Replace 'tenant_id' with 'project_id'

Since 'tenant_id' is deprecated in openstack.
Thus replacing it with 'project_id'.

Change-Id: I77e4222623eb3c91fd7d10c2cbb4d212af736814

keystone/api/_shared/EC2_S3_Resource.py

@@ -83,7 +83,7 @@ class ResourceBase(ks_flask.ResourceBase):
         # Convert to the legacy format
         cred_data = dict(
             user_id=cred.get('user_id'),
-            tenant_id=cred.get('project_id'),
+            project_id=cred.get('project_id'),
             access=loaded.get('access'),
             secret=loaded.get('secret'),
             trust_id=loaded.get('trust_id')
@@ -92,7 +92,7 @@ class ResourceBase(ks_flask.ResourceBase):
         # validate the signature
         self._check_signature(cred_data, credentials)
         project_ref = PROVIDERS.resource_api.get_project(
-            cred_data['tenant_id'])
+            cred_data['project_id'])
         user_ref = PROVIDERS.identity_api.get_user(cred_data['user_id'])
 
         # validate that the auth info is valid and nothing is disabled

keystone/assignment/backends/base.py

@@ -30,8 +30,8 @@ class AssignmentDriverBase(object):
         return CONF.assignment.list_limit or CONF.list_limit
 
     @abc.abstractmethod
-    def add_role_to_user_and_project(self, user_id, tenant_id, role_id):
-        """Add a role to a user within given tenant.
+    def add_role_to_user_and_project(self, user_id, project_id, role_id):
+        """Add a role to a user within given project.
 
         :raises keystone.exception.Conflict: If a duplicate role assignment
             exists.
@@ -40,8 +40,8 @@ class AssignmentDriverBase(object):
         raise exception.NotImplemented()  # pragma: no cover
 
     @abc.abstractmethod
-    def remove_role_from_user_and_project(self, user_id, tenant_id, role_id):
-        """Remove a role from a user within given tenant.
+    def remove_role_from_user_and_project(self, user_id, project_id, role_id):
+        """Remove a role from a user within given project.
 
         :raises keystone.exception.RoleNotFound: If the role doesn't exist.
 

keystone/assignment/backends/sql.py

@@ -113,23 +113,23 @@ class Assignment(base.AssignmentDriverBase):
                                                        actor_id=actor_id,
                                                        target_id=target_id)
 
-    def add_role_to_user_and_project(self, user_id, tenant_id, role_id):
+    def add_role_to_user_and_project(self, user_id, project_id, role_id):
         try:
             with sql.session_for_write() as session:
                 session.add(RoleAssignment(
                     type=AssignmentType.USER_PROJECT,
-                    actor_id=user_id, target_id=tenant_id,
+                    actor_id=user_id, target_id=project_id,
                     role_id=role_id, inherited=False))
         except sql.DBDuplicateEntry:
             msg = ('User %s already has role %s in tenant %s'
-                   % (user_id, role_id, tenant_id))
+                   % (user_id, role_id, project_id))
             raise exception.Conflict(type='role grant', details=msg)
 
-    def remove_role_from_user_and_project(self, user_id, tenant_id, role_id):
+    def remove_role_from_user_and_project(self, user_id, project_id, role_id):
         with sql.session_for_write() as session:
             q = session.query(RoleAssignment)
             q = q.filter_by(actor_id=user_id)
-            q = q.filter_by(target_id=tenant_id)
+            q = q.filter_by(target_id=project_id)
             q = q.filter_by(role_id=role_id)
             if q.delete() == 0:
                 raise exception.RoleNotFound(message=_(

keystone/assignment/core.py

@@ -86,10 +86,10 @@ class Manager(manager.Manager):
         return [x['id'] for
                 x in PROVIDERS.identity_api.list_groups_for_user(user_id)]
 
-    def list_user_ids_for_project(self, tenant_id):
-        PROVIDERS.resource_api.get_project(tenant_id)
+    def list_user_ids_for_project(self, project_id):
+        PROVIDERS.resource_api.get_project(project_id)
         assignment_list = self.list_role_assignments(
-            project_id=tenant_id, effective=True)
+            project_id=project_id, effective=True)
         # Use set() to process the list to remove any duplicates
         return list(set([x['user_id'] for x in assignment_list]))
 
@@ -111,7 +111,7 @@ class Manager(manager.Manager):
                 )
 
     @MEMOIZE_COMPUTED_ASSIGNMENTS
-    def get_roles_for_user_and_project(self, user_id, tenant_id):
+    def get_roles_for_user_and_project(self, user_id, project_id):
         """Get the roles associated with a user within given project.
 
         This includes roles directly assigned to the user on the
@@ -123,9 +123,9 @@ class Manager(manager.Manager):
             exist.
 
         """
-        PROVIDERS.resource_api.get_project(tenant_id)
+        PROVIDERS.resource_api.get_project(project_id)
         assignment_list = self.list_role_assignments(
-            user_id=user_id, project_id=tenant_id, effective=True)
+            user_id=user_id, project_id=project_id, effective=True)
         # Use set() to process the list to remove any duplicates
         return list(set([x['role_id'] for x in assignment_list]))
 
@@ -200,9 +200,9 @@ class Manager(manager.Manager):
         PROVIDERS.role_api.get_role(role_id)
         self.driver.add_role_to_user_and_project(user_id, project_id, role_id)
 
-    def add_role_to_user_and_project(self, user_id, tenant_id, role_id):
+    def add_role_to_user_and_project(self, user_id, project_id, role_id):
         self._add_role_to_user_and_project_adapter(
-            role_id, user_id=user_id, project_id=tenant_id)
+            role_id, user_id=user_id, project_id=project_id)
         COMPUTED_ASSIGNMENTS_REGION.invalidate()
 
     # TODO(henry-nash): We might want to consider list limiting this at some
@@ -271,9 +271,9 @@ class Manager(manager.Manager):
             role_id, group_id, user_id, project_id, domain_id
         )
 
-    def remove_role_from_user_and_project(self, user_id, tenant_id, role_id):
+    def remove_role_from_user_and_project(self, user_id, project_id, role_id):
         self._remove_role_from_user_and_project_adapter(
-            role_id, user_id=user_id, project_id=tenant_id)
+            role_id, user_id=user_id, project_id=project_id)
         COMPUTED_ASSIGNMENTS_REGION.invalidate()
 
     def _invalidate_token_cache(self, role_id, group_id, user_id, project_id,

keystone/cmd/bootstrap.py

@@ -215,7 +215,7 @@ class Bootstrapper(object):
         try:
             PROVIDERS.assignment_api.add_role_to_user_and_project(
                 user_id=self.admin_user_id,
-                tenant_id=self.project_id,
+                project_id=self.project_id,
                 role_id=self.admin_role_id
             )
             LOG.info('Granted %(role)s on %(project)s to user'

keystone/tests/unit/application_credential/test_backends.py

@@ -213,7 +213,7 @@ class ApplicationCredentialTests(object):
         app_cred_proj_B = self._new_app_cred_data(
             self.user_foo['id'], project_id=self.tenant_baz['id'], name='app3')
         PROVIDERS.assignment_api.add_role_to_user_and_project(
-            tenant_id=self.tenant_baz['id'],
+            project_id=self.tenant_baz['id'],
             user_id=self.user_foo['id'],
             role_id=self.role__member_['id'])
         self.app_cred_api.create_application_credential(app_cred_proj_A_1)
@@ -233,7 +233,7 @@ class ApplicationCredentialTests(object):
         # application credentials on project bar.
         PROVIDERS.assignment_api.remove_role_from_user_and_project(
             user_id=self.user_foo['id'],
-            tenant_id=self.tenant_bar['id'],
+            project_id=self.tenant_bar['id'],
             role_id=self.role__member_['id'])
         self.assertNotIn(app_cred_proj_A_1['id'],
                          self._list_ids(self.user_foo))

keystone/tests/unit/assignment/test_backends.py

@@ -463,7 +463,7 @@ class AssignmentTests(AssignmentTestHelperMixin):
         self.assertNotIn(self.user_two['id'], user_ids)
 
         PROVIDERS.assignment_api.add_role_to_user_and_project(
-            tenant_id=self.tenant_bar['id'],
+            project_id=self.tenant_bar['id'],
             user_id=self.user_two['id'],
             role_id=self.role_other['id'])
         user_ids = PROVIDERS.assignment_api.list_user_ids_for_project(
@@ -471,7 +471,7 @@ class AssignmentTests(AssignmentTestHelperMixin):
         self.assertIn(self.user_two['id'], user_ids)
 
         PROVIDERS.assignment_api.remove_role_from_user_and_project(
-            tenant_id=self.tenant_bar['id'],
+            project_id=self.tenant_bar['id'],
             user_id=self.user_two['id'],
             role_id=self.role_other['id'])
 
@@ -485,7 +485,7 @@ class AssignmentTests(AssignmentTestHelperMixin):
         self.assertRaises(exception.RoleNotFound,
                           PROVIDERS.assignment_api.
                           remove_role_from_user_and_project,
-                          tenant_id=self.tenant_bar['id'],
+                          project_id=self.tenant_bar['id'],
                           user_id=self.user_two['id'],
                           role_id=self.role_other['id'])
 
@@ -511,7 +511,7 @@ class AssignmentTests(AssignmentTestHelperMixin):
             PROVIDERS.role_api.create_role(role_ref['id'], role_ref)
             PROVIDERS.assignment_api.add_role_to_user_and_project(
                 user_id=user_ref['id'],
-                tenant_id=project_ref['id'],
+                project_id=project_ref['id'],
                 role_id=role_ref['id'])
         # Get the list of user_ids in project
         user_ids = PROVIDERS.assignment_api.list_user_ids_for_project(
@@ -727,7 +727,7 @@ class AssignmentTests(AssignmentTestHelperMixin):
 
             PROVIDERS.assignment_api.add_role_to_user_and_project(
                 user_id=user_ref['id'],
-                tenant_id=project_ref['id'],
+                project_id=project_ref['id'],
                 role_id=role_ref['id'])
 
         role_list = PROVIDERS.assignment_api.get_roles_for_user_and_project(

keystone/tests/unit/test_backend_ldap.py

@@ -1682,11 +1682,11 @@ class LDAPIdentity(BaseLDAPIdentity):
 
         PROVIDERS.assignment_api.add_role_to_user_and_project(
             user_id=user1['id'],
-            tenant_id=project1['id'],
+            project_id=project1['id'],
             role_id=role_list[0]['id'])
         PROVIDERS.assignment_api.add_role_to_user_and_project(
             user_id=user1['id'],
-            tenant_id=project1['id'],
+            project_id=project1['id'],
             role_id=role_list[1]['id'])
 
         # Although list_grants are not yet supported, we can test the

keystone/tests/unit/test_middleware.py

@@ -163,7 +163,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests,
         # Assign a role to the user on a project
         PROVIDERS.assignment_api.add_role_to_user_and_project(
             user_id=self.user['id'],
-            tenant_id=self.project_id,
+            project_id=self.project_id,
             role_id=self.role_id)
 
         # Assign a role to the group on a project

keystone/tests/unit/test_v3_oauth1.py

@@ -871,7 +871,7 @@ class MaliciousOAuth1Tests(OAuth1Tests):
         PROVIDERS.role_api.create_role(new_role['id'], new_role)
         PROVIDERS.assignment_api.add_role_to_user_and_project(
             user_id=self.user_id,
-            tenant_id=self.project_id,
+            project_id=self.project_id,
             role_id=new_role['id'])
 
         url, headers = self._create_request_token(consumer, self.project_id)

releasenotes/notes/tenant_id_to_project_id-42d95d93011785cb.yaml

@@ -0,0 +1,5 @@
+---
+upgrade:
+  - >
+    The assignment driver interface has changed to use the named parameter
+    'project_id' instead of 'tenant_id'.