Replace 'tenant_id' with 'project_id'

Since 'tenant_id' is deprecated in openstack.
Thus replacing it with 'project_id'.

Change-Id: I77e4222623eb3c91fd7d10c2cbb4d212af736814
This commit is contained in:
Vishakha Agarwal 2019-01-18 10:51:21 +05:30 committed by Colleen Murphy
parent 2c47e935fa
commit 4c84739e26
11 changed files with 38 additions and 33 deletions

View File

@ -83,7 +83,7 @@ class ResourceBase(ks_flask.ResourceBase):
# Convert to the legacy format
cred_data = dict(
user_id=cred.get('user_id'),
tenant_id=cred.get('project_id'),
project_id=cred.get('project_id'),
access=loaded.get('access'),
secret=loaded.get('secret'),
trust_id=loaded.get('trust_id')
@ -92,7 +92,7 @@ class ResourceBase(ks_flask.ResourceBase):
# validate the signature
self._check_signature(cred_data, credentials)
project_ref = PROVIDERS.resource_api.get_project(
cred_data['tenant_id'])
cred_data['project_id'])
user_ref = PROVIDERS.identity_api.get_user(cred_data['user_id'])
# validate that the auth info is valid and nothing is disabled

View File

@ -30,8 +30,8 @@ class AssignmentDriverBase(object):
return CONF.assignment.list_limit or CONF.list_limit
@abc.abstractmethod
def add_role_to_user_and_project(self, user_id, tenant_id, role_id):
"""Add a role to a user within given tenant.
def add_role_to_user_and_project(self, user_id, project_id, role_id):
"""Add a role to a user within given project.
:raises keystone.exception.Conflict: If a duplicate role assignment
exists.
@ -40,8 +40,8 @@ class AssignmentDriverBase(object):
raise exception.NotImplemented() # pragma: no cover
@abc.abstractmethod
def remove_role_from_user_and_project(self, user_id, tenant_id, role_id):
"""Remove a role from a user within given tenant.
def remove_role_from_user_and_project(self, user_id, project_id, role_id):
"""Remove a role from a user within given project.
:raises keystone.exception.RoleNotFound: If the role doesn't exist.

View File

@ -113,23 +113,23 @@ class Assignment(base.AssignmentDriverBase):
actor_id=actor_id,
target_id=target_id)
def add_role_to_user_and_project(self, user_id, tenant_id, role_id):
def add_role_to_user_and_project(self, user_id, project_id, role_id):
try:
with sql.session_for_write() as session:
session.add(RoleAssignment(
type=AssignmentType.USER_PROJECT,
actor_id=user_id, target_id=tenant_id,
actor_id=user_id, target_id=project_id,
role_id=role_id, inherited=False))
except sql.DBDuplicateEntry:
msg = ('User %s already has role %s in tenant %s'
% (user_id, role_id, tenant_id))
% (user_id, role_id, project_id))
raise exception.Conflict(type='role grant', details=msg)
def remove_role_from_user_and_project(self, user_id, tenant_id, role_id):
def remove_role_from_user_and_project(self, user_id, project_id, role_id):
with sql.session_for_write() as session:
q = session.query(RoleAssignment)
q = q.filter_by(actor_id=user_id)
q = q.filter_by(target_id=tenant_id)
q = q.filter_by(target_id=project_id)
q = q.filter_by(role_id=role_id)
if q.delete() == 0:
raise exception.RoleNotFound(message=_(

View File

@ -86,10 +86,10 @@ class Manager(manager.Manager):
return [x['id'] for
x in PROVIDERS.identity_api.list_groups_for_user(user_id)]
def list_user_ids_for_project(self, tenant_id):
PROVIDERS.resource_api.get_project(tenant_id)
def list_user_ids_for_project(self, project_id):
PROVIDERS.resource_api.get_project(project_id)
assignment_list = self.list_role_assignments(
project_id=tenant_id, effective=True)
project_id=project_id, effective=True)
# Use set() to process the list to remove any duplicates
return list(set([x['user_id'] for x in assignment_list]))
@ -111,7 +111,7 @@ class Manager(manager.Manager):
)
@MEMOIZE_COMPUTED_ASSIGNMENTS
def get_roles_for_user_and_project(self, user_id, tenant_id):
def get_roles_for_user_and_project(self, user_id, project_id):
"""Get the roles associated with a user within given project.
This includes roles directly assigned to the user on the
@ -123,9 +123,9 @@ class Manager(manager.Manager):
exist.
"""
PROVIDERS.resource_api.get_project(tenant_id)
PROVIDERS.resource_api.get_project(project_id)
assignment_list = self.list_role_assignments(
user_id=user_id, project_id=tenant_id, effective=True)
user_id=user_id, project_id=project_id, effective=True)
# Use set() to process the list to remove any duplicates
return list(set([x['role_id'] for x in assignment_list]))
@ -200,9 +200,9 @@ class Manager(manager.Manager):
PROVIDERS.role_api.get_role(role_id)
self.driver.add_role_to_user_and_project(user_id, project_id, role_id)
def add_role_to_user_and_project(self, user_id, tenant_id, role_id):
def add_role_to_user_and_project(self, user_id, project_id, role_id):
self._add_role_to_user_and_project_adapter(
role_id, user_id=user_id, project_id=tenant_id)
role_id, user_id=user_id, project_id=project_id)
COMPUTED_ASSIGNMENTS_REGION.invalidate()
# TODO(henry-nash): We might want to consider list limiting this at some
@ -271,9 +271,9 @@ class Manager(manager.Manager):
role_id, group_id, user_id, project_id, domain_id
)
def remove_role_from_user_and_project(self, user_id, tenant_id, role_id):
def remove_role_from_user_and_project(self, user_id, project_id, role_id):
self._remove_role_from_user_and_project_adapter(
role_id, user_id=user_id, project_id=tenant_id)
role_id, user_id=user_id, project_id=project_id)
COMPUTED_ASSIGNMENTS_REGION.invalidate()
def _invalidate_token_cache(self, role_id, group_id, user_id, project_id,

View File

@ -215,7 +215,7 @@ class Bootstrapper(object):
try:
PROVIDERS.assignment_api.add_role_to_user_and_project(
user_id=self.admin_user_id,
tenant_id=self.project_id,
project_id=self.project_id,
role_id=self.admin_role_id
)
LOG.info('Granted %(role)s on %(project)s to user'

View File

@ -213,7 +213,7 @@ class ApplicationCredentialTests(object):
app_cred_proj_B = self._new_app_cred_data(
self.user_foo['id'], project_id=self.tenant_baz['id'], name='app3')
PROVIDERS.assignment_api.add_role_to_user_and_project(
tenant_id=self.tenant_baz['id'],
project_id=self.tenant_baz['id'],
user_id=self.user_foo['id'],
role_id=self.role__member_['id'])
self.app_cred_api.create_application_credential(app_cred_proj_A_1)
@ -233,7 +233,7 @@ class ApplicationCredentialTests(object):
# application credentials on project bar.
PROVIDERS.assignment_api.remove_role_from_user_and_project(
user_id=self.user_foo['id'],
tenant_id=self.tenant_bar['id'],
project_id=self.tenant_bar['id'],
role_id=self.role__member_['id'])
self.assertNotIn(app_cred_proj_A_1['id'],
self._list_ids(self.user_foo))

View File

@ -463,7 +463,7 @@ class AssignmentTests(AssignmentTestHelperMixin):
self.assertNotIn(self.user_two['id'], user_ids)
PROVIDERS.assignment_api.add_role_to_user_and_project(
tenant_id=self.tenant_bar['id'],
project_id=self.tenant_bar['id'],
user_id=self.user_two['id'],
role_id=self.role_other['id'])
user_ids = PROVIDERS.assignment_api.list_user_ids_for_project(
@ -471,7 +471,7 @@ class AssignmentTests(AssignmentTestHelperMixin):
self.assertIn(self.user_two['id'], user_ids)
PROVIDERS.assignment_api.remove_role_from_user_and_project(
tenant_id=self.tenant_bar['id'],
project_id=self.tenant_bar['id'],
user_id=self.user_two['id'],
role_id=self.role_other['id'])
@ -485,7 +485,7 @@ class AssignmentTests(AssignmentTestHelperMixin):
self.assertRaises(exception.RoleNotFound,
PROVIDERS.assignment_api.
remove_role_from_user_and_project,
tenant_id=self.tenant_bar['id'],
project_id=self.tenant_bar['id'],
user_id=self.user_two['id'],
role_id=self.role_other['id'])
@ -511,7 +511,7 @@ class AssignmentTests(AssignmentTestHelperMixin):
PROVIDERS.role_api.create_role(role_ref['id'], role_ref)
PROVIDERS.assignment_api.add_role_to_user_and_project(
user_id=user_ref['id'],
tenant_id=project_ref['id'],
project_id=project_ref['id'],
role_id=role_ref['id'])
# Get the list of user_ids in project
user_ids = PROVIDERS.assignment_api.list_user_ids_for_project(
@ -727,7 +727,7 @@ class AssignmentTests(AssignmentTestHelperMixin):
PROVIDERS.assignment_api.add_role_to_user_and_project(
user_id=user_ref['id'],
tenant_id=project_ref['id'],
project_id=project_ref['id'],
role_id=role_ref['id'])
role_list = PROVIDERS.assignment_api.get_roles_for_user_and_project(

View File

@ -1682,11 +1682,11 @@ class LDAPIdentity(BaseLDAPIdentity):
PROVIDERS.assignment_api.add_role_to_user_and_project(
user_id=user1['id'],
tenant_id=project1['id'],
project_id=project1['id'],
role_id=role_list[0]['id'])
PROVIDERS.assignment_api.add_role_to_user_and_project(
user_id=user1['id'],
tenant_id=project1['id'],
project_id=project1['id'],
role_id=role_list[1]['id'])
# Although list_grants are not yet supported, we can test the

View File

@ -163,7 +163,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests,
# Assign a role to the user on a project
PROVIDERS.assignment_api.add_role_to_user_and_project(
user_id=self.user['id'],
tenant_id=self.project_id,
project_id=self.project_id,
role_id=self.role_id)
# Assign a role to the group on a project

View File

@ -871,7 +871,7 @@ class MaliciousOAuth1Tests(OAuth1Tests):
PROVIDERS.role_api.create_role(new_role['id'], new_role)
PROVIDERS.assignment_api.add_role_to_user_and_project(
user_id=self.user_id,
tenant_id=self.project_id,
project_id=self.project_id,
role_id=new_role['id'])
url, headers = self._create_request_token(consumer, self.project_id)

View File

@ -0,0 +1,5 @@
---
upgrade:
- >
The assignment driver interface has changed to use the named parameter
'project_id' instead of 'tenant_id'.