designate/designate/context.py
Takashi Kajinami 71941e49f1 Remove code for oslo.context<4.0.0
... because now minimum supported version of oslo.context is 4.0.0 .

Change-Id: I4de4aa9bd4436a8a8f191d9a2323b48dee929deb
2023-11-09 01:18:53 +09:00

261 lines
7.9 KiB
Python

# Copyright 2012 Managed I.T.
#
# Author: Kiall Mac Innes <kiall@managedit.ie>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import copy
from keystoneauth1.access import service_catalog as ksa_service_catalog
from keystoneauth1 import plugin
from oslo_context import context
from oslo_log import log as logging
from designate import policy
LOG = logging.getLogger(__name__)
class DesignateContext(context.RequestContext):
_all_tenants = False
_hide_counts = False
_abandon = None
original_project_id = None
_edit_managed_records = False
_hard_delete = False
_client_addr = None
_delete_shares = False
FROM_DICT_EXTRA_KEYS = [
'original_project_id', 'service_catalog', 'all_tenants', 'abandon',
'edit_managed_records', 'tsigkey_id', 'hide_counts', 'client_addr',
'hard_delete', 'delete_shares'
]
def __init__(self, service_catalog=None, all_tenants=False, abandon=None,
tsigkey_id=None, original_project_id=None,
edit_managed_records=False, hide_counts=False,
client_addr=None, user_auth_plugin=None,
hard_delete=False, delete_shares=False, **kwargs):
super().__init__(**kwargs)
self.user_auth_plugin = user_auth_plugin
self.service_catalog = service_catalog
self.tsigkey_id = tsigkey_id
self.original_project_id = original_project_id
self.all_tenants = all_tenants
self.abandon = abandon
self.edit_managed_records = edit_managed_records
self.hard_delete = hard_delete
self.hide_counts = hide_counts
self.client_addr = client_addr
self.delete_shares = delete_shares
def deepcopy(self):
d = self.to_dict()
return self.from_dict(d)
def to_dict(self):
d = super().to_dict()
# Override the user_identity field to account for TSIG. When a TSIG key
# is used as authentication e.g. via MiniDNS, it will act as a form
# of "user",
user = self.user_id or '-'
if self.tsigkey_id and not self.user_id:
user = 'TSIG:%s' % self.tsigkey_id
user_idt = (
self.user_idt_format.format(
user=user,
project_id=self.project_id or '-',
domain=self.domain_id or '-',
user_domain=self.user_domain_id or '-',
p_domain=self.project_domain_id or '-')
)
# Update the dict with Designate specific extensions and overrides
d.update({
'user_identity': user_idt,
'original_project_id': self.original_project_id,
'service_catalog': self.service_catalog,
'all_tenants': self.all_tenants,
'abandon': self.abandon,
'edit_managed_records': self.edit_managed_records,
'hard_delete': self.hard_delete,
'tsigkey_id': self.tsigkey_id,
'hide_counts': self.hide_counts,
'client_addr': self.client_addr,
'delete_shares': self.delete_shares,
})
return copy.deepcopy(d)
def elevated(self, show_deleted=None, all_tenants=False,
edit_managed_records=False, hard_delete=False):
"""Return a version of this context with admin flag set.
Optionally set all_tenants and edit_managed_records
"""
context = self.deepcopy()
context.is_admin = True
# NOTE(kiall): Ugly - required to match http://tinyurl.com/o3y8qmw
context.roles.append('admin')
if policy.enforce_new_defaults():
context.system_scope = 'all'
if show_deleted is not None:
context.show_deleted = show_deleted
if all_tenants:
context.all_tenants = True
if edit_managed_records:
context.edit_managed_records = True
if hard_delete:
context.hard_delete = True
return context
def sudo(self, project_id):
policy.check('use_sudo', self)
LOG.info('Accepted sudo from user %(user)s to project_id %(project)s',
{'user': self.user_id, 'project': project_id})
self.original_project_id = self.project_id
self.project_id = project_id
@classmethod
def get_admin_context(cls, **kwargs):
# TODO(kiall): Remove Me
kwargs['is_admin'] = True
kwargs['roles'] = ['admin', 'reader']
return cls(None, **kwargs)
@property
def all_tenants(self):
return self._all_tenants
@all_tenants.setter
def all_tenants(self, value):
if value:
policy.check('all_tenants', self)
self._all_tenants = value
@property
def hide_counts(self):
return self._hide_counts
@hide_counts.setter
def hide_counts(self, value):
self._hide_counts = value
@property
def abandon(self):
return self._abandon
@abandon.setter
def abandon(self, value):
if value:
policy.check('abandon_zone', self)
self._abandon = value
@property
def edit_managed_records(self):
return self._edit_managed_records
@edit_managed_records.setter
def edit_managed_records(self, value):
if value:
policy.check('edit_managed_records', self)
self._edit_managed_records = value
@property
def hard_delete(self):
return self._hard_delete
@hard_delete.setter
def hard_delete(self, value):
if value:
policy.check('hard_delete', self)
self._hard_delete = value
@property
def client_addr(self):
return self._client_addr
@client_addr.setter
def client_addr(self, value):
self._client_addr = value
@property
def delete_shares(self):
return self._delete_shares
@delete_shares.setter
def delete_shares(self, value):
self._delete_shares = value
def get_auth_plugin(self):
if self.user_auth_plugin:
return self.user_auth_plugin
else:
return _ContextAuthPlugin(self.auth_token, self.service_catalog)
class _ContextAuthPlugin(plugin.BaseAuthPlugin):
"""A keystoneauth auth plugin that uses the values from the Context.
Ideally we would use the plugin provided by auth_token middleware however
this plugin isn't serialized yet so we construct one from the serialized
auth data.
"""
def __init__(self, auth_token, sc):
super().__init__()
self.auth_token = auth_token
self.service_catalog = ksa_service_catalog.ServiceCatalogV2(sc)
def get_token(self, *args, **kwargs):
return self.auth_token
def get_endpoint(self, session, **kwargs):
endpoint_data = self.get_endpoint_data(session, **kwargs)
if not endpoint_data:
return None
return endpoint_data.url
def get_endpoint_data(self, session,
endpoint_override=None,
discover_versions=True,
**kwargs):
urlkw = {}
for k in ('service_type', 'service_name', 'service_id', 'endpoint_id',
'region_name', 'interface'):
if k in kwargs:
urlkw[k] = kwargs[k]
endpoint = endpoint_override or self.service_catalog.url_for(**urlkw)
return super().get_endpoint_data(
session, endpoint_override=endpoint,
discover_versions=discover_versions, **kwargs)
def get_current():
return context.get_current()