Disentangle domain context from effective domain

Since the existence of a domain token was equivalent with having selected a domain context with Keystone V2, some code confuses the two. This is no longer true for Kestone V3, so we have to separate the two concepts and use domain context when we mean the domain context. Close-bug: #1661537 Change-Id: Ifa66d8c397e34d16a4534e7216eb11c752699505
2017-02-01 15:23:34 +01:00 · 2017-02-01 15:23:34 +01:00 · 8b839938bc
parent 4f654e30c3
commit 8b839938bc
10 changed files with 49 additions and 25 deletions
--- a/openstack_dashboard/dashboards/identity/domains/views.py
+++ b/openstack_dashboard/dashboards/identity/domains/views.py
@ -28,6 +28,7 @@ from openstack_dashboard.dashboards.identity.domains \
    import tables as project_tables
 from openstack_dashboard.dashboards.identity.domains \
    import workflows as project_workflows
 from openstack_dashboard.utils import identity
 class IndexView(tables.DataTableView):
@ -37,7 +38,7 @@ class IndexView(tables.DataTableView):
    def get_data(self):
        domains = []
-        domain_id = api.keystone.get_effective_domain_id(self.request)
+        domain_id = identity.get_domain_id_for_operation(self.request)
        if policy.check((("identity", "identity:list_domains"),),
                        self.request):
--- a/openstack_dashboard/dashboards/identity/groups/forms.py
+++ b/openstack_dashboard/dashboards/identity/groups/forms.py
@ -21,6 +21,7 @@ from horizon import forms
 from horizon import messages
 from openstack_dashboard import api
 from openstack_dashboard.utils import identity as identity_utils
 LOG = logging.getLogger(__name__)
@ -36,10 +37,10 @@ class CreateGroupForm(forms.SelfHandlingForm):
    def handle(self, request, data):
        try:
            LOG.info('Creating group with name "%s"' % data['name'])
            domain_context = api.keystone.get_effective_domain_id(request)
            api.keystone.group_create(
                request,
-                domain_id=domain_context,
+                domain_id=identity_utils.get_domain_id_for_operation(
                    self.request),
                name=data['name'],
                description=data['description'])
            messages.success(request,
--- a/openstack_dashboard/dashboards/identity/groups/tests.py
+++ b/openstack_dashboard/dashboards/identity/groups/tests.py
@ -49,8 +49,6 @@ class GroupsViewTests(test.BaseAdminViewTests):
        domain_id = self._get_domain_id()
        groups = self._get_groups(domain_id)
        filters = {}
        domain = self.domains.get(id="1")
        api.keystone.domain_get(IsA(http.HttpRequest), '1').AndReturn(domain)
        api.keystone.group_list(IgnoreArg(),
                                domain=domain_id,
                                filters=filters) \
@ -79,8 +77,6 @@ class GroupsViewTests(test.BaseAdminViewTests):
                              domain_context_name=domain.name)
        groups = self._get_groups(domain.id)
        api.keystone.get_effective_domain_id(IgnoreArg()).AndReturn(domain.id)
        api.keystone.group_list(IsA(http.HttpRequest),
                                domain=domain.id,
                                filters=filters).AndReturn(groups)
@ -105,9 +101,7 @@ class GroupsViewTests(test.BaseAdminViewTests):
    def test_index_with_keystone_can_edit_group_false(self):
        domain_id = self._get_domain_id()
        groups = self._get_groups(domain_id)
        domain = self.domains.get(id="1")
        filters = {}
        api.keystone.domain_get(IsA(http.HttpRequest), '1').AndReturn(domain)
        api.keystone.group_list(IgnoreArg(),
                                domain=domain_id,
                                filters=filters) \
@ -204,8 +198,6 @@ class GroupsViewTests(test.BaseAdminViewTests):
        filters = {}
        group = self.groups.get(id="2")
        domain = self.domains.get(id="1")
        api.keystone.domain_get(IsA(http.HttpRequest), '1').AndReturn(domain)
        api.keystone.group_list(IgnoreArg(),
                                domain=domain_id,
                                filters=filters) \
--- a/openstack_dashboard/dashboards/identity/groups/views.py
+++ b/openstack_dashboard/dashboards/identity/groups/views.py
@ -31,6 +31,7 @@ from openstack_dashboard.dashboards.identity.groups \
    import forms as project_forms
 from openstack_dashboard.dashboards.identity.groups \
    import tables as project_tables
 from openstack_dashboard.utils import identity
 class IndexView(tables.DataTableView):
@ -58,8 +59,7 @@ class IndexView(tables.DataTableView):
                self._needs_filter_first = True
                return groups
-            domain_id = api.keystone.get_effective_domain_id(self.request)
+            domain_id = identity.get_domain_id_for_operation(self.request)
            try:
                groups = api.keystone.group_list(self.request,
                                                 domain=domain_id,
@ -125,7 +125,7 @@ class GroupManageMixin(object):
    @memoized.memoized_method
    def _get_group_members(self):
        group_id = self.kwargs['group_id']
-        domain_id = api.keystone.get_effective_domain_id(self.request)
+        domain_id = identity.get_domain_id_for_operation(self.request)
        return api.keystone.user_list(self.request, domain=domain_id,
                                      group=group_id)
--- a/openstack_dashboard/dashboards/identity/projects/tests.py
+++ b/openstack_dashboard/dashboards/identity/projects/tests.py
@ -49,7 +49,6 @@ class TenantsViewTests(test.BaseAdminViewTests):
    def test_index(self):
        domain = self.domains.get(id="1")
        filters = {}
        api.keystone.domain_get(IsA(http.HttpRequest), '1').AndReturn(domain)
        api.keystone.tenant_list(IsA(http.HttpRequest),
                                 domain=None,
                                 paginate=True,
@ -79,8 +78,6 @@ class TenantsViewTests(test.BaseAdminViewTests):
        domain_tenants = [tenant for tenant in self.tenants.list()
                          if tenant.domain_id == domain.id]
        api.keystone.get_effective_domain_id(IgnoreArg()).AndReturn(domain.id)
        api.keystone.tenant_list(IsA(http.HttpRequest),
                                 domain=domain.id,
                                 paginate=True,
--- a/openstack_dashboard/dashboards/identity/projects/views.py
+++ b/openstack_dashboard/dashboards/identity/projects/views.py
@ -39,6 +39,7 @@ from openstack_dashboard.dashboards.identity.projects \
    import workflows as project_workflows
 from openstack_dashboard.dashboards.project.overview \
    import views as project_views
 from openstack_dashboard.utils import identity
 PROJECT_INFO_FIELDS = ("domain_id",
                       "domain_name",
@ -99,11 +100,11 @@ class IndexView(tables.DataTableView):
                self._more = False
                return tenants
-            domain_context = api.keystone.get_effective_domain_id(self.request)
+            domain_id = identity.get_domain_id_for_operation(self.request)
            try:
                tenants, self._more = api.keystone.tenant_list(
                    self.request,
-                    domain=domain_context,
+                    domain=domain_id,
                    paginate=True,
                    filters=filters,
                    marker=marker)
--- a/openstack_dashboard/dashboards/identity/projects/workflows.py
+++ b/openstack_dashboard/dashboards/identity/projects/workflows.py
@ -35,6 +35,7 @@ from openstack_dashboard.api import cinder
 from openstack_dashboard.api import keystone
 from openstack_dashboard.api import nova
 from openstack_dashboard.usage import quotas
 from openstack_dashboard.utils import identity as identity
 LOG = logging.getLogger(__name__)
@ -677,7 +678,7 @@ class UpdateProject(CommonQuotaWorkflow):
    def _update_project(self, request, data):
        """Update project info"""
-        domain_id = api.keystone.get_effective_domain_id(self.request)
+        domain_id = identity.get_domain_id_for_operation(request)
        try:
            project_id = data['project_id']
--- a/openstack_dashboard/dashboards/identity/users/tests.py
+++ b/openstack_dashboard/dashboards/identity/users/tests.py
@ -57,13 +57,15 @@ class UsersViewTests(test.BaseAdminViewTests):
    @test.create_stubs({api.keystone: ('user_list',
                                       'get_effective_domain_id',
                                       'domain_lookup')})
-    def test_index(self):
+    def test_index(self, with_domain=False):
        domain = self._get_default_domain()
        domain_id = domain.id
        filters = {}
        users = self._get_users(domain_id)
-        api.keystone.get_effective_domain_id(IgnoreArg()).AndReturn(domain_id)
+        if not with_domain:
            api.keystone.get_effective_domain_id(
                IgnoreArg()).AndReturn(domain_id)
        api.keystone.user_list(IgnoreArg(),
                               domain=domain_id,
@ -84,7 +86,7 @@ class UsersViewTests(test.BaseAdminViewTests):
        domain = self.domains.get(id="1")
        self.setSessionValues(domain_context=domain.id,
                              domain_context_name=domain.name)
-        self.test_index()
+        self.test_index(with_domain=True)
    @override_settings(USER_TABLE_EXTRA_INFO={'phone_num': 'Phone Number'})
    @test.create_stubs({api.keystone: ('user_create',
--- a/openstack_dashboard/dashboards/identity/users/views.py
+++ b/openstack_dashboard/dashboards/identity/users/views.py
@ -40,6 +40,7 @@ from openstack_dashboard.dashboards.identity.users \
    import forms as project_forms
 from openstack_dashboard.dashboards.identity.users \
    import tables as project_tables
 from openstack_dashboard.utils import identity
 LOG = logging.getLogger(__name__)
@ -69,10 +70,10 @@ class IndexView(tables.DataTableView):
                self._needs_filter_first = True
                return users
-            domain_context = api.keystone.get_effective_domain_id(self.request)
+            domain_id = identity.get_domain_id_for_operation(self.request)
            try:
                users = api.keystone.user_list(self.request,
-                                               domain=domain_context,
+                                               domain=domain_id,
                                               filters=filters)
            except Exception:
                exceptions.handle(self.request,
--- a/openstack_dashboard/utils/identity.py
+++ b/openstack_dashboard/utils/identity.py
@ -0,0 +1,28 @@
 # Copyright 2017 Red Hat, Inc.
 #
 #    Licensed under the Apache License, Version 2.0 (the "License"); you may
 #    not use this file except in compliance with the License. You may obtain
 #    a copy of the License at
 #
 #         http://www.apache.org/licenses/LICENSE-2.0
 #
 #    Unless required by applicable law or agreed to in writing, software
 #    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 #    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 #    License for the specific language governing permissions and limitations
 #    under the License.
 from openstack_dashboard import api
 def get_domain_id_for_operation(request):
    """Get the ID of the domain in which the current operation should happen.
    If the user has a domain context set, use that, otherwise use the user's
    effective domain.
    """
    domain_context = request.session.get('domain_context')
    if domain_context:
        return domain_context
    return api.keystone.get_effective_domain_id(request)