Disentangle domain context from effective domain
Since the existence of a domain token was equivalent with having
selected a domain context with Keystone V2, some code confuses the
two. This is no longer true for Kestone V3, so we have to separate
the two concepts and use domain context when we mean the domain
context.
Close-bug: #1661537
Change-Id: Ifa66d8c397e34d16a4534e7216eb11c752699505
(cherry picked from commit 8b839938bc
)
Conflicts:
openstack_dashboard/dashboards/identity/groups/views.py
openstack_dashboard/dashboards/identity/projects/views.py
openstack_dashboard/dashboards/identity/users/views.py
This commit is contained in:
parent
8180bfdd3b
commit
df369b4c12
@ -28,6 +28,7 @@ from openstack_dashboard.dashboards.identity.domains \
|
||||
import tables as project_tables
|
||||
from openstack_dashboard.dashboards.identity.domains \
|
||||
import workflows as project_workflows
|
||||
from openstack_dashboard.utils import identity
|
||||
|
||||
|
||||
class IndexView(tables.DataTableView):
|
||||
@ -37,7 +38,7 @@ class IndexView(tables.DataTableView):
|
||||
|
||||
def get_data(self):
|
||||
domains = []
|
||||
domain_id = api.keystone.get_effective_domain_id(self.request)
|
||||
domain_id = identity.get_domain_id_for_operation(self.request)
|
||||
|
||||
if policy.check((("identity", "identity:list_domains"),),
|
||||
self.request):
|
||||
|
@ -21,6 +21,7 @@ from horizon import forms
|
||||
from horizon import messages
|
||||
|
||||
from openstack_dashboard import api
|
||||
from openstack_dashboard.utils import identity as identity_utils
|
||||
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
@ -36,10 +37,10 @@ class CreateGroupForm(forms.SelfHandlingForm):
|
||||
def handle(self, request, data):
|
||||
try:
|
||||
LOG.info('Creating group with name "%s"' % data['name'])
|
||||
domain_context = api.keystone.get_effective_domain_id(request)
|
||||
api.keystone.group_create(
|
||||
request,
|
||||
domain_id=domain_context,
|
||||
domain_id=identity_utils.get_domain_id_for_operation(
|
||||
self.request),
|
||||
name=data['name'],
|
||||
description=data['description'])
|
||||
messages.success(request,
|
||||
|
@ -49,8 +49,6 @@ class GroupsViewTests(test.BaseAdminViewTests):
|
||||
domain_id = self._get_domain_id()
|
||||
groups = self._get_groups(domain_id)
|
||||
filters = {}
|
||||
domain = self.domains.get(id="1")
|
||||
api.keystone.domain_get(IsA(http.HttpRequest), '1').AndReturn(domain)
|
||||
api.keystone.group_list(IgnoreArg(),
|
||||
domain=domain_id,
|
||||
filters=filters) \
|
||||
@ -79,8 +77,6 @@ class GroupsViewTests(test.BaseAdminViewTests):
|
||||
domain_context_name=domain.name)
|
||||
groups = self._get_groups(domain.id)
|
||||
|
||||
api.keystone.get_effective_domain_id(IgnoreArg()).AndReturn(domain.id)
|
||||
|
||||
api.keystone.group_list(IsA(http.HttpRequest),
|
||||
domain=domain.id,
|
||||
filters=filters).AndReturn(groups)
|
||||
@ -105,9 +101,7 @@ class GroupsViewTests(test.BaseAdminViewTests):
|
||||
def test_index_with_keystone_can_edit_group_false(self):
|
||||
domain_id = self._get_domain_id()
|
||||
groups = self._get_groups(domain_id)
|
||||
domain = self.domains.get(id="1")
|
||||
filters = {}
|
||||
api.keystone.domain_get(IsA(http.HttpRequest), '1').AndReturn(domain)
|
||||
api.keystone.group_list(IgnoreArg(),
|
||||
domain=domain_id,
|
||||
filters=filters) \
|
||||
@ -204,8 +198,6 @@ class GroupsViewTests(test.BaseAdminViewTests):
|
||||
filters = {}
|
||||
group = self.groups.get(id="2")
|
||||
|
||||
domain = self.domains.get(id="1")
|
||||
api.keystone.domain_get(IsA(http.HttpRequest), '1').AndReturn(domain)
|
||||
api.keystone.group_list(IgnoreArg(),
|
||||
domain=domain_id,
|
||||
filters=filters) \
|
||||
|
@ -30,6 +30,7 @@ from openstack_dashboard.dashboards.identity.groups \
|
||||
import forms as project_forms
|
||||
from openstack_dashboard.dashboards.identity.groups \
|
||||
import tables as project_tables
|
||||
from openstack_dashboard.utils import identity
|
||||
|
||||
|
||||
class IndexView(tables.DataTableView):
|
||||
@ -39,7 +40,7 @@ class IndexView(tables.DataTableView):
|
||||
|
||||
def get_data(self):
|
||||
groups = []
|
||||
domain_id = api.keystone.get_effective_domain_id(self.request)
|
||||
domain_id = identity.get_domain_id_for_operation(self.request)
|
||||
filters = self.get_filters()
|
||||
if policy.check((("identity", "identity:list_groups"),),
|
||||
self.request):
|
||||
@ -110,7 +111,7 @@ class GroupManageMixin(object):
|
||||
@memoized.memoized_method
|
||||
def _get_group_members(self):
|
||||
group_id = self.kwargs['group_id']
|
||||
domain_id = api.keystone.get_effective_domain_id(self.request)
|
||||
domain_id = identity.get_domain_id_for_operation(self.request)
|
||||
return api.keystone.user_list(self.request, domain=domain_id,
|
||||
group=group_id)
|
||||
|
||||
|
@ -50,7 +50,6 @@ class TenantsViewTests(test.BaseAdminViewTests):
|
||||
def test_index(self):
|
||||
domain = self.domains.get(id="1")
|
||||
filters = {}
|
||||
api.keystone.domain_get(IsA(http.HttpRequest), '1').AndReturn(domain)
|
||||
api.keystone.tenant_list(IsA(http.HttpRequest),
|
||||
domain=None,
|
||||
paginate=True,
|
||||
@ -80,8 +79,6 @@ class TenantsViewTests(test.BaseAdminViewTests):
|
||||
domain_tenants = [tenant for tenant in self.tenants.list()
|
||||
if tenant.domain_id == domain.id]
|
||||
|
||||
api.keystone.get_effective_domain_id(IgnoreArg()).AndReturn(domain.id)
|
||||
|
||||
api.keystone.tenant_list(IsA(http.HttpRequest),
|
||||
domain=domain.id,
|
||||
paginate=True,
|
||||
|
@ -39,6 +39,7 @@ from openstack_dashboard.dashboards.identity.projects \
|
||||
import workflows as project_workflows
|
||||
from openstack_dashboard.dashboards.project.overview \
|
||||
import views as project_views
|
||||
from openstack_dashboard.utils import identity
|
||||
|
||||
PROJECT_INFO_FIELDS = ("domain_id",
|
||||
"domain_name",
|
||||
@ -82,11 +83,11 @@ class IndexView(tables.DataTableView):
|
||||
filters = self.get_filters()
|
||||
if policy.check((("identity", "identity:list_projects"),),
|
||||
self.request):
|
||||
domain_context = api.keystone.get_effective_domain_id(self.request)
|
||||
domain_id = identity.get_domain_id_for_operation(self.request)
|
||||
try:
|
||||
tenants, self._more = api.keystone.tenant_list(
|
||||
self.request,
|
||||
domain=domain_context,
|
||||
domain=domain_id,
|
||||
paginate=True,
|
||||
filters=filters,
|
||||
marker=marker)
|
||||
|
@ -35,6 +35,7 @@ from openstack_dashboard.api import cinder
|
||||
from openstack_dashboard.api import keystone
|
||||
from openstack_dashboard.api import nova
|
||||
from openstack_dashboard.usage import quotas
|
||||
from openstack_dashboard.utils import identity as identity
|
||||
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
@ -677,7 +678,7 @@ class UpdateProject(CommonQuotaWorkflow):
|
||||
|
||||
def _update_project(self, request, data):
|
||||
"""Update project info"""
|
||||
domain_id = api.keystone.get_effective_domain_id(self.request)
|
||||
domain_id = identity.get_domain_id_for_operation(request)
|
||||
try:
|
||||
project_id = data['project_id']
|
||||
|
||||
|
@ -57,13 +57,15 @@ class UsersViewTests(test.BaseAdminViewTests):
|
||||
@test.create_stubs({api.keystone: ('user_list',
|
||||
'get_effective_domain_id',
|
||||
'domain_lookup')})
|
||||
def test_index(self):
|
||||
def test_index(self, with_domain=False):
|
||||
domain = self._get_default_domain()
|
||||
domain_id = domain.id
|
||||
filters = {}
|
||||
users = self._get_users(domain_id)
|
||||
|
||||
api.keystone.get_effective_domain_id(IgnoreArg()).AndReturn(domain_id)
|
||||
if not with_domain:
|
||||
api.keystone.get_effective_domain_id(
|
||||
IgnoreArg()).AndReturn(domain_id)
|
||||
|
||||
api.keystone.user_list(IgnoreArg(),
|
||||
domain=domain_id,
|
||||
@ -84,7 +86,7 @@ class UsersViewTests(test.BaseAdminViewTests):
|
||||
domain = self.domains.get(id="1")
|
||||
self.setSessionValues(domain_context=domain.id,
|
||||
domain_context_name=domain.name)
|
||||
self.test_index()
|
||||
self.test_index(with_domain=True)
|
||||
|
||||
@override_settings(USER_TABLE_EXTRA_INFO={'phone_num': 'Phone Number'})
|
||||
@test.create_stubs({api.keystone: ('user_create',
|
||||
|
@ -40,6 +40,7 @@ from openstack_dashboard.dashboards.identity.users \
|
||||
import forms as project_forms
|
||||
from openstack_dashboard.dashboards.identity.users \
|
||||
import tables as project_tables
|
||||
from openstack_dashboard.utils import identity
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
@ -54,10 +55,10 @@ class IndexView(tables.DataTableView):
|
||||
filters = self.get_filters()
|
||||
if policy.check((("identity", "identity:list_users"),),
|
||||
self.request):
|
||||
domain_context = api.keystone.get_effective_domain_id(self.request)
|
||||
domain_id = identity.get_domain_id_for_operation(self.request)
|
||||
try:
|
||||
users = api.keystone.user_list(self.request,
|
||||
domain=domain_context,
|
||||
domain=domain_id,
|
||||
filters=filters)
|
||||
except Exception:
|
||||
exceptions.handle(self.request,
|
||||
|
28
openstack_dashboard/utils/identity.py
Normal file
28
openstack_dashboard/utils/identity.py
Normal file
@ -0,0 +1,28 @@
|
||||
# Copyright 2017 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from openstack_dashboard import api
|
||||
|
||||
|
||||
def get_domain_id_for_operation(request):
|
||||
"""Get the ID of the domain in which the current operation should happen.
|
||||
|
||||
If the user has a domain context set, use that, otherwise use the user's
|
||||
effective domain.
|
||||
"""
|
||||
|
||||
domain_context = request.session.get('domain_context')
|
||||
if domain_context:
|
||||
return domain_context
|
||||
return api.keystone.get_effective_domain_id(request)
|
Loading…
Reference in New Issue
Block a user