ProjectApi, self).update(project_id, values, old_obj)
|
||||||
|
|
||||||
|
|
||||||
class UserRoleAssociation(object):
|
class UserRoleAssociation(object):
|
||||||
@ -407,8 +407,8 @@ class RoleApi(common_ldap.BaseLdap):
|
|||||||
self.member_attribute = (getattr(conf.ldap, 'role_member_attribute')
|
self.member_attribute = (getattr(conf.ldap, 'role_member_attribute')
|
||||||
or self.DEFAULT_MEMBER_ATTRIBUTE)
|
or self.DEFAULT_MEMBER_ATTRIBUTE)
|
||||||
|
|
||||||
def get(self, id, filter=None):
|
def get(self, role_id, role_filter=None):
|
||||||
model = super(RoleApi, self).get(id, filter)
|
model = super(RoleApi, self).get(role_id, role_filter)
|
||||||
return model
|
return model
|
||||||
|
|
||||||
def create(self, values):
|
def create(self, values):
|
||||||
@ -537,10 +537,10 @@ class RoleApi(common_ldap.BaseLdap):
|
|||||||
pass
|
pass
|
||||||
return super(RoleApi, self).update(role_id, role)
|
return super(RoleApi, self).update(role_id, role)
|
||||||
|
|
||||||
def delete(self, id, tenant_dn):
|
def delete(self, role_id, tenant_dn):
|
||||||
conn = self.get_connection()
|
conn = self.get_connection()
|
||||||
query = '(&(objectClass=%s)(%s=%s))' % (self.object_class,
|
query = '(&(objectClass=%s)(%s=%s))' % (self.object_class,
|
||||||
self.id_attr, id)
|
self.id_attr, role_id)
|
||||||
try:
|
try:
|
||||||
for role_dn, _ in conn.search_s(tenant_dn,
|
for role_dn, _ in conn.search_s(tenant_dn,
|
||||||
ldap.SCOPE_SUBTREE,
|
ldap.SCOPE_SUBTREE,
|
||||||
@ -550,4 +550,4 @@ class RoleApi(common_ldap.BaseLdap):
|
|||||||
pass
|
pass
|
||||||
finally:
|
finally:
|
||||||
conn.unbind_s()
|
conn.unbind_s()
|
||||||
super(RoleApi, self).delete(id)
|
super(RoleApi, self).delete(role_id)
|
||||||
|
|||||||
@ -382,7 +382,7 @@ class Assignment(sql.Base, assignment.Driver):
|
|||||||
return assignment_list
|
return assignment_list
|
||||||
|
|
||||||
# CRUD
|
# CRUD
|
||||||
@sql.handle_conflicts(type='project')
|
@sql.handle_conflicts(conflict_type='project')
|
||||||
def create_project(self, tenant_id, tenant):
|
def create_project(self, tenant_id, tenant):
|
||||||
tenant['name'] = clean.project_name(tenant['name'])
|
tenant['name'] = clean.project_name(tenant['name'])
|
||||||
session = self.get_session()
|
session = self.get_session()
|
||||||
@ -392,7 +392,7 @@ class Assignment(sql.Base, assignment.Driver):
|
|||||||
session.flush()
|
session.flush()
|
||||||
return tenant_ref.to_dict()
|
return tenant_ref.to_dict()
|
||||||
|
|
||||||
@sql.handle_conflicts(type='project')
|
@sql.handle_conflicts(conflict_type='project')
|
||||||
def update_project(self, tenant_id, tenant):
|
def update_project(self, tenant_id, tenant):
|
||||||
session = self.get_session()
|
session = self.get_session()
|
||||||
|
|
||||||
@ -412,7 +412,7 @@ class Assignment(sql.Base, assignment.Driver):
|
|||||||
session.flush()
|
session.flush()
|
||||||
return tenant_ref.to_dict(include_extra_dict=True)
|
return tenant_ref.to_dict(include_extra_dict=True)
|
||||||
|
|
||||||
@sql.handle_conflicts(type='project')
|
@sql.handle_conflicts(conflict_type='project')
|
||||||
def delete_project(self, tenant_id):
|
def delete_project(self, tenant_id):
|
||||||
session = self.get_session()
|
session = self.get_session()
|
||||||
|
|
||||||
@ -434,7 +434,7 @@ class Assignment(sql.Base, assignment.Driver):
|
|||||||
session.delete(tenant_ref)
|
session.delete(tenant_ref)
|
||||||
session.flush()
|
session.flush()
|
||||||
|
|
||||||
@sql.handle_conflicts(type='metadata')
|
@sql.handle_conflicts(conflict_type='metadata')
|
||||||
def _create_metadata(self, user_id, tenant_id, metadata,
|
def _create_metadata(self, user_id, tenant_id, metadata,
|
||||||
domain_id=None, group_id=None):
|
domain_id=None, group_id=None):
|
||||||
session = self.get_session()
|
session = self.get_session()
|
||||||
@ -464,7 +464,7 @@ class Assignment(sql.Base, assignment.Driver):
|
|||||||
session.flush()
|
session.flush()
|
||||||
return metadata
|
return metadata
|
||||||
|
|
||||||
@sql.handle_conflicts(type='metadata')
|
@sql.handle_conflicts(conflict_type='metadata')
|
||||||
def _update_metadata(self, user_id, tenant_id, metadata,
|
def _update_metadata(self, user_id, tenant_id, metadata,
|
||||||
domain_id=None, group_id=None):
|
domain_id=None, group_id=None):
|
||||||
session = self.get_session()
|
session = self.get_session()
|
||||||
@ -496,7 +496,7 @@ class Assignment(sql.Base, assignment.Driver):
|
|||||||
|
|
||||||
# domain crud
|
# domain crud
|
||||||
|
|
||||||
@sql.handle_conflicts(type='domain')
|
@sql.handle_conflicts(conflict_type='domain')
|
||||||
def create_domain(self, domain_id, domain):
|
def create_domain(self, domain_id, domain):
|
||||||
session = self.get_session()
|
session = self.get_session()
|
||||||
with session.begin():
|
with session.begin():
|
||||||
@ -529,7 +529,7 @@ class Assignment(sql.Base, assignment.Driver):
|
|||||||
raise exception.DomainNotFound(domain_id=domain_name)
|
raise exception.DomainNotFound(domain_id=domain_name)
|
||||||
return ref.to_dict()
|
return ref.to_dict()
|
||||||
|
|
||||||
@sql.handle_conflicts(type='domain')
|
@sql.handle_conflicts(conflict_type='domain')
|
||||||
def update_domain(self, domain_id, domain):
|
def update_domain(self, domain_id, domain):
|
||||||
session = self.get_session()
|
session = self.get_session()
|
||||||
with session.begin():
|
with session.begin():
|
||||||
@ -554,7 +554,7 @@ class Assignment(sql.Base, assignment.Driver):
|
|||||||
|
|
||||||
# role crud
|
# role crud
|
||||||
|
|
||||||
@sql.handle_conflicts(type='role')
|
@sql.handle_conflicts(conflict_type='role')
|
||||||
def create_role(self, role_id, role):
|
def create_role(self, role_id, role):
|
||||||
session = self.get_session()
|
session = self.get_session()
|
||||||
with session.begin():
|
with session.begin():
|
||||||
@ -578,7 +578,7 @@ class Assignment(sql.Base, assignment.Driver):
|
|||||||
session = self.get_session()
|
session = self.get_session()
|
||||||
return self._get_role(session, role_id).to_dict()
|
return self._get_role(session, role_id).to_dict()
|
||||||
|
|
||||||
@sql.handle_conflicts(type='role')
|
@sql.handle_conflicts(conflict_type='role')
|
||||||
def update_role(self, role_id, role):
|
def update_role(self, role_id, role):
|
||||||
session = self.get_session()
|
session = self.get_session()
|
||||||
with session.begin():
|
with session.begin():
|
||||||
|
|||||||
@ -17,7 +17,7 @@
|
|||||||
import os.path
|
import os.path
|
||||||
|
|
||||||
import ldap
|
import ldap
|
||||||
from ldap import filter as ldap_filter
|
import ldap.filter
|
||||||
|
|
||||||
from keystone import exception
|
from keystone import exception
|
||||||
from keystone.openstack.common import log as logging
|
from keystone.openstack.common import log as logging
|
||||||
@ -170,8 +170,9 @@ class BaseLdap(object):
|
|||||||
or self.DEFAULT_EXTRA_ATTR_MAPPING)
|
or self.DEFAULT_EXTRA_ATTR_MAPPING)
|
||||||
self.extra_attr_mapping = self._parse_extra_attrs(attr_mapping)
|
self.extra_attr_mapping = self._parse_extra_attrs(attr_mapping)
|
||||||
|
|
||||||
filter = '%s_filter' % self.options_name
|
ldap_filter = '%s_filter' % self.options_name
|
||||||
self.filter = getattr(conf.ldap, filter) or self.DEFAULT_FILTER
|
self.ldap_filter = getattr(conf.ldap,
|
||||||
|
ldap_filter) or self.DEFAULT_FILTER
|
||||||
|
|
||||||
allow_create = '%s_allow_create' % self.options_name
|
allow_create = '%s_allow_create' % self.options_name
|
||||||
self.allow_create = getattr(conf.ldap, allow_create)
|
self.allow_create = getattr(conf.ldap, allow_create)
|
||||||
@ -247,21 +248,21 @@ class BaseLdap(object):
|
|||||||
|
|
||||||
return conn
|
return conn
|
||||||
|
|
||||||
def _id_to_dn_string(self, id):
|
def _id_to_dn_string(self, object_id):
|
||||||
return '%s=%s,%s' % (self.id_attr,
|
return '%s=%s,%s' % (self.id_attr,
|
||||||
ldap.dn.escape_dn_chars(str(id)),
|
ldap.dn.escape_dn_chars(str(object_id)),
|
||||||
self.tree_dn)
|
self.tree_dn)
|
||||||
|
|
||||||
def _id_to_dn(self, id):
|
def _id_to_dn(self, object_id):
|
||||||
if self.LDAP_SCOPE == ldap.SCOPE_ONELEVEL:
|
if self.LDAP_SCOPE == ldap.SCOPE_ONELEVEL:
|
||||||
return self._id_to_dn_string(id)
|
return self._id_to_dn_string(object_id)
|
||||||
conn = self.get_connection()
|
conn = self.get_connection()
|
||||||
try:
|
try:
|
||||||
search_result = conn.search_s(
|
search_result = conn.search_s(
|
||||||
self.tree_dn, self.LDAP_SCOPE,
|
self.tree_dn, self.LDAP_SCOPE,
|
||||||
'(&(%(id_attr)s=%(id)s)(objectclass=%(objclass)s))' %
|
'(&(%(id_attr)s=%(id)s)(objectclass=%(objclass)s))' %
|
||||||
{'id_attr': self.id_attr,
|
{'id_attr': self.id_attr,
|
||||||
'id': ldap.filter.escape_filter_chars(str(id)),
|
'id': ldap.filter.escape_filter_chars(str(object_id)),
|
||||||
'objclass': self.object_class})
|
'objclass': self.object_class})
|
||||||
finally:
|
finally:
|
||||||
conn.unbind_s()
|
conn.unbind_s()
|
||||||
@ -269,7 +270,7 @@ class BaseLdap(object):
|
|||||||
dn, attrs = search_result[0]
|
dn, attrs = search_result[0]
|
||||||
return dn
|
return dn
|
||||||
else:
|
else:
|
||||||
return self._id_to_dn_string(id)
|
return self._id_to_dn_string(object_id)
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def _dn_to_id(dn):
|
def _dn_to_id(dn):
|
||||||
@ -344,14 +345,14 @@ class BaseLdap(object):
|
|||||||
conn.unbind_s()
|
conn.unbind_s()
|
||||||
return values
|
return values
|
||||||
|
|
||||||
def _ldap_get(self, id, filter=None):
|
def _ldap_get(self, object_id, ldap_filter=None):
|
||||||
conn = self.get_connection()
|
conn = self.get_connection()
|
||||||
query = ('(&(%(id_attr)s=%(id)s)'
|
query = ('(&(%(id_attr)s=%(id)s)'
|
||||||
'%(filter)s'
|
'%(filter)s'
|
||||||
'(objectClass=%(object_class)s))'
|
'(objectClass=%(object_class)s))'
|
||||||
% {'id_attr': self.id_attr,
|
% {'id_attr': self.id_attr,
|
||||||
'id': ldap.filter.escape_filter_chars(str(id)),
|
'id': ldap.filter.escape_filter_chars(str(object_id)),
|
||||||
'filter': (filter or self.filter or ''),
|
'filter': (ldap_filter or self.ldap_filter or ''),
|
||||||
'object_class': self.object_class})
|
'object_class': self.object_class})
|
||||||
try:
|
try:
|
||||||
attrs = list(set((self.attribute_mapping.values() +
|
attrs = list(set((self.attribute_mapping.values() +
|
||||||
@ -366,10 +367,11 @@ class BaseLdap(object):
|
|||||||
except IndexError:
|
except IndexError:
|
||||||
return None
|
return None
|
||||||
|
|
||||||
def _ldap_get_all(self, filter=None):
|
def _ldap_get_all(self, ldap_filter=None):
|
||||||
conn = self.get_connection()
|
conn = self.get_connection()
|
||||||
query = '(&%s(objectClass=%s))' % (filter or self.filter or '',
|
query = '(&%s(objectClass=%s))' % (ldap_filter or
|
||||||
self.object_class)
|
self.ldap_filter or
|
||||||
|
'', self.object_class)
|
||||||
try:
|
try:
|
||||||
return conn.search_s(self.tree_dn,
|
return conn.search_s(self.tree_dn,
|
||||||
self.LDAP_SCOPE,
|
self.LDAP_SCOPE,
|
||||||
@ -380,33 +382,33 @@ class BaseLdap(object):
|
|||||||
finally:
|
finally:
|
||||||
conn.unbind_s()
|
conn.unbind_s()
|
||||||
|
|
||||||
def get(self, id, filter=None):
|
def get(self, object_id, ldap_filter=None):
|
||||||
res = self._ldap_get(id, filter)
|
res = self._ldap_get(object_id, ldap_filter)
|
||||||
if res is None:
|
if res is None:
|
||||||
raise self._not_found(id)
|
raise self._not_found(object_id)
|
||||||
else:
|
else:
|
||||||
return self._ldap_res_to_model(res)
|
return self._ldap_res_to_model(res)
|
||||||
|
|
||||||
def get_by_name(self, name, filter=None):
|
def get_by_name(self, name, ldap_filter=None):
|
||||||
query = ('(%s=%s)' % (self.attribute_mapping['name'],
|
query = ('(%s=%s)' % (self.attribute_mapping['name'],
|
||||||
ldap_filter.escape_filter_chars(name)))
|
ldap.filter.escape_filter_chars(name)))
|
||||||
res = self.get_all(query)
|
res = self.get_all(query)
|
||||||
try:
|
try:
|
||||||
return res[0]
|
return res[0]
|
||||||
except IndexError:
|
except IndexError:
|
||||||
raise self._not_found(name)
|
raise self._not_found(name)
|
||||||
|
|
||||||
def get_all(self, filter=None):
|
def get_all(self, ldap_filter=None):
|
||||||
return [self._ldap_res_to_model(x)
|
return [self._ldap_res_to_model(x)
|
||||||
for x in self._ldap_get_all(filter)]
|
for x in self._ldap_get_all(ldap_filter)]
|
||||||
|
|
||||||
def update(self, id, values, old_obj=None):
|
def update(self, object_id, values, old_obj=None):
|
||||||
if not self.allow_update:
|
if not self.allow_update:
|
||||||
action = _('LDAP %s update') % self.options_name
|
action = _('LDAP %s update') % self.options_name
|
||||||
raise exception.ForbiddenAction(action=action)
|
raise exception.ForbiddenAction(action=action)
|
||||||
|
|
||||||
if old_obj is None:
|
if old_obj is None:
|
||||||
old_obj = self.get(id)
|
old_obj = self.get(object_id)
|
||||||
|
|
||||||
modlist = []
|
modlist = []
|
||||||
for k, v in values.iteritems():
|
for k, v in values.iteritems():
|
||||||
@ -440,37 +442,37 @@ class BaseLdap(object):
|
|||||||
if modlist:
|
if modlist:
|
||||||
conn = self.get_connection()
|
conn = self.get_connection()
|
||||||
try:
|
try:
|
||||||
conn.modify_s(self._id_to_dn(id), modlist)
|
conn.modify_s(self._id_to_dn(object_id), modlist)
|
||||||
except ldap.NO_SUCH_OBJECT:
|
except ldap.NO_SUCH_OBJECT:
|
||||||
raise self._not_found(id)
|
raise self._not_found(object_id)
|
||||||
finally:
|
finally:
|
||||||
conn.unbind_s()
|
conn.unbind_s()
|
||||||
|
|
||||||
return self.get(id)
|
return self.get(object_id)
|
||||||
|
|
||||||
def delete(self, id):
|
def delete(self, object_id):
|
||||||
if not self.allow_delete:
|
if not self.allow_delete:
|
||||||
action = _('LDAP %s delete') % self.options_name
|
action = _('LDAP %s delete') % self.options_name
|
||||||
raise exception.ForbiddenAction(action=action)
|
raise exception.ForbiddenAction(action=action)
|
||||||
|
|
||||||
conn = self.get_connection()
|
conn = self.get_connection()
|
||||||
try:
|
try:
|
||||||
conn.delete_s(self._id_to_dn(id))
|
conn.delete_s(self._id_to_dn(object_id))
|
||||||
except ldap.NO_SUCH_OBJECT:
|
except ldap.NO_SUCH_OBJECT:
|
||||||
raise self._not_found(id)
|
raise self._not_found(object_id)
|
||||||
finally:
|
finally:
|
||||||
conn.unbind_s()
|
conn.unbind_s()
|
||||||
|
|
||||||
def deleteTree(self, id):
|
def deleteTree(self, object_id):
|
||||||
conn = self.get_connection()
|
conn = self.get_connection()
|
||||||
tree_delete_control = ldap.controls.LDAPControl(CONTROL_TREEDELETE,
|
tree_delete_control = ldap.controls.LDAPControl(CONTROL_TREEDELETE,
|
||||||
0,
|
0,
|
||||||
None)
|
None)
|
||||||
try:
|
try:
|
||||||
conn.delete_ext_s(self._id_to_dn(id),
|
conn.delete_ext_s(self._id_to_dn(object_id),
|
||||||
serverctrls=[tree_delete_control])
|
serverctrls=[tree_delete_control])
|
||||||
except ldap.NO_SUCH_OBJECT:
|
except ldap.NO_SUCH_OBJECT:
|
||||||
raise self._not_found(id)
|
raise self._not_found(object_id)
|
||||||
finally:
|
finally:
|
||||||
conn.unbind_s()
|
conn.unbind_s()
|
||||||
|
|
||||||
@ -744,23 +746,23 @@ class EnabledEmuMixIn(BaseLdap):
|
|||||||
else:
|
else:
|
||||||
return super(EnabledEmuMixIn, self).create(values)
|
return super(EnabledEmuMixIn, self).create(values)
|
||||||
|
|
||||||
def get(self, object_id, filter=None):
|
def get(self, object_id, ldap_filter=None):
|
||||||
ref = super(EnabledEmuMixIn, self).get(object_id, filter)
|
ref = super(EnabledEmuMixIn, self).get(object_id, ldap_filter)
|
||||||
if 'enabled' not in self.attribute_ignore and self.enabled_emulation:
|
if 'enabled' not in self.attribute_ignore and self.enabled_emulation:
|
||||||
ref['enabled'] = self._get_enabled(object_id)
|
ref['enabled'] = self._get_enabled(object_id)
|
||||||
return ref
|
return ref
|
||||||
|
|
||||||
def get_all(self, filter=None):
|
def get_all(self, ldap_filter=None):
|
||||||
if 'enabled' not in self.attribute_ignore and self.enabled_emulation:
|
if 'enabled' not in self.attribute_ignore and self.enabled_emulation:
|
||||||
# had to copy BaseLdap.get_all here to filter by DN
|
# had to copy BaseLdap.get_all here to ldap_filter by DN
|
||||||
tenant_list = [self._ldap_res_to_model(x)
|
tenant_list = [self._ldap_res_to_model(x)
|
||||||
for x in self._ldap_get_all(filter)
|
for x in self._ldap_get_all(ldap_filter)
|
||||||
if x[0] != self.enabled_emulation_dn]
|
if x[0] != self.enabled_emulation_dn]
|
||||||
for tenant_ref in tenant_list:
|
for tenant_ref in tenant_list:
|
||||||
tenant_ref['enabled'] = self._get_enabled(tenant_ref['id'])
|
tenant_ref['enabled'] = self._get_enabled(tenant_ref['id'])
|
||||||
return tenant_list
|
return tenant_list
|
||||||
else:
|
else:
|
||||||
return super(EnabledEmuMixIn, self).get_all(filter)
|
return super(EnabledEmuMixIn, self).get_all(ldap_filter)
|
||||||
|
|
||||||
def update(self, object_id, values, old_obj=None):
|
def update(self, object_id, values, old_obj=None):
|
||||||
if 'enabled' not in self.attribute_ignore and self.enabled_emulation:
|
if 'enabled' not in self.attribute_ignore and self.enabled_emulation:
|
||||||
|
|||||||
@ -298,7 +298,7 @@ class Base(object):
|
|||||||
self._sessionmaker = None
|
self._sessionmaker = None
|
||||||
|
|
||||||
|
|
||||||
def handle_conflicts(type='object'):
|
def handle_conflicts(conflict_type='object'):
|
||||||
"""Converts IntegrityError into HTTP 409 Conflict."""
|
"""Converts IntegrityError into HTTP 409 Conflict."""
|
||||||
def decorator(method):
|
def decorator(method):
|
||||||
@functools.wraps(method)
|
@functools.wraps(method)
|
||||||
@ -306,6 +306,7 @@ def handle_conflicts(type='object'):
|
|||||||
try:
|
try:
|
||||||
return method(*args, **kwargs)
|
return method(*args, **kwargs)
|
||||||
except (IntegrityError, OperationalError) as e:
|
except (IntegrityError, OperationalError) as e:
|
||||||
raise exception.Conflict(type=type, details=str(e.orig))
|
raise exception.Conflict(type=conflict_type,
|
||||||
|
details=str(e.orig))
|
||||||
return wrapper
|
return wrapper
|
||||||
return decorator
|
return decorator
|
||||||
|
|||||||
@ -80,10 +80,10 @@ def db_version_control(version=None, repo_path=None):
|
|||||||
def find_migrate_repo(package=None):
|
def find_migrate_repo(package=None):
|
||||||
"""Get the path for the migrate repository."""
|
"""Get the path for the migrate repository."""
|
||||||
if package is None:
|
if package is None:
|
||||||
file = __file__
|
filename = __file__
|
||||||
else:
|
else:
|
||||||
file = package.__file__
|
filename = package.__file__
|
||||||
path = os.path.join(os.path.abspath(os.path.dirname(file)),
|
path = os.path.join(os.path.abspath(os.path.dirname(filename)),
|
||||||
'migrate_repo')
|
'migrate_repo')
|
||||||
assert os.path.exists(path)
|
assert os.path.exists(path)
|
||||||
return path
|
return path
|
||||||
|
|||||||
@ -37,7 +37,7 @@ class EndpointFilter(sql.Base):
|
|||||||
def db_sync(self, version=None):
|
def db_sync(self, version=None):
|
||||||
migration.db_sync(version=version)
|
migration.db_sync(version=version)
|
||||||
|
|
||||||
@sql.handle_conflicts(type='project_endpoint')
|
@sql.handle_conflicts(conflict_type='project_endpoint')
|
||||||
def add_endpoint_to_project(self, endpoint_id, project_id):
|
def add_endpoint_to_project(self, endpoint_id, project_id):
|
||||||
session = self.get_session()
|
session = self.get_session()
|
||||||
with session.begin():
|
with session.begin():
|
||||||
|
|||||||
@ -39,7 +39,7 @@ class Credential(sql.Base, credential.Driver):
|
|||||||
|
|
||||||
# credential crud
|
# credential crud
|
||||||
|
|
||||||
@sql.handle_conflicts(type='credential')
|
@sql.handle_conflicts(conflict_type='credential')
|
||||||
def create_credential(self, credential_id, credential):
|
def create_credential(self, credential_id, credential):
|
||||||
session = self.get_session()
|
session = self.get_session()
|
||||||
with session.begin():
|
with session.begin():
|
||||||
@ -66,7 +66,7 @@ class Credential(sql.Base, credential.Driver):
|
|||||||
session = self.get_session()
|
session = self.get_session()
|
||||||
return self._get_credential(session, credential_id).to_dict()
|
return self._get_credential(session, credential_id).to_dict()
|
||||||
|
|
||||||
@sql.handle_conflicts(type='credential')
|
@sql.handle_conflicts(conflict_type='credential')
|
||||||
def update_credential(self, credential_id, credential):
|
def update_credential(self, credential_id, credential):
|
||||||
session = self.get_session()
|
session = self.get_session()
|
||||||
with session.begin():
|
with session.begin():
|
||||||
|
|||||||
@ -263,16 +263,16 @@ class GroupApi(common_ldap.BaseLdap):
|
|||||||
data.pop('description')
|
data.pop('description')
|
||||||
return super(GroupApi, self).create(data)
|
return super(GroupApi, self).create(data)
|
||||||
|
|
||||||
def delete(self, id):
|
def delete(self, group_id):
|
||||||
if self.subtree_delete_enabled:
|
if self.subtree_delete_enabled:
|
||||||
super(GroupApi, self).deleteTree(id)
|
super(GroupApi, self).deleteTree(group_id)
|
||||||
else:
|
else:
|
||||||
# TODO(spzala): this is only placeholder for group and domain
|
# TODO(spzala): this is only placeholder for group and domain
|
||||||
# role support which will be added under bug 1101287
|
# role support which will be added under bug 1101287
|
||||||
|
|
||||||
query = '(objectClass=%s)' % self.object_class
|
query = '(objectClass=%s)' % self.object_class
|
||||||
dn = None
|
dn = None
|
||||||
dn = self._id_to_dn(id)
|
dn = self._id_to_dn(group_id)
|
||||||
if dn:
|
if dn:
|
||||||
try:
|
try:
|
||||||
conn = self.get_connection()
|
conn = self.get_connection()
|
||||||
@ -284,11 +284,11 @@ class GroupApi(common_ldap.BaseLdap):
|
|||||||
pass
|
pass
|
||||||
finally:
|
finally:
|
||||||
conn.unbind_s()
|
conn.unbind_s()
|
||||||
super(GroupApi, self).delete(id)
|
super(GroupApi, self).delete(group_id)
|
||||||
|
|
||||||
def update(self, id, values):
|
def update(self, group_id, values):
|
||||||
old_obj = self.get(id)
|
old_obj = self.get(group_id)
|
||||||
return super(GroupApi, self).update(id, values, old_obj)
|
return super(GroupApi, self).update(group_id, values, old_obj)
|
||||||
|
|
||||||
def add_user(self, user_dn, group_id, user_id):
|
def add_user(self, user_dn, group_id, user_id):
|
||||||
conn = self.get_connection()
|
conn = self.get_connection()
|
||||||
@ -324,7 +324,7 @@ class GroupApi(common_ldap.BaseLdap):
|
|||||||
query = '(&(objectClass=%s)(%s=%s)%s)' % (self.object_class,
|
query = '(&(objectClass=%s)(%s=%s)%s)' % (self.object_class,
|
||||||
self.member_attribute,
|
self.member_attribute,
|
||||||
user_dn,
|
user_dn,
|
||||||
self.filter or '')
|
self.ldap_filter or '')
|
||||||
memberships = self.get_all(query)
|
memberships = self.get_all(query)
|
||||||
return memberships
|
return memberships
|
||||||
|
|
||||||
|
|||||||
@ -110,7 +110,7 @@ class Identity(sql.Base, identity.Driver):
|
|||||||
|
|
||||||
# user crud
|
# user crud
|
||||||
|
|
||||||
@sql.handle_conflicts(type='user')
|
@sql.handle_conflicts(conflict_type='user')
|
||||||
def create_user(self, user_id, user):
|
def create_user(self, user_id, user):
|
||||||
user = utils.hash_user_password(user)
|
user = utils.hash_user_password(user)
|
||||||
session = self.get_session()
|
session = self.get_session()
|
||||||
@ -146,7 +146,7 @@ class Identity(sql.Base, identity.Driver):
|
|||||||
raise exception.UserNotFound(user_id=user_name)
|
raise exception.UserNotFound(user_id=user_name)
|
||||||
return identity.filter_user(user_ref.to_dict())
|
return identity.filter_user(user_ref.to_dict())
|
||||||
|
|
||||||
@sql.handle_conflicts(type='user')
|
@sql.handle_conflicts(conflict_type='user')
|
||||||
def update_user(self, user_id, user):
|
def update_user(self, user_id, user):
|
||||||
session = self.get_session()
|
session = self.get_session()
|
||||||
if 'id' in user and user_id != user['id']:
|
if 'id' in user and user_id != user['id']:
|
||||||
@ -237,7 +237,7 @@ class Identity(sql.Base, identity.Driver):
|
|||||||
|
|
||||||
# group crud
|
# group crud
|
||||||
|
|
||||||
@sql.handle_conflicts(type='group')
|
@sql.handle_conflicts(conflict_type='group')
|
||||||
def create_group(self, group_id, group):
|
def create_group(self, group_id, group):
|
||||||
session = self.get_session()
|
session = self.get_session()
|
||||||
with session.begin():
|
with session.begin():
|
||||||
@ -261,7 +261,7 @@ class Identity(sql.Base, identity.Driver):
|
|||||||
session = self.get_session()
|
session = self.get_session()
|
||||||
return self._get_group(session, group_id).to_dict()
|
return self._get_group(session, group_id).to_dict()
|
||||||
|
|
||||||
@sql.handle_conflicts(type='group')
|
@sql.handle_conflicts(conflict_type='group')
|
||||||
def update_group(self, group_id, group):
|
def update_group(self, group_id, group):
|
||||||
session = self.get_session()
|
session = self.get_session()
|
||||||
|
|
||||||
|
|||||||
@ -121,16 +121,16 @@ class DomainConfigs(dict):
|
|||||||
return
|
return
|
||||||
|
|
||||||
for r, d, f in os.walk(conf_dir):
|
for r, d, f in os.walk(conf_dir):
|
||||||
for file in f:
|
for fname in f:
|
||||||
if file.startswith('keystone.') and file.endswith('.conf'):
|
if fname.startswith('keystone.') and fname.endswith('.conf'):
|
||||||
names = file.split('.')
|
names = fname.split('.')
|
||||||
if len(names) == 3:
|
if len(names) == 3:
|
||||||
self._load_config(assignment_api,
|
self._load_config(assignment_api,
|
||||||
[os.path.join(r, file)],
|
[os.path.join(r, fname)],
|
||||||
names[1])
|
names[1])
|
||||||
else:
|
else:
|
||||||
msg = (_('Ignoring file (%s) while scanning domain '
|
msg = (_('Ignoring file (%s) while scanning domain '
|
||||||
'config directory') % file)
|
'config directory') % fname)
|
||||||
LOG.debug(msg)
|
LOG.debug(msg)
|
||||||
|
|
||||||
def get_domain_driver(self, domain_id):
|
def get_domain_driver(self, domain_id):
|
||||||
|
|||||||
@ -34,7 +34,7 @@ class Policy(sql.Base, rules.Policy):
|
|||||||
def db_sync(self, version=None):
|
def db_sync(self, version=None):
|
||||||
migration.db_sync(version=version)
|
migration.db_sync(version=version)
|
||||||
|
|
||||||
@sql.handle_conflicts(type='policy')
|
@sql.handle_conflicts(conflict_type='policy')
|
||||||
def create_policy(self, policy_id, policy):
|
def create_policy(self, policy_id, policy):
|
||||||
session = self.get_session()
|
session = self.get_session()
|
||||||
|
|
||||||
@ -63,7 +63,7 @@ class Policy(sql.Base, rules.Policy):
|
|||||||
|
|
||||||
return self._get_policy(session, policy_id).to_dict()
|
return self._get_policy(session, policy_id).to_dict()
|
||||||
|
|
||||||
@sql.handle_conflicts(type='policy')
|
@sql.handle_conflicts(conflict_type='policy')
|
||||||
def update_policy(self, policy_id, policy):
|
def update_policy(self, policy_id, policy):
|
||||||
session = self.get_session()
|
session = self.get_session()
|
||||||
|
|
||||||
|
|||||||
@ -3068,14 +3068,14 @@ class TokenCacheInvalidation(object):
|
|||||||
# Create an equivalent of a scoped token
|
# Create an equivalent of a scoped token
|
||||||
token_dict = {'user': self.user, 'tenant': self.tenant,
|
token_dict = {'user': self.user, 'tenant': self.tenant,
|
||||||
'metadata': {}, 'id': 'placeholder'}
|
'metadata': {}, 'id': 'placeholder'}
|
||||||
id, data = self.token_provider_api.issue_v2_token(token_dict)
|
token_id, data = self.token_provider_api.issue_v2_token(token_dict)
|
||||||
self.scoped_token_id = id
|
self.scoped_token_id = token_id
|
||||||
|
|
||||||
# ..and an un-scoped one
|
# ..and an un-scoped one
|
||||||
token_dict = {'user': self.user, 'tenant': None,
|
token_dict = {'user': self.user, 'tenant': None,
|
||||||
'metadata': {}, 'id': 'placeholder'}
|
'metadata': {}, 'id': 'placeholder'}
|
||||||
id, data = self.token_provider_api.issue_v2_token(token_dict)
|
token_id, data = self.token_provider_api.issue_v2_token(token_dict)
|
||||||
self.unscoped_token_id = id
|
self.unscoped_token_id = token_id
|
||||||
|
|
||||||
# Validate them, in the various ways possible - this will load the
|
# Validate them, in the various ways possible - this will load the
|
||||||
# responses into the token cache.
|
# responses into the token cache.
|
||||||
|
|||||||
@ -32,8 +32,8 @@ class PamIdentity(tests.TestCase):
|
|||||||
tests.testsdir('test_overrides.conf'),
|
tests.testsdir('test_overrides.conf'),
|
||||||
tests.testsdir('backend_pam.conf')])
|
tests.testsdir('backend_pam.conf')])
|
||||||
self.identity_api = identity_pam.PamIdentity()
|
self.identity_api = identity_pam.PamIdentity()
|
||||||
id = uuid.uuid4().hex
|
tenant_id = uuid.uuid4().hex
|
||||||
self.tenant_in = {'id': id, 'name': id}
|
self.tenant_in = {'id': tenant_id, 'name': tenant_id}
|
||||||
self.user_in = {'id': CONF.pam.userid, 'name': CONF.pam.userid}
|
self.user_in = {'id': CONF.pam.userid, 'name': CONF.pam.userid}
|
||||||
|
|
||||||
def test_get_project(self):
|
def test_get_project(self):
|
||||||
|
|||||||
@ -1080,9 +1080,9 @@ class TestTokenRevoking(test_v3.RestfulTestCase):
|
|||||||
|
|
||||||
class TestAuthExternalDisabled(test_v3.RestfulTestCase):
|
class TestAuthExternalDisabled(test_v3.RestfulTestCase):
|
||||||
def config_files(self):
|
def config_files(self):
|
||||||
list = self._config_file_list[:]
|
cfg_list = self._config_file_list[:]
|
||||||
list.append(tests.testsdir('auth_plugin_external_disabled.conf'))
|
cfg_list.append(tests.testsdir('auth_plugin_external_disabled.conf'))
|
||||||
return list
|
return cfg_list
|
||||||
|
|
||||||
def test_remote_user_disabled(self):
|
def test_remote_user_disabled(self):
|
||||||
api = auth.controllers.Auth()
|
api = auth.controllers.Auth()
|
||||||
@ -1100,9 +1100,9 @@ class TestAuthExternalDomain(test_v3.RestfulTestCase):
|
|||||||
content_type = 'json'
|
content_type = 'json'
|
||||||
|
|
||||||
def config_files(self):
|
def config_files(self):
|
||||||
list = self._config_file_list[:]
|
cfg_list = self._config_file_list[:]
|
||||||
list.append(tests.testsdir('auth_plugin_external_domain.conf'))
|
cfg_list.append(tests.testsdir('auth_plugin_external_domain.conf'))
|
||||||
return list
|
return cfg_list
|
||||||
|
|
||||||
def test_remote_user_with_realm(self):
|
def test_remote_user_with_realm(self):
|
||||||
api = auth.controllers.Auth()
|
api = auth.controllers.Auth()
|
||||||
|
|||||||
@ -44,7 +44,7 @@ class TrustRole(sql.ModelBase):
|
|||||||
|
|
||||||
|
|
||||||
class Trust(sql.Base, trust.Driver):
|
class Trust(sql.Base, trust.Driver):
|
||||||
@sql.handle_conflicts(type='trust')
|
@sql.handle_conflicts(conflict_type='trust')
|
||||||
def create_trust(self, trust_id, trust, roles):
|
def create_trust(self, trust_id, trust, roles):
|
||||||
session = self.get_session()
|
session = self.get_session()
|
||||||
with session.begin():
|
with session.begin():
|
||||||
@ -71,7 +71,7 @@ class Trust(sql.Base, trust.Driver):
|
|||||||
roles.append({'id': role.role_id})
|
roles.append({'id': role.role_id})
|
||||||
trust_dict['roles'] = roles
|
trust_dict['roles'] = roles
|
||||||
|
|
||||||
@sql.handle_conflicts(type='trust')
|
@sql.handle_conflicts(conflict_type='trust')
|
||||||
def get_trust(self, trust_id):
|
def get_trust(self, trust_id):
|
||||||
session = self.get_session()
|
session = self.get_session()
|
||||||
ref = (session.query(TrustModel).
|
ref = (session.query(TrustModel).
|
||||||
@ -88,13 +88,13 @@ class Trust(sql.Base, trust.Driver):
|
|||||||
self._add_roles(trust_id, session, trust_dict)
|
self._add_roles(trust_id, session, trust_dict)
|
||||||
return trust_dict
|
return trust_dict
|
||||||
|
|
||||||
@sql.handle_conflicts(type='trust')
|
@sql.handle_conflicts(conflict_type='trust')
|
||||||
def list_trusts(self):
|
def list_trusts(self):
|
||||||
session = self.get_session()
|
session = self.get_session()
|
||||||
trusts = session.query(TrustModel).filter_by(deleted_at=None)
|
trusts = session.query(TrustModel).filter_by(deleted_at=None)
|
||||||
return [trust_ref.to_dict() for trust_ref in trusts]
|
return [trust_ref.to_dict() for trust_ref in trusts]
|
||||||
|
|
||||||
@sql.handle_conflicts(type='trust')
|
@sql.handle_conflicts(conflict_type='trust')
|
||||||
def list_trusts_for_trustee(self, trustee_user_id):
|
def list_trusts_for_trustee(self, trustee_user_id):
|
||||||
session = self.get_session()
|
session = self.get_session()
|
||||||
trusts = (session.query(TrustModel).
|
trusts = (session.query(TrustModel).
|
||||||
@ -102,7 +102,7 @@ class Trust(sql.Base, trust.Driver):
|
|||||||
filter_by(trustee_user_id=trustee_user_id))
|
filter_by(trustee_user_id=trustee_user_id))
|
||||||
return [trust_ref.to_dict() for trust_ref in trusts]
|
return [trust_ref.to_dict() for trust_ref in trusts]
|
||||||
|
|
||||||
@sql.handle_conflicts(type='trust')
|
@sql.handle_conflicts(conflict_type='trust')
|
||||||
def list_trusts_for_trustor(self, trustor_user_id):
|
def list_trusts_for_trustor(self, trustor_user_id):
|
||||||
session = self.get_session()
|
session = self.get_session()
|
||||||
trusts = (session.query(TrustModel).
|
trusts = (session.query(TrustModel).
|
||||||
@ -110,7 +110,7 @@ class Trust(sql.Base, trust.Driver):
|
|||||||
filter_by(trustor_user_id=trustor_user_id))
|
filter_by(trustor_user_id=trustor_user_id))
|
||||||
return [trust_ref.to_dict() for trust_ref in trusts]
|
return [trust_ref.to_dict() for trust_ref in trusts]
|
||||||
|
|
||||||
@sql.handle_conflicts(type='trust')
|
@sql.handle_conflicts(conflict_type='trust')
|
||||||
def delete_trust(self, trust_id):
|
def delete_trust(self, trust_id):
|
||||||
session = self.get_session()
|
session = self.get_session()
|
||||||
with session.begin():
|
with session.begin():
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user