Merge "Trust controller refactoring"

This commit is contained in:
Jenkins 2016-08-17 00:12:21 +00:00 committed by Gerrit Code Review
commit 35ee1a9564
1 changed files with 40 additions and 40 deletions

View File

@ -15,11 +15,11 @@
import uuid import uuid
from oslo_utils import timeutils from oslo_utils import timeutils
import six
from keystone import assignment from keystone import assignment
from keystone.common import controller from keystone.common import controller
from keystone.common import dependency from keystone.common import dependency
from keystone.common import driver_hints
from keystone.common import utils from keystone.common import utils
from keystone.common import validation from keystone.common import validation
from keystone import exception from keystone import exception
@ -51,61 +51,50 @@ class TrustV3(controller.V3Controller):
def get_trust(self, request, trust_id): def get_trust(self, request, trust_id):
trust = self.trust_api.get_trust(trust_id) trust = self.trust_api.get_trust(trust_id)
_trustor_trustee_only(trust, request.context.user_id) _trustor_trustee_only(trust, request.context.user_id)
self._fill_in_roles(request.context_dict, trust, self._fill_in_roles(request.context_dict, trust)
self.role_api.list_roles())
return TrustV3.wrap_member(request.context_dict, trust) return TrustV3.wrap_member(request.context_dict, trust)
def _fill_in_roles(self, context, trust, all_roles): def _fill_in_roles(self, context, trust):
if trust.get('expires_at') is not None: if trust.get('expires_at') is not None:
trust['expires_at'] = (utils.isotime trust['expires_at'] = (utils.isotime
(trust['expires_at'], (trust['expires_at'],
subsecond=True)) subsecond=True))
if 'roles' not in trust:
trust['roles'] = []
trust_full_roles = [] trust_full_roles = []
for trust_role in trust['roles']: for trust_role in trust.get('roles', []):
if isinstance(trust_role, six.string_types): if isinstance(trust_role, dict):
trust_role = {'id': trust_role} trust_role = trust_role['id']
matching_roles = [x for x in all_roles try:
if x['id'] == trust_role['id']] matching_role = self.role_api.get_role(trust_role)
if matching_roles:
full_role = assignment.controllers.RoleV3.wrap_member( full_role = assignment.controllers.RoleV3.wrap_member(
context, matching_roles[0])['role'] context, matching_role)['role']
trust_full_roles.append(full_role) trust_full_roles.append(full_role)
except exception.RoleNotFound:
pass
trust['roles'] = trust_full_roles trust['roles'] = trust_full_roles
trust['roles_links'] = { trust['roles_links'] = {
'self': (self.base_url(context) + "/%s/roles" % trust['id']), 'self': (self.base_url(context) + "/%s/roles" % trust['id']),
'next': None, 'next': None,
'previous': None} 'previous': None}
def _normalize_role_list(self, trust, all_roles): def _normalize_role_list(self, trust_roles):
trust_roles = [] roles = [{'id': role['id']} for role in trust_roles if 'id' in role]
all_role_names = {r['name']: r for r in all_roles} names = [role['name'] for role in trust_roles if 'id' not in role]
for role in trust.get('roles', []): if len(names):
if 'id' in role: # Long way
trust_roles.append({'id': role['id']}) for name in names:
elif 'name' in role: hints = driver_hints.Hints()
rolename = role['name'] hints.add_filter("name", name, case_sensitive=True)
if rolename in all_role_names: found_roles = self.role_api.list_roles(hints)
trust_roles.append({'id': if len(found_roles) == 1:
all_role_names[rolename]['id']}) roles.append({'id': found_roles[0]['id']})
else: else:
raise exception.RoleNotFound(_("role %s is not defined") % raise exception.RoleNotFound(_("role %s is not defined") %
rolename) name)
else: return roles
raise exception.ValidationError(attribute='id or name',
target='roles')
return trust_roles
@controller.protected() def _find_redelegated_trust(self, request):
def create_trust(self, request, trust):
"""Create a new trust.
The user creating the trust must be the trustor.
"""
validation.lazy_validate(schema.trust_create, trust)
# Check if delegated via trust # Check if delegated via trust
if request.context.is_delegated_auth: if request.context.is_delegated_auth:
# Redelegation case # Redelegation case
@ -117,6 +106,17 @@ class TrustV3(controller.V3Controller):
redelegated_trust = self.trust_api.get_trust(src_trust_id) redelegated_trust = self.trust_api.get_trust(src_trust_id)
else: else:
redelegated_trust = None redelegated_trust = None
return redelegated_trust
@controller.protected()
def create_trust(self, request, trust):
"""Create a new trust.
The user creating the trust must be the trustor.
"""
validation.lazy_validate(schema.trust_create, trust)
redelegated_trust = self._find_redelegated_trust(request)
if trust.get('project_id') and not trust.get('roles'): if trust.get('project_id') and not trust.get('roles'):
msg = _('At least one role should be specified.') msg = _('At least one role should be specified.')
@ -130,9 +130,8 @@ class TrustV3(controller.V3Controller):
# ensure trustee exists # ensure trustee exists
self.identity_api.get_user(trust['trustee_user_id']) self.identity_api.get_user(trust['trustee_user_id'])
all_roles = self.role_api.list_roles()
# Normalize roles # Normalize roles
normalized_roles = self._normalize_role_list(trust, all_roles) normalized_roles = self._normalize_role_list(trust.get('roles', []))
trust['roles'] = normalized_roles trust['roles'] = normalized_roles
self._require_trustor_has_role_in_project(trust) self._require_trustor_has_role_in_project(trust)
trust['expires_at'] = self._parse_expiration_date( trust['expires_at'] = self._parse_expiration_date(
@ -143,7 +142,8 @@ class TrustV3(controller.V3Controller):
normalized_roles, normalized_roles,
redelegated_trust, redelegated_trust,
initiator) initiator)
self._fill_in_roles(request.context_dict, new_trust, all_roles)
self._fill_in_roles(request.context_dict, new_trust)
return TrustV3.wrap_member(request.context_dict, new_trust) return TrustV3.wrap_member(request.context_dict, new_trust)
def _get_trustor_roles(self, trust): def _get_trustor_roles(self, trust):