diff --git a/mistral/engine/data_flow.py b/mistral/engine/data_flow.py index 7e5868ae..46f64918 100644 --- a/mistral/engine/data_flow.py +++ b/mistral/engine/data_flow.py @@ -25,7 +25,7 @@ from mistral import exceptions as exc from mistral import expressions as expr from mistral.openstack.common import log as logging from mistral.services import action_manager as a_m -from mistral.services import trusts +from mistral.services import security from mistral.workbook import parser as spec_parser @@ -164,7 +164,7 @@ def add_openstack_data_to_context(context, db_workbook): context = {} if CONF.pecan.auth_enable: - workbook_ctx = trusts.create_context( + workbook_ctx = security.create_context( db_workbook.trust_id, db_workbook.project_id ) diff --git a/mistral/services/actions.py b/mistral/services/actions.py index 76bb4be7..795d3ae5 100644 --- a/mistral/services/actions.py +++ b/mistral/services/actions.py @@ -12,12 +12,9 @@ # See the License for the specific language governing permissions and # limitations under the License. -from oslo.config import cfg - -from mistral import context from mistral.db.v2 import api as db_api from mistral import exceptions as exc -from mistral.services import trusts +from mistral.services import security from mistral.workbook import parser as spec_parser @@ -79,14 +76,6 @@ def _get_action_values(action_spec, definition, scope): 'scope': scope } - _add_security_info(values) + security.add_security_info(values) return values - - -def _add_security_info(values): - if cfg.CONF.pecan.auth_enable and not values['name'].startswith('std.'): - values.update({ - 'trust_id': trusts.create_trust().id, - 'project_id': context.ctx().project_id - }) diff --git a/mistral/services/periodic.py b/mistral/services/periodic.py index 6b5ee842..33a48c6c 100644 --- a/mistral/services/periodic.py +++ b/mistral/services/periodic.py @@ -22,8 +22,8 @@ from mistral.engine1 import rpc from mistral.openstack.common import log from mistral.openstack.common import periodic_task from mistral.openstack.common import threadgroup +from mistral.services import security from mistral.services import triggers -from mistral.services import trusts from mistral.workbook import parser as spec_parser LOG = log.getLogger(__name__) @@ -45,7 +45,9 @@ class MistralPeriodicTasks(periodic_task.PeriodicTasks): # Setup admin context before schedule triggers. wb = db_api_v1.workbook_get(t['workbook_name']) - auth_ctx.set_ctx(trusts.create_context(wb.trust_id, wb.project_id)) + auth_ctx.set_ctx( + security.create_context(wb.trust_id, wb.project_id) + ) try: task = spec_parser.get_workbook_spec_from_yaml( @@ -71,7 +73,7 @@ class MistralPeriodicTasks(periodic_task.PeriodicTasks): for t in triggers.get_next_cron_triggers(): # Setup admin context before schedule triggers. - ctx = trusts.create_context(t.trust_id, t.project_id) + ctx = security.create_context(t.trust_id, t.project_id) auth_ctx.set_ctx(ctx) diff --git a/mistral/services/trusts.py b/mistral/services/security.py similarity index 88% rename from mistral/services/trusts.py rename to mistral/services/security.py index 01d7d74d..b5b43666 100644 --- a/mistral/services/trusts.py +++ b/mistral/services/security.py @@ -14,9 +14,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -# TODO(rakhmerov): Is this module properly named and placed? -# According to its interface it may be called 'security'. - from oslo.config import cfg from mistral import context @@ -76,3 +73,11 @@ def delete_trust(workbook): keystone_client = keystone.client_for_trusts(workbook.trust_id) keystone_client.trusts.delete(workbook.trust_id) + + +def add_security_info(secure_object_values, scope='private'): + if cfg.CONF.pecan.auth_enable and scope == 'private': + secure_object_values.update({ + 'trust_id': create_trust().id, + 'project_id': context.ctx().project_id + }) diff --git a/mistral/services/triggers.py b/mistral/services/triggers.py index b05037e0..5f3073a2 100644 --- a/mistral/services/triggers.py +++ b/mistral/services/triggers.py @@ -14,12 +14,10 @@ from croniter import croniter import datetime -from oslo.config import cfg -from mistral import context from mistral.db.v1 import api as db_api_v1 from mistral.db.v2 import api as db_api_v2 -from mistral.services import trusts +from mistral.services import security from mistral.workbook import parser as spec_parser @@ -102,16 +100,8 @@ def create_cron_trigger(name, pattern, workflow_name, workflow_input, 'scope': 'private' } - _add_security_info(values) + security.add_security_info(values) trig = db_api_v2.create_cron_trigger(values) return trig - - -def _add_security_info(values): - if cfg.CONF.pecan.auth_enable: - values.update({ - 'trust_id': trusts.create_trust().id, - 'project_id': context.ctx().project_id - }) diff --git a/mistral/services/workbooks.py b/mistral/services/workbooks.py index 1567ed07..54297e8a 100644 --- a/mistral/services/workbooks.py +++ b/mistral/services/workbooks.py @@ -14,18 +14,15 @@ # See the License for the specific language governing permissions and # limitations under the License. -from oslo.config import cfg - -from mistral import context from mistral.db.v1 import api as db_api_v1 from mistral.db.v2 import api as db_api_v2 +from mistral.services import security from mistral.services import triggers -from mistral.services import trusts from mistral.workbook import parser as spec_parser def create_workbook_v1(values, scope='private'): - _add_security_info(values, scope) + security.add_security_info(values, scope) return db_api_v1.workbook_create(values) @@ -118,15 +115,6 @@ def _get_workbook_values(wb_spec, definition, scope): 'scope': scope } - _add_security_info(values, scope) + security.add_security_info(values, scope) return values - - -# TODO(rakhmerov): needs to be generalized (repeats for other services). -def _add_security_info(values, scope): - if cfg.CONF.pecan.auth_enable and scope == 'private': - values.update({ - 'trust_id': trusts.create_trust().id, - 'project_id': context.ctx().project_id - }) diff --git a/mistral/services/workflows.py b/mistral/services/workflows.py index 6aa87358..30908d17 100644 --- a/mistral/services/workflows.py +++ b/mistral/services/workflows.py @@ -12,20 +12,17 @@ # See the License for the specific language governing permissions and # limitations under the License. -from oslo.config import cfg - -from mistral import context from mistral.db.v2 import api as db_api -from mistral.services import trusts +from mistral.services import security from mistral import utils from mistral.workbook import parser as spec_parser -WORKFLOWS_PATH = '../resources/workflows' +STD_WF_PATH = '../resources/workflows' def register_standard_workflows(): - workflow_paths = utils.get_file_list(WORKFLOWS_PATH) + workflow_paths = utils.get_file_list(STD_WF_PATH) for wf_path in workflow_paths: workflow_definition = open(wf_path).read() @@ -73,7 +70,7 @@ def _get_workflow_values(wf_spec, definition, scope): 'scope': scope } - _add_security_info(values, scope) + security.add_security_info(values, scope) return values @@ -88,11 +85,3 @@ def _create_or_update_workflow(wf_spec, definition, scope): values = _get_workflow_values(wf_spec, definition, scope) return db_api.create_or_update_workflow(values['name'], values) - - -def _add_security_info(values, scope): - if cfg.CONF.pecan.auth_enable and scope == 'private': - values.update({ - 'trust_id': trusts.create_trust().id, - 'project_id': context.ctx().project_id - }) diff --git a/mistral/tests/unit/api/v1/controllers/test_workbooks.py b/mistral/tests/unit/api/v1/controllers/test_workbooks.py index b2c41eea..60c136e8 100644 --- a/mistral/tests/unit/api/v1/controllers/test_workbooks.py +++ b/mistral/tests/unit/api/v1/controllers/test_workbooks.py @@ -69,7 +69,7 @@ class TestWorkbooksController(base.FunctionalTest): @mock.patch.object(db_api, "workbook_create", base.create_mock_workbook(WORKBOOKS[0])) - @mock.patch("mistral.services.trusts.create_trust", + @mock.patch("mistral.services.security.create_trust", mock.MagicMock(return_value=WORKBOOKS[0])) def test_post(self): resp = self.app.post_json('/v1/workbooks', WORKBOOKS[0]) @@ -79,7 +79,7 @@ class TestWorkbooksController(base.FunctionalTest): @mock.patch.object(db_api, "workbook_create", mock.MagicMock(side_effect=exceptions.DBDuplicateEntry)) - @mock.patch("mistral.services.workbooks._add_security_info", + @mock.patch("mistral.services.security.add_security_info", mock.MagicMock(return_value=None)) def test_post_dup(self): resp = self.app.post_json('/v1/workbooks', WORKBOOKS[0], diff --git a/mistral/workflow/data_flow.py b/mistral/workflow/data_flow.py index bf9c7271..ec348886 100644 --- a/mistral/workflow/data_flow.py +++ b/mistral/workflow/data_flow.py @@ -20,7 +20,7 @@ from oslo.config import cfg from mistral import context as auth_ctx from mistral import expressions as expr from mistral.openstack.common import log as logging -from mistral.services import trusts +from mistral.services import security from mistral import utils @@ -142,7 +142,7 @@ def add_openstack_data_to_context(workflow_db, context): wf_ctx = auth_ctx.ctx() if not wf_ctx: - wf_ctx = trusts.create_context( + wf_ctx = security.create_context( workflow_db.trust_id, workflow_db.project_id )