openstack/keystone
Code Issues Proposed changes

Merge "Pass initiator to Manager as a kwarg"

Browse Source
This commit is contained in:
Jenkins 2016-10-09 02:57:42 +00:00 committed by Gerrit Code Review
commit 83bd595b22
7 changed files with 133 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
keystone/assignment/controllers.py
View File

@ -107,13 +107,13 @@ class Role(controller.V2Controller):
role['id'] = role_id
role_ref = self.role_api.create_role(role_id,
role,
request.audit_initiator)
initiator=request.audit_initiator)
return {'role': role_ref}
@controller.v2_deprecated
def delete_role(self, request, role_id):
self.assert_admin(request)
self.role_api.delete_role(role_id, request.audit_initiator)
self.role_api.delete_role(role_id, initiator=request.audit_initiator)
@controller.v2_deprecated
def get_roles(self, request):
@ -399,7 +399,7 @@ class RoleV3(controller.V3Controller):
ref = self._normalize_dict(role)
ref = self.role_api.create_role(ref['id'],
ref,
request.audit_initiator)
initiator=request.audit_initiator)
return RoleV3.wrap_member(request.context_dict, ref)
def _list_roles(self, request, filters):
@ -413,11 +413,13 @@ class RoleV3(controller.V3Controller):
def _update_role(self, request, role_id, role):
self._require_matching_id(role_id, role)
ref = self.role_api.update_role(role_id, role, request.audit_initiator)
ref = self.role_api.update_role(
role_id, role, initiator=request.audit_initiator
)
return RoleV3.wrap_member(request.context_dict, ref)
def _delete_role(self, request, role_id):
self.role_api.delete_role(role_id, request.audit_initiator)
self.role_api.delete_role(role_id, initiator=request.audit_initiator)
@classmethod
def build_driver_hints(cls, request, supported_filters):

67
keystone/catalog/controllers.py
View File

@ -50,7 +50,9 @@ class Service(controller.V2Controller):
@controller.v2_deprecated
def delete_service(self, request, service_id):
self.assert_admin(request)
self.catalog_api.delete_service(service_id, request.audit_initiator)
self.catalog_api.delete_service(
service_id, initiator=request.audit_initiator
)
@controller.v2_deprecated
def create_service(self, request, OS_KSADM_service):
@ -60,7 +62,7 @@ class Service(controller.V2Controller):
service_ref = OS_KSADM_service.copy()
service_ref['id'] = service_id
new_service_ref = self.catalog_api.create_service(
service_id, service_ref, request.audit_initiator)
service_id, service_ref, initiator=request.audit_initiator)
return {'OS-KSADM:service': new_service_ref}
@ -150,7 +152,9 @@ class Endpoint(controller.V2Controller):
self.catalog_api.get_region(endpoint['region'])
except exception.RegionNotFound:
region = dict(id=endpoint['region'])
self.catalog_api.create_region(region, request.audit_initiator)
self.catalog_api.create_region(
region, initiator=request.audit_initiator
)
legacy_endpoint_ref = endpoint.copy()
@ -176,7 +180,7 @@ class Endpoint(controller.V2Controller):
endpoint_ref['region_id'] = endpoint_ref.pop('region')
self.catalog_api.create_endpoint(endpoint_ref['id'],
endpoint_ref,
request.audit_initiator)
initiator=request.audit_initiator)
legacy_endpoint_ref['id'] = legacy_endpoint_id
return {'endpoint': legacy_endpoint_ref}
@ -189,8 +193,10 @@ class Endpoint(controller.V2Controller):
deleted_at_least_one = False
for endpoint in self.catalog_api.list_endpoints():
if endpoint['legacy_endpoint_id'] == endpoint_id:
self.catalog_api.delete_endpoint(endpoint['id'],
request.audit_initiator)
self.catalog_api.delete_endpoint(
endpoint['id'],
initiator=request.audit_initiator
)
deleted_at_least_one = True
if not deleted_at_least_one:
@ -225,7 +231,9 @@ class RegionV3(controller.V3Controller):
if not ref.get('id'):
ref = self._assign_unique_id(ref)
ref = self.catalog_api.create_region(ref, request.audit_initiator)
ref = self.catalog_api.create_region(
ref, initiator=request.audit_initiator
)
return wsgi.render_response(
RegionV3.wrap_member(request.context_dict, ref),
status=(http_client.CREATED,
@ -250,13 +258,14 @@ class RegionV3(controller.V3Controller):
self._require_matching_id(region_id, region)
ref = self.catalog_api.update_region(region_id,
region,
request.audit_initiator)
initiator=request.audit_initiator)
return RegionV3.wrap_member(request.context_dict, ref)
@controller.protected()
def delete_region(self, request, region_id):
return self.catalog_api.delete_region(region_id,
request.audit_initiator)
return self.catalog_api.delete_region(
region_id, initiator=request.audit_initiator
)
@dependency.requires('catalog_api')
@ -272,9 +281,9 @@ class ServiceV3(controller.V3Controller):
def create_service(self, request, service):
validation.lazy_validate(schema.service_create, service)
ref = self._assign_unique_id(self._normalize_dict(service))
ref = self.catalog_api.create_service(ref['id'],
ref,
request.audit_initiator)
ref = self.catalog_api.create_service(
ref['id'], ref, initiator=request.audit_initiator
)
return ServiceV3.wrap_member(request.context_dict, ref)
@controller.filterprotected('type', 'name')
@ -294,15 +303,16 @@ class ServiceV3(controller.V3Controller):
def update_service(self, request, service_id, service):
validation.lazy_validate(schema.service_update, service)
self._require_matching_id(service_id, service)
ref = self.catalog_api.update_service(service_id,
service,
request.audit_initiator)
ref = self.catalog_api.update_service(
service_id, service, initiator=request.audit_initiator
)
return ServiceV3.wrap_member(request.context_dict, ref)
@controller.protected()
def delete_service(self, request, service_id):
return self.catalog_api.delete_service(service_id,
request.audit_initiator)
return self.catalog_api.delete_service(
service_id, initiator=request.audit_initiator
)
@dependency.requires('catalog_api')
@ -345,7 +355,9 @@ class EndpointV3(controller.V3Controller):
self.catalog_api.get_region(endpoint['region_id'])
except exception.RegionNotFound:
region = dict(id=endpoint['region_id'])
self.catalog_api.create_region(region, request.audit_initiator)
self.catalog_api.create_region(
region, initiator=request.audit_initiator
)
return endpoint
@ -355,9 +367,9 @@ class EndpointV3(controller.V3Controller):
utils.check_endpoint_url(endpoint['url'])
ref = self._assign_unique_id(self._normalize_dict(endpoint))
ref = self._validate_endpoint_region(ref, request)
ref = self.catalog_api.create_endpoint(ref['id'],
ref,
request.audit_initiator)
ref = self.catalog_api.create_endpoint(
ref['id'], ref, initiator=request.audit_initiator
)
return EndpointV3.wrap_member(request.context_dict, ref)
@controller.filterprotected('interface', 'service_id', 'region_id')
@ -381,15 +393,16 @@ class EndpointV3(controller.V3Controller):
endpoint = self._validate_endpoint_region(endpoint.copy(),
request)
ref = self.catalog_api.update_endpoint(endpoint_id,
endpoint,
request.audit_initiator)
ref = self.catalog_api.update_endpoint(
endpoint_id, endpoint, initiator=request.audit_initiator
)
return EndpointV3.wrap_member(request.context_dict, ref)
@controller.protected()
def delete_endpoint(self, request, endpoint_id):
return self.catalog_api.delete_endpoint(endpoint_id,
request.audit_initiator)
return self.catalog_api.delete_endpoint(
endpoint_id, initiator=request.audit_initiator
)
@dependency.requires('catalog_api', 'resource_api')

55
keystone/identity/controllers.py
View File

@ -77,7 +77,10 @@ class User(controller.V2Controller):
# The manager layer will generate the unique ID for users
user_ref = self._normalize_domain_id(request, user.copy())
new_user_ref = self.v3_to_v2_user(
self.identity_api.create_user(user_ref, request.audit_initiator))
self.identity_api.create_user(
user_ref, initiator=request.audit_initiator
)
)
if default_project_id is not None:
self.assignment_api.add_user_to_project(default_project_id,
@ -111,9 +114,9 @@ class User(controller.V2Controller):
# user update.
self.resource_api.get_project(default_project_id)
user_ref = self.identity_api.update_user(user_id,
user,
request.audit_initiator)
user_ref = self.identity_api.update_user(
user_id, user, initiator=request.audit_initiator
)
user_ref = self.v3_to_v2_user(user_ref)
# If 'tenantId' is in either ref, we might need to add or remove the
@ -159,7 +162,9 @@ class User(controller.V2Controller):
@controller.v2_deprecated
def delete_user(self, request, user_id):
self.assert_admin(request)
self.identity_api.delete_user(user_id, request.audit_initiator)
self.identity_api.delete_user(
user_id, initiator=request.audit_initiator
)
@controller.v2_deprecated
def set_user_enabled(self, request, user_id, user):
@ -211,7 +216,9 @@ class UserV3(controller.V3Controller):
# The manager layer will generate the unique ID for users
ref = self._normalize_dict(user)
ref = self._normalize_domain_id(request, ref)
ref = self.identity_api.create_user(ref, request.audit_initiator)
ref = self.identity_api.create_user(
ref, initiator=request.audit_initiator
)
return UserV3.wrap_member(request.context_dict, ref)
@controller.filterprotected('domain_id', 'enabled', 'name')
@ -237,9 +244,9 @@ class UserV3(controller.V3Controller):
self._require_matching_id(user_id, user)
self._require_matching_domain_id(
user_id, user, self.identity_api.get_user)
ref = self.identity_api.update_user(user_id,
user,
request.audit_initiator)
ref = self.identity_api.update_user(
user_id, user, initiator=request.audit_initiator
)
return UserV3.wrap_member(request.context_dict, ref)
@controller.protected()
@ -249,9 +256,9 @@ class UserV3(controller.V3Controller):
@controller.protected(callback=_check_user_and_group_protection)
def add_user_to_group(self, request, user_id, group_id):
self.identity_api.add_user_to_group(user_id,
group_id,
request.audit_initiator)
self.identity_api.add_user_to_group(
user_id, group_id, initiator=request.audit_initiator
)
@controller.protected(callback=_check_user_and_group_protection)
def check_user_in_group(self, request, user_id, group_id):
@ -259,13 +266,15 @@ class UserV3(controller.V3Controller):
@controller.protected(callback=_check_user_and_group_protection)
def remove_user_from_group(self, request, user_id, group_id):
self.identity_api.remove_user_from_group(user_id,
group_id,
request.audit_initiator)
self.identity_api.remove_user_from_group(
user_id, group_id, initiator=request.audit_initiator
)
@controller.protected()
def delete_user(self, request, user_id):
return self.identity_api.delete_user(user_id, request.audit_initiator)
return self.identity_api.delete_user(
user_id, initiator=request.audit_initiator
)
@controller.protected()
def change_password(self, request, user_id, user):
@ -305,7 +314,9 @@ class GroupV3(controller.V3Controller):
# The manager layer will generate the unique ID for groups
ref = self._normalize_dict(group)
ref = self._normalize_domain_id(request, ref)
ref = self.identity_api.create_group(ref, request.audit_initiator)
ref = self.identity_api.create_group(
ref, initiator=request.audit_initiator
)
return GroupV3.wrap_member(request.context_dict, ref)
@controller.filterprotected('domain_id', 'name')
@ -332,11 +343,13 @@ class GroupV3(controller.V3Controller):
self._require_matching_id(group_id, group)
self._require_matching_domain_id(
group_id, group, self.identity_api.get_group)
ref = self.identity_api.update_group(group_id,
group,
request.audit_initiator)
ref = self.identity_api.update_group(
group_id, group, initiator=request.audit_initiator
)
return GroupV3.wrap_member(request.context_dict, ref)
@controller.protected()
def delete_group(self, request, group_id):
self.identity_api.delete_group(group_id, request.audit_initiator)
self.identity_api.delete_group(
group_id, initiator=request.audit_initiator
)

31
keystone/oauth1/controllers.py
View File

@ -65,8 +65,9 @@ class ConsumerCrudV3(controller.V3Controller):
def create_consumer(self, request, consumer):
validation.lazy_validate(schema.consumer_create, consumer)
ref = self._assign_unique_id(self._normalize_dict(consumer))
consumer_ref = self.oauth_api.create_consumer(ref,
request.audit_initiator)
consumer_ref = self.oauth_api.create_consumer(
ref, initiator=request.audit_initiator
)
return ConsumerCrudV3.wrap_member(request.context_dict, consumer_ref)
@controller.protected()
@ -74,9 +75,9 @@ class ConsumerCrudV3(controller.V3Controller):
validation.lazy_validate(schema.consumer_update, consumer)
self._require_matching_id(consumer_id, consumer)
ref = self._normalize_dict(consumer)
ref = self.oauth_api.update_consumer(consumer_id,
ref,
request.audit_initiator)
ref = self.oauth_api.update_consumer(
consumer_id, ref, initiator=request.audit_initiator
)
return ConsumerCrudV3.wrap_member(request.context_dict, ref)
@controller.protected()
@ -95,7 +96,9 @@ class ConsumerCrudV3(controller.V3Controller):
payload = {'user_id': user_token_ref.user_id,
'consumer_id': consumer_id}
_emit_user_oauth_consumer_token_invalidate(payload)
self.oauth_api.delete_consumer(consumer_id, request.audit_initiator)
self.oauth_api.delete_consumer(
consumer_id, initiator=request.audit_initiator
)
@dependency.requires('oauth_api')
@ -140,9 +143,9 @@ class AccessTokenCrudV3(controller.V3Controller):
consumer_id = access_token['consumer_id']
payload = {'user_id': user_id, 'consumer_id': consumer_id}
_emit_user_oauth_consumer_token_invalidate(payload)
return self.oauth_api.delete_access_token(user_id,
access_token_id,
request.audit_initiator)
return self.oauth_api.delete_access_token(
user_id, access_token_id, initiator=request.audit_initiator
)
@staticmethod
def _get_user_id(entity):
@ -252,7 +255,7 @@ class OAuthControllerV3(controller.V3Controller):
consumer_id,
requested_project_id,
request_token_duration,
request.audit_initiator)
initiator=request.audit_initiator)
result = ('oauth_token=%(key)s&oauth_token_secret=%(secret)s'
% {'key': token_ref['id'],
@ -340,9 +343,11 @@ class OAuthControllerV3(controller.V3Controller):
raise exception.Unauthorized(message=msg)
access_token_duration = CONF.oauth1.access_token_duration
token_ref = self.oauth_api.create_access_token(request_token_id,
access_token_duration,
request.audit_initiator)
token_ref = self.oauth_api.create_access_token(
request_token_id,
access_token_duration,
initiator=request.audit_initiator
)
result = ('oauth_token=%(key)s&oauth_token_secret=%(secret)s'
% {'key': token_ref['id'],

17
keystone/policy/controllers.py
View File

@ -27,9 +27,9 @@ class PolicyV3(controller.V3Controller):
def create_policy(self, request, policy):
validation.lazy_validate(schema.policy_create, policy)
ref = self._assign_unique_id(self._normalize_dict(policy))
ref = self.policy_api.create_policy(ref['id'],
ref,
request.audit_initiator)
ref = self.policy_api.create_policy(
ref['id'], ref, initiator=request.audit_initiator
)
return PolicyV3.wrap_member(request.context_dict, ref)
@controller.filterprotected('type')
@ -47,12 +47,13 @@ class PolicyV3(controller.V3Controller):
@controller.protected()
def update_policy(self, request, policy_id, policy):
validation.lazy_validate(schema.policy_update, policy)
ref = self.policy_api.update_policy(policy_id,
policy,
request.audit_initiator)
ref = self.policy_api.update_policy(
policy_id, policy, initiator=request.audit_initiator
)
return PolicyV3.wrap_member(request.context_dict, ref)
@controller.protected()
def delete_policy(self, request, policy_id):
return self.policy_api.delete_policy(policy_id,
request.audit_initiator)
return self.policy_api.delete_policy(
policy_id, initiator=request.audit_initiator
)

26
keystone/resource/controllers.py
View File

@ -96,7 +96,7 @@ class Tenant(controller.V2Controller):
tenant = self.resource_api.create_project(
tenant_ref['id'],
self._normalize_domain_id(request, tenant_ref),
request.audit_initiator)
initiator=request.audit_initiator)
return {'tenant': self.v3_to_v2_project(tenant)}
@controller.v2_deprecated
@ -106,14 +106,17 @@ class Tenant(controller.V2Controller):
self._assert_not_is_domain_project(tenant_id)
tenant_ref = self.resource_api.update_project(
tenant_id, tenant, request.audit_initiator)
tenant_id, tenant, initiator=request.audit_initiator)
return {'tenant': self.v3_to_v2_project(tenant_ref)}
@controller.v2_deprecated
def delete_project(self, request, tenant_id):
self.assert_admin(request)
self._assert_not_is_domain_project(tenant_id)
self.resource_api.delete_project(tenant_id, request.audit_initiator)
self.resource_api.delete_project(
tenant_id,
initiator=request.audit_initiator
)
@dependency.requires('resource_api')
@ -129,9 +132,9 @@ class DomainV3(controller.V3Controller):
def create_domain(self, request, domain):
validation.lazy_validate(schema.domain_create, domain)
ref = self._assign_unique_id(self._normalize_dict(domain))
ref = self.resource_api.create_domain(ref['id'],
ref,
request.audit_initiator)
ref = self.resource_api.create_domain(
ref['id'], ref, initiator=request.audit_initiator
)
return DomainV3.wrap_member(request.context_dict, ref)
@controller.filterprotected('enabled', 'name')
@ -150,15 +153,16 @@ class DomainV3(controller.V3Controller):
def update_domain(self, request, domain_id, domain):
validation.lazy_validate(schema.domain_update, domain)
self._require_matching_id(domain_id, domain)
ref = self.resource_api.update_domain(domain_id,
domain,
request.audit_initiator)
ref = self.resource_api.update_domain(
domain_id, domain, initiator=request.audit_initiator
)
return DomainV3.wrap_member(request.context_dict, ref)
@controller.protected()
def delete_domain(self, request, domain_id):
return self.resource_api.delete_domain(domain_id,
request.audit_initiator)
return self.resource_api.delete_domain(
domain_id, initiator=request.audit_initiator
)
@dependency.requires('domain_config_api')

15
keystone/trust/controllers.py
View File

@ -136,10 +136,13 @@ class TrustV3(controller.V3Controller):
trust['expires_at'] = self._parse_expiration_date(
trust.get('expires_at'))
trust_id = uuid.uuid4().hex
new_trust = self.trust_api.create_trust(trust_id, trust,
normalized_roles,
redelegated_trust,
request.audit_initiator)
new_trust = self.trust_api.create_trust(
trust_id,
trust,
normalized_roles,
redelegated_trust,
initiator=request.audit_initiator
)
self._fill_in_roles(request.context_dict, new_trust)
return TrustV3.wrap_member(request.context_dict, new_trust)
@ -224,7 +227,9 @@ class TrustV3(controller.V3Controller):
not request.context.is_admin):
raise exception.Forbidden()
self.trust_api.delete_trust(trust_id, request.audit_initiator)
self.trust_api.delete_trust(
trust_id, initiator=request.audit_initiator
)
@controller.protected()
def list_roles_for_trust(self, request, trust_id):