Clean up the create_arguments_apply methods

replace create_arguments_apply methods by token model way.

bp: removed-as-of-stein
Change-Id: I3239e723981dc7d0a53eb454e879096318f7b11a
This commit is contained in:
wangxiyuan 2018-12-28 16:44:35 +08:00
parent ef87a20212
commit 3db38cabcb
3 changed files with 41 additions and 80 deletions

View File

@ -44,11 +44,36 @@ class Provider(base.Provider):
self.token_formatter = tf.TokenFormatter()
def _determine_payload_class_from_token(self, token):
if token.oauth_scoped:
return tf.OauthScopedPayload
elif token.trust_scoped:
return tf.TrustScopedPayload
elif token.is_federated:
if token.project_scoped:
return tf.FederatedProjectScopedPayload
elif token.domain_scoped:
return tf.FederatedDomainScopedPayload
elif token.unscoped:
return tf.FederatedUnscopedPayload
elif token.application_credential_id:
return tf.ApplicationCredentialScopedPayload
elif token.project_scoped:
return tf.ProjectScopedPayload
elif token.domain_scoped:
return tf.DomainScopedPayload
elif token.system_scoped:
return tf.SystemScopedPayload
else:
return tf.UnscopedPayload
def generate_id_and_issued_at(self, token):
token_payload_class = self._determine_payload_class_from_token(token)
token_id = self.token_formatter.create_token(
token.user_id,
token.expires_at,
token.audit_ids,
token_payload_class,
methods=token.methods,
system=token.system,
domain_id=token.domain_id,

View File

@ -135,23 +135,12 @@ class TokenFormatter(object):
return issued_at
def create_token(self, user_id, expires_at, audit_ids, methods=None,
system=None, domain_id=None, project_id=None,
trust_id=None, federated_group_ids=None,
def create_token(self, user_id, expires_at, audit_ids, payload_class,
methods=None, system=None, domain_id=None,
project_id=None, trust_id=None, federated_group_ids=None,
identity_provider_id=None, protocol_id=None,
access_token_id=None, app_cred_id=None):
"""Given a set of payload attributes, generate a Fernet token."""
for payload_class in PAYLOAD_CLASSES:
if payload_class.create_arguments_apply(
project_id=project_id, domain_id=domain_id,
system=system, trust_id=trust_id,
federated_group_ids=federated_group_ids,
identity_provider_id=identity_provider_id,
protocol_id=protocol_id,
access_token_id=access_token_id,
app_cred_id=app_cred_id):
break
version = payload_class.version
payload = payload_class.assemble(
user_id, methods, system, project_id, domain_id, expires_at,
@ -186,7 +175,7 @@ class TokenFormatter(object):
versioned_payload = msgpack.unpackb(serialized_payload)
version, payload = versioned_payload[0], versioned_payload[1:]
for payload_class in PAYLOAD_CLASSES:
for payload_class in _PAYLOAD_CLASSES:
if version == payload_class.version:
(user_id, methods, system, project_id, domain_id,
expires_at, audit_ids, trust_id, federated_group_ids,
@ -223,17 +212,6 @@ class BasePayload(object):
# each payload variant should have a unique version
version = None
@classmethod
def create_arguments_apply(cls, **kwargs):
"""Check the arguments to see if they apply to this payload variant.
:returns: True if the arguments indicate that this payload class is
needed for the token otherwise returns False.
:rtype: bool
"""
raise NotImplementedError()
@classmethod
def assemble(cls, user_id, methods, system, project_id, domain_id,
expires_at, audit_ids, trust_id, federated_group_ids,
@ -370,10 +348,6 @@ class BasePayload(object):
class UnscopedPayload(BasePayload):
version = 0
@classmethod
def create_arguments_apply(cls, **kwargs):
return True
@classmethod
def assemble(cls, user_id, methods, system, project_id, domain_id,
expires_at, audit_ids, trust_id, federated_group_ids,
@ -412,10 +386,6 @@ class UnscopedPayload(BasePayload):
class DomainScopedPayload(BasePayload):
version = 1
@classmethod
def create_arguments_apply(cls, **kwargs):
return kwargs['domain_id']
@classmethod
def assemble(cls, user_id, methods, system, project_id, domain_id,
expires_at, audit_ids, trust_id, federated_group_ids,
@ -471,10 +441,6 @@ class DomainScopedPayload(BasePayload):
class ProjectScopedPayload(BasePayload):
version = 2
@classmethod
def create_arguments_apply(cls, **kwargs):
return kwargs['project_id']
@classmethod
def assemble(cls, user_id, methods, system, project_id, domain_id,
expires_at, audit_ids, trust_id, federated_group_ids,
@ -516,10 +482,6 @@ class ProjectScopedPayload(BasePayload):
class TrustScopedPayload(BasePayload):
version = 3
@classmethod
def create_arguments_apply(cls, **kwargs):
return kwargs['trust_id']
@classmethod
def assemble(cls, user_id, methods, system, project_id, domain_id,
expires_at, audit_ids, trust_id, federated_group_ids,
@ -564,10 +526,6 @@ class TrustScopedPayload(BasePayload):
class FederatedUnscopedPayload(BasePayload):
version = 4
@classmethod
def create_arguments_apply(cls, **kwargs):
return kwargs['federated_group_ids']
@classmethod
def pack_group_id(cls, group_dict):
return cls.attempt_convert_uuid_hex_to_bytes(group_dict['id'])
@ -678,26 +636,14 @@ class FederatedScopedPayload(FederatedUnscopedPayload):
class FederatedProjectScopedPayload(FederatedScopedPayload):
version = 5
@classmethod
def create_arguments_apply(cls, **kwargs):
return kwargs['project_id'] and kwargs['federated_group_ids']
class FederatedDomainScopedPayload(FederatedScopedPayload):
version = 6
@classmethod
def create_arguments_apply(cls, **kwargs):
return kwargs['domain_id'] and kwargs['federated_group_ids']
class OauthScopedPayload(BasePayload):
version = 7
@classmethod
def create_arguments_apply(cls, **kwargs):
return kwargs['access_token_id']
@classmethod
def assemble(cls, user_id, methods, system, project_id, domain_id,
expires_at, audit_ids, trust_id, federated_group_ids,
@ -745,10 +691,6 @@ class OauthScopedPayload(BasePayload):
class SystemScopedPayload(BasePayload):
version = 8
@classmethod
def create_arguments_apply(cls, **kwargs):
return kwargs['system']
@classmethod
def assemble(cls, user_id, methods, system, project_id, domain_id,
expires_at, audit_ids, trust_id, federated_group_ids,
@ -787,10 +729,6 @@ class SystemScopedPayload(BasePayload):
class ApplicationCredentialScopedPayload(BasePayload):
version = 9
@classmethod
def create_arguments_apply(cls, **kwargs):
return kwargs['app_cred_id']
@classmethod
def assemble(cls, user_id, methods, system, project_id, domain_id,
expires_at, audit_ids, trust_id, federated_group_ids,
@ -833,22 +771,15 @@ class ApplicationCredentialScopedPayload(BasePayload):
app_cred_id)
# For now, the order of the classes in the following list is important. This
# is because the way they test that the payload applies to them in
# the create_arguments_apply method requires that the previous ones rejected
# the payload arguments. For example, UnscopedPayload must be last since it's
# the catch-all after all the other payloads have been checked.
# TODO(blk-u): Clean up the create_arguments_apply methods so that they don't
# depend on the previous classes then these can be in any order.
PAYLOAD_CLASSES = [
OauthScopedPayload,
_PAYLOAD_CLASSES = [
UnscopedPayload,
DomainScopedPayload,
ProjectScopedPayload,
TrustScopedPayload,
FederatedUnscopedPayload,
FederatedProjectScopedPayload,
FederatedDomainScopedPayload,
FederatedUnscopedPayload,
ApplicationCredentialScopedPayload,
ProjectScopedPayload,
DomainScopedPayload,
OauthScopedPayload,
SystemScopedPayload,
UnscopedPayload,
ApplicationCredentialScopedPayload,
]

View File

@ -20,3 +20,8 @@ other:
The ``keystone.conf [DEFAULT] secure_proxy_ssl_header`` configuration
option was slated for removal in Pike and has now officially been removed.
Please use ``oslo.middleware.http_proxy_to_wsgi`` instead.
- >
[`blueprint removed-as-of-stein <https://blueprints.launchpad.net/keystone/+spec/removed-as-of-stein>`_]
The interface ``create_arguments_apply`` in token formatter payload has
been removed. The token payload now doesn't need to be force ordered any
more.