PEP8 fixes
Change-Id: I0989396691eb31d9008c016e64f2c197f8c7e48c
This commit is contained in:
Dolph Mathews
parent
e33a4742a8
commit
66a0b63dab
@ -150,7 +150,7 @@ class ServiceController(wsgi.Application):
|
||||
service_ref = OS_KSADM_service.copy()
|
||||
service_ref['id'] = service_id
|
||||
new_service_ref = self.catalog_api.create_service(
|
||||
context, service_id, service_ref)
|
||||
context, service_id, service_ref)
|
||||
return {'OS-KSADM:service': new_service_ref}
|
||||
|
||||
|
||||
@ -180,7 +180,7 @@ class EndpointController(wsgi.Application):
|
||||
raise exception.ServiceNotFound(service_id=service_id)
|
||||
|
||||
new_endpoint_ref = self.catalog_api.create_endpoint(
|
||||
context, endpoint_id, endpoint_ref)
|
||||
context, endpoint_id, endpoint_ref)
|
||||
return {'endpoint': new_endpoint_ref}
|
||||
|
||||
def delete_endpoint(self, context, endpoint_id):
|
||||
|
||||
@ -93,16 +93,19 @@ class BufferedHTTPConnection(HTTPConnection):
|
||||
|
||||
def getexpect(self):
|
||||
response = BufferedHTTPResponse(self.sock, strict=self.strict,
|
||||
method=self._method)
|
||||
method=self._method)
|
||||
response.expect_response()
|
||||
return response
|
||||
|
||||
def getresponse(self):
|
||||
response = HTTPConnection.getresponse(self)
|
||||
LOG.debug(('HTTP PERF: %(time).5f seconds to %(method)s '
|
||||
'%(host)s:%(port)s %(path)s)'),
|
||||
{'time': time.time() - self._connected_time, 'method': self._method,
|
||||
'host': self.host, 'port': self.port, 'path': self._path})
|
||||
LOG.debug('HTTP PERF: %(time).5f seconds to %(method)s '
|
||||
'%(host)s:%(port)s %(path)s)',
|
||||
{'time': time.time() - self._connected_time,
|
||||
'method': self._method,
|
||||
'host': self.host,
|
||||
'port': self.port,
|
||||
'path': self._path})
|
||||
return response
|
||||
|
||||
|
||||
|
||||
@ -106,7 +106,7 @@ class XmlSerializer(object):
|
||||
d.pop(key)
|
||||
|
||||
assert len(d.keys()) == 1, ('Cannot encode more than one root '
|
||||
'element: %s' % d.keys())
|
||||
'element: %s' % d.keys())
|
||||
|
||||
# name the root dom element
|
||||
name = d.keys()[0]
|
||||
|
||||
@ -136,8 +136,8 @@ class LegacyMigration(object):
|
||||
for x in self._data['user_roles']:
|
||||
# map
|
||||
if (not x.get('user_id')
|
||||
or not x.get('tenant_id')
|
||||
or not x.get('role_id')):
|
||||
or not x.get('tenant_id')
|
||||
or not x.get('role_id')):
|
||||
continue
|
||||
user_id = self._user_map[x['user_id']]
|
||||
tenant_id = self._tenant_map[x['tenant_id']]
|
||||
@ -149,7 +149,7 @@ class LegacyMigration(object):
|
||||
pass
|
||||
|
||||
self.identity_driver.add_role_to_user_and_tenant(
|
||||
user_id, tenant_id, role_id)
|
||||
user_id, tenant_id, role_id)
|
||||
|
||||
def _migrate_tokens(self):
|
||||
pass
|
||||
|
||||
@ -49,26 +49,23 @@ def db_sync(version=None):
|
||||
current_version = db_version()
|
||||
repo_path = _find_migrate_repo()
|
||||
if version is None or version > current_version:
|
||||
return versioning_api.upgrade(
|
||||
CONF.sql.connection, repo_path, version)
|
||||
return versioning_api.upgrade(CONF.sql.connection, repo_path, version)
|
||||
else:
|
||||
return versioning_api.downgrade(
|
||||
CONF.sql.connection, repo_path, version)
|
||||
CONF.sql.connection, repo_path, version)
|
||||
|
||||
|
||||
def db_version():
|
||||
repo_path = _find_migrate_repo()
|
||||
try:
|
||||
return versioning_api.db_version(
|
||||
CONF.sql.connection, repo_path)
|
||||
return versioning_api.db_version(CONF.sql.connection, repo_path)
|
||||
except versioning_exceptions.DatabaseNotControlledError:
|
||||
return db_version_control(0)
|
||||
|
||||
|
||||
def db_version_control(version=None):
|
||||
repo_path = _find_migrate_repo()
|
||||
versioning_api.version_control(
|
||||
CONF.sql.connection, repo_path, version)
|
||||
versioning_api.version_control(CONF.sql.connection, repo_path, version)
|
||||
return version
|
||||
|
||||
|
||||
|
||||
@ -106,7 +106,7 @@ def _assign_roles(api, assignments, role_map, user_map, tenant_map):
|
||||
user_id = user_map[assignment['user_id']]
|
||||
tenant_id = tenant_map[assignment['tenant_id']]
|
||||
LOG.debug('Assign role %s to user %s on tenant %s' %
|
||||
(role_id, user_id, tenant_id))
|
||||
(role_id, user_id, tenant_id))
|
||||
api.add_role_to_user_and_tenant(user_id, tenant_id, role_id)
|
||||
|
||||
|
||||
@ -121,5 +121,5 @@ def _create_ec2_creds(ec2_api, identity_api, ec2_creds, user_map):
|
||||
'tenant_id': tenant_id,
|
||||
}
|
||||
LOG.debug('Creating ec2 cred for user %s and tenant %s' %
|
||||
(user_id, tenant_id))
|
||||
(user_id, tenant_id))
|
||||
ec2_api.create_credential(None, cred_dict)
|
||||
|
||||
@ -65,9 +65,9 @@ class Server(object):
|
||||
def start(self, key=None, backlog=128):
|
||||
"""Run a WSGI server with the given application."""
|
||||
LOG.debug('Starting %(arg0)s on %(host)s:%(port)s' %
|
||||
{'arg0': sys.argv[0],
|
||||
'host': self.host,
|
||||
'port': self.port})
|
||||
{'arg0': sys.argv[0],
|
||||
'host': self.host,
|
||||
'port': self.port})
|
||||
socket = eventlet.listen((self.host, self.port), backlog=backlog)
|
||||
if key:
|
||||
self.socket_info[key] = socket.getsockname()
|
||||
@ -87,7 +87,7 @@ class Server(object):
|
||||
self.greenthread = self.pool.spawn(self._run, self.application, socket)
|
||||
|
||||
def set_ssl(self, certfile, keyfile=None, ca_certs=None,
|
||||
cert_required=True):
|
||||
cert_required=True):
|
||||
self.certfile = certfile
|
||||
self.keyfile = keyfile
|
||||
self.ca_certs = ca_certs
|
||||
@ -231,7 +231,7 @@ class Application(BaseApplication):
|
||||
if not context['is_admin']:
|
||||
try:
|
||||
user_token_ref = self.token_api.get_token(
|
||||
context=context, token_id=context['token_id'])
|
||||
context=context, token_id=context['token_id'])
|
||||
except exception.TokenNotFound:
|
||||
raise exception.Unauthorized()
|
||||
|
||||
|
||||
@ -34,146 +34,184 @@ class CrudExtension(wsgi.ExtensionRouter):
|
||||
endpoint_controller = catalog.EndpointController()
|
||||
|
||||
# Tenant Operations
|
||||
mapper.connect('/tenants', controller=tenant_controller,
|
||||
action='create_tenant',
|
||||
conditions=dict(method=['POST']))
|
||||
mapper.connect('/tenants/{tenant_id}',
|
||||
controller=tenant_controller,
|
||||
action='update_tenant',
|
||||
conditions=dict(method=['PUT', 'POST']))
|
||||
mapper.connect('/tenants/{tenant_id}',
|
||||
controller=tenant_controller,
|
||||
action='delete_tenant',
|
||||
conditions=dict(method=['DELETE']))
|
||||
mapper.connect('/tenants/{tenant_id}/users',
|
||||
controller=tenant_controller,
|
||||
action='get_tenant_users',
|
||||
conditions=dict(method=['GET']))
|
||||
mapper.connect(
|
||||
'/tenants',
|
||||
controller=tenant_controller,
|
||||
action='create_tenant',
|
||||
conditions=dict(method=['POST']))
|
||||
mapper.connect(
|
||||
'/tenants/{tenant_id}',
|
||||
controller=tenant_controller,
|
||||
action='update_tenant',
|
||||
conditions=dict(method=['PUT', 'POST']))
|
||||
mapper.connect(
|
||||
'/tenants/{tenant_id}',
|
||||
controller=tenant_controller,
|
||||
action='delete_tenant',
|
||||
conditions=dict(method=['DELETE']))
|
||||
mapper.connect(
|
||||
'/tenants/{tenant_id}/users',
|
||||
controller=tenant_controller,
|
||||
action='get_tenant_users',
|
||||
conditions=dict(method=['GET']))
|
||||
|
||||
# User Operations
|
||||
mapper.connect('/users',
|
||||
controller=user_controller,
|
||||
action='get_users',
|
||||
conditions=dict(method=['GET']))
|
||||
mapper.connect('/users',
|
||||
controller=user_controller,
|
||||
action='create_user',
|
||||
conditions=dict(method=['POST']))
|
||||
mapper.connect(
|
||||
'/users',
|
||||
controller=user_controller,
|
||||
action='get_users',
|
||||
conditions=dict(method=['GET']))
|
||||
mapper.connect(
|
||||
'/users',
|
||||
controller=user_controller,
|
||||
action='create_user',
|
||||
conditions=dict(method=['POST']))
|
||||
# NOTE(termie): not in diablo
|
||||
mapper.connect('/users/{user_id}',
|
||||
controller=user_controller,
|
||||
action='update_user',
|
||||
conditions=dict(method=['PUT']))
|
||||
mapper.connect('/users/{user_id}',
|
||||
controller=user_controller,
|
||||
action='delete_user',
|
||||
conditions=dict(method=['DELETE']))
|
||||
mapper.connect(
|
||||
'/users/{user_id}',
|
||||
controller=user_controller,
|
||||
action='update_user',
|
||||
conditions=dict(method=['PUT']))
|
||||
mapper.connect(
|
||||
'/users/{user_id}',
|
||||
controller=user_controller,
|
||||
action='delete_user',
|
||||
conditions=dict(method=['DELETE']))
|
||||
|
||||
# COMPAT(diablo): the copy with no OS-KSADM is from diablo
|
||||
mapper.connect('/users/{user_id}/password',
|
||||
controller=user_controller,
|
||||
action='set_user_password',
|
||||
conditions=dict(method=['PUT']))
|
||||
mapper.connect('/users/{user_id}/OS-KSADM/password',
|
||||
controller=user_controller,
|
||||
action='set_user_password',
|
||||
conditions=dict(method=['PUT']))
|
||||
mapper.connect(
|
||||
'/users/{user_id}/password',
|
||||
controller=user_controller,
|
||||
action='set_user_password',
|
||||
conditions=dict(method=['PUT']))
|
||||
mapper.connect(
|
||||
'/users/{user_id}/OS-KSADM/password',
|
||||
controller=user_controller,
|
||||
action='set_user_password',
|
||||
conditions=dict(method=['PUT']))
|
||||
|
||||
# COMPAT(diablo): the copy with no OS-KSADM is from diablo
|
||||
mapper.connect('/users/{user_id}/tenant',
|
||||
controller=user_controller,
|
||||
action='update_user_tenant',
|
||||
conditions=dict(method=['PUT']))
|
||||
mapper.connect('/users/{user_id}/OS-KSADM/tenant',
|
||||
controller=user_controller,
|
||||
action='update_user_tenant',
|
||||
conditions=dict(method=['PUT']))
|
||||
mapper.connect(
|
||||
'/users/{user_id}/tenant',
|
||||
controller=user_controller,
|
||||
action='update_user_tenant',
|
||||
conditions=dict(method=['PUT']))
|
||||
mapper.connect(
|
||||
'/users/{user_id}/OS-KSADM/tenant',
|
||||
controller=user_controller,
|
||||
action='update_user_tenant',
|
||||
conditions=dict(method=['PUT']))
|
||||
|
||||
# COMPAT(diablo): the copy with no OS-KSADM is from diablo
|
||||
mapper.connect('/users/{user_id}/enabled',
|
||||
controller=user_controller,
|
||||
action='set_user_enabled',
|
||||
conditions=dict(method=['PUT']))
|
||||
mapper.connect('/users/{user_id}/OS-KSADM/enabled',
|
||||
controller=user_controller,
|
||||
action='set_user_enabled',
|
||||
conditions=dict(method=['PUT']))
|
||||
mapper.connect(
|
||||
'/users/{user_id}/enabled',
|
||||
controller=user_controller,
|
||||
action='set_user_enabled',
|
||||
conditions=dict(method=['PUT']))
|
||||
mapper.connect(
|
||||
'/users/{user_id}/OS-KSADM/enabled',
|
||||
controller=user_controller,
|
||||
action='set_user_enabled',
|
||||
conditions=dict(method=['PUT']))
|
||||
|
||||
# User Roles
|
||||
mapper.connect('/users/{user_id}/roles/OS-KSADM/{role_id}',
|
||||
controller=role_controller, action='add_role_to_user',
|
||||
mapper.connect(
|
||||
'/users/{user_id}/roles/OS-KSADM/{role_id}',
|
||||
controller=role_controller,
|
||||
action='add_role_to_user',
|
||||
conditions=dict(method=['PUT']))
|
||||
mapper.connect('/users/{user_id}/roles/OS-KSADM/{role_id}',
|
||||
controller=role_controller, action='delete_role_from_user',
|
||||
mapper.connect(
|
||||
'/users/{user_id}/roles/OS-KSADM/{role_id}',
|
||||
controller=role_controller,
|
||||
action='delete_role_from_user',
|
||||
conditions=dict(method=['DELETE']))
|
||||
|
||||
# COMPAT(diablo): User Roles
|
||||
mapper.connect('/users/{user_id}/roleRefs',
|
||||
controller=role_controller, action='get_role_refs',
|
||||
mapper.connect(
|
||||
'/users/{user_id}/roleRefs',
|
||||
controller=role_controller,
|
||||
action='get_role_refs',
|
||||
conditions=dict(method=['GET']))
|
||||
mapper.connect('/users/{user_id}/roleRefs',
|
||||
controller=role_controller, action='create_role_ref',
|
||||
mapper.connect(
|
||||
'/users/{user_id}/roleRefs',
|
||||
controller=role_controller,
|
||||
action='create_role_ref',
|
||||
conditions=dict(method=['POST']))
|
||||
mapper.connect('/users/{user_id}/roleRefs/{role_ref_id}',
|
||||
controller=role_controller, action='delete_role_ref',
|
||||
mapper.connect(
|
||||
'/users/{user_id}/roleRefs/{role_ref_id}',
|
||||
controller=role_controller,
|
||||
action='delete_role_ref',
|
||||
conditions=dict(method=['DELETE']))
|
||||
|
||||
# User-Tenant Roles
|
||||
mapper.connect(
|
||||
'/tenants/{tenant_id}/users/{user_id}/roles/OS-KSADM/{role_id}',
|
||||
controller=role_controller, action='add_role_to_user',
|
||||
controller=role_controller,
|
||||
action='add_role_to_user',
|
||||
conditions=dict(method=['PUT']))
|
||||
mapper.connect(
|
||||
'/tenants/{tenant_id}/users/{user_id}/roles/OS-KSADM/{role_id}',
|
||||
controller=role_controller, action='remove_role_from_user',
|
||||
controller=role_controller,
|
||||
action='remove_role_from_user',
|
||||
conditions=dict(method=['DELETE']))
|
||||
|
||||
# Service Operations
|
||||
mapper.connect('/OS-KSADM/services',
|
||||
controller=service_controller,
|
||||
action='get_services',
|
||||
conditions=dict(method=['GET']))
|
||||
mapper.connect('/OS-KSADM/services',
|
||||
controller=service_controller,
|
||||
action='create_service',
|
||||
conditions=dict(method=['POST']))
|
||||
mapper.connect('/OS-KSADM/services/{service_id}',
|
||||
controller=service_controller,
|
||||
action='delete_service',
|
||||
conditions=dict(method=['DELETE']))
|
||||
mapper.connect('/OS-KSADM/services/{service_id}',
|
||||
controller=service_controller,
|
||||
action='get_service',
|
||||
conditions=dict(method=['GET']))
|
||||
mapper.connect(
|
||||
'/OS-KSADM/services',
|
||||
controller=service_controller,
|
||||
action='get_services',
|
||||
conditions=dict(method=['GET']))
|
||||
mapper.connect(
|
||||
'/OS-KSADM/services',
|
||||
controller=service_controller,
|
||||
action='create_service',
|
||||
conditions=dict(method=['POST']))
|
||||
mapper.connect(
|
||||
'/OS-KSADM/services/{service_id}',
|
||||
controller=service_controller,
|
||||
action='delete_service',
|
||||
conditions=dict(method=['DELETE']))
|
||||
mapper.connect(
|
||||
'/OS-KSADM/services/{service_id}',
|
||||
controller=service_controller,
|
||||
action='get_service',
|
||||
conditions=dict(method=['GET']))
|
||||
|
||||
# Endpoint Templates
|
||||
mapper.connect('/endpoints',
|
||||
controller=endpoint_controller,
|
||||
action='get_endpoints',
|
||||
conditions=dict(method=['GET']))
|
||||
mapper.connect('/endpoints',
|
||||
controller=endpoint_controller,
|
||||
action='create_endpoint',
|
||||
conditions=dict(method=['POST']))
|
||||
mapper.connect('/endpoints/{endpoint_id}',
|
||||
controller=endpoint_controller,
|
||||
action='delete_endpoint',
|
||||
conditions=dict(method=['DELETE']))
|
||||
mapper.connect(
|
||||
'/endpoints',
|
||||
controller=endpoint_controller,
|
||||
action='get_endpoints',
|
||||
conditions=dict(method=['GET']))
|
||||
mapper.connect(
|
||||
'/endpoints',
|
||||
controller=endpoint_controller,
|
||||
action='create_endpoint',
|
||||
conditions=dict(method=['POST']))
|
||||
mapper.connect(
|
||||
'/endpoints/{endpoint_id}',
|
||||
controller=endpoint_controller,
|
||||
action='delete_endpoint',
|
||||
conditions=dict(method=['DELETE']))
|
||||
|
||||
# Role Operations
|
||||
mapper.connect('/OS-KSADM/roles',
|
||||
controller=role_controller,
|
||||
action='create_role',
|
||||
conditions=dict(method=['POST']))
|
||||
mapper.connect('/OS-KSADM/roles',
|
||||
controller=role_controller,
|
||||
action='get_roles',
|
||||
conditions=dict(method=['GET']))
|
||||
mapper.connect('/OS-KSADM/roles/{role_id}',
|
||||
controller=role_controller,
|
||||
action='get_role',
|
||||
conditions=dict(method=['GET']))
|
||||
mapper.connect('/OS-KSADM/roles/{role_id}',
|
||||
controller=role_controller,
|
||||
action='delete_role',
|
||||
conditions=dict(method=['DELETE']))
|
||||
mapper.connect(
|
||||
'/OS-KSADM/roles',
|
||||
controller=role_controller,
|
||||
action='create_role',
|
||||
conditions=dict(method=['POST']))
|
||||
mapper.connect(
|
||||
'/OS-KSADM/roles',
|
||||
controller=role_controller,
|
||||
action='get_roles',
|
||||
conditions=dict(method=['GET']))
|
||||
mapper.connect(
|
||||
'/OS-KSADM/roles/{role_id}',
|
||||
controller=role_controller,
|
||||
action='get_role',
|
||||
conditions=dict(method=['GET']))
|
||||
mapper.connect(
|
||||
'/OS-KSADM/roles/{role_id}',
|
||||
controller=role_controller,
|
||||
action='delete_role',
|
||||
conditions=dict(method=['DELETE']))
|
||||
|
||||
@ -67,28 +67,33 @@ class Ec2Extension(wsgi.ExtensionRouter):
|
||||
def add_routes(self, mapper):
|
||||
ec2_controller = Ec2Controller()
|
||||
# validation
|
||||
mapper.connect('/ec2tokens',
|
||||
controller=ec2_controller,
|
||||
action='authenticate',
|
||||
conditions=dict(method=['POST']))
|
||||
mapper.connect(
|
||||
'/ec2tokens',
|
||||
controller=ec2_controller,
|
||||
action='authenticate',
|
||||
conditions=dict(method=['POST']))
|
||||
|
||||
# crud
|
||||
mapper.connect('/users/{user_id}/credentials/OS-EC2',
|
||||
controller=ec2_controller,
|
||||
action='create_credential',
|
||||
conditions=dict(method=['POST']))
|
||||
mapper.connect('/users/{user_id}/credentials/OS-EC2',
|
||||
controller=ec2_controller,
|
||||
action='get_credentials',
|
||||
conditions=dict(method=['GET']))
|
||||
mapper.connect('/users/{user_id}/credentials/OS-EC2/{credential_id}',
|
||||
controller=ec2_controller,
|
||||
action='get_credential',
|
||||
conditions=dict(method=['GET']))
|
||||
mapper.connect('/users/{user_id}/credentials/OS-EC2/{credential_id}',
|
||||
controller=ec2_controller,
|
||||
action='delete_credential',
|
||||
conditions=dict(method=['DELETE']))
|
||||
mapper.connect(
|
||||
'/users/{user_id}/credentials/OS-EC2',
|
||||
controller=ec2_controller,
|
||||
action='create_credential',
|
||||
conditions=dict(method=['POST']))
|
||||
mapper.connect(
|
||||
'/users/{user_id}/credentials/OS-EC2',
|
||||
controller=ec2_controller,
|
||||
action='get_credentials',
|
||||
conditions=dict(method=['GET']))
|
||||
mapper.connect(
|
||||
'/users/{user_id}/credentials/OS-EC2/{credential_id}',
|
||||
controller=ec2_controller,
|
||||
action='get_credential',
|
||||
conditions=dict(method=['GET']))
|
||||
mapper.connect(
|
||||
'/users/{user_id}/credentials/OS-EC2/{credential_id}',
|
||||
controller=ec2_controller,
|
||||
action='delete_credential',
|
||||
conditions=dict(method=['DELETE']))
|
||||
|
||||
|
||||
class Ec2Controller(wsgi.Application):
|
||||
@ -116,8 +121,7 @@ class Ec2Controller(wsgi.Application):
|
||||
else:
|
||||
raise exception.Unauthorized(message='EC2 signature not supplied.')
|
||||
|
||||
def authenticate(self, context, credentials=None,
|
||||
ec2Credentials=None):
|
||||
def authenticate(self, context, credentials=None, ec2Credentials=None):
|
||||
"""Validate a signed EC2 request and provide a token.
|
||||
|
||||
Other services (such as Nova) use this **admin** call to determine
|
||||
@ -155,26 +159,26 @@ class Ec2Controller(wsgi.Application):
|
||||
# TODO(termie): this is copied from TokenController.authenticate
|
||||
token_id = uuid.uuid4().hex
|
||||
tenant_ref = self.identity_api.get_tenant(
|
||||
context=context,
|
||||
tenant_id=creds_ref['tenant_id'])
|
||||
context=context,
|
||||
tenant_id=creds_ref['tenant_id'])
|
||||
user_ref = self.identity_api.get_user(
|
||||
context=context,
|
||||
user_id=creds_ref['user_id'])
|
||||
context=context,
|
||||
user_id=creds_ref['user_id'])
|
||||
metadata_ref = self.identity_api.get_metadata(
|
||||
context=context,
|
||||
user_id=user_ref['id'],
|
||||
tenant_id=tenant_ref['id'])
|
||||
context=context,
|
||||
user_id=user_ref['id'],
|
||||
tenant_id=tenant_ref['id'])
|
||||
catalog_ref = self.catalog_api.get_catalog(
|
||||
context=context,
|
||||
user_id=user_ref['id'],
|
||||
tenant_id=tenant_ref['id'],
|
||||
metadata=metadata_ref)
|
||||
context=context,
|
||||
user_id=user_ref['id'],
|
||||
tenant_id=tenant_ref['id'],
|
||||
metadata=metadata_ref)
|
||||
|
||||
token_ref = self.token_api.create_token(
|
||||
context, token_id, dict(id=token_id,
|
||||
user=user_ref,
|
||||
tenant=tenant_ref,
|
||||
metadata=metadata_ref))
|
||||
context, token_id, dict(id=token_id,
|
||||
user=user_ref,
|
||||
tenant=tenant_ref,
|
||||
metadata=metadata_ref))
|
||||
|
||||
# TODO(termie): optimize this call at some point and put it into the
|
||||
# the return for metadata
|
||||
@ -189,7 +193,7 @@ class Ec2Controller(wsgi.Application):
|
||||
# would be better to expect a full return
|
||||
token_controller = service.TokenController()
|
||||
return token_controller._format_authenticate(
|
||||
token_ref, roles_ref, catalog_ref)
|
||||
token_ref, roles_ref, catalog_ref)
|
||||
|
||||
def create_credential(self, context, user_id, tenant_id):
|
||||
"""Create a secret/access pair for use with ec2 style auth.
|
||||
@ -284,8 +288,9 @@ class Ec2Controller(wsgi.Application):
|
||||
|
||||
"""
|
||||
try:
|
||||
token_ref = self.token_api.get_token(context=context,
|
||||
token_id=context['token_id'])
|
||||
token_ref = self.token_api.get_token(
|
||||
context=context,
|
||||
token_id=context['token_id'])
|
||||
except exception.TokenNotFound:
|
||||
raise exception.Unauthorized()
|
||||
token_user_id = token_ref['user'].get('id')
|
||||
|
||||
@ -49,7 +49,8 @@ class Identity(kvs.Base, identity.Driver):
|
||||
tenant_ref = None
|
||||
metadata_ref = None
|
||||
if (not user_ref
|
||||
or not utils.check_password(password, user_ref.get('password'))):
|
||||
or not utils.check_password(password,
|
||||
user_ref.get('password'))):
|
||||
raise AssertionError('Invalid user / password')
|
||||
|
||||
tenants = self.get_tenants_for_user(user_id)
|
||||
|
||||
@ -358,10 +358,10 @@ class UserApi(common_ldap.BaseLdap, ApiShimMixin):
|
||||
limit,
|
||||
self.tenant_api.get_users(tenant_id, role_id))
|
||||
|
||||
def users_get_by_tenant_get_page_markers(self, tenant_id,
|
||||
role_id, marker, limit):
|
||||
def users_get_by_tenant_get_page_markers(self, tenant_id, role_id, marker,
|
||||
limit):
|
||||
return self._get_page_markers(
|
||||
marker, limit, self.tenant_api.get_users(tenant_id, role_id))
|
||||
marker, limit, self.tenant_api.get_users(tenant_id, role_id))
|
||||
|
||||
def check_password(self, user_id, password):
|
||||
user = self.get(user_id)
|
||||
@ -418,7 +418,7 @@ class TenantApi(common_ldap.BaseLdap, ApiShimMixin):
|
||||
|
||||
def list_for_user_get_page_markers(self, user, marker, limit):
|
||||
return self._get_page_markers(
|
||||
marker, limit, self.get_user_tenants(user['id']))
|
||||
marker, limit, self.get_user_tenants(user['id']))
|
||||
|
||||
def is_empty(self, id):
|
||||
tenant = self._ldap_get(id)
|
||||
@ -588,10 +588,10 @@ class RoleApi(common_ldap.BaseLdap, ApiShimMixin):
|
||||
raise inst
|
||||
|
||||
return UserRoleAssociation(
|
||||
id=self._create_ref(role_id, tenant_id, user_id),
|
||||
role_id=role_id,
|
||||
user_id=user_id,
|
||||
tenant_id=tenant_id)
|
||||
id=self._create_ref(role_id, tenant_id, user_id),
|
||||
role_id=role_id,
|
||||
user_id=user_id,
|
||||
tenant_id=tenant_id)
|
||||
|
||||
def get_by_service(self, service_id):
|
||||
roles = self.get_all('(service_id=%s)' %
|
||||
@ -626,10 +626,10 @@ class RoleApi(common_ldap.BaseLdap, ApiShimMixin):
|
||||
user_id = self.user_api._dn_to_id(user_dn)
|
||||
role_id = self._dn_to_id(role_dn)
|
||||
res.append(UserRoleAssociation(
|
||||
id=self._create_ref(role_id, tenant_id, user_id),
|
||||
user_id=user_id,
|
||||
role_id=role_id,
|
||||
tenant_id=tenant_id))
|
||||
id=self._create_ref(role_id, tenant_id, user_id),
|
||||
user_id=user_id,
|
||||
role_id=role_id,
|
||||
tenant_id=tenant_id))
|
||||
|
||||
return res
|
||||
|
||||
@ -637,10 +637,9 @@ class RoleApi(common_ldap.BaseLdap, ApiShimMixin):
|
||||
user_dn = self.user_api._id_to_dn(user_id)
|
||||
roles = self.get_all('(%s=%s)' % (self.member_attribute, user_dn))
|
||||
return [UserRoleAssociation(
|
||||
id=self._create_ref(role.id, None, user_id),
|
||||
role_id=role.id,
|
||||
user_id=user_id)
|
||||
for role in roles]
|
||||
id=self._create_ref(role.id, None, user_id),
|
||||
role_id=role.id,
|
||||
user_id=user_id) for role in roles]
|
||||
|
||||
def list_tenant_roles_for_user(self, user_id, tenant_id=None):
|
||||
conn = self.get_connection()
|
||||
@ -659,10 +658,10 @@ class RoleApi(common_ldap.BaseLdap, ApiShimMixin):
|
||||
for role_dn, _ in roles:
|
||||
role_id = self._dn_to_id(role_dn)
|
||||
res.append(UserRoleAssociation(
|
||||
id=self._create_ref(role_id, tenant_id, user_id),
|
||||
user_id=user_id,
|
||||
role_id=role_id,
|
||||
tenant_id=tenant_id))
|
||||
id=self._create_ref(role_id, tenant_id, user_id),
|
||||
user_id=user_id,
|
||||
role_id=role_id,
|
||||
tenant_id=tenant_id))
|
||||
else:
|
||||
try:
|
||||
roles = conn.search_s(self.tenant_api.tree_dn,
|
||||
@ -676,10 +675,10 @@ class RoleApi(common_ldap.BaseLdap, ApiShimMixin):
|
||||
role_id = self._dn_to_id(role_dn)
|
||||
tenant_id = ldap.dn.str2dn(role_dn)[1][0][1]
|
||||
res.append(UserRoleAssociation(
|
||||
id=self._create_ref(role_id, tenant_id, user_id),
|
||||
user_id=user_id,
|
||||
role_id=role_id,
|
||||
tenant_id=tenant_id))
|
||||
id=self._create_ref(role_id, tenant_id, user_id),
|
||||
user_id=user_id,
|
||||
role_id=role_id,
|
||||
tenant_id=tenant_id))
|
||||
return res
|
||||
|
||||
def rolegrant_get(self, id):
|
||||
@ -791,10 +790,10 @@ class RoleApi(common_ldap.BaseLdap, ApiShimMixin):
|
||||
ldap_role_id = self._dn_to_id(role_dn)
|
||||
if role_id == ldap_role_id:
|
||||
res = UserRoleAssociation(
|
||||
id=self._create_ref(role_id, tenant_id, user_id),
|
||||
user_id=user_id,
|
||||
role_id=role_id,
|
||||
tenant_id=tenant_id)
|
||||
id=self._create_ref(role_id, tenant_id, user_id),
|
||||
user_id=user_id,
|
||||
role_id=role_id,
|
||||
tenant_id=tenant_id)
|
||||
return res
|
||||
else:
|
||||
try:
|
||||
@ -809,7 +808,7 @@ class RoleApi(common_ldap.BaseLdap, ApiShimMixin):
|
||||
for role in roles:
|
||||
if role.id == role_id:
|
||||
return UserRoleAssociation(
|
||||
id=self._create_ref(role.id, None, user_id),
|
||||
role_id=role.id,
|
||||
user_id=user_id)
|
||||
id=self._create_ref(role.id, None, user_id),
|
||||
role_id=role.id,
|
||||
user_id=user_id)
|
||||
return None
|
||||
|
||||
@ -159,7 +159,7 @@ class Identity(sql.Base, identity.Driver):
|
||||
"""
|
||||
user_ref = self._get_user(user_id)
|
||||
if (not user_ref
|
||||
or not self._check_password(password, user_ref)):
|
||||
or not self._check_password(password, user_ref)):
|
||||
raise AssertionError('Invalid user / password')
|
||||
|
||||
tenants = self.get_tenants_for_user(user_id)
|
||||
@ -190,10 +190,10 @@ class Identity(sql.Base, identity.Driver):
|
||||
def get_tenant_users(self, tenant_id):
|
||||
session = self.get_session()
|
||||
user_refs = session.query(User)\
|
||||
.join(UserTenantMembership)\
|
||||
.filter(UserTenantMembership.tenant_id ==
|
||||
tenant_id)\
|
||||
.all()
|
||||
.join(UserTenantMembership)\
|
||||
.filter(UserTenantMembership.tenant_id ==
|
||||
tenant_id)\
|
||||
.all()
|
||||
return [_filter_user(user_ref.to_dict()) for user_ref in user_refs]
|
||||
|
||||
def _get_user(self, user_id):
|
||||
|
||||
@ -271,12 +271,12 @@ class TenantController(wsgi.Application):
|
||||
|
||||
user_ref = token_ref['user']
|
||||
tenant_ids = self.identity_api.get_tenants_for_user(
|
||||
context, user_ref['id'])
|
||||
context, user_ref['id'])
|
||||
tenant_refs = []
|
||||
for tenant_id in tenant_ids:
|
||||
tenant_refs.append(self.identity_api.get_tenant(
|
||||
context=context,
|
||||
tenant_id=tenant_id))
|
||||
context=context,
|
||||
tenant_id=tenant_id))
|
||||
params = {
|
||||
'limit': context['query_string'].get('limit'),
|
||||
'marker': context['query_string'].get('marker'),
|
||||
@ -307,7 +307,7 @@ class TenantController(wsgi.Application):
|
||||
tenant_ref['id'] = tenant_id
|
||||
|
||||
tenant = self.identity_api.create_tenant(
|
||||
context, tenant_id, tenant_ref)
|
||||
context, tenant_id, tenant_ref)
|
||||
return {'tenant': tenant}
|
||||
|
||||
def update_tenant(self, context, tenant_id, tenant):
|
||||
@ -316,7 +316,7 @@ class TenantController(wsgi.Application):
|
||||
raise exception.TenantNotFound(tenant_id=tenant_id)
|
||||
|
||||
tenant_ref = self.identity_api.update_tenant(
|
||||
context, tenant_id, tenant)
|
||||
context, tenant_id, tenant)
|
||||
return {'tenant': tenant_ref}
|
||||
|
||||
def delete_tenant(self, context, tenant_id, **kw):
|
||||
@ -406,7 +406,7 @@ class UserController(wsgi.Application):
|
||||
user_ref = user.copy()
|
||||
user_ref['id'] = user_id
|
||||
new_user_ref = self.identity_api.create_user(
|
||||
context, user_id, user_ref)
|
||||
context, user_id, user_ref)
|
||||
if tenant_id:
|
||||
self.identity_api.add_user_to_tenant(context, tenant_id, user_id)
|
||||
return {'user': new_user_ref}
|
||||
@ -480,7 +480,7 @@ class RoleController(wsgi.Application):
|
||||
raise exception.TenantNotFound(tenant_id=tenant_id)
|
||||
|
||||
roles = self.identity_api.get_roles_for_user_and_tenant(
|
||||
context, user_id, tenant_id)
|
||||
context, user_id, tenant_id)
|
||||
return {'roles': [self.identity_api.get_role(context, x)
|
||||
for x in roles]}
|
||||
|
||||
@ -538,7 +538,7 @@ class RoleController(wsgi.Application):
|
||||
# a user also adds them to a tenant
|
||||
self.identity_api.add_user_to_tenant(context, tenant_id, user_id)
|
||||
self.identity_api.add_role_to_user_and_tenant(
|
||||
context, user_id, tenant_id, role_id)
|
||||
context, user_id, tenant_id, role_id)
|
||||
role_ref = self.identity_api.get_role(context, role_id)
|
||||
return {'role': role_ref}
|
||||
|
||||
@ -563,12 +563,12 @@ class RoleController(wsgi.Application):
|
||||
# This still has the weird legacy semantics that adding a role to
|
||||
# a user also adds them to a tenant, so we must follow up on that
|
||||
self.identity_api.remove_role_from_user_and_tenant(
|
||||
context, user_id, tenant_id, role_id)
|
||||
context, user_id, tenant_id, role_id)
|
||||
roles = self.identity_api.get_roles_for_user_and_tenant(
|
||||
context, user_id, tenant_id)
|
||||
context, user_id, tenant_id)
|
||||
if not roles:
|
||||
self.identity_api.remove_user_from_tenant(
|
||||
context, tenant_id, user_id)
|
||||
context, tenant_id, user_id)
|
||||
return
|
||||
|
||||
# COMPAT(diablo): CRUD extension
|
||||
@ -588,7 +588,7 @@ class RoleController(wsgi.Application):
|
||||
o = []
|
||||
for tenant_id in tenant_ids:
|
||||
role_ids = self.identity_api.get_roles_for_user_and_tenant(
|
||||
context, user_id, tenant_id)
|
||||
context, user_id, tenant_id)
|
||||
for role_id in role_ids:
|
||||
ref = {'roleId': role_id,
|
||||
'tenantId': tenant_id,
|
||||
@ -611,7 +611,7 @@ class RoleController(wsgi.Application):
|
||||
role_id = role.get('roleId')
|
||||
self.identity_api.add_user_to_tenant(context, tenant_id, user_id)
|
||||
self.identity_api.add_role_to_user_and_tenant(
|
||||
context, user_id, tenant_id, role_id)
|
||||
context, user_id, tenant_id, role_id)
|
||||
role_ref = self.identity_api.get_role(context, role_id)
|
||||
return {'role': role_ref}
|
||||
|
||||
@ -633,9 +633,9 @@ class RoleController(wsgi.Application):
|
||||
tenant_id = role_ref_ref.get('tenantId')[0]
|
||||
role_id = role_ref_ref.get('roleId')[0]
|
||||
self.identity_api.remove_role_from_user_and_tenant(
|
||||
context, user_id, tenant_id, role_id)
|
||||
context, user_id, tenant_id, role_id)
|
||||
roles = self.identity_api.get_roles_for_user_and_tenant(
|
||||
context, user_id, tenant_id)
|
||||
context, user_id, tenant_id)
|
||||
if not roles:
|
||||
self.identity_api.remove_user_from_tenant(
|
||||
context, tenant_id, user_id)
|
||||
context, tenant_id, user_id)
|
||||
|
||||
@ -213,7 +213,7 @@ class AuthProtocol(object):
|
||||
'X-Role',
|
||||
)
|
||||
LOG.debug('Removing headers from request environment: %s' %
|
||||
','.join(auth_headers))
|
||||
','.join(auth_headers))
|
||||
self._remove_headers(env, auth_headers)
|
||||
|
||||
def _get_user_token_from_header(self, env):
|
||||
@ -260,8 +260,10 @@ class AuthProtocol(object):
|
||||
if self.auth_protocol == 'http':
|
||||
return self.http_client_class(self.auth_host, self.auth_port)
|
||||
else:
|
||||
return self.http_client_class(self.auth_host, self.auth_port,
|
||||
self.key_file, self.cert_file)
|
||||
return self.http_client_class(self.auth_host,
|
||||
self.auth_port,
|
||||
self.key_file,
|
||||
self.cert_file)
|
||||
|
||||
def _json_request(self, method, path, body=None, additional_headers=None):
|
||||
"""HTTP request helper used to make json requests.
|
||||
@ -372,7 +374,7 @@ class AuthProtocol(object):
|
||||
self.admin_token = None
|
||||
else:
|
||||
LOG.error('Bad response code while validating token: %s' %
|
||||
response.status)
|
||||
response.status)
|
||||
if retry:
|
||||
LOG.info('Retrying validation')
|
||||
return self._validate_user_token(user_token, False)
|
||||
|
||||
@ -156,8 +156,8 @@ class NormalizingFilter(wsgi.Middleware):
|
||||
def process_request(self, request):
|
||||
"""Normalizes URLs."""
|
||||
# Removes a trailing slash from the given path, if any.
|
||||
if len(request.environ['PATH_INFO']) > 1 and \
|
||||
request.environ['PATH_INFO'][-1] == '/':
|
||||
if (len(request.environ['PATH_INFO']) > 1 and
|
||||
request.environ['PATH_INFO'][-1] == '/'):
|
||||
request.environ['PATH_INFO'] = request.environ['PATH_INFO'][:-1]
|
||||
# Rewrites path to root if no path is given.
|
||||
elif not request.environ['PATH_INFO']:
|
||||
|
||||
@ -57,13 +57,16 @@ class EC2Token(wsgi.Middleware):
|
||||
auth_params.pop('Signature')
|
||||
|
||||
# Authenticate the request.
|
||||
creds = {'ec2Credentials': {'access': access,
|
||||
'signature': signature,
|
||||
'host': req.host,
|
||||
'verb': req.method,
|
||||
'path': req.path,
|
||||
'params': auth_params,
|
||||
}}
|
||||
creds = {
|
||||
'ec2Credentials': {
|
||||
'access': access,
|
||||
'signature': signature,
|
||||
'host': req.host,
|
||||
'verb': req.method,
|
||||
'path': req.path,
|
||||
'params': auth_params,
|
||||
}
|
||||
}
|
||||
creds_json = utils.dumps(creds)
|
||||
headers = {'Content-Type': 'application/json'}
|
||||
|
||||
|
||||
@ -71,11 +71,9 @@ class S3Token(object):
|
||||
|
||||
def deny_request(self, code):
|
||||
error_table = {
|
||||
'AccessDenied':
|
||||
(401, 'Access denied'),
|
||||
'InvalidURI':
|
||||
(400, 'Could not parse the specified URI'),
|
||||
}
|
||||
'AccessDenied': (401, 'Access denied'),
|
||||
'InvalidURI': (400, 'Could not parse the specified URI'),
|
||||
}
|
||||
resp = webob.Response(content_type='text/xml')
|
||||
resp.status = error_table[code][0]
|
||||
resp.body = error_table[code][1]
|
||||
@ -92,8 +90,10 @@ class S3Token(object):
|
||||
if self.auth_protocol == 'http':
|
||||
conn = self.http_client_class(self.auth_host, self.auth_port)
|
||||
else:
|
||||
conn = self.http_client_class(self.auth_host, self.auth_port,
|
||||
self.key_file, self.cert_file)
|
||||
conn = self.http_client_class(self.auth_host,
|
||||
self.auth_port,
|
||||
self.key_file,
|
||||
self.cert_file)
|
||||
conn.request('POST', '/v2.0/s3tokens',
|
||||
body=creds_json,
|
||||
headers=headers)
|
||||
@ -187,7 +187,7 @@ class S3Token(object):
|
||||
return resp(environ, start_response)
|
||||
|
||||
self.logger.debug('Keystone Reply: Status: %d, Output: %s' % (
|
||||
resp.status, output))
|
||||
resp.status, output))
|
||||
|
||||
try:
|
||||
identity_info = json.loads(output)
|
||||
|
||||
@ -112,7 +112,7 @@ class SwiftAuth(object):
|
||||
# set the swift.authorize_override environ and want to control the
|
||||
# authentication
|
||||
if (self.allow_overrides and
|
||||
environ.get('swift.authorize_override', False)):
|
||||
environ.get('swift.authorize_override', False)):
|
||||
msg = 'Authorizing from an overriding middleware (i.e: tempurl)'
|
||||
self.logger.debug(msg)
|
||||
return self.app(environ, start_response)
|
||||
@ -208,7 +208,7 @@ class SwiftAuth(object):
|
||||
# Allow ACL at individual user level (tenant:user format)
|
||||
# For backward compatibility, check for ACL in tenant_id:user format
|
||||
if ('%s:%s' % (tenant_name, user) in roles
|
||||
or '%s:%s' % (tenant_id, user) in roles):
|
||||
or '%s:%s' % (tenant_id, user) in roles):
|
||||
log_msg = 'user %s:%s or %s:%s allowed in ACL authorizing'
|
||||
self.logger.debug(log_msg % (tenant_name, user, tenant_id, user))
|
||||
return
|
||||
|
||||
@ -391,7 +391,7 @@ def _get_config_dirs(project=None):
|
||||
fix_path('~'),
|
||||
os.path.join('/etc', project) if project else None,
|
||||
'/etc'
|
||||
]
|
||||
]
|
||||
|
||||
return filter(bool, cfg_dirs)
|
||||
|
||||
@ -592,10 +592,10 @@ class Opt(object):
|
||||
if group is not None:
|
||||
dest = group.name + '_' + dest
|
||||
kwargs.update({
|
||||
'dest': dest,
|
||||
'metavar': self.metavar,
|
||||
'help': self.help,
|
||||
})
|
||||
'dest': dest,
|
||||
'metavar': self.metavar,
|
||||
'help': self.help,
|
||||
})
|
||||
return kwargs
|
||||
|
||||
def _get_optparse_prefix(self, prefix, group):
|
||||
@ -905,13 +905,13 @@ class ConfigOpts(collections.Mapping):
|
||||
self._oparser.disable_interspersed_args()
|
||||
|
||||
self._config_opts = [
|
||||
MultiStrOpt('config-file',
|
||||
default=default_config_files,
|
||||
metavar='PATH',
|
||||
help='Path to a config file to use. Multiple config '
|
||||
'files can be specified, with values in later '
|
||||
'files taking precedence. The default files '
|
||||
' used are: %s' % (default_config_files, )),
|
||||
MultiStrOpt('config-file',
|
||||
default=default_config_files,
|
||||
metavar='PATH',
|
||||
help='Path to a config file to use. Multiple config '
|
||||
'files can be specified, with values in later '
|
||||
'files taking precedence. The default files '
|
||||
' used are: %s' % (default_config_files, )),
|
||||
StrOpt('config-dir',
|
||||
metavar='DIR',
|
||||
help='Path to a config directory to pull *.conf '
|
||||
@ -921,7 +921,7 @@ class ConfigOpts(collections.Mapping):
|
||||
'the file(s), if any, specified via --config-file, '
|
||||
'hence over-ridden options in the directory take '
|
||||
'precedence.'),
|
||||
]
|
||||
]
|
||||
self.register_cli_opts(self._config_opts)
|
||||
|
||||
self.project = project
|
||||
@ -1411,8 +1411,7 @@ class ConfigOpts(collections.Mapping):
|
||||
default, opt, override = [info[k] for k in sorted(info.keys())]
|
||||
|
||||
if opt.required:
|
||||
if (default is not None or
|
||||
override is not None):
|
||||
if (default is not None or override is not None):
|
||||
continue
|
||||
|
||||
if self._get(opt.name, group) is None:
|
||||
@ -1516,7 +1515,7 @@ class CommonConfigOpts(ConfigOpts):
|
||||
short='v',
|
||||
default=False,
|
||||
help='Print more verbose output'),
|
||||
]
|
||||
]
|
||||
|
||||
logging_cli_opts = [
|
||||
StrOpt('log-config',
|
||||
@ -1550,7 +1549,7 @@ class CommonConfigOpts(ConfigOpts):
|
||||
StrOpt('syslog-log-facility',
|
||||
default='LOG_USER',
|
||||
help='syslog facility to receive log lines')
|
||||
]
|
||||
]
|
||||
|
||||
def __init__(self):
|
||||
super(CommonConfigOpts, self).__init__()
|
||||
|
||||
@ -30,7 +30,7 @@ def import_class(import_str):
|
||||
return getattr(sys.modules[mod_str], class_str)
|
||||
except (ImportError, ValueError, AttributeError), exc:
|
||||
raise ImportError('Class %s cannot be found (%s)' %
|
||||
(class_str, str(exc)))
|
||||
(class_str, str(exc)))
|
||||
|
||||
|
||||
def import_object(import_str, *args, **kwargs):
|
||||
|
||||
@ -32,7 +32,7 @@ def parse_mailmap(mailmap='.mailmap'):
|
||||
l = l.strip()
|
||||
if not l.startswith('#') and ' ' in l:
|
||||
canonical_email, alias = [x for x in l.split(' ')
|
||||
if x.startswith('<')]
|
||||
if x.startswith('<')]
|
||||
mapping[alias] = canonical_email
|
||||
return mapping
|
||||
|
||||
|
||||
@ -35,7 +35,7 @@ policy_opts = [
|
||||
cfg.StrOpt('policy_default_rule',
|
||||
default='default',
|
||||
help=_('Rule checked when requested rule is not found')),
|
||||
]
|
||||
]
|
||||
|
||||
|
||||
CONF = config.CONF
|
||||
@ -71,8 +71,8 @@ def init():
|
||||
|
||||
def _set_brain(data):
|
||||
default_rule = CONF.policy_default_rule
|
||||
common_policy.set_brain(
|
||||
common_policy.HttpBrain.load_json(data, default_rule))
|
||||
common_policy.set_brain(common_policy.HttpBrain.load_json(data,
|
||||
default_rule))
|
||||
|
||||
|
||||
def enforce(credentials, action, target):
|
||||
|
||||
@ -141,10 +141,9 @@ class VersionController(wsgi.Application):
|
||||
super(VersionController, self).__init__()
|
||||
|
||||
def _get_identity_url(self, context):
|
||||
catalog_ref = self.catalog_api.get_catalog(
|
||||
context=context,
|
||||
user_id=None,
|
||||
tenant_id=None)
|
||||
catalog_ref = self.catalog_api.get_catalog(context=context,
|
||||
user_id=None,
|
||||
tenant_id=None)
|
||||
for region, region_ref in catalog_ref.iteritems():
|
||||
for service, service_ref in region_ref.iteritems():
|
||||
if service == 'identity':
|
||||
@ -171,24 +170,24 @@ class VersionController(wsgi.Application):
|
||||
"rel": "describedby",
|
||||
"type": "text/html",
|
||||
"href": "http://docs.openstack.org/api/openstack-"
|
||||
"identity-service/2.0/content/"
|
||||
"identity-service/2.0/content/"
|
||||
}, {
|
||||
"rel": "describedby",
|
||||
"type": "application/pdf",
|
||||
"href": "http://docs.openstack.org/api/openstack-"
|
||||
"identity-service/2.0/identity-dev-guide-"
|
||||
"2.0.pdf"
|
||||
"identity-service/2.0/identity-dev-guide-"
|
||||
"2.0.pdf"
|
||||
}
|
||||
],
|
||||
"media-types": [
|
||||
{
|
||||
"base": "application/json",
|
||||
"type": "application/vnd.openstack.identity-v2.0"
|
||||
"+json"
|
||||
"+json"
|
||||
}, {
|
||||
"base": "application/xml",
|
||||
"type": "application/vnd.openstack.identity-v2.0"
|
||||
"+xml"
|
||||
"+xml"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -257,7 +256,8 @@ class TokenController(wsgi.Application):
|
||||
user_id = auth['passwordCredentials'].get('userId', None)
|
||||
if username:
|
||||
user_ref = self.identity_api.get_user_by_name(
|
||||
context=context, user_name=username)
|
||||
context=context,
|
||||
user_name=username)
|
||||
if user_ref:
|
||||
user_id = user_ref['id']
|
||||
|
||||
@ -265,7 +265,7 @@ class TokenController(wsgi.Application):
|
||||
tenant_id = auth.get('tenantId', None)
|
||||
if tenant_name:
|
||||
tenant_ref = self.identity_api.get_tenant_by_name(
|
||||
context=context, tenant_name=tenant_name)
|
||||
context=context, tenant_name=tenant_name)
|
||||
if tenant_ref:
|
||||
tenant_id = tenant_ref['id']
|
||||
|
||||
@ -284,16 +284,18 @@ class TokenController(wsgi.Application):
|
||||
raise exception.Unauthorized(e.message)
|
||||
|
||||
token_ref = self.token_api.create_token(
|
||||
context, token_id, dict(id=token_id,
|
||||
user=user_ref,
|
||||
tenant=tenant_ref,
|
||||
metadata=metadata_ref))
|
||||
context,
|
||||
token_id,
|
||||
dict(id=token_id,
|
||||
user=user_ref,
|
||||
tenant=tenant_ref,
|
||||
metadata=metadata_ref))
|
||||
if tenant_ref:
|
||||
catalog_ref = self.catalog_api.get_catalog(
|
||||
context=context,
|
||||
user_id=user_ref['id'],
|
||||
tenant_id=tenant_ref['id'],
|
||||
metadata=metadata_ref)
|
||||
context=context,
|
||||
user_id=user_ref['id'],
|
||||
tenant_id=tenant_ref['id'],
|
||||
metadata=metadata_ref)
|
||||
else:
|
||||
catalog_ref = {}
|
||||
|
||||
@ -305,7 +307,7 @@ class TokenController(wsgi.Application):
|
||||
# more compat
|
||||
if tenant_name:
|
||||
tenant_ref = self.identity_api.get_tenant_by_name(
|
||||
context=context, tenant_name=tenant_name)
|
||||
context=context, tenant_name=tenant_name)
|
||||
tenant_id = tenant_ref['id']
|
||||
else:
|
||||
tenant_id = auth.get('tenantId', None)
|
||||
@ -320,8 +322,8 @@ class TokenController(wsgi.Application):
|
||||
|
||||
# If the user is disabled don't allow them to authenticate
|
||||
current_user_ref = self.identity_api.get_user(
|
||||
context=context,
|
||||
user_id=user_ref['id'])
|
||||
context=context,
|
||||
user_id=user_ref['id'])
|
||||
if not current_user_ref.get('enabled', True):
|
||||
LOG.warning('User %s is disabled' % user_ref['id'])
|
||||
raise exception.Unauthorized()
|
||||
@ -335,24 +337,24 @@ class TokenController(wsgi.Application):
|
||||
tenant_id=tenant_id)
|
||||
if tenant_ref:
|
||||
metadata_ref = self.identity_api.get_metadata(
|
||||
context=context,
|
||||
user_id=user_ref['id'],
|
||||
tenant_id=tenant_ref['id'])
|
||||
context=context,
|
||||
user_id=user_ref['id'],
|
||||
tenant_id=tenant_ref['id'])
|
||||
catalog_ref = self.catalog_api.get_catalog(
|
||||
context=context,
|
||||
user_id=user_ref['id'],
|
||||
tenant_id=tenant_ref['id'],
|
||||
metadata=metadata_ref)
|
||||
context=context,
|
||||
user_id=user_ref['id'],
|
||||
tenant_id=tenant_ref['id'],
|
||||
metadata=metadata_ref)
|
||||
else:
|
||||
metadata_ref = {}
|
||||
catalog_ref = {}
|
||||
|
||||
token_ref = self.token_api.create_token(
|
||||
context, token_id, dict(id=token_id,
|
||||
user=user_ref,
|
||||
tenant=tenant_ref,
|
||||
metadata=metadata_ref,
|
||||
expires=old_token_ref['expires']))
|
||||
context, token_id, dict(id=token_id,
|
||||
user=user_ref,
|
||||
tenant=tenant_ref,
|
||||
metadata=metadata_ref,
|
||||
expires=old_token_ref['expires']))
|
||||
|
||||
# TODO(termie): optimize this call at some point and put it into the
|
||||
# the return for metadata
|
||||
@ -453,7 +455,7 @@ class TokenController(wsgi.Application):
|
||||
'username': user_ref['name'],
|
||||
'roles': roles_ref,
|
||||
'roles_links': metadata_ref.get('roles_links',
|
||||
[])
|
||||
[])
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -553,8 +555,7 @@ class AdminExtensionsController(ExtensionsController):
|
||||
# TODO(dolph): link needs to be revised after
|
||||
# bug 928059 merges
|
||||
'type': 'text/html',
|
||||
'href': ('https://github.com/openstack/'
|
||||
'identity-api'),
|
||||
'href': 'https://github.com/openstack/identity-api',
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -224,7 +224,7 @@ class TestCase(NoModule, unittest.TestCase):
|
||||
user_copy = user.copy()
|
||||
tenants = user_copy.pop('tenants')
|
||||
rv = self.identity_api.create_user(user['id'],
|
||||
user_copy.copy())
|
||||
user_copy.copy())
|
||||
for tenant_id in tenants:
|
||||
self.identity_api.add_user_to_tenant(tenant_id, user['id'])
|
||||
setattr(self, 'user_%s' % user['id'], user_copy)
|
||||
@ -262,12 +262,12 @@ class TestCase(NoModule, unittest.TestCase):
|
||||
return deploy.appconfig(self._paste_config(config))
|
||||
|
||||
def serveapp(self, config, name=None, cert=None, key=None, ca=None,
|
||||
cert_required=None):
|
||||
cert_required=None):
|
||||
app = self.loadapp(config, name=name)
|
||||
server = wsgi.Server(app, host="127.0.0.1", port=0)
|
||||
if cert is not None and ca is not None and key is not None:
|
||||
server.set_ssl(certfile=cert, keyfile=key, ca_certs=ca,
|
||||
cert_required=cert_required)
|
||||
cert_required=cert_required)
|
||||
server.start(key='socket')
|
||||
|
||||
# Service catalog tests need to know the port we ran on.
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user