Create V9 version of resource driver interface

In preparation for projects acting as domains (which will result in driver interface changes), a V9 version of the resource interface is created, along with the wrapper support scaffolding for V8 drivers. Partially Implements: blueprint reseller Change-Id: Iec6f7fe2347b64c8f721e968b816e6c1b4332d0a
2015-12-28 22:48:40 +00:00 · 2015-12-28 22:48:40 +00:00 · 6be9f8c2f2
commit 6be9f8c2f2
parent 9794489b1b
10 changed files with 433 additions and 3 deletions
--- a/keystone/resource/V8_backends/init.py
+++ b/keystone/resource/V8_backends/init.py
--- a/keystone/resource/V8_backends/sql.py
+++ b/keystone/resource/V8_backends/sql.py
@ -0,0 +1,262 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from oslo_config import cfg
+from oslo_log import log
+
+from keystone.common import clean
+from keystone.common import driver_hints
+from keystone.common import sql
+from keystone import exception
+from keystone.i18n import _LE
+from keystone import resource as keystone_resource
+
+
+CONF = cfg.CONF
+LOG = log.getLogger(__name__)
+
+
+class Resource(keystone_resource.ResourceDriverV8):
+
+    def default_assignment_driver(self):
+        return 'sql'
+
+    def _get_project(self, session, project_id):
+        project_ref = session.query(Project).get(project_id)
+        if project_ref is None:
+            raise exception.ProjectNotFound(project_id=project_id)
+        return project_ref
+
+    def get_project(self, tenant_id):
+        with sql.transaction() as session:
+            return self._get_project(session, tenant_id).to_dict()
+
+    def get_project_by_name(self, tenant_name, domain_id):
+        with sql.transaction() as session:
+            query = session.query(Project)
+            query = query.filter_by(name=tenant_name)
+            query = query.filter_by(domain_id=domain_id)
+            try:
+                project_ref = query.one()
+            except sql.NotFound:
+                raise exception.ProjectNotFound(project_id=tenant_name)
+            return project_ref.to_dict()
+
+    @driver_hints.truncated
+    def list_projects(self, hints):
+        with sql.transaction() as session:
+            query = session.query(Project)
+            project_refs = sql.filter_limit_query(Project, query, hints)
+            return [project_ref.to_dict() for project_ref in project_refs]
+
+    def list_projects_from_ids(self, ids):
+        if not ids:
+            return []
+        else:
+            with sql.transaction() as session:
+                query = session.query(Project)
+                query = query.filter(Project.id.in_(ids))
+                return [project_ref.to_dict() for project_ref in query.all()]
+
+    def list_project_ids_from_domain_ids(self, domain_ids):
+        if not domain_ids:
+            return []
+        else:
+            with sql.transaction() as session:
+                query = session.query(Project.id)
+                query = (
+                    query.filter(Project.domain_id.in_(domain_ids)))
+                return [x.id for x in query.all()]
+
+    def list_projects_in_domain(self, domain_id):
+        with sql.transaction() as session:
+            self._get_domain(session, domain_id)
+            query = session.query(Project)
+            project_refs = query.filter_by(domain_id=domain_id)
+            return [project_ref.to_dict() for project_ref in project_refs]
+
+    def _get_children(self, session, project_ids):
+        query = session.query(Project)
+        query = query.filter(Project.parent_id.in_(project_ids))
+        project_refs = query.all()
+        return [project_ref.to_dict() for project_ref in project_refs]
+
+    def list_projects_in_subtree(self, project_id):
+        with sql.transaction() as session:
+            children = self._get_children(session, [project_id])
+            subtree = []
+            examined = set([project_id])
+            while children:
+                children_ids = set()
+                for ref in children:
+                    if ref['id'] in examined:
+                        msg = _LE('Circular reference or a repeated '
+                                  'entry found in projects hierarchy - '
+                                  '%(project_id)s.')
+                        LOG.error(msg, {'project_id': ref['id']})
+                        return
+                    children_ids.add(ref['id'])
+
+                examined.update(children_ids)
+                subtree += children
+                children = self._get_children(session, children_ids)
+            return subtree
+
+    def list_project_parents(self, project_id):
+        with sql.transaction() as session:
+            project = self._get_project(session, project_id).to_dict()
+            parents = []
+            examined = set()
+            while project.get('parent_id') is not None:
+                if project['id'] in examined:
+                    msg = _LE('Circular reference or a repeated '
+                              'entry found in projects hierarchy - '
+                              '%(project_id)s.')
+                    LOG.error(msg, {'project_id': project['id']})
+                    return
+
+                examined.add(project['id'])
+                parent_project = self._get_project(
+                    session, project['parent_id']).to_dict()
+                parents.append(parent_project)
+                project = parent_project
+            return parents
+
+    def is_leaf_project(self, project_id):
+        with sql.transaction() as session:
+            project_refs = self._get_children(session, [project_id])
+            return not project_refs
+
+    # CRUD
+    @sql.handle_conflicts(conflict_type='project')
+    def create_project(self, tenant_id, tenant):
+        tenant['name'] = clean.project_name(tenant['name'])
+        with sql.transaction() as session:
+            tenant_ref = Project.from_dict(tenant)
+            session.add(tenant_ref)
+            return tenant_ref.to_dict()
+
+    @sql.handle_conflicts(conflict_type='project')
+    def update_project(self, tenant_id, tenant):
+        if 'name' in tenant:
+            tenant['name'] = clean.project_name(tenant['name'])
+
+        with sql.transaction() as session:
+            tenant_ref = self._get_project(session, tenant_id)
+            old_project_dict = tenant_ref.to_dict()
+            for k in tenant:
+                old_project_dict[k] = tenant[k]
+            new_project = Project.from_dict(old_project_dict)
+            for attr in Project.attributes:
+                if attr != 'id':
+                    setattr(tenant_ref, attr, getattr(new_project, attr))
+            tenant_ref.extra = new_project.extra
+            return tenant_ref.to_dict(include_extra_dict=True)
+
+    @sql.handle_conflicts(conflict_type='project')
+    def delete_project(self, tenant_id):
+        with sql.transaction() as session:
+            tenant_ref = self._get_project(session, tenant_id)
+            session.delete(tenant_ref)
+
+    # domain crud
+
+    @sql.handle_conflicts(conflict_type='domain')
+    def create_domain(self, domain_id, domain):
+        with sql.transaction() as session:
+            ref = Domain.from_dict(domain)
+            session.add(ref)
+        return ref.to_dict()
+
+    @driver_hints.truncated
+    def list_domains(self, hints):
+        with sql.transaction() as session:
+            query = session.query(Domain)
+            refs = sql.filter_limit_query(Domain, query, hints)
+            return [ref.to_dict() for ref in refs]
+
+    def list_domains_from_ids(self, ids):
+        if not ids:
+            return []
+        else:
+            with sql.transaction() as session:
+                query = session.query(Domain)
+                query = query.filter(Domain.id.in_(ids))
+                domain_refs = query.all()
+                return [domain_ref.to_dict() for domain_ref in domain_refs]
+
+    def _get_domain(self, session, domain_id):
+        ref = session.query(Domain).get(domain_id)
+        if ref is None:
+            raise exception.DomainNotFound(domain_id=domain_id)
+        return ref
+
+    def get_domain(self, domain_id):
+        with sql.transaction() as session:
+            return self._get_domain(session, domain_id).to_dict()
+
+    def get_domain_by_name(self, domain_name):
+        with sql.transaction() as session:
+            try:
+                ref = (session.query(Domain).
+                       filter_by(name=domain_name).one())
+            except sql.NotFound:
+                raise exception.DomainNotFound(domain_id=domain_name)
+            return ref.to_dict()
+
+    @sql.handle_conflicts(conflict_type='domain')
+    def update_domain(self, domain_id, domain):
+        with sql.transaction() as session:
+            ref = self._get_domain(session, domain_id)
+            old_dict = ref.to_dict()
+            for k in domain:
+                old_dict[k] = domain[k]
+            new_domain = Domain.from_dict(old_dict)
+            for attr in Domain.attributes:
+                if attr != 'id':
+                    setattr(ref, attr, getattr(new_domain, attr))
+            ref.extra = new_domain.extra
+            return ref.to_dict()
+
+    def delete_domain(self, domain_id):
+        with sql.transaction() as session:
+            ref = self._get_domain(session, domain_id)
+            session.delete(ref)
+
+
+class Domain(sql.ModelBase, sql.DictBase):
+    __tablename__ = 'domain'
+    attributes = ['id', 'name', 'enabled']
+    id = sql.Column(sql.String(64), primary_key=True)
+    name = sql.Column(sql.String(64), nullable=False)
+    enabled = sql.Column(sql.Boolean, default=True, nullable=False)
+    extra = sql.Column(sql.JsonBlob())
+    __table_args__ = (sql.UniqueConstraint('name'), {})
+
+
+class Project(sql.ModelBase, sql.DictBase):
+    __tablename__ = 'project'
+    attributes = ['id', 'name', 'domain_id', 'description', 'enabled',
+                  'parent_id', 'is_domain']
+    id = sql.Column(sql.String(64), primary_key=True)
+    name = sql.Column(sql.String(64), nullable=False)
+    domain_id = sql.Column(sql.String(64), sql.ForeignKey('domain.id'),
+                           nullable=False)
+    description = sql.Column(sql.Text())
+    enabled = sql.Column(sql.Boolean)
+    extra = sql.Column(sql.JsonBlob())
+    parent_id = sql.Column(sql.String(64), sql.ForeignKey('project.id'))
+    is_domain = sql.Column(sql.Boolean, default=False, nullable=False,
+                           server_default='0')
+    # Unique constraint across two columns to create the separation
+    # rather than just only 'name' being unique
+    __table_args__ = (sql.UniqueConstraint('domain_id', 'name'), {})
--- a/keystone/resource/backends/ldap.py
+++ b/keystone/resource/backends/ldap.py
@ -30,7 +30,7 @@ from keystone import resource
 CONF = cfg.CONF


-class Resource(resource.ResourceDriverV8):
+class Resource(resource.ResourceDriverV9):
    @versionutils.deprecated(
        versionutils.deprecated.LIBERTY,
        remove_in=+1,
--- a/keystone/resource/backends/sql.py
+++ b/keystone/resource/backends/sql.py
@ -25,7 +25,7 @@ CONF = cfg.CONF
 LOG = log.getLogger(__name__)


-class Resource(keystone_resource.ResourceDriverV8):
+class Resource(keystone_resource.ResourceDriverV9):

    def default_assignment_driver(self):
        return 'sql'
--- a/keystone/resource/core.py
+++ b/keystone/resource/core.py
@ -16,6 +16,7 @@ import abc

 from oslo_config import cfg
 from oslo_log import log
+from oslo_log import versionutils
 import six

 from keystone.common import cache
@ -70,6 +71,13 @@ class Manager(manager.Manager):

        super(Manager, self).__init__(resource_driver)

+        # Make sure it is a driver version we support, and if it is a legacy
+        # driver, then wrap it.
+        if isinstance(self.driver, ResourceDriverV8):
+            self.driver = V9ResourceWrapperForV8Driver(self.driver)
+        elif not isinstance(self.driver, ResourceDriverV9):
+            raise exception.UnsupportedDriverVersion(driver=resource_driver)
+
    def _get_hierarchy_depth(self, parents_list):
        return len(parents_list) + 1

@ -659,8 +667,16 @@ class Manager(manager.Manager):
        pass


+# The ResourceDriverBase class is the set of driver methods from earlier
+# drivers that we still support, that have not been removed or modified. This
+# class is then used to created the augmented V8 and V9 version abstract driver
+# classes, without having to duplicate a lot of abstract method signatures.
+# If you remove a method from V9, then move the abstact methods from this Base
+# class to the V8 class. Do not modify any of the method signatures in the Base
+# class - changes should only be made in the V8 and subsequent classes.
+
@six.add_metaclass(abc.ABCMeta)
-class ResourceDriverV8(object):
+class ResourceDriverBase(object):

    def _get_list_limit(self):
        return CONF.resource.list_limit or CONF.list_limit
@ -923,6 +939,118 @@ class ResourceDriverV8(object):
            raise exception.DomainNotFound(domain_id=domain_id)


+class ResourceDriverV8(ResourceDriverBase):
+    """Removed or redefined methods from V8.
+
+    Move the abstract methods of any methods removed or modified in later
+    versions of the driver from ResourceDriverBase to here. We maintain this
+    so that legacy drivers, which will be a subclass of ResourceDriverV8, can
+    still reference them.
+
+    """
+
+    pass
+
+
+class ResourceDriverV9(ResourceDriverBase):
+    """New or redefined methods from V8.
+
+    Add any new V9 abstract methods (or those with modified signatures) to
+    this class.
+
+    """
+
+    pass
+
+
+class V9ResourceWrapperForV8Driver(ResourceDriverV9):
+    """Wrapper class to supported a V8 legacy driver.
+
+    In order to support legacy drivers without having to make the manager code
+    driver-version aware, we wrap legacy drivers so that they look like the
+    latest version. For the various changes made in a new driver, here are the
+    actions needed in this wrapper:
+
+    Method removed from new driver - remove the call-through method from this
+                                     class, since the manager will no longer be
+                                     calling it.
+    Method signature (or meaning) changed - wrap the old method in a new
+                                            signature here, and munge the input
+                                            and output parameters accordingly.
+    New method added to new driver - add a method to implement the new
+                                     functionality here if possible. If that is
+                                     not possible, then return NotImplemented,
+                                     since we do not guarantee to support new
+                                     functionality with legacy drivers.
+
+    """
+
+    @versionutils.deprecated(
+        as_of=versionutils.deprecated.MITAKA,
+        what='keystone.resource.ResourceDriverV8',
+        in_favor_of='keystone.resource.ResourceDriverV9',
+        remove_in=+2)
+    def __init__(self, wrapped_driver):
+        self.driver = wrapped_driver
+
+    def get_project_by_name(self, tenant_name, domain_id):
+        return self.driver.get_project_by_name(tenant_name, domain_id)
+
+    def create_domain(self, domain_id, domain):
+        return self.driver.create_domain(domain_id, domain)
+
+    def list_domains(self, hints):
+        return self.driver.list_domains(hints)
+
+    def list_domains_from_ids(self, domain_ids):
+        return self.driver.list_domains_from_ids(domain_ids)
+
+    def get_domain(self, domain_id):
+        return self.driver.get_domain(domain_id)
+
+    def get_domain_by_name(self, domain_name):
+        return self.driver.get_domain_by_name(domain_name)
+
+    def update_domain(self, domain_id, domain):
+        return self.driver.update_domain(domain_id, domain)
+
+    def delete_domain(self, domain_id):
+        self.driver.delete_domain(domain_id)
+
+    def create_project(self, project_id, project):
+        return self.driver.create_project(project_id, project)
+
+    def list_projects(self, hints):
+        return self.driver.list_projects(hints)
+
+    def list_projects_from_ids(self, project_ids):
+        return self.driver.list_projects_from_ids(project_ids)
+
+    def list_project_ids_from_domain_ids(self, domain_ids):
+        return self.driver.list_project_ids_from_domain_ids(domain_ids)
+
+    def list_projects_in_domain(self, domain_id):
+        return self.driver.list_projects_in_domain(domain_id)
+
+    def get_project(self, project_id):
+        return self.driver.get_project(project_id)
+
+    def update_project(self, project_id, project):
+        return self.driver.update_project(project_id, project)
+
+    def delete_project(self, project_id):
+        self.driver.delete_project(project_id)
+
+    def list_project_parents(self, project_id):
+        return self.driver.list_project_parents(project_id)
+
+    def list_projects_in_subtree(self, project_id):
+        return self.driver.list_projects_in_subtree(project_id)
+
+    def is_leaf_project(self, project_id):
+        return self.driver.is_leaf_project(project_id)
+
+
 Driver = manager.create_legacy_driver(ResourceDriverV8)


--- a/keystone/tests/unit/backend/legacy_drivers/resource/V8/init.py
+++ b/keystone/tests/unit/backend/legacy_drivers/resource/V8/init.py
--- a/keystone/tests/unit/backend/legacy_drivers/resource/V8/sql.py
+++ b/keystone/tests/unit/backend/legacy_drivers/resource/V8/sql.py
@ -0,0 +1,30 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from keystone.tests.unit import test_backend_sql
+
+
+class SqlIdentityV8(test_backend_sql.SqlIdentity):
+    """Test that a V8 driver still passes the same tests.
+
+    We use the SQL driver as an example of a V8 legacy driver.
+
+    """
+
+    def config_overrides(self):
+        super(SqlIdentityV8, self).config_overrides()
+        # V8 SQL specific driver overrides
+        self.config_fixture.config(
+            group='resource',
+            driver='keystone.resource.V8_backends.sql.Resource')
+        self.use_specific_sql_driver_version(
+            'keystone.resource', 'backends', 'V8_')
--- a/keystone/tests/unit/backend/legacy_drivers/resource/init.py
+++ b/keystone/tests/unit/backend/legacy_drivers/resource/init.py
--- a/releasenotes/notes/V9ResourceDriver-26716f97c0cc1a80.yaml
+++ b/releasenotes/notes/V9ResourceDriver-26716f97c0cc1a80.yaml
@ -0,0 +1,8 @@
+---
+upgrade:
+  - The V8 Resource driver interface is deprecated, but still supported in
+    this release, so any custom drivers based on the V8 interface should still
+    work.
+other:
+  - Support for the V8 Resource driver interface is planned to be removed in
+    the 'O' release of OpenStack.
--- a/tox.ini
+++ b/tox.ini
@ -81,6 +81,8 @@ commands =
      keystone/tests/unit/backend/legacy_drivers/role/V8/sql.py
  nosetests -v \
      keystone/tests/unit/backend/legacy_drivers/federation/V8/api_v3.py
+  nosetests -v \
+      keystone/tests/unit/backend/legacy_drivers/resource/V8/sql.py

 [testenv:pep8]
 commands =