Fixes bad performance when editing project members
The bug is caused by consecutive client calls when fetching users' roles in a project. The fix was to use the /v3/role_assignments endpoint. Which retrieves all roles in a single client call (dashboards/admin/projects/workflows.py: UpdateProjectGroupsAction and UpdateProjectUsersAction). The compatibility to the previous keystoneclient version is maintained. In a scenario with 1000 users with a role in a project (using devstack), the time to render the Modify Users page dropped from 45s to 2.5s Change-Id: Ic72ebea0db226faf98c5e04d00d76dedd1fb01c1 Closes-bug: #1278920
This commit is contained in:
parent
56d71e2249
commit
ed43be0a0f
@ -457,6 +457,16 @@ def remove_group_user(request, group_id, user_id):
|
||||
return manager.remove_from_group(group=group_id, user=user_id)
|
||||
|
||||
|
||||
def role_assignments_list(request, project=None, user=None, role=None,
|
||||
group=None, domain=None, effective=False):
|
||||
if VERSIONS.active < 3:
|
||||
raise exceptions.NotAvailable
|
||||
|
||||
manager = keystoneclient(request, admin=True).role_assignments
|
||||
return manager.list(project=project, user=user, role=role, group=group,
|
||||
domain=domain, effective=effective)
|
||||
|
||||
|
||||
def role_create(request, name):
|
||||
manager = keystoneclient(request, admin=True).roles
|
||||
return manager.create(name)
|
||||
@ -490,6 +500,30 @@ def roles_for_user(request, user, project):
|
||||
return manager.list(user=user, project=project)
|
||||
|
||||
|
||||
def get_project_users_roles(request, project):
|
||||
users_roles = {}
|
||||
if VERSIONS.active < 3:
|
||||
project_users = user_list(request, project=project)
|
||||
|
||||
for user in project_users:
|
||||
roles = roles_for_user(request, user.id, project)
|
||||
roles_ids = [role.id for role in roles]
|
||||
users_roles[user.id] = roles_ids
|
||||
else:
|
||||
project_role_assignments = role_assignments_list(request,
|
||||
project=project)
|
||||
for role_assignment in project_role_assignments:
|
||||
if not hasattr(role_assignment, 'user'):
|
||||
continue
|
||||
user_id = role_assignment.user['id']
|
||||
role_id = role_assignment.role['id']
|
||||
if user_id in users_roles:
|
||||
users_roles[user_id].append(role_id)
|
||||
else:
|
||||
users_roles[user_id] = [role_id]
|
||||
return users_roles
|
||||
|
||||
|
||||
def add_tenant_user_role(request, project=None, user=None, role=None,
|
||||
group=None, domain=None):
|
||||
"""Adds a role for a user on a tenant."""
|
||||
|
@ -732,10 +732,13 @@ class UpdateProjectWorkflowTests(test.BaseAdminViewTests):
|
||||
'user_list',
|
||||
'roles_for_group',
|
||||
'group_list',
|
||||
'role_list'),
|
||||
'role_list',
|
||||
'role_assignments_list'),
|
||||
quotas: ('get_tenant_quota_data',
|
||||
'get_disabled_quotas')})
|
||||
def test_update_project_get(self):
|
||||
keystone_api_version = api.keystone.VERSIONS.active
|
||||
|
||||
project = self.tenants.first()
|
||||
quota = self.quotas.first()
|
||||
default_role = self.roles.first()
|
||||
@ -744,6 +747,7 @@ class UpdateProjectWorkflowTests(test.BaseAdminViewTests):
|
||||
groups = self._get_all_groups(domain_id)
|
||||
roles = self.roles.list()
|
||||
proj_users = self._get_proj_users(project.id)
|
||||
role_assignments = self.role_assignments.list()
|
||||
|
||||
api.keystone.tenant_get(IsA(http.HttpRequest),
|
||||
self.tenant.id, admin=True) \
|
||||
@ -764,8 +768,16 @@ class UpdateProjectWorkflowTests(test.BaseAdminViewTests):
|
||||
.MultipleTimes().AndReturn(roles)
|
||||
api.keystone.group_list(IsA(http.HttpRequest), domain=domain_id) \
|
||||
.AndReturn(groups)
|
||||
|
||||
if keystone_api_version >= 3:
|
||||
api.keystone.role_assignments_list(IsA(http.HttpRequest),
|
||||
project=self.tenant.id) \
|
||||
.AndReturn(role_assignments)
|
||||
else:
|
||||
api.keystone.user_list(IsA(http.HttpRequest),
|
||||
project=self.tenant.id).AndReturn(proj_users)
|
||||
project=self.tenant.id) \
|
||||
.AndReturn(proj_users)
|
||||
|
||||
for user in proj_users:
|
||||
api.keystone.roles_for_user(IsA(http.HttpRequest),
|
||||
user.id,
|
||||
@ -814,12 +826,16 @@ class UpdateProjectWorkflowTests(test.BaseAdminViewTests):
|
||||
'remove_group_role',
|
||||
'add_group_role',
|
||||
'group_list',
|
||||
'role_list'),
|
||||
'role_list',
|
||||
'role_assignments_list'),
|
||||
api.nova: ('tenant_quota_update',),
|
||||
api.cinder: ('tenant_quota_update',),
|
||||
quotas: ('get_tenant_quota_data',
|
||||
'get_disabled_quotas')})
|
||||
|
||||
def test_update_project_save(self, neutron=False):
|
||||
keystone_api_version = api.keystone.VERSIONS.active
|
||||
|
||||
project = self.tenants.first()
|
||||
quota = self.quotas.first()
|
||||
default_role = self.roles.first()
|
||||
@ -829,6 +845,7 @@ class UpdateProjectWorkflowTests(test.BaseAdminViewTests):
|
||||
groups = self._get_all_groups(domain_id)
|
||||
proj_groups = self._get_proj_groups(project.id)
|
||||
roles = self.roles.list()
|
||||
role_assignments = self.role_assignments.list()
|
||||
|
||||
# get/init
|
||||
api.keystone.tenant_get(IsA(http.HttpRequest),
|
||||
@ -853,13 +870,23 @@ class UpdateProjectWorkflowTests(test.BaseAdminViewTests):
|
||||
.MultipleTimes().AndReturn(roles)
|
||||
api.keystone.group_list(IsA(http.HttpRequest), domain=domain_id) \
|
||||
.AndReturn(groups)
|
||||
api.keystone.user_list(IsA(http.HttpRequest),
|
||||
project=self.tenant.id).AndReturn(proj_users)
|
||||
|
||||
workflow_data = {}
|
||||
|
||||
if keystone_api_version >= 3:
|
||||
api.keystone.role_assignments_list(IsA(http.HttpRequest),
|
||||
project=self.tenant.id) \
|
||||
.AndReturn(role_assignments)
|
||||
else:
|
||||
api.keystone.user_list(IsA(http.HttpRequest),
|
||||
project=self.tenant.id) \
|
||||
.AndReturn(proj_users)
|
||||
|
||||
for user in proj_users:
|
||||
api.keystone.roles_for_user(IsA(http.HttpRequest),
|
||||
user.id,
|
||||
self.tenant.id).AndReturn(roles)
|
||||
|
||||
for group in groups:
|
||||
api.keystone.roles_for_group(IsA(http.HttpRequest),
|
||||
group=group.id,
|
||||
@ -1051,11 +1078,14 @@ class UpdateProjectWorkflowTests(test.BaseAdminViewTests):
|
||||
'remove_group_role',
|
||||
'add_group_role',
|
||||
'group_list',
|
||||
'role_list'),
|
||||
'role_list',
|
||||
'role_assignments_list'),
|
||||
quotas: ('get_tenant_quota_data',
|
||||
'get_disabled_quotas'),
|
||||
api.nova: ('tenant_quota_update',)})
|
||||
def test_update_project_tenant_update_error(self):
|
||||
keystone_api_version = api.keystone.VERSIONS.active
|
||||
|
||||
project = self.tenants.first()
|
||||
quota = self.quotas.first()
|
||||
default_role = self.roles.first()
|
||||
@ -1064,6 +1094,7 @@ class UpdateProjectWorkflowTests(test.BaseAdminViewTests):
|
||||
groups = self._get_all_groups(domain_id)
|
||||
roles = self.roles.list()
|
||||
proj_users = self._get_proj_users(project.id)
|
||||
role_assignments = self.role_assignments.list()
|
||||
|
||||
# get/init
|
||||
api.keystone.tenant_get(IsA(http.HttpRequest), self.tenant.id,
|
||||
@ -1085,15 +1116,24 @@ class UpdateProjectWorkflowTests(test.BaseAdminViewTests):
|
||||
.MultipleTimes().AndReturn(roles)
|
||||
api.keystone.group_list(IsA(http.HttpRequest), domain=domain_id) \
|
||||
.AndReturn(groups)
|
||||
api.keystone.user_list(IsA(http.HttpRequest),
|
||||
project=self.tenant.id).AndReturn(proj_users)
|
||||
|
||||
workflow_data = {}
|
||||
|
||||
if keystone_api_version >= 3:
|
||||
api.keystone.role_assignments_list(IsA(http.HttpRequest),
|
||||
project=self.tenant.id) \
|
||||
.AndReturn(role_assignments)
|
||||
else:
|
||||
api.keystone.user_list(IsA(http.HttpRequest),
|
||||
project=self.tenant.id) \
|
||||
.AndReturn(proj_users)
|
||||
for user in proj_users:
|
||||
api.keystone.roles_for_user(IsA(http.HttpRequest),
|
||||
user.id,
|
||||
self.tenant.id).AndReturn(roles)
|
||||
|
||||
role_ids = [role.id for role in roles]
|
||||
for user in proj_users:
|
||||
if role_ids:
|
||||
workflow_data.setdefault(USER_ROLE_PREFIX + role_ids[0], []) \
|
||||
.append(user.id)
|
||||
@ -1155,11 +1195,14 @@ class UpdateProjectWorkflowTests(test.BaseAdminViewTests):
|
||||
'remove_group_role',
|
||||
'add_group_role',
|
||||
'group_list',
|
||||
'role_list'),
|
||||
'role_list',
|
||||
'role_assignments_list'),
|
||||
quotas: ('get_tenant_quota_data',
|
||||
'get_disabled_quotas'),
|
||||
api.nova: ('tenant_quota_update',)})
|
||||
def test_update_project_quota_update_error(self):
|
||||
keystone_api_version = api.keystone.VERSIONS.active
|
||||
|
||||
project = self.tenants.first()
|
||||
quota = self.quotas.first()
|
||||
default_role = self.roles.first()
|
||||
@ -1169,6 +1212,7 @@ class UpdateProjectWorkflowTests(test.BaseAdminViewTests):
|
||||
groups = self._get_all_groups(domain_id)
|
||||
proj_groups = self._get_proj_groups(project.id)
|
||||
roles = self.roles.list()
|
||||
role_assignments = self.role_assignments.list()
|
||||
|
||||
# get/init
|
||||
api.keystone.tenant_get(IsA(http.HttpRequest), self.tenant.id,
|
||||
@ -1190,11 +1234,18 @@ class UpdateProjectWorkflowTests(test.BaseAdminViewTests):
|
||||
.MultipleTimes().AndReturn(roles)
|
||||
api.keystone.group_list(IsA(http.HttpRequest), domain=domain_id) \
|
||||
.AndReturn(groups)
|
||||
api.keystone.user_list(IsA(http.HttpRequest),
|
||||
project=self.tenant.id).AndReturn(proj_users)
|
||||
|
||||
workflow_data = {}
|
||||
|
||||
if keystone_api_version >= 3:
|
||||
api.keystone.role_assignments_list(IsA(http.HttpRequest),
|
||||
project=self.tenant.id) \
|
||||
.AndReturn(role_assignments)
|
||||
else:
|
||||
api.keystone.user_list(IsA(http.HttpRequest),
|
||||
project=self.tenant.id) \
|
||||
.AndReturn(proj_users)
|
||||
|
||||
for user in proj_users:
|
||||
api.keystone.roles_for_user(IsA(http.HttpRequest),
|
||||
user.id,
|
||||
@ -1319,10 +1370,13 @@ class UpdateProjectWorkflowTests(test.BaseAdminViewTests):
|
||||
'remove_group_role',
|
||||
'add_group_role',
|
||||
'group_list',
|
||||
'role_list'),
|
||||
'role_list',
|
||||
'role_assignments_list'),
|
||||
quotas: ('get_tenant_quota_data',
|
||||
'get_disabled_quotas')})
|
||||
def test_update_project_member_update_error(self):
|
||||
keystone_api_version = api.keystone.VERSIONS.active
|
||||
|
||||
project = self.tenants.first()
|
||||
quota = self.quotas.first()
|
||||
default_role = self.roles.first()
|
||||
@ -1331,6 +1385,7 @@ class UpdateProjectWorkflowTests(test.BaseAdminViewTests):
|
||||
proj_users = self._get_proj_users(project.id)
|
||||
groups = self._get_all_groups(domain_id)
|
||||
roles = self.roles.list()
|
||||
role_assignments = self.role_assignments.list()
|
||||
|
||||
# get/init
|
||||
api.keystone.tenant_get(IsA(http.HttpRequest), self.tenant.id,
|
||||
@ -1352,14 +1407,23 @@ class UpdateProjectWorkflowTests(test.BaseAdminViewTests):
|
||||
.MultipleTimes().AndReturn(roles)
|
||||
api.keystone.group_list(IsA(http.HttpRequest), domain=domain_id) \
|
||||
.AndReturn(groups)
|
||||
api.keystone.user_list(IsA(http.HttpRequest),
|
||||
project=self.tenant.id).AndReturn(proj_users)
|
||||
|
||||
workflow_data = {}
|
||||
|
||||
if keystone_api_version >= 3:
|
||||
api.keystone.role_assignments_list(IsA(http.HttpRequest),
|
||||
project=self.tenant.id) \
|
||||
.AndReturn(role_assignments)
|
||||
else:
|
||||
api.keystone.user_list(IsA(http.HttpRequest),
|
||||
project=self.tenant.id) \
|
||||
.AndReturn(proj_users)
|
||||
|
||||
for user in proj_users:
|
||||
api.keystone.roles_for_user(IsA(http.HttpRequest),
|
||||
user.id,
|
||||
self.tenant.id).AndReturn(roles)
|
||||
|
||||
for group in groups:
|
||||
api.keystone.roles_for_group(IsA(http.HttpRequest),
|
||||
group=group.id,
|
||||
|
@ -197,23 +197,18 @@ class UpdateProjectMembersAction(workflows.MembershipAction):
|
||||
# Figure out users & roles
|
||||
if project_id:
|
||||
try:
|
||||
project_members = api.keystone.user_list(request,
|
||||
project=project_id)
|
||||
except Exception:
|
||||
exceptions.handle(request, err_msg)
|
||||
|
||||
for user in project_members:
|
||||
try:
|
||||
roles = api.keystone.roles_for_user(self.request,
|
||||
user.id,
|
||||
users_roles = api.keystone.get_project_users_roles(request,
|
||||
project_id)
|
||||
except Exception:
|
||||
exceptions.handle(request,
|
||||
err_msg,
|
||||
redirect=reverse(INDEX_URL))
|
||||
for role in roles:
|
||||
field_name = self.get_member_field_name(role.id)
|
||||
self.fields[field_name].initial.append(user.id)
|
||||
|
||||
for user_id in users_roles:
|
||||
roles_ids = users_roles[user_id]
|
||||
for role_id in roles_ids:
|
||||
field_name = self.get_member_field_name(role_id)
|
||||
self.fields[field_name].initial.append(user_id)
|
||||
|
||||
class Meta:
|
||||
name = _("Project Members")
|
||||
|
@ -25,6 +25,7 @@ from keystoneclient.v2_0 import tenants
|
||||
from keystoneclient.v2_0 import users
|
||||
from keystoneclient.v3 import domains
|
||||
from keystoneclient.v3 import groups
|
||||
from keystoneclient.v3 import role_assignments
|
||||
|
||||
from openstack_auth import user as auth_user
|
||||
|
||||
@ -135,6 +136,7 @@ def data(TEST):
|
||||
TEST.users = utils.TestDataContainer()
|
||||
TEST.groups = utils.TestDataContainer()
|
||||
TEST.tenants = utils.TestDataContainer()
|
||||
TEST.role_assignments = utils.TestDataContainer()
|
||||
TEST.roles = utils.TestDataContainer()
|
||||
TEST.ec2 = utils.TestDataContainer()
|
||||
|
||||
@ -236,6 +238,31 @@ def data(TEST):
|
||||
group4 = groups.Group(groups.GroupManager(None), group_dict)
|
||||
TEST.groups.add(group, group2, group3, group4)
|
||||
|
||||
role_assignments_dict = {'user': {'id': '1'},
|
||||
'role': {'id': '1'},
|
||||
'scope': {'project': {'id': '1'}}}
|
||||
role_assignment1 = role_assignments.RoleAssignment(
|
||||
role_assignments.RoleAssignmentManager, role_assignments_dict)
|
||||
role_assignments_dict = {'user': {'id': '2'},
|
||||
'role': {'id': '2'},
|
||||
'scope': {'project': {'id': '1'}}}
|
||||
role_assignment2 = role_assignments.RoleAssignment(
|
||||
role_assignments.RoleAssignmentManager, role_assignments_dict)
|
||||
role_assignments_dict = {'group': {'id': '1'},
|
||||
'role': {'id': '2'},
|
||||
'scope': {'project': {'id': '1'}}}
|
||||
role_assignment3 = role_assignments.RoleAssignment(
|
||||
role_assignments.RoleAssignmentManager, role_assignments_dict)
|
||||
role_assignments_dict = {'user': {'id': '3'},
|
||||
'role': {'id': '2'},
|
||||
'scope': {'project': {'id': '1'}}}
|
||||
role_assignment4 = role_assignments.RoleAssignment(
|
||||
role_assignments.RoleAssignmentManager, role_assignments_dict)
|
||||
TEST.role_assignments.add(role_assignment1,
|
||||
role_assignment2,
|
||||
role_assignment3,
|
||||
role_assignment4)
|
||||
|
||||
tenant_dict = {'id': "1",
|
||||
'name': 'test_tenant',
|
||||
'description': "a test tenant.",
|
||||
|
Loading…
Reference in New Issue
Block a user