diff --git a/keystone/clean.py b/keystone/clean.py index f7ea210436..8b8f032a1a 100644 --- a/keystone/clean.py +++ b/keystone/clean.py @@ -49,8 +49,8 @@ def domain_name(name): return check_name('Domain', name) -def tenant_name(name): - return check_name('Tenant', name) +def project_name(name): + return check_name('Project', name) def user_name(name): diff --git a/keystone/common/sql/legacy.py b/keystone/common/sql/legacy.py index 31e96e5556..4d74245669 100644 --- a/keystone/common/sql/legacy.py +++ b/keystone/common/sql/legacy.py @@ -59,12 +59,12 @@ class LegacyMigration(object): self.ec2_driver = ec2_sql.Ec2() self._data = {} self._user_map = {} - self._tenant_map = {} + self._project_map = {} self._role_map = {} def migrate_all(self): self._export_legacy_db() - self._migrate_tenants() + self._migrate_projects() self._migrate_users() self._migrate_roles() self._migrate_user_roles() @@ -98,7 +98,7 @@ class LegacyMigration(object): def _export_legacy_db(self): self._data = export_db(self.db) - def _migrate_tenants(self): + def _migrate_projects(self): for x in self._data['tenants']: # map new_dict = {'description': x.get('desc', ''), @@ -106,10 +106,10 @@ class LegacyMigration(object): 'enabled': x.get('enabled', True)} new_dict['name'] = x.get('name', new_dict.get('id')) # track internal ids - self._tenant_map[x.get('id')] = new_dict['id'] + self._project_map[x.get('id')] = new_dict['id'] # create - #print 'create_tenant(%s, %s)' % (new_dict['id'], new_dict) - self.identity_driver.create_tenant(new_dict['id'], new_dict) + #print 'create_project(%s, %s)' % (new_dict['id'], new_dict) + self.identity_driver.create_project(new_dict['id'], new_dict) def _migrate_users(self): for x in self._data['users']: @@ -119,7 +119,7 @@ class LegacyMigration(object): 'id': x.get('uid', x.get('id')), 'enabled': x.get('enabled', True)} if x.get('tenant_id'): - new_dict['tenant_id'] = self._tenant_map.get(x['tenant_id']) + new_dict['tenant_id'] = self._project_map.get(x['tenant_id']) new_dict['name'] = x.get('name', new_dict.get('id')) # track internal ids self._user_map[x.get('id')] = new_dict['id'] @@ -127,8 +127,9 @@ class LegacyMigration(object): #print 'create_user(%s, %s)' % (new_dict['id'], new_dict) self.identity_driver.create_user(new_dict['id'], new_dict) if new_dict.get('tenant_id'): - self.identity_driver.add_user_to_tenant(new_dict['tenant_id'], - new_dict['id']) + self.identity_driver.add_user_to_project( + new_dict['tenant_id'], + new_dict['id']) def _migrate_roles(self): for x in self._data['roles']: @@ -148,15 +149,15 @@ class LegacyMigration(object): or not x.get('role_id')): continue user_id = self._user_map[x['user_id']] - tenant_id = self._tenant_map[x['tenant_id']] + tenant_id = self._project_map[x['tenant_id']] role_id = self._role_map[x['role_id']] try: - self.identity_driver.add_user_to_tenant(tenant_id, user_id) + self.identity_driver.add_user_to_project(tenant_id, user_id) except Exception: pass - self.identity_driver.add_role_to_user_and_tenant( + self.identity_driver.add_role_to_user_and_project( user_id, tenant_id, role_id) def _migrate_tokens(self): diff --git a/keystone/common/sql/nova.py b/keystone/common/sql/nova.py index 48cb8a56a1..c7fc472562 100644 --- a/keystone/common/sql/nova.py +++ b/keystone/common/sql/nova.py @@ -28,7 +28,7 @@ LOG = logging.getLogger(__name__) def import_auth(data): identity_api = identity_sql.Identity() - tenant_map = _create_tenants(identity_api, data['tenants']) + tenant_map = _create_projects(identity_api, data['tenants']) user_map = _create_users(identity_api, data['users']) _create_memberships(identity_api, data['user_tenant_list'], user_map, tenant_map) @@ -45,7 +45,7 @@ def _generate_uuid(): return uuid.uuid4().hex -def _create_tenants(api, tenants): +def _create_projects(api, tenants): tenant_map = {} for tenant in tenants: tenant_dict = { @@ -56,7 +56,7 @@ def _create_tenants(api, tenants): } tenant_map[tenant['id']] = tenant_dict['id'] LOG.debug(_('Create tenant %s') % tenant_dict) - api.create_tenant(tenant_dict['id'], tenant_dict) + api.create_project(tenant_dict['id'], tenant_dict) return tenant_map @@ -81,7 +81,7 @@ def _create_memberships(api, memberships, user_map, tenant_map): user_id = user_map[membership['user_id']] tenant_id = tenant_map[membership['tenant_id']] LOG.debug(_('Add user %s to tenant %s') % (user_id, tenant_id)) - api.add_user_to_tenant(tenant_id, user_id) + api.add_user_to_project(tenant_id, user_id) def _create_roles(api, roles): @@ -107,13 +107,13 @@ def _assign_roles(api, assignments, role_map, user_map, tenant_map): tenant_id = tenant_map[assignment['tenant_id']] LOG.debug(_('Assign role %s to user %s on tenant %s') % (role_id, user_id, tenant_id)) - api.add_role_to_user_and_tenant(user_id, tenant_id, role_id) + api.add_role_to_user_and_project(user_id, tenant_id, role_id) def _create_ec2_creds(ec2_api, identity_api, ec2_creds, user_map): for ec2_cred in ec2_creds: user_id = user_map[ec2_cred['user_id']] - for tenant_id in identity_api.get_tenants_for_user(user_id): + for tenant_id in identity_api.get_projects_for_user(user_id): cred_dict = { 'access': '%s:%s' % (tenant_id, ec2_cred['access_key']), 'secret': ec2_cred['secret_key'], diff --git a/keystone/contrib/admin_crud/core.py b/keystone/contrib/admin_crud/core.py index a5cfe392ca..c06afcf7fe 100644 --- a/keystone/contrib/admin_crud/core.py +++ b/keystone/contrib/admin_crud/core.py @@ -36,22 +36,22 @@ class CrudExtension(wsgi.ExtensionRouter): mapper.connect( '/tenants', controller=tenant_controller, - action='create_tenant', + action='create_project', conditions=dict(method=['POST'])) mapper.connect( '/tenants/{tenant_id}', controller=tenant_controller, - action='update_tenant', + action='update_project', conditions=dict(method=['PUT', 'POST'])) mapper.connect( '/tenants/{tenant_id}', controller=tenant_controller, - action='delete_tenant', + action='delete_project', conditions=dict(method=['DELETE'])) mapper.connect( '/tenants/{tenant_id}/users', controller=tenant_controller, - action='get_tenant_users', + action='get_project_users', conditions=dict(method=['GET'])) # User Operations @@ -93,12 +93,12 @@ class CrudExtension(wsgi.ExtensionRouter): mapper.connect( '/users/{user_id}/tenant', controller=user_controller, - action='update_user_tenant', + action='update_user_project', conditions=dict(method=['PUT'])) mapper.connect( '/users/{user_id}/OS-KSADM/tenant', controller=user_controller, - action='update_user_tenant', + action='update_user_project', conditions=dict(method=['PUT'])) # COMPAT(diablo): the copy with no OS-KSADM is from diablo diff --git a/keystone/contrib/ec2/core.py b/keystone/contrib/ec2/core.py index 94e51a2208..a03116b9a5 100644 --- a/keystone/contrib/ec2/core.py +++ b/keystone/contrib/ec2/core.py @@ -150,7 +150,7 @@ class Ec2Controller(controller.V2Controller): # TODO(termie): don't create new tokens every time # TODO(termie): this is copied from TokenController.authenticate token_id = uuid.uuid4().hex - tenant_ref = self.identity_api.get_tenant( + tenant_ref = self.identity_api.get_project( context=context, tenant_id=creds_ref['tenant_id']) user_ref = self.identity_api.get_user( @@ -203,7 +203,7 @@ class Ec2Controller(controller.V2Controller): self._assert_identity(context, user_id) self._assert_valid_user_id(context, user_id) - self._assert_valid_tenant_id(context, tenant_id) + self._assert_valid_project_id(context, tenant_id) cred_ref = {'user_id': user_id, 'tenant_id': tenant_id, @@ -330,7 +330,7 @@ class Ec2Controller(controller.V2Controller): if not user_ref: raise exception.UserNotFound(user_id=user_id) - def _assert_valid_tenant_id(self, context, tenant_id): + def _assert_valid_project_id(self, context, tenant_id): """Ensure a valid tenant id. :param context: standard context @@ -338,7 +338,7 @@ class Ec2Controller(controller.V2Controller): :raises exception.ProjectNotFound: on failure """ - tenant_ref = self.identity_api.get_tenant( + tenant_ref = self.identity_api.get_project( context=context, tenant_id=tenant_id) if not tenant_ref: diff --git a/keystone/identity/backends/kvs.py b/keystone/identity/backends/kvs.py index 674d24ca79..64e9e1775f 100644 --- a/keystone/identity/backends/kvs.py +++ b/keystone/identity/backends/kvs.py @@ -43,11 +43,11 @@ class Identity(kvs.Base, identity.Driver): raise AssertionError('Invalid user / password') if tenant_id is not None: - if tenant_id not in self.get_tenants_for_user(user_id): + if tenant_id not in self.get_projects_for_user(user_id): raise AssertionError('Invalid tenant') try: - tenant_ref = self.get_tenant(tenant_id) + tenant_ref = self.get_project(tenant_id) metadata_ref = self.get_metadata(user_id, tenant_id) except exception.ProjectNotFound: tenant_ref = None @@ -57,24 +57,24 @@ class Identity(kvs.Base, identity.Driver): return (identity.filter_user(user_ref), tenant_ref, metadata_ref) - def get_tenant(self, tenant_id): + def get_project(self, tenant_id): try: return self.db.get('tenant-%s' % tenant_id) except exception.NotFound: raise exception.ProjectNotFound(project_id=tenant_id) - def get_tenants(self): + def get_projects(self): tenant_keys = filter(lambda x: x.startswith("tenant-"), self.db.keys()) return [self.db.get(key) for key in tenant_keys] - def get_tenant_by_name(self, tenant_name): + def get_project_by_name(self, tenant_name): try: return self.db.get('tenant_name-%s' % tenant_name) except exception.NotFound: raise exception.ProjectNotFound(project_id=tenant_name) - def get_tenant_users(self, tenant_id): - self.get_tenant(tenant_id) + def get_project_users(self, tenant_id): + self.get_project(tenant_id) user_keys = filter(lambda x: x.startswith("user-"), self.db.keys()) user_refs = [self.db.get(key) for key in user_keys] return filter(lambda x: tenant_id in x['tenants'], user_refs) @@ -122,15 +122,15 @@ class Identity(kvs.Base, identity.Driver): return [self.get_role(x) for x in role_ids] # These should probably be part of the high-level API - def add_user_to_tenant(self, tenant_id, user_id): - self.get_tenant(tenant_id) + def add_user_to_project(self, tenant_id, user_id): + self.get_project(tenant_id) user_ref = self._get_user(user_id) tenants = set(user_ref.get('tenants', [])) tenants.add(tenant_id) self.update_user(user_id, {'tenants': list(tenants)}) - def remove_user_from_tenant(self, tenant_id, user_id): - self.get_tenant(tenant_id) + def remove_user_from_project(self, tenant_id, user_id): + self.get_project(tenant_id) user_ref = self._get_user(user_id) tenants = set(user_ref.get('tenants', [])) try: @@ -139,22 +139,22 @@ class Identity(kvs.Base, identity.Driver): raise exception.NotFound('User not found in tenant') self.update_user(user_id, {'tenants': list(tenants)}) - def get_tenants_for_user(self, user_id): + def get_projects_for_user(self, user_id): user_ref = self._get_user(user_id) return user_ref.get('tenants', []) - def get_roles_for_user_and_tenant(self, user_id, tenant_id): + def get_roles_for_user_and_project(self, user_id, tenant_id): self.get_user(user_id) - self.get_tenant(tenant_id) + self.get_project(tenant_id) try: metadata_ref = self.get_metadata(user_id, tenant_id) except exception.MetadataNotFound: metadata_ref = {} return metadata_ref.get('roles', []) - def add_role_to_user_and_tenant(self, user_id, tenant_id, role_id): + def add_role_to_user_and_project(self, user_id, tenant_id, role_id): self.get_user(user_id) - self.get_tenant(tenant_id) + self.get_project(tenant_id) self.get_role(role_id) try: metadata_ref = self.get_metadata(user_id, tenant_id) @@ -169,7 +169,7 @@ class Identity(kvs.Base, identity.Driver): metadata_ref['roles'] = list(roles) self.update_metadata(user_id, tenant_id, metadata_ref) - def remove_role_from_user_and_tenant(self, user_id, tenant_id, role_id): + def remove_role_from_user_and_project(self, user_id, tenant_id, role_id): try: metadata_ref = self.get_metadata(user_id, tenant_id) except exception.MetadataNotFound: @@ -283,10 +283,10 @@ class Identity(kvs.Base, identity.Driver): user_list.remove(user_id) self.db.set('user_list', list(user_list)) - def create_tenant(self, tenant_id, tenant): - tenant['name'] = clean.tenant_name(tenant['name']) + def create_project(self, tenant_id, tenant): + tenant['name'] = clean.project_name(tenant['name']) try: - self.get_tenant(tenant_id) + self.get_project(tenant_id) except exception.ProjectNotFound: pass else: @@ -294,7 +294,7 @@ class Identity(kvs.Base, identity.Driver): raise exception.Conflict(type='tenant', details=msg) try: - self.get_tenant_by_name(tenant['name']) + self.get_project_by_name(tenant['name']) except exception.ProjectNotFound: pass else: @@ -305,9 +305,9 @@ class Identity(kvs.Base, identity.Driver): self.db.set('tenant_name-%s' % tenant['name'], tenant) return tenant - def update_tenant(self, tenant_id, tenant): + def update_project(self, tenant_id, tenant): if 'name' in tenant: - tenant['name'] = clean.tenant_name(tenant['name']) + tenant['name'] = clean.project_name(tenant['name']) try: existing = self.db.get('tenant_name-%s' % tenant['name']) if existing and tenant_id != existing['id']: @@ -317,23 +317,23 @@ class Identity(kvs.Base, identity.Driver): pass # get the old name and delete it too try: - old_tenant = self.db.get('tenant-%s' % tenant_id) + old_project = self.db.get('tenant-%s' % tenant_id) except exception.NotFound: raise exception.ProjectNotFound(project_id=tenant_id) - new_tenant = old_tenant.copy() - new_tenant.update(tenant) - new_tenant['id'] = tenant_id - self.db.delete('tenant_name-%s' % old_tenant['name']) - self.db.set('tenant-%s' % tenant_id, new_tenant) - self.db.set('tenant_name-%s' % new_tenant['name'], new_tenant) - return new_tenant + new_project = old_project.copy() + new_project.update(tenant) + new_project['id'] = tenant_id + self.db.delete('tenant_name-%s' % old_project['name']) + self.db.set('tenant-%s' % tenant_id, new_project) + self.db.set('tenant_name-%s' % new_project['name'], new_project) + return new_project - def delete_tenant(self, tenant_id): + def delete_project(self, tenant_id): try: - old_tenant = self.db.get('tenant-%s' % tenant_id) + old_project = self.db.get('tenant-%s' % tenant_id) except exception.NotFound: raise exception.ProjectNotFound(project_id=tenant_id) - self.db.delete('tenant_name-%s' % old_tenant['name']) + self.db.delete('tenant_name-%s' % old_project['name']) self.db.delete('tenant-%s' % tenant_id) def create_metadata(self, user_id, tenant_id, metadata, @@ -396,9 +396,9 @@ class Identity(kvs.Base, identity.Driver): tenant_id = key.split('-')[1] user_id = key.split('-')[2] try: - self.remove_role_from_user_and_tenant(user_id, - tenant_id, - role_id) + self.remove_role_from_user_and_project(user_id, + tenant_id, + role_id) except exception.RoleNotFound: pass except exception.NotFound: @@ -418,7 +418,7 @@ class Identity(kvs.Base, identity.Driver): if domain_id: self.get_domain(domain_id) if project_id: - self.get_tenant(project_id) + self.get_project(project_id) try: metadata_ref = self.get_metadata(user_id, project_id, @@ -440,7 +440,7 @@ class Identity(kvs.Base, identity.Driver): if domain_id: self.get_domain(domain_id) if project_id: - self.get_tenant(project_id) + self.get_project(project_id) try: metadata_ref = self.get_metadata(user_id, project_id, @@ -459,7 +459,7 @@ class Identity(kvs.Base, identity.Driver): if domain_id: self.get_domain(domain_id) if project_id: - self.get_tenant(project_id) + self.get_project(project_id) try: metadata_ref = self.get_metadata(user_id, project_id, @@ -481,7 +481,7 @@ class Identity(kvs.Base, identity.Driver): if domain_id: self.get_domain(domain_id) if project_id: - self.get_tenant(project_id) + self.get_project(project_id) try: metadata_ref = self.get_metadata(user_id, project_id, diff --git a/keystone/identity/backends/ldap/core.py b/keystone/identity/backends/ldap/core.py index 0d4a54c1d0..ca2177b719 100644 --- a/keystone/identity/backends/ldap/core.py +++ b/keystone/identity/backends/ldap/core.py @@ -41,7 +41,7 @@ class Identity(identity.Driver): self.suffix = CONF.ldap.suffix self.user = UserApi(CONF) - self.tenant = ProjectApi(CONF) + self.project = ProjectApi(CONF) self.role = RoleApi(CONF) self.group = GroupApi(CONF) @@ -81,11 +81,11 @@ class Identity(identity.Driver): raise AssertionError('Invalid user / password') if tenant_id is not None: - if tenant_id not in self.get_tenants_for_user(user_id): + if tenant_id not in self.get_projects_for_user(user_id): raise AssertionError('Invalid tenant') try: - tenant_ref = self.get_tenant(tenant_id) + tenant_ref = self.get_project(tenant_id) # TODO(termie): this should probably be made into a # get roles call metadata_ref = self.get_metadata(user_id, tenant_id) @@ -97,18 +97,18 @@ class Identity(identity.Driver): return (identity.filter_user(user_ref), tenant_ref, metadata_ref) - def get_tenant(self, tenant_id): + def get_project(self, tenant_id): try: - return self.tenant.get(tenant_id) + return self.project.get(tenant_id) except exception.NotFound: raise exception.ProjectNotFound(project_id=tenant_id) - def get_tenants(self): - return self.tenant.get_all() + def get_projects(self): + return self.project.get_all() - def get_tenant_by_name(self, tenant_name): + def get_project_by_name(self, tenant_name): try: - return self.tenant.get_by_name(tenant_name) + return self.project.get_by_name(tenant_name) except exception.NotFound: raise exception.ProjectNotFound(project_id=tenant_name) @@ -131,10 +131,10 @@ class Identity(identity.Driver): raise exception.UserNotFound(user_id=user_name) def get_metadata(self, user_id, tenant_id): - if not self.get_tenant(tenant_id) or not self.get_user(user_id): + if not self.get_project(tenant_id) or not self.get_user(user_id): return {} - metadata_ref = self.get_roles_for_user_and_tenant(user_id, tenant_id) + metadata_ref = self.get_roles_for_user_and_project(user_id, tenant_id) if not metadata_ref: return {} return {'roles': metadata_ref} @@ -149,30 +149,28 @@ class Identity(identity.Driver): return self.role.get_all() # These should probably be part of the high-level API - # When this happens, then change TenantAPI.add_user to not ignore - # ldap.TYPE_OR_VALUE_EXISTS - def add_user_to_tenant(self, tenant_id, user_id): - self.get_tenant(tenant_id) + def add_user_to_project(self, tenant_id, user_id): + self.get_project(tenant_id) self.get_user(user_id) - return self.tenant.add_user(tenant_id, user_id) + return self.project.add_user(tenant_id, user_id) - def get_tenants_for_user(self, user_id): + def get_projects_for_user(self, user_id): self.get_user(user_id) tenant_list = [] - for tenant in self.tenant.get_user_tenants(user_id): + for tenant in self.project.get_user_projects(user_id): tenant_list.append(tenant['id']) return tenant_list - def get_tenant_users(self, tenant_id): - self.get_tenant(tenant_id) + def get_project_users(self, tenant_id): + self.get_project(tenant_id) user_list = [] - for user in self.tenant.get_users(tenant_id): + for user in self.project.get_users(tenant_id): user_list.append(user) return user_list - def get_roles_for_user_and_tenant(self, user_id, tenant_id): + def get_roles_for_user_and_project(self, user_id, tenant_id): self.get_user(user_id) - self.get_tenant(tenant_id) + self.get_project(tenant_id) assignments = self.role.get_role_assignments(tenant_id) roles = [] for assignment in assignments: @@ -180,9 +178,9 @@ class Identity(identity.Driver): roles.append(assignment.role_id) return roles - def add_role_to_user_and_tenant(self, user_id, tenant_id, role_id): + def add_role_to_user_and_project(self, user_id, tenant_id, role_id): self.get_user(user_id) - self.get_tenant(tenant_id) + self.get_project(tenant_id) self.get_role(role_id) self.role.add_user(role_id, user_id, tenant_id) @@ -196,17 +194,17 @@ class Identity(identity.Driver): user['name'] = clean.user_name(user['name']) return self.user.update(user_id, user) - def create_tenant(self, tenant_id, tenant): - tenant['name'] = clean.tenant_name(tenant['name']) + def create_project(self, tenant_id, tenant): + tenant['name'] = clean.project_name(tenant['name']) data = tenant.copy() if 'id' not in data or data['id'] is None: data['id'] = str(uuid.uuid4().hex) - return self.tenant.create(tenant) + return self.project.create(tenant) - def update_tenant(self, tenant_id, tenant): + def update_project(self, tenant_id, tenant): if 'name' in tenant: - tenant['name'] = clean.tenant_name(tenant['name']) - return self.tenant.update(tenant_id, tenant) + tenant['name'] = clean.project_name(tenant['name']) + return self.project.update(tenant_id, tenant) def create_metadata(self, user_id, tenant_id, metadata): return {} @@ -236,9 +234,9 @@ class Identity(identity.Driver): except ldap.NO_SUCH_OBJECT: raise exception.RoleNotFound(role_id=role_id) - def delete_tenant(self, tenant_id): + def delete_project(self, tenant_id): try: - return self.tenant.delete(tenant_id) + return self.project.delete(tenant_id) except ldap.NO_SUCH_OBJECT: raise exception.ProjectNotFound(project_id=tenant_id) @@ -248,13 +246,13 @@ class Identity(identity.Driver): except ldap.NO_SUCH_OBJECT: raise exception.UserNotFound(user_id=user_id) - def remove_role_from_user_and_tenant(self, user_id, tenant_id, role_id): + def remove_role_from_user_and_project(self, user_id, tenant_id, role_id): return self.role.delete_user(role_id, user_id, tenant_id) - def remove_user_from_tenant(self, tenant_id, user_id): + def remove_user_from_project(self, tenant_id, user_id): self.get_user(user_id) - self.get_tenant(tenant_id) - return self.tenant.remove_user(tenant_id, user_id) + self.get_project(tenant_id) + return self.project.remove_user(tenant_id, user_id) def update_role(self, role_id, role): self.get_role(role_id) @@ -291,7 +289,7 @@ class ApiShim(object): """ _role = None - _tenant = None + _project = None _user = None _group = None @@ -305,10 +303,10 @@ class ApiShim(object): return self._role @property - def tenant(self): - if not self._tenant: - self._tenant = ProjectApi(self.conf) - return self._tenant + def project(self): + if not self._project: + self._project = ProjectApi(self.conf) + return self._project @property def user(self): @@ -333,7 +331,7 @@ class ApiShimMixin(object): @property def project_api(self): - return self.api.tenant + return self.api.project @property def user_api(self): @@ -425,15 +423,15 @@ class UserApi(common_ldap.BaseLdap, ApiShimMixin): if old_obj.get('name') != values['name']: raise exception.Conflict('Cannot change user name') try: - new_tenant = values['tenant_id'] + new_project = values['tenant_id'] except KeyError: pass else: - if old_obj.get('tenant_id') != new_tenant: + if old_obj.get('tenant_id') != new_project: if old_obj['tenant_id']: self.project_api.remove_user(old_obj['tenant_id'], id) - if new_tenant: - self.project_api.add_user(new_tenant, id) + if new_project: + self.project_api.add_user(new_project, id) values = utils.hash_ldap_user_password(values) if self.enabled_mask: @@ -451,7 +449,7 @@ class UserApi(common_ldap.BaseLdap, ApiShimMixin): for ref in self.role_api.list_global_roles_for_user(id): self.role_api.rolegrant_delete(ref.id) - for ref in self.role_api.list_tenant_roles_for_user(id): + for ref in self.role_api.list_project_roles_for_user(id): self.role_api.rolegrant_delete(ref.id) def get_by_email(self, email): @@ -463,10 +461,10 @@ class UserApi(common_ldap.BaseLdap, ApiShimMixin): except IndexError: return None - def user_roles_by_tenant(self, user_id, tenant_id): - return self.role_api.list_tenant_roles_for_user(user_id, tenant_id) + def user_roles_by_project(self, user_id, tenant_id): + return self.role_api.list_project_roles_for_user(user_id, tenant_id) - def get_by_tenant(self, user_id, tenant_id): + def get_by_project(self, user_id, tenant_id): user_dn = self._id_to_dn(user_id) user = self.get(user_id) tenant = self.project_api._ldap_get(tenant_id, @@ -474,7 +472,7 @@ class UserApi(common_ldap.BaseLdap, ApiShimMixin): if tenant is not None: return user else: - if self.role_api.list_tenant_roles_for_user(user_id, tenant_id): + if self.role_api.list_project_roles_for_user(user_id, tenant_id): return user return None @@ -488,13 +486,13 @@ class UserApi(common_ldap.BaseLdap, ApiShimMixin): def users_get_page_markers(self, marker, limit): return self.get_page_markers(marker, limit) - def users_get_by_tenant_get_page(self, tenant_id, role_id, marker, limit): + def users_get_by_project_get_page(self, tenant_id, role_id, marker, limit): return self._get_page(marker, limit, self.project_api.get_users(tenant_id, role_id)) - def users_get_by_tenant_get_page_markers(self, tenant_id, role_id, marker, - limit): + def users_get_by_project_get_page_markers(self, tenant_id, role_id, + marker, limit): return self._get_page_markers( marker, limit, self.project_api.get_users(tenant_id, role_id)) @@ -553,7 +551,7 @@ class ProjectApi(common_ldap.BaseLdap, ApiShimMixin): data['id'] = uuid.uuid4().hex return super(ProjectApi, self).create(data) - def get_user_tenants(self, user_id): + def get_user_projects(self, user_id): """Returns list of tenants a user has access to Always includes default tenants. @@ -564,11 +562,13 @@ class ProjectApi(common_ldap.BaseLdap, ApiShimMixin): return memberships def list_for_user_get_page(self, user, marker, limit): - return self._get_page(marker, limit, self.get_user_tenants(user['id'])) + return self._get_page(marker, + limit, + self.get_user_projects(user['id'])) def list_for_user_get_page_markers(self, user, marker, limit): return self._get_page_markers( - marker, limit, self.get_user_tenants(user['id'])) + marker, limit, self.get_user_projects(user['id'])) def is_empty(self, id): tenant = self._ldap_get(id) @@ -627,7 +627,7 @@ class ProjectApi(common_ldap.BaseLdap, ApiShimMixin): if self.subtree_delete_enabled: super(ProjectApi, self).deleteTree(id) else: - self.role_api.roles_delete_subtree_by_tenant(id) + self.role_api.roles_delete_subtree_by_project(id) super(ProjectApi, self).delete(id) def update(self, id, values): @@ -648,7 +648,7 @@ class UserRoleAssociation(object): *args, **kw): self.user_id = str(user_id) self.role_id = role_id - self.tenant_id = str(tenant_id) + self.project_id = str(tenant_id) class GroupRoleAssociation(object): @@ -658,7 +658,7 @@ class GroupRoleAssociation(object): *args, **kw): self.group_id = str(group_id) self.role_id = role_id - self.tenant_id = str(tenant_id) + self.project_id = str(tenant_id) # TODO(termie): turn this into a data object and move logic to driver @@ -698,12 +698,12 @@ class RoleApi(common_ldap.BaseLdap, ApiShimMixin): def _explode_ref(rolegrant): a = rolegrant.split('-', 2) len_role = int(a[0]) - len_tenant = int(a[1]) + len_project = int(a[1]) role_id = a[2][:len_role] role_id = None if len(role_id) == 0 else str(role_id) - tenant_id = a[2][len_role:len_tenant + len_role] + tenant_id = a[2][len_role:len_project + len_role] tenant_id = None if len(tenant_id) == 0 else str(tenant_id) - user_id = a[2][len_tenant + len_role:] + user_id = a[2][len_project + len_role:] user_id = None if len(user_id) == 0 else str(user_id) return role_id, tenant_id, user_id @@ -837,7 +837,7 @@ class RoleApi(common_ldap.BaseLdap, ApiShimMixin): role_id=role.id, user_id=user_id) for role in roles] - def list_tenant_roles_for_user(self, user_id, tenant_id=None): + def list_project_roles_for_user(self, user_id, tenant_id=None): conn = self.get_connection() user_dn = self.user_api._id_to_dn(user_id) query = '(&(objectClass=%s)(%s=%s))' % (self.object_class, @@ -912,8 +912,8 @@ class RoleApi(common_ldap.BaseLdap, ApiShimMixin): all_roles += self.list_global_roles_for_user(user_id) else: for tenant in self.project_api.get_all(): - all_roles += self.list_tenant_roles_for_user(user_id, - tenant['id']) + all_roles += self.list_project_roles_for_user(user_id, + tenant['id']) return self._get_page(marker, limit, all_roles) def rolegrant_get_page_markers(self, user_id, tenant_id, marker, limit): @@ -922,8 +922,8 @@ class RoleApi(common_ldap.BaseLdap, ApiShimMixin): all_roles = self.list_global_roles_for_user(user_id) else: for tenant in self.project_api.get_all(): - all_roles += self.list_tenant_roles_for_user(user_id, - tenant['id']) + all_roles += self.list_project_roles_for_user(user_id, + tenant['id']) return self._get_page_markers(marker, limit, all_roles) def get_by_service_get_page(self, service_id, marker, limit): @@ -965,7 +965,7 @@ class RoleApi(common_ldap.BaseLdap, ApiShimMixin): tenant_id=tenant_id)) return res - def roles_delete_subtree_by_tenant(self, tenant_id): + def roles_delete_subtree_by_project(self, tenant_id): conn = self.get_connection() query = '(objectClass=%s)' % self.object_class tenant_dn = self.project_api._id_to_dn(tenant_id) diff --git a/keystone/identity/backends/pam.py b/keystone/identity/backends/pam.py index ccd3084f39..bc34542489 100644 --- a/keystone/identity/backends/pam.py +++ b/keystone/identity/backends/pam.py @@ -71,10 +71,10 @@ class PamIdentity(identity.Driver): return (user, tenant, metadata) - def get_tenant(self, tenant_id): + def get_project(self, tenant_id): return {'id': tenant_id, 'name': tenant_id} - def get_tenant_by_name(self, tenant_name): + def get_project_by_name(self, tenant_name): return {'id': tenant_name, 'name': tenant_name} def get_user(self, user_id): @@ -92,25 +92,25 @@ class PamIdentity(identity.Driver): def list_roles(self): raise NotImplementedError() - def add_user_to_tenant(self, tenant_id, user_id): + def add_user_to_project(self, tenant_id, user_id): pass - def remove_user_from_tenant(self, tenant_id, user_id): + def remove_user_from_project(self, tenant_id, user_id): pass - def get_all_tenants(self): + def get_all_projects(self): raise NotImplementedError() - def get_tenants_for_user(self, user_id): + def get_projects_for_user(self, user_id): return [user_id] - def get_roles_for_user_and_tenant(self, user_id, tenant_id): + def get_roles_for_user_and_project(self, user_id, tenant_id): raise NotImplementedError() - def add_role_to_user_and_tenant(self, user_id, tenant_id, role_id): + def add_role_to_user_and_project(self, user_id, tenant_id, role_id): raise NotImplementedError() - def remove_role_from_user_and_tenant(self, user_id, tenant_id, role_id): + def remove_role_from_user_and_project(self, user_id, tenant_id, role_id): raise NotImplementedError() def create_user(self, user_id, user): @@ -122,13 +122,13 @@ class PamIdentity(identity.Driver): def delete_user(self, user_id): raise NotImplementedError() - def create_tenant(self, tenant_id, tenant): + def create_project(self, tenant_id, tenant): raise NotImplementedError() - def update_tenant(self, tenant_id, tenant): + def update_project(self, tenant_id, tenant): raise NotImplementedError() - def delete_tenant(self, tenant_id, tenant): + def delete_project(self, tenant_id, tenant): raise NotImplementedError() def get_metadata(self, user_id, tenant_id): diff --git a/keystone/identity/backends/sql.py b/keystone/identity/backends/sql.py index 6f4e9897e2..7ce423516c 100644 --- a/keystone/identity/backends/sql.py +++ b/keystone/identity/backends/sql.py @@ -200,11 +200,11 @@ class Identity(sql.Base, identity.Driver): raise AssertionError('Invalid user / password') if tenant_id is not None: - if tenant_id not in self.get_tenants_for_user(user_id): + if tenant_id not in self.get_projects_for_user(user_id): raise AssertionError('Invalid tenant') try: - tenant_ref = self.get_tenant(tenant_id) + tenant_ref = self.get_project(tenant_id) metadata_ref = self.get_metadata(user_id, tenant_id) except exception.ProjectNotFound: tenant_ref = None @@ -214,23 +214,23 @@ class Identity(sql.Base, identity.Driver): return (identity.filter_user(user_ref), tenant_ref, metadata_ref) - def get_tenant(self, tenant_id): + def get_project(self, tenant_id): session = self.get_session() tenant_ref = session.query(Project).filter_by(id=tenant_id).first() if tenant_ref is None: raise exception.ProjectNotFound(project_id=tenant_id) return tenant_ref.to_dict() - def get_tenant_by_name(self, tenant_name): + def get_project_by_name(self, tenant_name): session = self.get_session() tenant_ref = session.query(Project).filter_by(name=tenant_name).first() if not tenant_ref: raise exception.ProjectNotFound(project_id=tenant_name) return tenant_ref.to_dict() - def get_tenant_users(self, tenant_id): + def get_project_users(self, tenant_id): session = self.get_session() - self.get_tenant(tenant_id) + self.get_project(tenant_id) query = session.query(User) query = query.join(UserProjectMembership) query = query.filter(UserProjectMembership.tenant_id == tenant_id) @@ -274,7 +274,7 @@ class Identity(sql.Base, identity.Driver): if domain_id: self.get_domain(domain_id) if project_id: - self.get_tenant(project_id) + self.get_project(project_id) try: metadata_ref = self.get_metadata(user_id, project_id, @@ -302,7 +302,7 @@ class Identity(sql.Base, identity.Driver): if domain_id: self.get_domain(domain_id) if project_id: - self.get_tenant(project_id) + self.get_project(project_id) try: metadata_ref = self.get_metadata(user_id, project_id, @@ -321,7 +321,7 @@ class Identity(sql.Base, identity.Driver): if domain_id: self.get_domain(domain_id) if project_id: - self.get_tenant(project_id) + self.get_project(project_id) try: metadata_ref = self.get_metadata(user_id, project_id, @@ -343,7 +343,7 @@ class Identity(sql.Base, identity.Driver): if domain_id: self.get_domain(domain_id) if project_id: - self.get_tenant(project_id) + self.get_project(project_id) try: metadata_ref = self.get_metadata(user_id, project_id, @@ -366,9 +366,9 @@ class Identity(sql.Base, identity.Driver): domain_id, group_id) # These should probably be part of the high-level API - def add_user_to_tenant(self, tenant_id, user_id): + def add_user_to_project(self, tenant_id, user_id): session = self.get_session() - self.get_tenant(tenant_id) + self.get_project(tenant_id) self.get_user(user_id) query = session.query(UserProjectMembership) query = query.filter_by(user_id=user_id) @@ -382,9 +382,9 @@ class Identity(sql.Base, identity.Driver): tenant_id=tenant_id)) session.flush() - def remove_user_from_tenant(self, tenant_id, user_id): + def remove_user_from_project(self, tenant_id, user_id): session = self.get_session() - self.get_tenant(tenant_id) + self.get_project(tenant_id) self.get_user(user_id) query = session.query(UserProjectMembership) query = query.filter_by(user_id=user_id) @@ -396,12 +396,15 @@ class Identity(sql.Base, identity.Driver): session.delete(membership_ref) session.flush() - def get_tenants(self): + def get_projects(self): session = self.get_session() tenant_refs = session.query(Project).all() return [tenant_ref.to_dict() for tenant_ref in tenant_refs] - def get_tenants_for_user(self, user_id): + def list_projects(self): + return self.get_projects() + + def get_projects_for_user(self, user_id): session = self.get_session() self.get_user(user_id) query = session.query(UserProjectMembership) @@ -409,18 +412,18 @@ class Identity(sql.Base, identity.Driver): membership_refs = query.all() return [x.tenant_id for x in membership_refs] - def get_roles_for_user_and_tenant(self, user_id, tenant_id): + def get_roles_for_user_and_project(self, user_id, tenant_id): self.get_user(user_id) - self.get_tenant(tenant_id) + self.get_project(tenant_id) try: metadata_ref = self.get_metadata(user_id, tenant_id) except exception.MetadataNotFound: metadata_ref = {} return metadata_ref.get('roles', []) - def add_role_to_user_and_tenant(self, user_id, tenant_id, role_id): + def add_role_to_user_and_project(self, user_id, tenant_id, role_id): self.get_user(user_id) - self.get_tenant(tenant_id) + self.get_project(tenant_id) self.get_role(role_id) try: metadata_ref = self.get_metadata(user_id, tenant_id) @@ -440,7 +443,7 @@ class Identity(sql.Base, identity.Driver): else: self.update_metadata(user_id, tenant_id, metadata_ref) - def remove_role_from_user_and_tenant(self, user_id, tenant_id, role_id): + def remove_role_from_user_and_project(self, user_id, tenant_id, role_id): try: metadata_ref = self.get_metadata(user_id, tenant_id) is_new = False @@ -460,9 +463,9 @@ class Identity(sql.Base, identity.Driver): self.update_metadata(user_id, tenant_id, metadata_ref) # CRUD - @handle_conflicts(type='tenant') - def create_tenant(self, tenant_id, tenant): - tenant['name'] = clean.tenant_name(tenant['name']) + @handle_conflicts(type='project') + def create_project(self, tenant_id, tenant): + tenant['name'] = clean.project_name(tenant['name']) session = self.get_session() with session.begin(): tenant_ref = Project.from_dict(tenant) @@ -470,29 +473,29 @@ class Identity(sql.Base, identity.Driver): session.flush() return tenant_ref.to_dict() - @handle_conflicts(type='tenant') - def update_tenant(self, tenant_id, tenant): + @handle_conflicts(type='project') + def update_project(self, tenant_id, tenant): session = self.get_session() if 'name' in tenant: - tenant['name'] = clean.tenant_name(tenant['name']) - + tenant['name'] = clean.project_name(tenant['name']) try: tenant_ref = session.query(Project).filter_by(id=tenant_id).one() except sql.NotFound: raise exception.ProjectNotFound(project_id=tenant_id) with session.begin(): - old_tenant_dict = tenant_ref.to_dict() + old_project_dict = tenant_ref.to_dict() for k in tenant: - old_tenant_dict[k] = tenant[k] - new_tenant = Project.from_dict(old_tenant_dict) - tenant_ref.name = new_tenant.name - tenant_ref.extra = new_tenant.extra + old_project_dict[k] = tenant[k] + new_project = Project.from_dict(old_project_dict) + tenant_ref.name = new_project.name + tenant_ref.extra = new_project.extra session.flush() return tenant_ref.to_dict(include_extra_dict=True) - def delete_tenant(self, tenant_id): + @handle_conflicts(type='project') + def delete_project(self, tenant_id): session = self.get_session() try: @@ -626,39 +629,6 @@ class Identity(sql.Base, identity.Driver): session.delete(ref) session.flush() - # project crud - - @handle_conflicts(type='project') - def create_project(self, project_id, project): - return self.create_tenant(project_id, project) - - def get_project(self, project_id): - return self.get_tenant(project_id) - - def list_projects(self): - return self.get_tenants() - - @handle_conflicts(type='project') - def update_project(self, project_id, project): - session = self.get_session() - with session.begin(): - ref = session.query(Project).filter_by(id=project_id).first() - if ref is None: - raise exception.ProjectNotFound(project_id=project_id) - old_dict = ref.to_dict() - for k in project: - old_dict[k] = project[k] - new_project = Project.from_dict(old_dict) - for attr in Project.attributes: - if attr != 'id': - setattr(ref, attr, getattr(new_project, attr)) - ref.extra = new_project.extra - session.flush() - return ref.to_dict() - - def delete_project(self, project_id): - return self.delete_tenant(project_id) - def list_user_projects(self, user_id): session = self.get_session() user = self.get_user(user_id) @@ -1003,7 +973,7 @@ class Identity(sql.Base, identity.Driver): for metadata_ref in session.query(UserProjectGrant): metadata = metadata_ref.to_dict() try: - self.remove_role_from_user_and_tenant( + self.remove_role_from_user_and_project( metadata['user_id'], metadata['tenant_id'], role_id) except exception.RoleNotFound: pass diff --git a/keystone/identity/controllers.py b/keystone/identity/controllers.py index 70ab66cf4c..20c087ce13 100644 --- a/keystone/identity/controllers.py +++ b/keystone/identity/controllers.py @@ -29,21 +29,21 @@ LOG = logging.getLogger(__name__) class Tenant(controller.V2Controller): - def get_all_tenants(self, context, **kw): + def get_all_projects(self, context, **kw): """Gets a list of all tenants for an admin user.""" if 'name' in context['query_string']: - return self.get_tenant_by_name( + return self.get_project_by_name( context, context['query_string'].get('name')) self.assert_admin(context) - tenant_refs = self.identity_api.get_tenants(context) + tenant_refs = self.identity_api.get_projects(context) params = { 'limit': context['query_string'].get('limit'), 'marker': context['query_string'].get('marker'), } - return self._format_tenant_list(tenant_refs, **params) + return self._format_project_list(tenant_refs, **params) - def get_tenants_for_token(self, context, **kw): + def get_projects_for_token(self, context, **kw): """Get valid tenants for token based on token used to authenticate. Pulls the token from the context, validates it and gets the valid @@ -60,31 +60,31 @@ class Tenant(controller.V2Controller): raise exception.Unauthorized(e) user_ref = token_ref['user'] - tenant_ids = self.identity_api.get_tenants_for_user( + tenant_ids = self.identity_api.get_projects_for_user( context, user_ref['id']) tenant_refs = [] for tenant_id in tenant_ids: - tenant_refs.append(self.identity_api.get_tenant( + tenant_refs.append(self.identity_api.get_project( context=context, tenant_id=tenant_id)) params = { 'limit': context['query_string'].get('limit'), 'marker': context['query_string'].get('marker'), } - return self._format_tenant_list(tenant_refs, **params) + return self._format_project_list(tenant_refs, **params) - def get_tenant(self, context, tenant_id): + def get_project(self, context, tenant_id): # TODO(termie): this stuff should probably be moved to middleware self.assert_admin(context) - return {'tenant': self.identity_api.get_tenant(context, tenant_id)} + return {'tenant': self.identity_api.get_project(context, tenant_id)} - def get_tenant_by_name(self, context, tenant_name): + def get_project_by_name(self, context, tenant_name): self.assert_admin(context) - return {'tenant': self.identity_api.get_tenant_by_name( + return {'tenant': self.identity_api.get_project_by_name( context, tenant_name)} # CRUD Extension - def create_tenant(self, context, tenant): + def create_project(self, context, tenant): tenant_ref = self._normalize_dict(tenant) if not 'name' in tenant_ref or not tenant_ref['name']: @@ -93,26 +93,26 @@ class Tenant(controller.V2Controller): self.assert_admin(context) tenant_ref['id'] = tenant_ref.get('id', uuid.uuid4().hex) - tenant = self.identity_api.create_tenant( + tenant = self.identity_api.create_project( context, tenant_ref['id'], tenant_ref) return {'tenant': tenant} - def update_tenant(self, context, tenant_id, tenant): + def update_project(self, context, tenant_id, tenant): self.assert_admin(context) - tenant_ref = self.identity_api.update_tenant( + tenant_ref = self.identity_api.update_project( context, tenant_id, tenant) return {'tenant': tenant_ref} - def delete_tenant(self, context, tenant_id): + def delete_project(self, context, tenant_id): self.assert_admin(context) - self.identity_api.delete_tenant(context, tenant_id) + self.identity_api.delete_project(context, tenant_id) - def get_tenant_users(self, context, tenant_id, **kw): + def get_project_users(self, context, tenant_id, **kw): self.assert_admin(context) - user_refs = self.identity_api.get_tenant_users(context, tenant_id) + user_refs = self.identity_api.get_project_users(context, tenant_id) return {'users': user_refs} - def _format_tenant_list(self, tenant_refs, **kwargs): + def _format_project_list(self, tenant_refs, **kwargs): marker = kwargs.get('marker') first_index = 0 if marker is not None: @@ -177,7 +177,7 @@ class User(controller.V2Controller): tenant_id = user.get('tenantId', None) if (tenant_id is not None - and self.identity_api.get_tenant(context, tenant_id) is None): + and self.identity_api.get_project(context, tenant_id) is None): raise exception.ProjectNotFound(project_id=tenant_id) user_id = uuid.uuid4().hex user_ref = user.copy() @@ -185,7 +185,7 @@ class User(controller.V2Controller): new_user_ref = self.identity_api.create_user( context, user_id, user_ref) if tenant_id: - self.identity_api.add_user_to_tenant(context, tenant_id, user_id) + self.identity_api.add_user_to_project(context, tenant_id, user_id) return {'user': new_user_ref} def update_user(self, context, user_id, user): @@ -215,12 +215,12 @@ class User(controller.V2Controller): def set_user_password(self, context, user_id, user): return self.update_user(context, user_id, user) - def update_user_tenant(self, context, user_id, user): + def update_user_project(self, context, user_id, user): """Update the default tenant.""" self.assert_admin(context) # ensure that we're a member of that tenant tenant_id = user.get('tenantId') - self.identity_api.add_user_to_tenant(context, tenant_id, user_id) + self.identity_api.add_user_to_project(context, tenant_id, user_id) return self.update_user(context, user_id, user) @@ -238,7 +238,7 @@ class Role(controller.V2Controller): raise exception.NotImplemented(message='User roles not supported: ' 'tenant ID required') - roles = self.identity_api.get_roles_for_user_and_tenant( + roles = self.identity_api.get_roles_for_user_and_project( context, user_id, tenant_id) return {'roles': [self.identity_api.get_role(context, x) for x in roles]} @@ -283,8 +283,8 @@ class Role(controller.V2Controller): # This still has the weird legacy semantics that adding a role to # a user also adds them to a tenant - self.identity_api.add_user_to_tenant(context, tenant_id, user_id) - self.identity_api.add_role_to_user_and_tenant( + self.identity_api.add_user_to_project(context, tenant_id, user_id) + self.identity_api.add_role_to_user_and_project( context, user_id, tenant_id, role_id) self.token_api.revoke_tokens(context, user_id, tenant_id) @@ -305,12 +305,12 @@ class Role(controller.V2Controller): # This still has the weird legacy semantics that adding a role to # a user also adds them to a tenant, so we must follow up on that - self.identity_api.remove_role_from_user_and_tenant( + self.identity_api.remove_role_from_user_and_project( context, user_id, tenant_id, role_id) - roles = self.identity_api.get_roles_for_user_and_tenant( + roles = self.identity_api.get_roles_for_user_and_project( context, user_id, tenant_id) if not roles: - self.identity_api.remove_user_from_tenant( + self.identity_api.remove_user_from_project( context, tenant_id, user_id) self.token_api.revoke_tokens(context, user_id, tenant_id) @@ -327,10 +327,10 @@ class Role(controller.V2Controller): self.assert_admin(context) # Ensure user exists by getting it first. self.identity_api.get_user(context, user_id) - tenant_ids = self.identity_api.get_tenants_for_user(context, user_id) + tenant_ids = self.identity_api.get_projects_for_user(context, user_id) o = [] for tenant_id in tenant_ids: - role_ids = self.identity_api.get_roles_for_user_and_tenant( + role_ids = self.identity_api.get_roles_for_user_and_project( context, user_id, tenant_id) for role_id in role_ids: ref = {'roleId': role_id, @@ -352,8 +352,8 @@ class Role(controller.V2Controller): # TODO(termie): for now we're ignoring the actual role tenant_id = role.get('tenantId') role_id = role.get('roleId') - self.identity_api.add_user_to_tenant(context, tenant_id, user_id) - self.identity_api.add_role_to_user_and_tenant( + self.identity_api.add_user_to_project(context, tenant_id, user_id) + self.identity_api.add_role_to_user_and_project( context, user_id, tenant_id, role_id) self.token_api.revoke_tokens(context, user_id, tenant_id) @@ -377,12 +377,12 @@ class Role(controller.V2Controller): role_ref_ref = urlparse.parse_qs(role_ref_id) tenant_id = role_ref_ref.get('tenantId')[0] role_id = role_ref_ref.get('roleId')[0] - self.identity_api.remove_role_from_user_and_tenant( + self.identity_api.remove_role_from_user_and_project( context, user_id, tenant_id, role_id) - roles = self.identity_api.get_roles_for_user_and_tenant( + roles = self.identity_api.get_roles_for_user_and_project( context, user_id, tenant_id) if not roles: - self.identity_api.remove_user_from_tenant( + self.identity_api.remove_user_from_project( context, tenant_id, user_id) self.token_api.revoke_tokens(context, user_id, tenant_id) diff --git a/keystone/identity/core.py b/keystone/identity/core.py index 73541a9a37..8c3c82d6b0 100644 --- a/keystone/identity/core.py +++ b/keystone/identity/core.py @@ -72,7 +72,7 @@ class Driver(object): """ raise exception.NotImplemented() - def get_tenant(self, tenant_id): + def get_project(self, tenant_id): """Get a tenant by id. :returns: tenant_ref @@ -81,7 +81,7 @@ class Driver(object): """ raise exception.NotImplemented() - def get_tenant_by_name(self, tenant_name): + def get_project_by_name(self, tenant_name): """Get a tenant by name. :returns: tenant_ref @@ -99,7 +99,7 @@ class Driver(object): """ raise exception.NotImplemented() - def add_user_to_tenant(self, tenant_id, user_id): + def add_user_to_project(self, tenant_id, user_id): """Add user to a tenant without an explicit role relationship. :raises: keystone.exception.ProjectNotFound, @@ -108,7 +108,7 @@ class Driver(object): """ raise exception.NotImplemented() - def remove_user_from_tenant(self, tenant_id, user_id): + def remove_user_from_project(self, tenant_id, user_id): """Remove user from a tenant without an explicit role relationship. :raises: keystone.exception.ProjectNotFound, @@ -117,11 +117,11 @@ class Driver(object): """ raise exception.NotImplemented() - def get_all_tenants(self): + def get_all_projects(self): """FIXME(dolph): Lists all tenants in the system? I'm not sure how this - is different from get_tenants, why get_tenants isn't + is different from get_projects, why get_projects isn't documented as part of the driver, or why it's called - get_tenants instead of list_tenants (i.e. list_roles + get_projects instead of list_projects (i.e. list_roles and list_users)... :returns: a list of ... FIXME(dolph): tenant_refs or tenant_id's? @@ -129,17 +129,17 @@ class Driver(object): """ raise exception.NotImplemented() - def get_tenant_users(self, tenant_id): + def get_project_users(self, tenant_id): """FIXME(dolph): Lists all users with a relationship to the specified tenant? :returns: a list of ... FIXME(dolph): user_refs or user_id's? - :raises: keystone.exception.UserNotFound + :raises: keystone.exception.ProjectNotFound """ raise exception.NotImplemented() - def get_tenants_for_user(self, user_id): + def get_projects_for_user(self, user_id): """Get the tenants associated with a given user. :returns: a list of tenant_id's. @@ -148,7 +148,7 @@ class Driver(object): """ raise exception.NotImplemented() - def get_roles_for_user_and_tenant(self, user_id, tenant_id): + def get_roles_for_user_and_project(self, user_id, tenant_id): """Get the roles associated with a user within given tenant. :returns: a list of role ids. @@ -158,7 +158,7 @@ class Driver(object): """ raise exception.NotImplemented() - def add_role_to_user_and_tenant(self, user_id, tenant_id, role_id): + def add_role_to_user_and_project(self, user_id, tenant_id, role_id): """Add a role to a user within given tenant. :raises: keystone.exception.UserNotFound, @@ -167,7 +167,7 @@ class Driver(object): """ raise exception.NotImplemented() - def remove_role_from_user_and_tenant(self, user_id, tenant_id, role_id): + def remove_role_from_user_and_project(self, user_id, tenant_id, role_id): """Remove a role from a user within given tenant. :raises: keystone.exception.UserNotFound, @@ -178,7 +178,7 @@ class Driver(object): raise exception.NotImplemented() # tenant crud - def create_tenant(self, tenant_id, tenant): + def create_project(self, tenant_id, tenant): """Creates a new tenant. :raises: keystone.exception.Conflict @@ -186,7 +186,7 @@ class Driver(object): """ raise exception.NotImplemented() - def update_tenant(self, tenant_id, tenant): + def update_project(self, tenant_id, tenant): """Updates an existing tenant. :raises: keystone.exception.ProjectNotFound, @@ -195,7 +195,7 @@ class Driver(object): """ raise exception.NotImplemented() - def delete_tenant(self, tenant_id): + def delete_project(self, tenant_id): """Deletes an existing tenant. :raises: keystone.exception.ProjectNotFound diff --git a/keystone/identity/routers.py b/keystone/identity/routers.py index 0e23635b83..caa8414918 100644 --- a/keystone/identity/routers.py +++ b/keystone/identity/routers.py @@ -24,7 +24,7 @@ class Public(wsgi.ComposableRouter): tenant_controller = controllers.Tenant() mapper.connect('/tenants', controller=tenant_controller, - action='get_tenants_for_token', + action='get_projects_for_token', conditions=dict(method=['GET'])) @@ -34,11 +34,11 @@ class Admin(wsgi.ComposableRouter): tenant_controller = controllers.Tenant() mapper.connect('/tenants', controller=tenant_controller, - action='get_all_tenants', + action='get_all_projects', conditions=dict(method=['GET'])) mapper.connect('/tenants/{tenant_id}', controller=tenant_controller, - action='get_tenant', + action='get_project', conditions=dict(method=['GET'])) # User Operations diff --git a/keystone/test.py b/keystone/test.py index bb89d20bb3..cad2fed4f8 100644 --- a/keystone/test.py +++ b/keystone/test.py @@ -233,7 +233,7 @@ class TestCase(NoModule, unittest.TestCase): # loaddata will be much preferred. if hasattr(self, 'identity_api'): for tenant in fixtures.TENANTS: - rv = self.identity_api.create_tenant(tenant['id'], tenant) + rv = self.identity_api.create_project(tenant['id'], tenant) setattr(self, 'tenant_%s' % tenant['id'], rv) for user in fixtures.USERS: @@ -242,7 +242,8 @@ class TestCase(NoModule, unittest.TestCase): rv = self.identity_api.create_user(user['id'], user_copy.copy()) for tenant_id in tenants: - self.identity_api.add_user_to_tenant(tenant_id, user['id']) + self.identity_api.add_user_to_project(tenant_id, + user['id']) setattr(self, 'user_%s' % user['id'], user_copy) for role in fixtures.ROLES: diff --git a/keystone/token/controllers.py b/keystone/token/controllers.py index 312663d4c8..01a4e08893 100644 --- a/keystone/token/controllers.py +++ b/keystone/token/controllers.py @@ -169,9 +169,9 @@ class Auth(controller.V2Controller): current_user_ref = self.identity_api.get_user(context=context, user_id=user_id) - tenant_id = self._get_tenant_id_from_auth(context, auth) + tenant_id = self._get_project_id_from_auth(context, auth) - tenant_ref = self._get_tenant_ref(context, user_id, tenant_id) + tenant_ref = self._get_project_ref(context, user_id, tenant_id) metadata_ref = self._get_metadata_ref(context, user_id, tenant_id) self._append_roles(metadata_ref, @@ -222,7 +222,7 @@ class Auth(controller.V2Controller): except exception.UserNotFound as e: raise exception.Unauthorized(e) - tenant_id = self._get_tenant_id_from_auth(context, auth) + tenant_id = self._get_project_id_from_auth(context, auth) try: auth_info = self.identity_api.authenticate( @@ -266,9 +266,9 @@ class Auth(controller.V2Controller): except exception.UserNotFound as e: raise exception.Unauthorized(e) - tenant_id = self._get_tenant_id_from_auth(context, auth) + tenant_id = self._get_project_id_from_auth(context, auth) - tenant_ref = self._get_tenant_ref(context, user_id, tenant_id) + tenant_ref = self._get_project_ref(context, user_id, tenant_id) metadata_ref = self._get_metadata_ref(context, user_id, tenant_id) self._append_roles(metadata_ref, @@ -293,7 +293,7 @@ class Auth(controller.V2Controller): metadata=metadata, expires=expiry)) - def _get_tenant_id_from_auth(self, context, auth): + def _get_project_id_from_auth(self, context, auth): """Extract tenant information from auth dict. Returns a valid tenant_id if it exists, or None if not specified. @@ -302,18 +302,18 @@ class Auth(controller.V2Controller): tenant_name = auth.get('tenantName', None) if tenant_name: try: - tenant_ref = self.identity_api.get_tenant_by_name( + tenant_ref = self.identity_api.get_project_by_name( context=context, tenant_name=tenant_name) tenant_id = tenant_ref['id'] except exception.ProjectNotFound as e: raise exception.Unauthorized(e) return tenant_id - def _get_tenant_ref(self, context, user_id, tenant_id): + def _get_project_ref(self, context, user_id, tenant_id): """Returns the tenant_ref for the user's tenant""" tenant_ref = None if tenant_id: - tenants = self.identity_api.get_tenants_for_user(context, user_id) + tenants = self.identity_api.get_projects_for_user(context, user_id) if tenant_id not in tenants: msg = 'User %s is unauthorized for tenant %s' % ( user_id, tenant_id) @@ -321,8 +321,8 @@ class Auth(controller.V2Controller): raise exception.Unauthorized(msg) try: - tenant_ref = self.identity_api.get_tenant(context=context, - tenant_id=tenant_id) + tenant_ref = self.identity_api.get_project(context=context, + tenant_id=tenant_id) except exception.ProjectNotFound as e: exception.Unauthorized(e) return tenant_ref diff --git a/tests/test_auth.py b/tests/test_auth.py index 58a603f733..1ca248d091 100644 --- a/tests/test_auth.py +++ b/tests/test_auth.py @@ -150,7 +150,7 @@ class AuthWithToken(AuthTest): self.api.authenticate, {}, body_dict) - def test_auth_unscoped_token_no_tenant(self): + def test_auth_unscoped_token_no_project(self): """Verify getting an unscoped token with an unscoped token""" body_dict = _build_user_auth( username='FOO', @@ -163,10 +163,10 @@ class AuthWithToken(AuthTest): self.assertEqualTokens(unscoped_token, unscoped_token_2) - def test_auth_unscoped_token_tenant(self): + def test_auth_unscoped_token_project(self): """Verify getting a token in a tenant with an unscoped token""" # Add a role in so we can check we get this back - self.identity_api.add_role_to_user_and_tenant( + self.identity_api.add_role_to_user_and_project( self.user_foo['id'], self.tenant_bar['id'], self.role_member['id']) @@ -186,10 +186,10 @@ class AuthWithToken(AuthTest): self.assertEquals(tenant["id"], self.tenant_bar['id']) self.assertEquals(roles[0], self.role_member['id']) - def test_auth_token_tenant_group_role(self): + def test_auth_token_project_group_role(self): """Verify getting a token in a tenant with group roles""" # Add a v2 style role in so we can check we get this back - self.identity_api.add_role_to_user_and_tenant( + self.identity_api.add_role_to_user_and_project( self.user_foo['id'], self.tenant_bar['id'], self.role_member['id']) diff --git a/tests/test_backend.py b/tests/test_backend.py index 672a8ffc45..2967eb55ca 100644 --- a/tests/test_backend.py +++ b/tests/test_backend.py @@ -39,14 +39,14 @@ class IdentityTests(object): tenant_id=self.tenant_bar['id'], password=uuid.uuid4().hex) - def test_authenticate_bad_tenant(self): + def test_authenticate_bad_project(self): self.assertRaises(AssertionError, self.identity_api.authenticate, user_id=self.user_foo['id'], tenant_id=uuid.uuid4().hex, password=self.user_foo['password']) - def test_authenticate_no_tenant(self): + def test_authenticate_no_project(self): user_ref, tenant_ref, metadata_ref = self.identity_api.authenticate( user_id=self.user_foo['id'], password=self.user_foo['password']) @@ -72,7 +72,7 @@ class IdentityTests(object): self.assertDictEqual(metadata_ref, self.metadata_foobar) def test_authenticate_role_return(self): - self.identity_api.add_role_to_user_and_tenant( + self.identity_api.add_role_to_user_and_project( self.user_foo['id'], self.tenant_bar['id'], 'keystone_admin') user_ref, tenant_ref, metadata_ref = self.identity_api.authenticate( user_id=self.user_foo['id'], @@ -88,7 +88,8 @@ class IdentityTests(object): 'password': 'no_meta2', } self.identity_api.create_user(user['id'], user) - self.identity_api.add_user_to_tenant(self.tenant_baz['id'], user['id']) + self.identity_api.add_user_to_project(self.tenant_baz['id'], + user['id']) user_ref, tenant_ref, metadata_ref = self.identity_api.authenticate( user_id=user['id'], tenant_id=self.tenant_baz['id'], @@ -105,29 +106,29 @@ class IdentityTests(object): user_ref = self.identity_api._get_user(self.user_foo['id']) self.assertNotEqual(user_ref['password'], self.user_foo['password']) - def test_get_tenant(self): - tenant_ref = self.identity_api.get_tenant( + def test_get_project(self): + tenant_ref = self.identity_api.get_project( tenant_id=self.tenant_bar['id']) self.assertDictEqual(tenant_ref, self.tenant_bar) - def test_get_tenant_404(self): + def test_get_project_404(self): self.assertRaises(exception.ProjectNotFound, - self.identity_api.get_tenant, + self.identity_api.get_project, tenant_id=uuid.uuid4().hex) - def test_get_tenant_by_name(self): - tenant_ref = self.identity_api.get_tenant_by_name( + def test_get_project_by_name(self): + tenant_ref = self.identity_api.get_project_by_name( tenant_name=self.tenant_bar['name']) self.assertDictEqual(tenant_ref, self.tenant_bar) - def test_get_tenant_by_name_404(self): + def test_get_project_by_name_404(self): self.assertRaises(exception.ProjectNotFound, - self.identity_api.get_tenant, + self.identity_api.get_project, tenant_id=uuid.uuid4().hex) - def test_get_tenant_users_404(self): + def test_get_project_users_404(self): self.assertRaises(exception.ProjectNotFound, - self.identity_api.get_tenant_users, + self.identity_api.get_project_users, tenant_id=uuid.uuid4().hex) def test_get_user(self): @@ -271,116 +272,116 @@ class IdentityTests(object): self.identity_api.get_user, 'fake2') - def test_create_duplicate_tenant_id_fails(self): + def test_create_duplicate_project_id_fails(self): tenant = {'id': 'fake1', 'name': 'fake1'} - self.identity_api.create_tenant('fake1', tenant) + self.identity_api.create_project('fake1', tenant) tenant['name'] = 'fake2' self.assertRaises(exception.Conflict, - self.identity_api.create_tenant, + self.identity_api.create_project, 'fake1', tenant) - def test_create_duplicate_tenant_name_fails(self): + def test_create_duplicate_project_name_fails(self): tenant = {'id': 'fake1', 'name': 'fake'} - self.identity_api.create_tenant('fake1', tenant) + self.identity_api.create_project('fake1', tenant) tenant['id'] = 'fake2' self.assertRaises(exception.Conflict, - self.identity_api.create_tenant, + self.identity_api.create_project, 'fake1', tenant) - def test_rename_duplicate_tenant_name_fails(self): + def test_rename_duplicate_project_name_fails(self): tenant1 = {'id': 'fake1', 'name': 'fake1'} tenant2 = {'id': 'fake2', 'name': 'fake2'} - self.identity_api.create_tenant('fake1', tenant1) - self.identity_api.create_tenant('fake2', tenant2) + self.identity_api.create_project('fake1', tenant1) + self.identity_api.create_project('fake2', tenant2) tenant2['name'] = 'fake1' self.assertRaises(exception.Error, - self.identity_api.update_tenant, + self.identity_api.update_project, 'fake2', tenant2) - def test_update_tenant_id_does_nothing(self): + def test_update_project_id_does_nothing(self): tenant = {'id': 'fake1', 'name': 'fake1'} - self.identity_api.create_tenant('fake1', tenant) + self.identity_api.create_project('fake1', tenant) tenant['id'] = 'fake2' - self.identity_api.update_tenant('fake1', tenant) - tenant_ref = self.identity_api.get_tenant('fake1') + self.identity_api.update_project('fake1', tenant) + tenant_ref = self.identity_api.get_project('fake1') self.assertEqual(tenant_ref['id'], 'fake1') self.assertRaises(exception.ProjectNotFound, - self.identity_api.get_tenant, + self.identity_api.get_project, 'fake2') def test_add_duplicate_role_grant(self): - roles_ref = self.identity_api.get_roles_for_user_and_tenant( + roles_ref = self.identity_api.get_roles_for_user_and_project( self.user_foo['id'], self.tenant_bar['id']) self.assertNotIn('keystone_admin', roles_ref) - self.identity_api.add_role_to_user_and_tenant( + self.identity_api.add_role_to_user_and_project( self.user_foo['id'], self.tenant_bar['id'], 'keystone_admin') self.assertRaises(exception.Conflict, - self.identity_api.add_role_to_user_and_tenant, + self.identity_api.add_role_to_user_and_project, self.user_foo['id'], self.tenant_bar['id'], 'keystone_admin') - def test_get_role_by_user_and_tenant(self): - roles_ref = self.identity_api.get_roles_for_user_and_tenant( + def test_get_role_by_user_and_project(self): + roles_ref = self.identity_api.get_roles_for_user_and_project( self.user_foo['id'], self.tenant_bar['id']) self.assertNotIn('keystone_admin', roles_ref) - self.identity_api.add_role_to_user_and_tenant( + self.identity_api.add_role_to_user_and_project( self.user_foo['id'], self.tenant_bar['id'], 'keystone_admin') - roles_ref = self.identity_api.get_roles_for_user_and_tenant( + roles_ref = self.identity_api.get_roles_for_user_and_project( self.user_foo['id'], self.tenant_bar['id']) self.assertIn('keystone_admin', roles_ref) self.assertNotIn('member', roles_ref) - self.identity_api.add_role_to_user_and_tenant( + self.identity_api.add_role_to_user_and_project( self.user_foo['id'], self.tenant_bar['id'], 'member') - roles_ref = self.identity_api.get_roles_for_user_and_tenant( + roles_ref = self.identity_api.get_roles_for_user_and_project( self.user_foo['id'], self.tenant_bar['id']) self.assertIn('keystone_admin', roles_ref) self.assertIn('member', roles_ref) - def test_get_roles_for_user_and_tenant_404(self): + def test_get_roles_for_user_and_project_404(self): self.assertRaises(exception.UserNotFound, - self.identity_api.get_roles_for_user_and_tenant, + self.identity_api.get_roles_for_user_and_project, uuid.uuid4().hex, self.tenant_bar['id']) self.assertRaises(exception.ProjectNotFound, - self.identity_api.get_roles_for_user_and_tenant, + self.identity_api.get_roles_for_user_and_project, self.user_foo['id'], uuid.uuid4().hex) - def test_add_role_to_user_and_tenant_404(self): + def test_add_role_to_user_and_project_404(self): self.assertRaises(exception.UserNotFound, - self.identity_api.add_role_to_user_and_tenant, + self.identity_api.add_role_to_user_and_project, uuid.uuid4().hex, self.tenant_bar['id'], 'keystone_admin') self.assertRaises(exception.ProjectNotFound, - self.identity_api.add_role_to_user_and_tenant, + self.identity_api.add_role_to_user_and_project, self.user_foo['id'], uuid.uuid4().hex, 'keystone_admin') self.assertRaises(exception.RoleNotFound, - self.identity_api.add_role_to_user_and_tenant, + self.identity_api.add_role_to_user_and_project, self.user_foo['id'], self.tenant_bar['id'], uuid.uuid4().hex) - def test_remove_role_from_user_and_tenant(self): - self.identity_api.add_role_to_user_and_tenant( + def test_remove_role_from_user_and_project(self): + self.identity_api.add_role_to_user_and_project( self.user_foo['id'], self.tenant_bar['id'], 'member') - self.identity_api.remove_role_from_user_and_tenant( + self.identity_api.remove_role_from_user_and_project( self.user_foo['id'], self.tenant_bar['id'], 'member') - roles_ref = self.identity_api.get_roles_for_user_and_tenant( + roles_ref = self.identity_api.get_roles_for_user_and_project( self.user_foo['id'], self.tenant_bar['id']) self.assertNotIn('member', roles_ref) self.assertRaises(exception.NotFound, - self.identity_api.remove_role_from_user_and_tenant, + self.identity_api.remove_role_from_user_and_project, self.user_foo['id'], self.tenant_bar['id'], 'member') @@ -589,61 +590,61 @@ class IdentityTests(object): role['id'], role) - def test_add_user_to_tenant(self): - self.identity_api.add_user_to_tenant(self.tenant_bar['id'], - self.user_foo['id']) - tenants = self.identity_api.get_tenants_for_user(self.user_foo['id']) + def test_add_user_to_project(self): + self.identity_api.add_user_to_project(self.tenant_bar['id'], + self.user_foo['id']) + tenants = self.identity_api.get_projects_for_user(self.user_foo['id']) self.assertIn(self.tenant_bar['id'], tenants) - def test_add_user_to_tenant_404(self): + def test_add_user_to_project_404(self): self.assertRaises(exception.ProjectNotFound, - self.identity_api.add_user_to_tenant, + self.identity_api.add_user_to_project, uuid.uuid4().hex, self.user_foo['id']) self.assertRaises(exception.UserNotFound, - self.identity_api.add_user_to_tenant, + self.identity_api.add_user_to_project, self.tenant_bar['id'], uuid.uuid4().hex) - def test_remove_user_from_tenant(self): - self.identity_api.add_user_to_tenant(self.tenant_bar['id'], - self.user_foo['id']) - self.identity_api.remove_user_from_tenant(self.tenant_bar['id'], - self.user_foo['id']) - tenants = self.identity_api.get_tenants_for_user(self.user_foo['id']) + def test_remove_user_from_project(self): + self.identity_api.add_user_to_project(self.tenant_bar['id'], + self.user_foo['id']) + self.identity_api.remove_user_from_project(self.tenant_bar['id'], + self.user_foo['id']) + tenants = self.identity_api.get_projects_for_user(self.user_foo['id']) self.assertNotIn(self.tenant_bar['id'], tenants) - def test_remove_user_from_tenant_404(self): + def test_remove_user_from_project_404(self): self.assertRaises(exception.ProjectNotFound, - self.identity_api.remove_user_from_tenant, + self.identity_api.remove_user_from_project, uuid.uuid4().hex, self.user_foo['id']) self.assertRaises(exception.UserNotFound, - self.identity_api.remove_user_from_tenant, + self.identity_api.remove_user_from_project, self.tenant_bar['id'], uuid.uuid4().hex) self.assertRaises(exception.NotFound, - self.identity_api.remove_user_from_tenant, + self.identity_api.remove_user_from_project, self.tenant_baz['id'], self.user_foo['id']) - def test_get_tenants_for_user_404(self): + def test_get_projects_for_user_404(self): self.assertRaises(exception.UserNotFound, - self.identity_api.get_tenants_for_user, + self.identity_api.get_projects_for_user, uuid.uuid4().hex) - def test_update_tenant_404(self): + def test_update_project_404(self): self.assertRaises(exception.ProjectNotFound, - self.identity_api.update_tenant, + self.identity_api.update_project, uuid.uuid4().hex, dict()) - def test_delete_tenant_404(self): + def test_delete_project_404(self): self.assertRaises(exception.ProjectNotFound, - self.identity_api.delete_tenant, + self.identity_api.delete_project, uuid.uuid4().hex) def test_update_user_404(self): @@ -653,16 +654,16 @@ class IdentityTests(object): user_id, {'id': user_id}) - def test_delete_user_with_tenant_association(self): + def test_delete_user_with_project_association(self): user = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex} self.identity_api.create_user(user['id'], user) - self.identity_api.add_user_to_tenant(self.tenant_bar['id'], - user['id']) + self.identity_api.add_user_to_project(self.tenant_bar['id'], + user['id']) self.identity_api.delete_user(user['id']) self.assertRaises(exception.UserNotFound, - self.identity_api.get_tenants_for_user, + self.identity_api.get_projects_for_user, user['id']) def test_delete_user_404(self): @@ -675,62 +676,62 @@ class IdentityTests(object): self.identity_api.delete_role, uuid.uuid4().hex) - def test_create_tenant_long_name_fails(self): + def test_create_project_long_name_fails(self): tenant = {'id': 'fake1', 'name': 'a' * 65} self.assertRaises(exception.ValidationError, - self.identity_api.create_tenant, + self.identity_api.create_project, tenant['id'], tenant) - def test_create_tenant_blank_name_fails(self): + def test_create_project_blank_name_fails(self): tenant = {'id': 'fake1', 'name': ''} self.assertRaises(exception.ValidationError, - self.identity_api.create_tenant, + self.identity_api.create_project, tenant['id'], tenant) - def test_create_tenant_invalid_name_fails(self): + def test_create_project_invalid_name_fails(self): tenant = {'id': 'fake1', 'name': None} self.assertRaises(exception.ValidationError, - self.identity_api.create_tenant, + self.identity_api.create_project, tenant['id'], tenant) tenant = {'id': 'fake1', 'name': 123} self.assertRaises(exception.ValidationError, - self.identity_api.create_tenant, + self.identity_api.create_project, tenant['id'], tenant) - def test_update_tenant_blank_name_fails(self): + def test_update_project_blank_name_fails(self): tenant = {'id': 'fake1', 'name': 'fake1'} - self.identity_api.create_tenant('fake1', tenant) + self.identity_api.create_project('fake1', tenant) tenant['name'] = '' self.assertRaises(exception.ValidationError, - self.identity_api.update_tenant, + self.identity_api.update_project, tenant['id'], tenant) - def test_update_tenant_long_name_fails(self): + def test_update_project_long_name_fails(self): tenant = {'id': 'fake1', 'name': 'fake1'} - self.identity_api.create_tenant('fake1', tenant) + self.identity_api.create_project('fake1', tenant) tenant['name'] = 'a' * 65 self.assertRaises(exception.ValidationError, - self.identity_api.update_tenant, + self.identity_api.update_project, tenant['id'], tenant) - def test_update_tenant_invalid_name_fails(self): + def test_update_project_invalid_name_fails(self): tenant = {'id': 'fake1', 'name': 'fake1'} - self.identity_api.create_tenant('fake1', tenant) + self.identity_api.create_project('fake1', tenant) tenant['name'] = None self.assertRaises(exception.ValidationError, - self.identity_api.update_tenant, + self.identity_api.update_project, tenant['id'], tenant) tenant['name'] = 123 self.assertRaises(exception.ValidationError, - self.identity_api.update_tenant, + self.identity_api.update_project, tenant['id'], tenant) @@ -805,19 +806,20 @@ class IdentityTests(object): for test_role in default_fixtures.ROLES: self.assertTrue(x for x in roles if x['id'] == test_role['id']) - def test_get_tenants(self): - tenants = self.identity_api.get_tenants() - for test_tenant in default_fixtures.TENANTS: - self.assertTrue(x for x in tenants if x['id'] == test_tenant['id']) + def test_get_projects(self): + tenants = self.identity_api.get_projects() + for test_project in default_fixtures.TENANTS: + self.assertTrue(x for x in tenants + if x['id'] == test_project['id']) - def test_delete_tenant_with_role_assignments(self): + def test_delete_project_with_role_assignments(self): tenant = {'id': 'fake1', 'name': 'fake1'} - self.identity_api.create_tenant('fake1', tenant) - self.identity_api.add_role_to_user_and_tenant( + self.identity_api.create_project('fake1', tenant) + self.identity_api.add_role_to_user_and_project( self.user_foo['id'], tenant['id'], 'member') - self.identity_api.delete_tenant(tenant['id']) + self.identity_api.delete_project(tenant['id']) self.assertRaises(exception.NotFound, - self.identity_api.get_tenant, + self.identity_api.get_project, tenant['id']) def test_delete_role_check_role_grant(self): @@ -825,21 +827,21 @@ class IdentityTests(object): alt_role = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex} self.identity_api.create_role(role['id'], role) self.identity_api.create_role(alt_role['id'], alt_role) - self.identity_api.add_role_to_user_and_tenant( + self.identity_api.add_role_to_user_and_project( self.user_foo['id'], self.tenant_bar['id'], role['id']) - self.identity_api.add_role_to_user_and_tenant( + self.identity_api.add_role_to_user_and_project( self.user_foo['id'], self.tenant_bar['id'], alt_role['id']) self.identity_api.delete_role(role['id']) - roles_ref = self.identity_api.get_roles_for_user_and_tenant( + roles_ref = self.identity_api.get_roles_for_user_and_project( self.user_foo['id'], self.tenant_bar['id']) self.assertNotIn(role['id'], roles_ref) self.assertIn(alt_role['id'], roles_ref) - def test_create_tenant_doesnt_modify_passed_in_dict(self): - new_tenant = {'id': 'tenant_id', 'name': 'new_tenant'} - original_tenant = new_tenant.copy() - self.identity_api.create_tenant('tenant_id', new_tenant) - self.assertDictEqual(original_tenant, new_tenant) + def test_create_project_doesnt_modify_passed_in_dict(self): + new_project = {'id': 'tenant_id', 'name': 'new_project'} + original_project = new_project.copy() + self.identity_api.create_project('tenant_id', new_project) + self.assertDictEqual(original_project, new_project) def test_create_user_doesnt_modify_passed_in_dict(self): new_user = {'id': 'user_id', 'name': 'new_user', @@ -864,20 +866,20 @@ class IdentityTests(object): user_ref = self.identity_api.get_user('fake1') self.assertEqual(user_ref['enabled'], user['enabled']) - def test_update_tenant_enable(self): + def test_update_project_enable(self): tenant = {'id': 'fake1', 'name': 'fake1', 'enabled': True} - self.identity_api.create_tenant('fake1', tenant) - tenant_ref = self.identity_api.get_tenant('fake1') + self.identity_api.create_project('fake1', tenant) + tenant_ref = self.identity_api.get_project('fake1') self.assertEqual(tenant_ref['enabled'], True) tenant['enabled'] = False - self.identity_api.update_tenant('fake1', tenant) - tenant_ref = self.identity_api.get_tenant('fake1') + self.identity_api.update_project('fake1', tenant) + tenant_ref = self.identity_api.get_project('fake1') self.assertEqual(tenant_ref['enabled'], tenant['enabled']) tenant['enabled'] = True - self.identity_api.update_tenant('fake1', tenant) - tenant_ref = self.identity_api.get_tenant('fake1') + self.identity_api.update_project('fake1', tenant) + tenant_ref = self.identity_api.get_project('fake1') self.assertEqual(tenant_ref['enabled'], tenant['enabled']) def test_add_user_to_group(self): diff --git a/tests/test_backend_ldap.py b/tests/test_backend_ldap.py index ca74a3e849..f982e67b15 100644 --- a/tests/test_backend_ldap.py +++ b/tests/test_backend_ldap.py @@ -116,26 +116,26 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): self.identity_api.delete_user, self.user_foo['id']) - def test_configurable_allowed_tenant_actions(self): + def test_configurable_allowed_project_actions(self): self.config([test.etcdir('keystone.conf.sample'), test.testsdir('test_overrides.conf'), test.testsdir('backend_ldap.conf')]) self.identity_api = identity_ldap.Identity() tenant = {'id': 'fake1', 'name': 'fake1', 'enabled': True} - self.identity_api.create_tenant('fake1', tenant) - tenant_ref = self.identity_api.get_tenant('fake1') + self.identity_api.create_project('fake1', tenant) + tenant_ref = self.identity_api.get_project('fake1') self.assertEqual(tenant_ref['id'], 'fake1') tenant['enabled'] = 'False' - self.identity_api.update_tenant('fake1', tenant) + self.identity_api.update_project('fake1', tenant) - self.identity_api.delete_tenant('fake1') + self.identity_api.delete_project('fake1') self.assertRaises(exception.ProjectNotFound, - self.identity_api.get_tenant, + self.identity_api.get_project, 'fake1') - def test_configurable_forbidden_tenant_actions(self): + def test_configurable_forbidden_project_actions(self): self.config([test.etcdir('keystone.conf.sample'), test.testsdir('test_overrides.conf'), test.testsdir('backend_ldap.conf')]) @@ -146,17 +146,17 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): tenant = {'id': 'fake1', 'name': 'fake1'} self.assertRaises(exception.ForbiddenAction, - self.identity_api.create_tenant, + self.identity_api.create_project, 'fake1', tenant) self.tenant_bar['enabled'] = 'False' self.assertRaises(exception.ForbiddenAction, - self.identity_api.update_tenant, + self.identity_api.update_project, self.tenant_bar['id'], self.tenant_bar) self.assertRaises(exception.ForbiddenAction, - self.identity_api.delete_tenant, + self.identity_api.delete_project, self.tenant_bar['id']) def test_configurable_allowed_role_actions(self): @@ -217,17 +217,17 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): self.identity_api.get_user, self.user_foo['id']) - def test_tenant_filter(self): + def test_project_filter(self): self.config([test.etcdir('keystone.conf.sample'), test.testsdir('test_overrides.conf'), test.testsdir('backend_ldap.conf')]) - tenant_ref = self.identity_api.get_tenant(self.tenant_bar['id']) + tenant_ref = self.identity_api.get_project(self.tenant_bar['id']) self.assertDictEqual(tenant_ref, self.tenant_bar) CONF.ldap.tenant_filter = '(CN=DOES_NOT_MATCH)' self.identity_api = identity_ldap.Identity() self.assertRaises(exception.ProjectNotFound, - self.identity_api.get_tenant, + self.identity_api.get_project, self.tenant_bar['id']) def test_role_filter(self): @@ -299,7 +299,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): self.assertNotIn('enabled', user_ref) self.assertNotIn('tenants', user_ref) - def test_tenant_attribute_mapping(self): + def test_project_attribute_mapping(self): self.config([test.etcdir('keystone.conf.sample'), test.testsdir('test_overrides.conf'), test.testsdir('backend_ldap.conf')]) @@ -309,7 +309,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): clear_database() self.identity_api = identity_ldap.Identity() self.load_fixtures(default_fixtures) - tenant_ref = self.identity_api.get_tenant(self.tenant_baz['id']) + tenant_ref = self.identity_api.get_project(self.tenant_baz['id']) self.assertEqual(tenant_ref['id'], self.tenant_baz['id']) self.assertEqual(tenant_ref['name'], self.tenant_baz['name']) self.assertEqual( @@ -320,13 +320,13 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): CONF.ldap.tenant_name_attribute = 'desc' CONF.ldap.tenant_desc_attribute = 'ou' self.identity_api = identity_ldap.Identity() - tenant_ref = self.identity_api.get_tenant(self.tenant_baz['id']) + tenant_ref = self.identity_api.get_project(self.tenant_baz['id']) self.assertEqual(tenant_ref['id'], self.tenant_baz['id']) self.assertEqual(tenant_ref['name'], self.tenant_baz['description']) self.assertEqual(tenant_ref['description'], self.tenant_baz['name']) self.assertEqual(tenant_ref['enabled'], self.tenant_baz['enabled']) - def test_tenant_attribute_ignore(self): + def test_project_attribute_ignore(self): self.config([test.etcdir('keystone.conf.sample'), test.testsdir('test_overrides.conf'), test.testsdir('backend_ldap.conf')]) @@ -336,7 +336,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): clear_database() self.identity_api = identity_ldap.Identity() self.load_fixtures(default_fixtures) - tenant_ref = self.identity_api.get_tenant(self.tenant_baz['id']) + tenant_ref = self.identity_api.get_project(self.tenant_baz['id']) self.assertEqual(tenant_ref['id'], self.tenant_baz['id']) self.assertNotIn('name', tenant_ref) self.assertNotIn('description', tenant_ref) diff --git a/tests/test_backend_pam.py b/tests/test_backend_pam.py index d5af5f2409..a5384d436e 100644 --- a/tests/test_backend_pam.py +++ b/tests/test_backend_pam.py @@ -35,13 +35,13 @@ class PamIdentity(test.TestCase): self.tenant_in = {'id': id, 'name': id} self.user_in = {'id': CONF.pam.userid, 'name': CONF.pam.userid} - def test_get_tenant(self): - tenant_out = self.identity_api.get_tenant(self.tenant_in['id']) + def test_get_project(self): + tenant_out = self.identity_api.get_project(self.tenant_in['id']) self.assertDictEqual(self.tenant_in, tenant_out) - def test_get_tenant_by_name(self): + def test_get_project_by_name(self): tenant_in_name = self.tenant_in['name'] - tenant_out = self.identity_api.get_tenant_by_name(tenant_in_name) + tenant_out = self.identity_api.get_project_by_name(tenant_in_name) self.assertDictEqual(self.tenant_in, tenant_out) def test_get_user(self): diff --git a/tests/test_backend_sql.py b/tests/test_backend_sql.py index e8ccc98e43..080668d042 100644 --- a/tests/test_backend_sql.py +++ b/tests/test_backend_sql.py @@ -62,16 +62,16 @@ class SqlTests(test.TestCase): class SqlIdentity(SqlTests, test_backend.IdentityTests): - def test_delete_user_with_tenant_association(self): + def test_delete_user_with_project_association(self): user = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex} self.identity_api.create_user(user['id'], user) - self.identity_api.add_user_to_tenant(self.tenant_bar['id'], - user['id']) + self.identity_api.add_user_to_project(self.tenant_bar['id'], + user['id']) self.identity_api.delete_user(user['id']) self.assertRaises(exception.UserNotFound, - self.identity_api.get_tenants_for_user, + self.identity_api.get_projects_for_user, user['id']) def test_create_null_user_name(self): @@ -89,18 +89,18 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests): self.identity_api.get_user_by_name, user['name']) - def test_create_null_tenant_name(self): + def test_create_null_project_name(self): tenant = {'id': uuid.uuid4().hex, 'name': None} self.assertRaises(exception.ValidationError, - self.identity_api.create_tenant, + self.identity_api.create_project, tenant['id'], tenant) self.assertRaises(exception.ProjectNotFound, - self.identity_api.get_tenant, + self.identity_api.get_project, tenant['id']) self.assertRaises(exception.ProjectNotFound, - self.identity_api.get_tenant_by_name, + self.identity_api.get_project_by_name, tenant['name']) def test_create_null_role_name(self): @@ -114,15 +114,15 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests): self.identity_api.get_role, role['id']) - def test_delete_tenant_with_user_association(self): + def test_delete_project_with_user_association(self): user = {'id': 'fake', 'name': 'fakeuser', 'password': 'passwd'} self.identity_api.create_user('fake', user) - self.identity_api.add_user_to_tenant(self.tenant_bar['id'], - user['id']) - self.identity_api.delete_tenant(self.tenant_bar['id']) - tenants = self.identity_api.get_tenants_for_user(user['id']) + self.identity_api.add_user_to_project(self.tenant_bar['id'], + user['id']) + self.identity_api.delete_project(self.tenant_bar['id']) + tenants = self.identity_api.get_projects_for_user(user['id']) self.assertEquals(tenants, []) def test_delete_user_with_metadata(self): @@ -139,7 +139,7 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests): user['id'], self.tenant_bar['id']) - def test_delete_tenant_with_metadata(self): + def test_delete_project_with_metadata(self): user = {'id': 'fake', 'name': 'fakeuser', 'password': 'passwd'} @@ -147,13 +147,13 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests): self.identity_api.create_metadata(user['id'], self.tenant_bar['id'], {'extra': 'extra'}) - self.identity_api.delete_tenant(self.tenant_bar['id']) + self.identity_api.delete_project(self.tenant_bar['id']) self.assertRaises(exception.MetadataNotFound, self.identity_api.get_metadata, user['id'], self.tenant_bar['id']) - def test_update_tenant_returns_extra(self): + def test_update_project_returns_extra(self): """This tests for backwards-compatibility with an essex/folsom bug. Non-indexed attributes were returned in an 'extra' attribute, instead @@ -170,12 +170,12 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests): 'id': tenant_id, 'name': uuid.uuid4().hex, arbitrary_key: arbitrary_value} - ref = self.identity_api.create_tenant(tenant_id, tenant) + ref = self.identity_api.create_project(tenant_id, tenant) self.assertEqual(arbitrary_value, ref[arbitrary_key]) self.assertIsNone(ref.get('extra')) tenant['name'] = uuid.uuid4().hex - ref = self.identity_api.update_tenant(tenant_id, tenant) + ref = self.identity_api.update_project(tenant_id, tenant) self.assertEqual(arbitrary_value, ref[arbitrary_key]) self.assertEqual(arbitrary_value, ref['extra'][arbitrary_key]) diff --git a/tests/test_keystoneclient.py b/tests/test_keystoneclient.py index 32e9ef0a23..84c2ecc84f 100644 --- a/tests/test_keystoneclient.py +++ b/tests/test_keystoneclient.py @@ -863,9 +863,9 @@ class KcMasterTestCase(CompatTestCase, KeystoneClientTests): for i in range(2): tenant_id = uuid.uuid4().hex tenant = {'name': 'tenant-%s' % tenant_id, 'id': tenant_id} - self.identity_api.create_tenant(tenant_id, tenant) - self.identity_api.add_user_to_tenant(tenant_id, - self.user_foo['id']) + self.identity_api.create_project(tenant_id, tenant) + self.identity_api.add_user_to_project(tenant_id, + self.user_foo['id']) tenants = client.tenants.list() self.assertEqual(len(tenants), 3) @@ -889,9 +889,9 @@ class KcMasterTestCase(CompatTestCase, KeystoneClientTests): for i in range(2): tenant_id = uuid.uuid4().hex tenant = {'name': 'tenant-%s' % tenant_id, 'id': tenant_id} - self.identity_api.create_tenant(tenant_id, tenant) - self.identity_api.add_user_to_tenant(tenant_id, - self.user_foo['id']) + self.identity_api.create_project(tenant_id, tenant) + self.identity_api.add_user_to_project(tenant_id, + self.user_foo['id']) tenants = client.tenants.list() self.assertEqual(len(tenants), 3) diff --git a/tests/test_migrate_nova_auth.py b/tests/test_migrate_nova_auth.py index 9b687f7690..56e4c5ba64 100644 --- a/tests/test_migrate_nova_auth.py +++ b/tests/test_migrate_nova_auth.py @@ -96,7 +96,7 @@ class MigrateNovaAuth(test.TestCase): tenants = {} for tenant in ['proj1', 'proj2', 'proj4']: - tenants[tenant] = self.identity_api.get_tenant_by_name(tenant) + tenants[tenant] = self.identity_api.get_project_by_name(tenant) membership_map = { 'user1': ['proj1'], @@ -105,10 +105,10 @@ class MigrateNovaAuth(test.TestCase): 'user4': ['proj4'], } - for (old_user, old_tenants) in membership_map.iteritems(): + for (old_user, old_projects) in membership_map.iteritems(): user = users[old_user] - membership = self.identity_api.get_tenants_for_user(user['id']) - expected = [tenants[t]['id'] for t in old_tenants] + membership = self.identity_api.get_projects_for_user(user['id']) + expected = [tenants[t]['id'] for t in old_projects] self.assertEqual(set(expected), set(membership)) for tenant_id in membership: password = None @@ -119,7 +119,7 @@ class MigrateNovaAuth(test.TestCase): for ec2_cred in FIXTURE['ec2_credentials']: user_id = users[ec2_cred['user_id']]['id'] - for tenant_id in self.identity_api.get_tenants_for_user(user_id): + for tenant_id in self.identity_api.get_projects_for_user(user_id): access = '%s:%s' % (tenant_id, ec2_cred['access_key']) cred = self.ec2_api.get_credential(access) actual = cred['secret'] @@ -137,14 +137,14 @@ class MigrateNovaAuth(test.TestCase): 'user4': {'proj4': ['role1']}, } - for (old_user, old_tenant_map) in assignment_map.iteritems(): + for (old_user, old_project_map) in assignment_map.iteritems(): tenant_names = ['proj1', 'proj2', 'proj4'] for tenant_name in tenant_names: user = users[old_user] tenant = tenants[tenant_name] - roles = self.identity_api.get_roles_for_user_and_tenant( + roles = self.identity_api.get_roles_for_user_and_project( user['id'], tenant['id']) actual = [self.identity_api.get_role(role_id)['name'] for role_id in roles] - expected = old_tenant_map.get(tenant_name, []) + expected = old_project_map.get(tenant_name, []) self.assertEqual(set(actual), set(expected))