rename extras to metadata
This commit is contained in:
parent
8362442678
commit
2340dee20f
|
@ -27,7 +27,7 @@ class KvsIdentity(object):
|
||||||
"""
|
"""
|
||||||
user_ref = self.get_user(user_id)
|
user_ref = self.get_user(user_id)
|
||||||
tenant_ref = None
|
tenant_ref = None
|
||||||
extras_ref = None
|
metadata_ref = None
|
||||||
if not user_ref or user_ref.get('password') != password:
|
if not user_ref or user_ref.get('password') != password:
|
||||||
raise AssertionError('Invalid user / password')
|
raise AssertionError('Invalid user / password')
|
||||||
if tenant_id and tenant_id not in user_ref['tenants']:
|
if tenant_id and tenant_id not in user_ref['tenants']:
|
||||||
|
@ -35,10 +35,10 @@ class KvsIdentity(object):
|
||||||
|
|
||||||
tenant_ref = self.get_tenant(tenant_id)
|
tenant_ref = self.get_tenant(tenant_id)
|
||||||
if tenant_ref:
|
if tenant_ref:
|
||||||
extras_ref = self.get_extras(user_id, tenant_id)
|
metadata_ref = self.get_metadata(user_id, tenant_id)
|
||||||
else:
|
else:
|
||||||
extras_ref = {}
|
metadata_ref = {}
|
||||||
return (user_ref, tenant_ref, extras_ref)
|
return (user_ref, tenant_ref, metadata_ref)
|
||||||
|
|
||||||
def get_tenant(self, tenant_id):
|
def get_tenant(self, tenant_id):
|
||||||
tenant_ref = self.db.get('tenant-%s' % tenant_id)
|
tenant_ref = self.db.get('tenant-%s' % tenant_id)
|
||||||
|
@ -56,8 +56,8 @@ class KvsIdentity(object):
|
||||||
user_ref = self.db.get('user_name-%s' % user_name)
|
user_ref = self.db.get('user_name-%s' % user_name)
|
||||||
return user_ref
|
return user_ref
|
||||||
|
|
||||||
def get_extras(self, user_id, tenant_id):
|
def get_metadata(self, user_id, tenant_id):
|
||||||
return self.db.get('extras-%s-%s' % (tenant_id, user_id))
|
return self.db.get('metadata-%s-%s' % (tenant_id, user_id))
|
||||||
|
|
||||||
def get_role(self, role_id):
|
def get_role(self, role_id):
|
||||||
role_ref = self.db.get('role-%s' % role_id)
|
role_ref = self.db.get('role-%s' % role_id)
|
||||||
|
@ -91,28 +91,28 @@ class KvsIdentity(object):
|
||||||
return user_ref.get('tenants', [])
|
return user_ref.get('tenants', [])
|
||||||
|
|
||||||
def get_roles_for_user_and_tenant(self, user_id, tenant_id):
|
def get_roles_for_user_and_tenant(self, user_id, tenant_id):
|
||||||
extras_ref = self.get_extras(user_id, tenant_id)
|
metadata_ref = self.get_metadata(user_id, tenant_id)
|
||||||
if not extras_ref:
|
if not metadata_ref:
|
||||||
extras_ref = {}
|
metadata_ref = {}
|
||||||
return extras_ref.get('roles', [])
|
return metadata_ref.get('roles', [])
|
||||||
|
|
||||||
def add_role_to_user_and_tenant(self, user_id, tenant_id, role_id):
|
def add_role_to_user_and_tenant(self, user_id, tenant_id, role_id):
|
||||||
extras_ref = self.get_extras(user_id, tenant_id)
|
metadata_ref = self.get_metadata(user_id, tenant_id)
|
||||||
if not extras_ref:
|
if not metadata_ref:
|
||||||
extras_ref = {}
|
metadata_ref = {}
|
||||||
roles = set(extras_ref.get('roles', []))
|
roles = set(metadata_ref.get('roles', []))
|
||||||
roles.add(role_id)
|
roles.add(role_id)
|
||||||
extras_ref['roles'] = list(roles)
|
metadata_ref['roles'] = list(roles)
|
||||||
self.update_extras(user_id, tenant_id, extras_ref)
|
self.update_metadata(user_id, tenant_id, metadata_ref)
|
||||||
|
|
||||||
def remove_role_from_user_and_tenant(self, user_id, tenant_id, role_id):
|
def remove_role_from_user_and_tenant(self, user_id, tenant_id, role_id):
|
||||||
extras_ref = self.get_extras(user_id, tenant_id)
|
metadata_ref = self.get_metadata(user_id, tenant_id)
|
||||||
if not extras_ref:
|
if not metadata_ref:
|
||||||
extras_ref = {}
|
metadata_ref = {}
|
||||||
roles = set(extras_ref.get('roles', []))
|
roles = set(metadata_ref.get('roles', []))
|
||||||
roles.remove(role_id)
|
roles.remove(role_id)
|
||||||
extras_ref['roles'] = list(roles)
|
metadata_ref['roles'] = list(roles)
|
||||||
self.update_extras(user_id, tenant_id, extras_ref)
|
self.update_metadata(user_id, tenant_id, metadata_ref)
|
||||||
|
|
||||||
# CRUD
|
# CRUD
|
||||||
def create_user(self, id, user):
|
def create_user(self, id, user):
|
||||||
|
@ -159,16 +159,16 @@ class KvsIdentity(object):
|
||||||
self.db.delete('tenant-%s' % id)
|
self.db.delete('tenant-%s' % id)
|
||||||
return None
|
return None
|
||||||
|
|
||||||
def create_extras(self, user_id, tenant_id, extras):
|
def create_metadata(self, user_id, tenant_id, metadata):
|
||||||
self.db.set('extras-%s-%s' % (tenant_id, user_id), extras)
|
self.db.set('metadata-%s-%s' % (tenant_id, user_id), metadata)
|
||||||
return extras
|
return metadata
|
||||||
|
|
||||||
def update_extras(self, user_id, tenant_id, extras):
|
def update_metadata(self, user_id, tenant_id, metadata):
|
||||||
self.db.set('extras-%s-%s' % (tenant_id, user_id), extras)
|
self.db.set('metadata-%s-%s' % (tenant_id, user_id), metadata)
|
||||||
return extras
|
return metadata
|
||||||
|
|
||||||
def delete_extras(self, user_id, tenant_id):
|
def delete_metadata(self, user_id, tenant_id):
|
||||||
self.db.delete('extras-%s-%s' % (tenant_id, user_id))
|
self.db.delete('metadata-%s-%s' % (tenant_id, user_id))
|
||||||
return None
|
return None
|
||||||
|
|
||||||
def create_role(self, id, role):
|
def create_role(self, id, role):
|
||||||
|
@ -219,7 +219,7 @@ class KvsCatalog(object):
|
||||||
self.db = db
|
self.db = db
|
||||||
|
|
||||||
# Public interface
|
# Public interface
|
||||||
def get_catalog(self, user_id, tenant_id, extras=None):
|
def get_catalog(self, user_id, tenant_id, metadata=None):
|
||||||
return self.db.get('catalog-%s-%s' % (tenant_id, user_id))
|
return self.db.get('catalog-%s-%s' % (tenant_id, user_id))
|
||||||
|
|
||||||
def get_service(self, service_id):
|
def get_service(self, service_id):
|
||||||
|
|
|
@ -13,16 +13,16 @@ class PamIdentity(object):
|
||||||
|
|
||||||
def authenticate(self, username, password, **kwargs):
|
def authenticate(self, username, password, **kwargs):
|
||||||
if pam.authenticate(username, password):
|
if pam.authenticate(username, password):
|
||||||
extras = {}
|
metadata = {}
|
||||||
if username == 'root':
|
if username == 'root':
|
||||||
extras['is_admin'] == True
|
metadata['is_admin'] == True
|
||||||
|
|
||||||
tenant = {'id': username,
|
tenant = {'id': username,
|
||||||
'name': username}
|
'name': username}
|
||||||
user = {'id': username,
|
user = {'id': username,
|
||||||
'name': username}
|
'name': username}
|
||||||
|
|
||||||
return (tenant, user, extras)
|
return (tenant, user, metadata)
|
||||||
|
|
||||||
def get_tenants(self, username):
|
def get_tenants(self, username):
|
||||||
return [{'id': username,
|
return [{'id': username,
|
||||||
|
|
|
@ -129,10 +129,10 @@ class Role(Base, DictBase):
|
||||||
name = sql.Column(sql.String(64))
|
name = sql.Column(sql.String(64))
|
||||||
|
|
||||||
|
|
||||||
class Extras(Base, DictBase):
|
class Metadata(Base, DictBase):
|
||||||
__tablename__ = 'extras'
|
__tablename__ = 'metadata'
|
||||||
#__table_args__ = (
|
#__table_args__ = (
|
||||||
# sql.Index('idx_extras_usertenant', 'user', 'tenant'),
|
# sql.Index('idx_metadata_usertenant', 'user', 'tenant'),
|
||||||
# )
|
# )
|
||||||
|
|
||||||
user_id = sql.Column(sql.String(64), primary_key=True)
|
user_id = sql.Column(sql.String(64), primary_key=True)
|
||||||
|
@ -207,7 +207,7 @@ class SqlIdentity(SqlBase):
|
||||||
"""
|
"""
|
||||||
user_ref = self.get_user(user_id)
|
user_ref = self.get_user(user_id)
|
||||||
tenant_ref = None
|
tenant_ref = None
|
||||||
extras_ref = None
|
metadata_ref = None
|
||||||
if not user_ref or user_ref.get('password') != password:
|
if not user_ref or user_ref.get('password') != password:
|
||||||
raise AssertionError('Invalid user / password')
|
raise AssertionError('Invalid user / password')
|
||||||
|
|
||||||
|
@ -218,10 +218,10 @@ class SqlIdentity(SqlBase):
|
||||||
tenant_ref = self.get_tenant(tenant_id)
|
tenant_ref = self.get_tenant(tenant_id)
|
||||||
print 'ETESTSET', tenant_ref
|
print 'ETESTSET', tenant_ref
|
||||||
if tenant_ref:
|
if tenant_ref:
|
||||||
extras_ref = self.get_extras(user_id, tenant_id)
|
metadata_ref = self.get_metadata(user_id, tenant_id)
|
||||||
else:
|
else:
|
||||||
extras_ref = {}
|
metadata_ref = {}
|
||||||
return (user_ref, tenant_ref, extras_ref)
|
return (user_ref, tenant_ref, metadata_ref)
|
||||||
|
|
||||||
def get_tenant(self, tenant_id):
|
def get_tenant(self, tenant_id):
|
||||||
session = self.get_session()
|
session = self.get_session()
|
||||||
|
@ -251,13 +251,13 @@ class SqlIdentity(SqlBase):
|
||||||
return
|
return
|
||||||
return user_ref.to_dict()
|
return user_ref.to_dict()
|
||||||
|
|
||||||
def get_extras(self, user_id, tenant_id):
|
def get_metadata(self, user_id, tenant_id):
|
||||||
session = self.get_session()
|
session = self.get_session()
|
||||||
extras_ref = session.query(Extras)\
|
metadata_ref = session.query(Metadata)\
|
||||||
.filter_by(user_id=user_id)\
|
.filter_by(user_id=user_id)\
|
||||||
.filter_by(tenant_id=tenant_id)\
|
.filter_by(tenant_id=tenant_id)\
|
||||||
.first()
|
.first()
|
||||||
return getattr(extras_ref, 'data', None)
|
return getattr(metadata_ref, 'data', None)
|
||||||
|
|
||||||
def get_role(self, role_id):
|
def get_role(self, role_id):
|
||||||
session = self.get_session()
|
session = self.get_session()
|
||||||
|
@ -298,38 +298,38 @@ class SqlIdentity(SqlBase):
|
||||||
return [x.tenant_id for x in membership_refs]
|
return [x.tenant_id for x in membership_refs]
|
||||||
|
|
||||||
def get_roles_for_user_and_tenant(self, user_id, tenant_id):
|
def get_roles_for_user_and_tenant(self, user_id, tenant_id):
|
||||||
extras_ref = self.get_extras(user_id, tenant_id)
|
metadata_ref = self.get_metadata(user_id, tenant_id)
|
||||||
if not extras_ref:
|
if not metadata_ref:
|
||||||
extras_ref = {}
|
metadata_ref = {}
|
||||||
return extras_ref.get('roles', [])
|
return metadata_ref.get('roles', [])
|
||||||
|
|
||||||
def add_role_to_user_and_tenant(self, user_id, tenant_id, role_id):
|
def add_role_to_user_and_tenant(self, user_id, tenant_id, role_id):
|
||||||
extras_ref = self.get_extras(user_id, tenant_id)
|
metadata_ref = self.get_metadata(user_id, tenant_id)
|
||||||
is_new = False
|
is_new = False
|
||||||
if not extras_ref:
|
if not metadata_ref:
|
||||||
is_new = True
|
is_new = True
|
||||||
extras_ref = {}
|
metadata_ref = {}
|
||||||
roles = set(extras_ref.get('roles', []))
|
roles = set(metadata_ref.get('roles', []))
|
||||||
roles.add(role_id)
|
roles.add(role_id)
|
||||||
extras_ref['roles'] = list(roles)
|
metadata_ref['roles'] = list(roles)
|
||||||
if not is_new:
|
if not is_new:
|
||||||
self.update_extras(user_id, tenant_id, extras_ref)
|
self.update_metadata(user_id, tenant_id, metadata_ref)
|
||||||
else:
|
else:
|
||||||
self.create_extras(user_id, tenant_id, extras_ref)
|
self.create_metadata(user_id, tenant_id, metadata_ref)
|
||||||
|
|
||||||
def remove_role_from_user_and_tenant(self, user_id, tenant_id, role_id):
|
def remove_role_from_user_and_tenant(self, user_id, tenant_id, role_id):
|
||||||
extras_ref = self.get_extras(user_id, tenant_id)
|
metadata_ref = self.get_metadata(user_id, tenant_id)
|
||||||
is_new = False
|
is_new = False
|
||||||
if not extras_ref:
|
if not metadata_ref:
|
||||||
is_new = True
|
is_new = True
|
||||||
extras_ref = {}
|
metadata_ref = {}
|
||||||
roles = set(extras_ref.get('roles', []))
|
roles = set(metadata_ref.get('roles', []))
|
||||||
roles.remove(role_id)
|
roles.remove(role_id)
|
||||||
extras_ref['roles'] = list(roles)
|
metadata_ref['roles'] = list(roles)
|
||||||
if not is_new:
|
if not is_new:
|
||||||
self.update_extras(user_id, tenant_id, extras_ref)
|
self.update_metadata(user_id, tenant_id, metadata_ref)
|
||||||
else:
|
else:
|
||||||
self.create_extras(user_id, tenant_id, extras_ref)
|
self.create_metadata(user_id, tenant_id, metadata_ref)
|
||||||
|
|
||||||
# CRUD
|
# CRUD
|
||||||
def create_user(self, id, user):
|
def create_user(self, id, user):
|
||||||
|
@ -384,27 +384,29 @@ class SqlIdentity(SqlBase):
|
||||||
with session.begin():
|
with session.begin():
|
||||||
session.delete(tenant_ref)
|
session.delete(tenant_ref)
|
||||||
|
|
||||||
def create_extras(self, user_id, tenant_id, extras):
|
def create_metadata(self, user_id, tenant_id, metadata):
|
||||||
session = self.get_session()
|
session = self.get_session()
|
||||||
with session.begin():
|
with session.begin():
|
||||||
session.add(Extras(user_id=user_id, tenant_id=tenant_id, data=extras))
|
session.add(Metadata(user_id=user_id,
|
||||||
return extras
|
tenant_id=tenant_id,
|
||||||
|
data=metadata))
|
||||||
|
return metadata
|
||||||
|
|
||||||
def update_extras(self, user_id, tenant_id, extras):
|
def update_metadata(self, user_id, tenant_id, metadata):
|
||||||
session = self.get_session()
|
session = self.get_session()
|
||||||
with session.begin():
|
with session.begin():
|
||||||
extras_ref = session.query(Extras)\
|
metadata_ref = session.query(Metadata)\
|
||||||
.filter_by(user_id=user_id)\
|
.filter_by(user_id=user_id)\
|
||||||
.filter_by(tenant_id=tenant_id)\
|
.filter_by(tenant_id=tenant_id)\
|
||||||
.first()
|
.first()
|
||||||
data = extras_ref.data.copy()
|
data = metadata_ref.data.copy()
|
||||||
for k in extras:
|
for k in metadata:
|
||||||
data[k] = extras[k]
|
data[k] = metadata[k]
|
||||||
extras_ref.data = data
|
metadata_ref.data = data
|
||||||
return extras_ref
|
return metadata_ref
|
||||||
|
|
||||||
def delete_extras(self, user_id, tenant_id):
|
def delete_metadata(self, user_id, tenant_id):
|
||||||
self.db.delete('extras-%s-%s' % (tenant_id, user_id))
|
self.db.delete('metadata-%s-%s' % (tenant_id, user_id))
|
||||||
return None
|
return None
|
||||||
|
|
||||||
def create_role(self, id, role):
|
def create_role(self, id, role):
|
||||||
|
|
|
@ -70,7 +70,7 @@ class TemplatedCatalog(kvs.KvsCatalog):
|
||||||
|
|
||||||
self.templates = o
|
self.templates = o
|
||||||
|
|
||||||
def get_catalog(self, user_id, tenant_id, extras=None):
|
def get_catalog(self, user_id, tenant_id, metadata=None):
|
||||||
d = dict(CONF.iteritems())
|
d = dict(CONF.iteritems())
|
||||||
d.update({'tenant_id': tenant_id,
|
d.update({'tenant_id': tenant_id,
|
||||||
'user_id': user_id})
|
'user_id': user_id})
|
||||||
|
|
|
@ -13,9 +13,9 @@ class Manager(object):
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
self.driver = utils.import_object(CONF.catalog.driver)
|
self.driver = utils.import_object(CONF.catalog.driver)
|
||||||
|
|
||||||
def get_catalog(self, context, user_id, tenant_id, extras=None):
|
def get_catalog(self, context, user_id, tenant_id, metadata=None):
|
||||||
"""Return info for a catalog if it is valid."""
|
"""Return info for a catalog if it is valid."""
|
||||||
return self.driver.get_catalog(user_id, tenant_id, extras=extras)
|
return self.driver.get_catalog(user_id, tenant_id, metadata=metadata)
|
||||||
|
|
||||||
def get_service(self, context, service_id):
|
def get_service(self, context, service_id):
|
||||||
return self.driver.get_service(service_id)
|
return self.driver.get_service(service_id)
|
||||||
|
|
|
@ -32,8 +32,8 @@ class Manager(object):
|
||||||
def get_tenant_by_name(self, context, tenant_name):
|
def get_tenant_by_name(self, context, tenant_name):
|
||||||
return self.driver.get_tenant_by_name(tenant_name)
|
return self.driver.get_tenant_by_name(tenant_name)
|
||||||
|
|
||||||
def get_extras(self, context, user_id, tenant_id):
|
def get_metadata(self, context, user_id, tenant_id):
|
||||||
return self.driver.get_extras(user_id, tenant_id)
|
return self.driver.get_metadata(user_id, tenant_id)
|
||||||
|
|
||||||
def get_role(self, context, role_id):
|
def get_role(self, context, role_id):
|
||||||
return self.driver.get_role(role_id)
|
return self.driver.get_role(role_id)
|
||||||
|
@ -86,14 +86,14 @@ class Manager(object):
|
||||||
def delete_tenant(self, context, tenant_id):
|
def delete_tenant(self, context, tenant_id):
|
||||||
return self.driver.delete_tenant(tenant_id)
|
return self.driver.delete_tenant(tenant_id)
|
||||||
|
|
||||||
def create_extras(self, context, user_id, tenant_id, data):
|
def create_metadata(self, context, user_id, tenant_id, data):
|
||||||
return self.driver.create_extras(user_id, tenant_id, data)
|
return self.driver.create_metadata(user_id, tenant_id, data)
|
||||||
|
|
||||||
def update_extras(self, context, user_id, tenant_id, data):
|
def update_metadata(self, context, user_id, tenant_id, data):
|
||||||
return self.driver.update_extras(user_id, tenant_id, data)
|
return self.driver.update_metadata(user_id, tenant_id, data)
|
||||||
|
|
||||||
def delete_extras(self, context, user_id, tenant_id):
|
def delete_metadata(self, context, user_id, tenant_id):
|
||||||
return self.driver.delete_extras(user_id, tenant_id)
|
return self.driver.delete_metadata(user_id, tenant_id)
|
||||||
|
|
||||||
def create_role(self, context, role_id, data):
|
def create_role(self, context, role_id, data):
|
||||||
return self.driver.create_role(role_id, data)
|
return self.driver.create_role(role_id, data)
|
||||||
|
|
|
@ -319,22 +319,22 @@ class KeystoneTokenController(service.BaseApplication):
|
||||||
else:
|
else:
|
||||||
tenant_id = auth.get('tenantId', None)
|
tenant_id = auth.get('tenantId', None)
|
||||||
|
|
||||||
(user_ref, tenant_ref, extras_ref) = \
|
(user_ref, tenant_ref, metadata_ref) = \
|
||||||
self.identity_api.authenticate(context=context,
|
self.identity_api.authenticate(context=context,
|
||||||
user_id=user_id,
|
user_id=user_id,
|
||||||
password=password,
|
password=password,
|
||||||
tenant_id=tenant_id)
|
tenant_id=tenant_id)
|
||||||
token_ref = self.token_api.create_token(context,
|
token_ref = self.token_api.create_token(
|
||||||
dict(expires='',
|
context, dict(expires='',
|
||||||
user=user_ref,
|
user=user_ref,
|
||||||
tenant=tenant_ref,
|
tenant=tenant_ref,
|
||||||
extras=extras_ref))
|
metadata=metadata_ref))
|
||||||
if tenant_ref:
|
if tenant_ref:
|
||||||
catalog_ref = self.catalog_api.get_catalog(
|
catalog_ref = self.catalog_api.get_catalog(
|
||||||
context=context,
|
context=context,
|
||||||
user_id=user_ref['id'],
|
user_id=user_ref['id'],
|
||||||
tenant_id=tenant_ref['id'],
|
tenant_id=tenant_ref['id'],
|
||||||
extras=extras_ref)
|
metadata=metadata_ref)
|
||||||
else:
|
else:
|
||||||
catalog_ref = {}
|
catalog_ref = {}
|
||||||
|
|
||||||
|
@ -359,26 +359,26 @@ class KeystoneTokenController(service.BaseApplication):
|
||||||
|
|
||||||
tenant_ref = self.identity_api.get_tenant(context=context,
|
tenant_ref = self.identity_api.get_tenant(context=context,
|
||||||
tenant_id=tenant_id)
|
tenant_id=tenant_id)
|
||||||
extras_ref = self.identity_api.get_extras(
|
metadata_ref = self.identity_api.get_metadata(
|
||||||
context=context,
|
context=context,
|
||||||
user_id=user_ref['id'],
|
user_id=user_ref['id'],
|
||||||
tenant_id=tenant_ref['id'])
|
tenant_id=tenant_ref['id'])
|
||||||
token_ref = self.token_api.create_token(context,
|
token_ref = self.token_api.create_token(
|
||||||
dict(expires='',
|
context, dict(expires='',
|
||||||
user=user_ref,
|
user=user_ref,
|
||||||
tenant=tenant_ref,
|
tenant=tenant_ref,
|
||||||
extras=extras_ref))
|
metadata=metadata_ref))
|
||||||
catalog_ref = self.catalog_api.get_catalog(
|
catalog_ref = self.catalog_api.get_catalog(
|
||||||
context=context,
|
context=context,
|
||||||
user_id=user_ref['id'],
|
user_id=user_ref['id'],
|
||||||
tenant_id=tenant_ref['id'],
|
tenant_id=tenant_ref['id'],
|
||||||
extras=extras_ref)
|
metadata=metadata_ref)
|
||||||
|
|
||||||
# TODO(termie): optimize this call at some point and put it into the
|
# TODO(termie): optimize this call at some point and put it into the
|
||||||
# the return for extras
|
# the return for metadata
|
||||||
# fill out the roles in the extras
|
# fill out the roles in the metadata
|
||||||
roles_ref = []
|
roles_ref = []
|
||||||
for role_id in extras_ref.get('roles', []):
|
for role_id in metadata_ref.get('roles', []):
|
||||||
roles_ref.append(self.identity_api.get_role(context, role_id))
|
roles_ref.append(self.identity_api.get_role(context, role_id))
|
||||||
logging.debug('TOKEN_REF %s', token_ref)
|
logging.debug('TOKEN_REF %s', token_ref)
|
||||||
return self._format_authenticate(token_ref, roles_ref, catalog_ref)
|
return self._format_authenticate(token_ref, roles_ref, catalog_ref)
|
||||||
|
@ -397,7 +397,7 @@ class KeystoneTokenController(service.BaseApplication):
|
||||||
if not context['is_admin']:
|
if not context['is_admin']:
|
||||||
user_token_ref = self.token_api.get_token(
|
user_token_ref = self.token_api.get_token(
|
||||||
context=context, token_id=context['token_id'])
|
context=context, token_id=context['token_id'])
|
||||||
creds = user_token_ref['extras'].copy()
|
creds = user_token_ref['metadata'].copy()
|
||||||
creds['user_id'] = user_token_ref['user'].get('id')
|
creds['user_id'] = user_token_ref['user'].get('id')
|
||||||
creds['tenant_id'] = user_token_ref['tenant'].get('id')
|
creds['tenant_id'] = user_token_ref['tenant'].get('id')
|
||||||
# Accept either is_admin or the admin role
|
# Accept either is_admin or the admin role
|
||||||
|
@ -427,7 +427,7 @@ class KeystoneTokenController(service.BaseApplication):
|
||||||
|
|
||||||
def _format_token(self, token_ref, roles_ref):
|
def _format_token(self, token_ref, roles_ref):
|
||||||
user_ref = token_ref['user']
|
user_ref = token_ref['user']
|
||||||
extras_ref = token_ref['extras']
|
metadata_ref = token_ref['metadata']
|
||||||
o = {'access': {'token': {'id': token_ref['id'],
|
o = {'access': {'token': {'id': token_ref['id'],
|
||||||
'expires': token_ref['expires']
|
'expires': token_ref['expires']
|
||||||
},
|
},
|
||||||
|
@ -435,7 +435,7 @@ class KeystoneTokenController(service.BaseApplication):
|
||||||
'name': user_ref['name'],
|
'name': user_ref['name'],
|
||||||
'username': user_ref['name'],
|
'username': user_ref['name'],
|
||||||
'roles': roles_ref,
|
'roles': roles_ref,
|
||||||
'roles_links': extras_ref.get('roles_links',
|
'roles_links': metadata_ref.get('roles_links',
|
||||||
[])
|
[])
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -525,7 +525,7 @@ class KeystoneTenantController(service.BaseApplication):
|
||||||
if not context['is_admin']:
|
if not context['is_admin']:
|
||||||
user_token_ref = self.token_api.get_token(
|
user_token_ref = self.token_api.get_token(
|
||||||
context=context, token_id=context['token_id'])
|
context=context, token_id=context['token_id'])
|
||||||
creds = user_token_ref['extras'].copy()
|
creds = user_token_ref['metadata'].copy()
|
||||||
creds['user_id'] = user_token_ref['user'].get('id')
|
creds['user_id'] = user_token_ref['user'].get('id')
|
||||||
creds['tenant_id'] = user_token_ref['tenant'].get('id')
|
creds['tenant_id'] = user_token_ref['tenant'].get('id')
|
||||||
# Accept either is_admin or the admin role
|
# Accept either is_admin or the admin role
|
||||||
|
|
|
@ -20,9 +20,9 @@ class Role(dict):
|
||||||
super(Role, self).__init__(id=id, *args, **kw)
|
super(Role, self).__init__(id=id, *args, **kw)
|
||||||
|
|
||||||
|
|
||||||
class Extras(dict):
|
class Metadata(dict):
|
||||||
def __init__(self, user_id=None, tenant_id=None, *args, **kw):
|
def __init__(self, user_id=None, tenant_id=None, *args, **kw):
|
||||||
super(Extras, self).__init__(user_id=user_id,
|
super(Metadata, self).__init__(user_id=user_id,
|
||||||
tenant_id=tenant_id,
|
tenant_id=tenant_id,
|
||||||
*args,
|
*args,
|
||||||
**kw)
|
**kw)
|
||||||
|
|
|
@ -17,7 +17,7 @@ HIGH_LEVEL_CALLS = {
|
||||||
'get_user': ('GET', '/user/%(user_id)s'),
|
'get_user': ('GET', '/user/%(user_id)s'),
|
||||||
'get_tenant': ('GET', '/tenant/%(tenant_id)s'),
|
'get_tenant': ('GET', '/tenant/%(tenant_id)s'),
|
||||||
'get_tenant_by_name': ('GET', '/tenant_name/%(tenant_name)s'),
|
'get_tenant_by_name': ('GET', '/tenant_name/%(tenant_name)s'),
|
||||||
'get_extras': ('GET', '/extras/%(tenant_id)s-%(user_id)s'),
|
'get_metadata': ('GET', '/metadata/%(tenant_id)s-%(user_id)s'),
|
||||||
'get_token': ('GET', '/token/%(token_id)s'),
|
'get_token': ('GET', '/token/%(token_id)s'),
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -34,11 +34,11 @@ LOW_LEVEL_CALLS = {
|
||||||
'create_tenant': ('POST', '/tenant'),
|
'create_tenant': ('POST', '/tenant'),
|
||||||
'update_tenant': ('PUT', '/tenant/%(tenant_id)s'),
|
'update_tenant': ('PUT', '/tenant/%(tenant_id)s'),
|
||||||
'delete_tenant': ('DELETE', '/tenant/%(tenant_id)s'),
|
'delete_tenant': ('DELETE', '/tenant/%(tenant_id)s'),
|
||||||
# extras
|
# metadata
|
||||||
# NOTE(termie): these separators are probably going to bite us eventually
|
# NOTE(termie): these separators are probably going to bite us eventually
|
||||||
'create_extras': ('POST', '/extras'),
|
'create_metadata': ('POST', '/metadata'),
|
||||||
'update_extras': ('PUT', '/extras/%(tenant_id)s-%(user_id)s'),
|
'update_metadata': ('PUT', '/metadata/%(tenant_id)s-%(user_id)s'),
|
||||||
'delete_extras': ('DELETE', '/extras/%(tenant_id)s-%(user_id)s'),
|
'delete_metadata': ('DELETE', '/metadata/%(tenant_id)s-%(user_id)s'),
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -98,7 +98,7 @@ class BaseApplication(wsgi.Application):
|
||||||
if not context['is_admin']:
|
if not context['is_admin']:
|
||||||
user_token_ref = self.token_api.get_token(
|
user_token_ref = self.token_api.get_token(
|
||||||
context=context, token_id=context['token_id'])
|
context=context, token_id=context['token_id'])
|
||||||
creds = user_token_ref['extras'].copy()
|
creds = user_token_ref['metadata'].copy()
|
||||||
creds['user_id'] = user_token_ref['user'].get('id')
|
creds['user_id'] = user_token_ref['user'].get('id')
|
||||||
creds['tenant_id'] = user_token_ref['tenant'].get('id')
|
creds['tenant_id'] = user_token_ref['tenant'].get('id')
|
||||||
print creds
|
print creds
|
||||||
|
@ -136,13 +136,13 @@ class IdentityController(BaseApplication):
|
||||||
return ''
|
return ''
|
||||||
|
|
||||||
def authenticate(self, context, **kwargs):
|
def authenticate(self, context, **kwargs):
|
||||||
user_ref, tenant_ref, extras_ref = self.identity_api.authenticate(
|
user_ref, tenant_ref, metadata_ref = self.identity_api.authenticate(
|
||||||
context, **kwargs)
|
context, **kwargs)
|
||||||
# TODO(termie): strip password from return values
|
# TODO(termie): strip password from return values
|
||||||
token_ref = self.token_api.create_token(context,
|
token_ref = self.token_api.create_token(context,
|
||||||
dict(tenant=tenant_ref,
|
dict(tenant=tenant_ref,
|
||||||
user=user_ref,
|
user=user_ref,
|
||||||
extras=extras_ref))
|
metadata=metadata_ref))
|
||||||
logging.debug('TOKEN: %s', token_ref)
|
logging.debug('TOKEN: %s', token_ref)
|
||||||
return token_ref
|
return token_ref
|
||||||
|
|
||||||
|
@ -197,24 +197,24 @@ class IdentityController(BaseApplication):
|
||||||
def delete_tenant(self, context, tenant_id):
|
def delete_tenant(self, context, tenant_id):
|
||||||
return self.identity_api.delete_tenant(context, tenant_id=tenant_id)
|
return self.identity_api.delete_tenant(context, tenant_id=tenant_id)
|
||||||
|
|
||||||
def get_extras(self, context, user_id, tenant_id):
|
def get_metadata(self, context, user_id, tenant_id):
|
||||||
return self.identity_api.get_extras(
|
return self.identity_api.get_metadata(
|
||||||
context, user_id=user_id, tenant_id=tenant_id)
|
context, user_id=user_id, tenant_id=tenant_id)
|
||||||
|
|
||||||
def create_extras(self, context, **kw):
|
def create_metadata(self, context, **kw):
|
||||||
user_id = kw.pop('user_id')
|
user_id = kw.pop('user_id')
|
||||||
tenant_id = kw.pop('tenant_id')
|
tenant_id = kw.pop('tenant_id')
|
||||||
return self.identity_api.create_extras(
|
return self.identity_api.create_metadata(
|
||||||
context, user_id=user_id, tenant_id=tenant_id, data=kw)
|
context, user_id=user_id, tenant_id=tenant_id, data=kw)
|
||||||
|
|
||||||
def update_extras(self, context, user_id, tenant_id, **kw):
|
def update_metadata(self, context, user_id, tenant_id, **kw):
|
||||||
kw.pop('user_id', None)
|
kw.pop('user_id', None)
|
||||||
kw.pop('tenant_id', None)
|
kw.pop('tenant_id', None)
|
||||||
return self.identity_api.update_extras(
|
return self.identity_api.update_metadata(
|
||||||
context, user_id=user_id, tenant_id=tenant_id, data=kw)
|
context, user_id=user_id, tenant_id=tenant_id, data=kw)
|
||||||
|
|
||||||
def delete_extras(self, context, user_id, tenant_id):
|
def delete_metadata(self, context, user_id, tenant_id):
|
||||||
return self.identity_api.delete_extras(
|
return self.identity_api.delete_metadata(
|
||||||
context, user_id=user_id, tenant_id=tenant_id)
|
context, user_id=user_id, tenant_id=tenant_id)
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -34,7 +34,7 @@ def checkout_vendor(repo, rev):
|
||||||
try:
|
try:
|
||||||
if os.path.exists(modcheck):
|
if os.path.exists(modcheck):
|
||||||
mtime = os.stat(modcheck).st_mtime
|
mtime = os.stat(modcheck).st_mtime
|
||||||
if int(time.time()) - mtime < 1000:
|
if int(time.time()) - mtime < 10000:
|
||||||
return revdir
|
return revdir
|
||||||
|
|
||||||
if not os.path.exists(revdir):
|
if not os.path.exists(revdir):
|
||||||
|
@ -130,16 +130,17 @@ class TestCase(unittest.TestCase):
|
||||||
rv = self.identity_api.create_role(role['id'], role)
|
rv = self.identity_api.create_role(role['id'], role)
|
||||||
setattr(self, 'role_%s' % role['id'], rv)
|
setattr(self, 'role_%s' % role['id'], rv)
|
||||||
|
|
||||||
for extras in fixtures.EXTRAS:
|
for metadata in fixtures.METADATA:
|
||||||
extras_ref = extras.copy()
|
metadata_ref = metadata.copy()
|
||||||
# TODO(termie): these will probably end up in the model anyway, so this
|
# TODO(termie): these will probably end up in the model anyway, so this
|
||||||
# may be futile
|
# may be futile
|
||||||
del extras_ref['user_id']
|
del metadata_ref['user_id']
|
||||||
del extras_ref['tenant_id']
|
del metadata_ref['tenant_id']
|
||||||
rv = self.identity_api.create_extras(
|
rv = self.identity_api.create_metadata(
|
||||||
extras['user_id'], extras['tenant_id'], extras_ref)
|
metadata['user_id'], metadata['tenant_id'], metadata_ref)
|
||||||
setattr(self,
|
setattr(self,
|
||||||
'extras_%s%s' % (extras['user_id'], extras['tenant_id']), rv)
|
'metadata_%s%s' % (metadata['user_id'],
|
||||||
|
metadata['tenant_id']), rv)
|
||||||
|
|
||||||
def loadapp(self, config, name='main'):
|
def loadapp(self, config, name='main'):
|
||||||
if not config.startswith('config:'):
|
if not config.startswith('config:'):
|
||||||
|
|
|
@ -7,7 +7,7 @@ USERS = [
|
||||||
{'id': 'foo', 'name': 'FOO', 'password': 'foo2', 'tenants': ['bar',]},
|
{'id': 'foo', 'name': 'FOO', 'password': 'foo2', 'tenants': ['bar',]},
|
||||||
]
|
]
|
||||||
|
|
||||||
EXTRAS = [
|
METADATA = [
|
||||||
{'user_id': 'foo', 'tenant_id': 'bar', 'extra': 'extra'},
|
{'user_id': 'foo', 'tenant_id': 'bar', 'extra': 'extra'},
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
|
@ -21,21 +21,21 @@ class IdentityTests(object):
|
||||||
password=self.user_foo['password'])
|
password=self.user_foo['password'])
|
||||||
|
|
||||||
def test_authenticate_no_tenant(self):
|
def test_authenticate_no_tenant(self):
|
||||||
user_ref, tenant_ref, extras_ref = self.identity_api.authenticate(
|
user_ref, tenant_ref, metadata_ref = self.identity_api.authenticate(
|
||||||
user_id=self.user_foo['id'],
|
user_id=self.user_foo['id'],
|
||||||
password=self.user_foo['password'])
|
password=self.user_foo['password'])
|
||||||
self.assertDictEquals(user_ref, self.user_foo)
|
self.assertDictEquals(user_ref, self.user_foo)
|
||||||
self.assert_(tenant_ref is None)
|
self.assert_(tenant_ref is None)
|
||||||
self.assert_(not extras_ref)
|
self.assert_(not metadata_ref)
|
||||||
|
|
||||||
def test_authenticate(self):
|
def test_authenticate(self):
|
||||||
user_ref, tenant_ref, extras_ref = self.identity_api.authenticate(
|
user_ref, tenant_ref, metadata_ref = self.identity_api.authenticate(
|
||||||
user_id=self.user_foo['id'],
|
user_id=self.user_foo['id'],
|
||||||
tenant_id=self.tenant_bar['id'],
|
tenant_id=self.tenant_bar['id'],
|
||||||
password=self.user_foo['password'])
|
password=self.user_foo['password'])
|
||||||
self.assertDictEquals(user_ref, self.user_foo)
|
self.assertDictEquals(user_ref, self.user_foo)
|
||||||
self.assertDictEquals(tenant_ref, self.tenant_bar)
|
self.assertDictEquals(tenant_ref, self.tenant_bar)
|
||||||
self.assertDictEquals(extras_ref, self.extras_foobar)
|
self.assertDictEquals(metadata_ref, self.metadata_foobar)
|
||||||
|
|
||||||
def test_get_tenant_bad_tenant(self):
|
def test_get_tenant_bad_tenant(self):
|
||||||
tenant_ref = self.identity_api.get_tenant(
|
tenant_ref = self.identity_api.get_tenant(
|
||||||
|
@ -65,23 +65,23 @@ class IdentityTests(object):
|
||||||
user_ref = self.identity_api.get_user(user_id=self.user_foo['id'])
|
user_ref = self.identity_api.get_user(user_id=self.user_foo['id'])
|
||||||
self.assertDictEquals(user_ref, self.user_foo)
|
self.assertDictEquals(user_ref, self.user_foo)
|
||||||
|
|
||||||
def test_get_extras_bad_user(self):
|
def test_get_metadata_bad_user(self):
|
||||||
extras_ref = self.identity_api.get_extras(
|
metadata_ref = self.identity_api.get_metadata(
|
||||||
user_id=self.user_foo['id'] + 'WRONG',
|
user_id=self.user_foo['id'] + 'WRONG',
|
||||||
tenant_id=self.tenant_bar['id'])
|
tenant_id=self.tenant_bar['id'])
|
||||||
self.assert_(extras_ref is None)
|
self.assert_(metadata_ref is None)
|
||||||
|
|
||||||
def test_get_extras_bad_tenant(self):
|
def test_get_metadata_bad_tenant(self):
|
||||||
extras_ref = self.identity_api.get_extras(
|
metadata_ref = self.identity_api.get_metadata(
|
||||||
user_id=self.user_foo['id'],
|
user_id=self.user_foo['id'],
|
||||||
tenant_id=self.tenant_bar['id'] + 'WRONG')
|
tenant_id=self.tenant_bar['id'] + 'WRONG')
|
||||||
self.assert_(extras_ref is None)
|
self.assert_(metadata_ref is None)
|
||||||
|
|
||||||
def test_get_extras(self):
|
def test_get_metadata(self):
|
||||||
extras_ref = self.identity_api.get_extras(
|
metadata_ref = self.identity_api.get_metadata(
|
||||||
user_id=self.user_foo['id'],
|
user_id=self.user_foo['id'],
|
||||||
tenant_id=self.tenant_bar['id'])
|
tenant_id=self.tenant_bar['id'])
|
||||||
self.assertDictEquals(extras_ref, self.extras_foobar)
|
self.assertDictEquals(metadata_ref, self.metadata_foobar)
|
||||||
|
|
||||||
def test_get_role(self):
|
def test_get_role(self):
|
||||||
role_ref = self.identity_api.get_role(
|
role_ref = self.identity_api.get_role(
|
||||||
|
|
|
@ -38,7 +38,7 @@ class IdentityApi(test.TestCase):
|
||||||
data = json.loads(resp.body)
|
data = json.loads(resp.body)
|
||||||
self.assertEquals(self.user_foo['id'], data['user']['id'])
|
self.assertEquals(self.user_foo['id'], data['user']['id'])
|
||||||
self.assertEquals(self.tenant_bar['id'], data['tenant']['id'])
|
self.assertEquals(self.tenant_bar['id'], data['tenant']['id'])
|
||||||
self.assertDictEquals(self.extras_foobar, data['extras'])
|
self.assertDictEquals(self.metadata_foobar, data['metadata'])
|
||||||
|
|
||||||
def test_authenticate_no_tenant(self):
|
def test_authenticate_no_tenant(self):
|
||||||
c = client.TestClient(self.app)
|
c = client.TestClient(self.app)
|
||||||
|
@ -48,7 +48,7 @@ class IdentityApi(test.TestCase):
|
||||||
data = json.loads(resp.body)
|
data = json.loads(resp.body)
|
||||||
self.assertEquals(self.user_foo['id'], data['user']['id'])
|
self.assertEquals(self.user_foo['id'], data['user']['id'])
|
||||||
self.assertEquals(None, data['tenant'])
|
self.assertEquals(None, data['tenant'])
|
||||||
self.assertEquals({}, data['extras'])
|
self.assertEquals({}, data['metadata'])
|
||||||
|
|
||||||
def test_get_tenants(self):
|
def test_get_tenants(self):
|
||||||
token = self._login()
|
token = self._login()
|
||||||
|
@ -131,32 +131,32 @@ class IdentityApi(test.TestCase):
|
||||||
# TODO(termie): we should probably return not founds instead of None
|
# TODO(termie): we should probably return not founds instead of None
|
||||||
#self.assertEquals(delget_resp.status, '404 Not Found')
|
#self.assertEquals(delget_resp.status, '404 Not Found')
|
||||||
|
|
||||||
def test_crud_extras(self):
|
def test_crud_metadata(self):
|
||||||
token_id = CONF.admin_token
|
token_id = CONF.admin_token
|
||||||
user_id = 'foo'
|
user_id = 'foo'
|
||||||
tenant_id = 'bar'
|
tenant_id = 'bar'
|
||||||
c = client.TestClient(self.app, token=token_id)
|
c = client.TestClient(self.app, token=token_id)
|
||||||
extras_ref = dict(baz='qaz')
|
metadata_ref = dict(baz='qaz')
|
||||||
resp = c.create_extras(user_id=user_id, tenant_id=tenant_id, **extras_ref)
|
resp = c.create_metadata(user_id=user_id, tenant_id=tenant_id, **metadata_ref)
|
||||||
data = json.loads(resp.body)
|
data = json.loads(resp.body)
|
||||||
self.assertEquals(data['baz'], 'qaz')
|
self.assertEquals(data['baz'], 'qaz')
|
||||||
|
|
||||||
get_resp = c.get_extras(user_id=user_id, tenant_id=tenant_id)
|
get_resp = c.get_metadata(user_id=user_id, tenant_id=tenant_id)
|
||||||
get_data = json.loads(get_resp.body)
|
get_data = json.loads(get_resp.body)
|
||||||
|
|
||||||
self.assertDictEquals(data, get_data)
|
self.assertDictEquals(data, get_data)
|
||||||
|
|
||||||
update_resp = c.update_extras(user_id=user_id,
|
update_resp = c.update_metadata(user_id=user_id,
|
||||||
tenant_id=tenant_id,
|
tenant_id=tenant_id,
|
||||||
baz='WAZ')
|
baz='WAZ')
|
||||||
update_data = json.loads(update_resp.body)
|
update_data = json.loads(update_resp.body)
|
||||||
|
|
||||||
self.assertEquals('WAZ', update_data['baz'])
|
self.assertEquals('WAZ', update_data['baz'])
|
||||||
|
|
||||||
del_resp = c.delete_extras(user_id=user_id, tenant_id=tenant_id)
|
del_resp = c.delete_metadata(user_id=user_id, tenant_id=tenant_id)
|
||||||
self.assertEquals(del_resp.body, '')
|
self.assertEquals(del_resp.body, '')
|
||||||
|
|
||||||
delget_resp = c.get_extras(user_id=user_id, tenant_id=tenant_id)
|
delget_resp = c.get_metadata(user_id=user_id, tenant_id=tenant_id)
|
||||||
self.assertEquals(delget_resp.body, '')
|
self.assertEquals(delget_resp.body, '')
|
||||||
# TODO(termie): we should probably return not founds instead of None
|
# TODO(termie): we should probably return not founds instead of None
|
||||||
#self.assertEquals(delget_resp.status, '404 Not Found')
|
#self.assertEquals(delget_resp.status, '404 Not Found')
|
||||||
|
|
|
@ -57,7 +57,7 @@ class KcMasterTestCase(CompatTestCase):
|
||||||
# is all working
|
# is all working
|
||||||
# TODO(termie): add an admin user to the fixtures and use that user
|
# TODO(termie): add an admin user to the fixtures and use that user
|
||||||
# override the fixtures, for now
|
# override the fixtures, for now
|
||||||
self.extras_foobar = self.identity_api.update_extras(
|
self.metadata_foobar = self.identity_api.update_metadata(
|
||||||
self.user_foo['id'], self.tenant_bar['id'],
|
self.user_foo['id'], self.tenant_bar['id'],
|
||||||
dict(roles=['keystone_admin'], is_admin='1'))
|
dict(roles=['keystone_admin'], is_admin='1'))
|
||||||
|
|
||||||
|
|
|
@ -59,7 +59,7 @@ class CompatTestCase(test.TestCase):
|
||||||
name='jqsmith',
|
name='jqsmith',
|
||||||
tenants=[self.tenant_345['id']],
|
tenants=[self.tenant_345['id']],
|
||||||
password='password'))
|
password='password'))
|
||||||
self.extras_123 = self.identity_api.create_extras(
|
self.metadata_123 = self.identity_api.create_metadata(
|
||||||
self.user_123['id'], self.tenant_345['id'],
|
self.user_123['id'], self.tenant_345['id'],
|
||||||
dict(roles=[{'id': '234',
|
dict(roles=[{'id': '234',
|
||||||
'name': 'compute:admin'},
|
'name': 'compute:admin'},
|
||||||
|
@ -73,7 +73,7 @@ class CompatTestCase(test.TestCase):
|
||||||
expires='2010-11-01T03:32:15-05:00',
|
expires='2010-11-01T03:32:15-05:00',
|
||||||
user=self.user_123,
|
user=self.user_123,
|
||||||
tenant=self.tenant_345,
|
tenant=self.tenant_345,
|
||||||
extras=self.extras_123))
|
metadata=self.metadata_123))
|
||||||
|
|
||||||
# auth call
|
# auth call
|
||||||
# NOTE(termie): the service catalog in the sample doesn't really have
|
# NOTE(termie): the service catalog in the sample doesn't really have
|
||||||
|
|
Loading…
Reference in New Issue