Move v3_to_v2_user from manager to controller

Managers should have no knowledge of v2 or v3, only the controllers
should, so this moves the v3_to_v2_user function from the identity
manager to common.controller.V2Controller.

Change-Id: I0c111245965a2578cfe1d7c9f1ca2df2f612b0d9

keystone/assignment/controllers.py

@@ -135,7 +135,7 @@ class Tenant(controller.V2Controller):
         user_ids = self.assignment_api.list_user_ids_for_project(tenant_id)
         for user_id in user_ids:
             user_ref = self.identity_api.get_user(user_id)
-            user_refs.append(self.identity_api.v3_to_v2_user(user_ref))
+            user_refs.append(self.v3_to_v2_user(user_ref))
         return {'users': user_refs}
 
     def _format_project_list(self, tenant_refs, **kwargs):

keystone/common/controller.py

@@ -221,6 +221,47 @@ class V2Controller(wsgi.Application):
             ref['name'] = ref.pop('username')
         return ref
 
+    @staticmethod
+    def v3_to_v2_user(ref):
+        """Convert a user_ref from v3 to v2 compatible.
+
+        * v2.0 users are not domain aware, and should have domain_id removed
+        * v2.0 users expect the use of tenantId instead of default_project_id
+        * v2.0 users have a username attribute
+
+        This method should only be applied to user_refs being returned from the
+        v2.0 controller(s).
+
+        If ref is a list type, we will iterate through each element and do the
+        conversion.
+        """
+
+        def _format_default_project_id(ref):
+            """Convert default_project_id to tenantId for v2 calls."""
+            default_project_id = ref.pop('default_project_id', None)
+            if default_project_id is not None:
+                ref['tenantId'] = default_project_id
+            elif 'tenantId' in ref:
+                # NOTE(morganfainberg): To avoid v2.0 confusion if somehow a
+                # tenantId property sneaks its way into the extra blob on the
+                # user, we remove it here.  If default_project_id is set, we
+                # would override it in either case.
+                del ref['tenantId']
+
+        def _normalize_and_filter_user_properties(ref):
+            """Run through the various filter/normalization methods."""
+            _format_default_project_id(ref)
+            V2Controller.filter_domain_id(ref)
+            V2Controller.normalize_username_in_response(ref)
+            return ref
+
+        if isinstance(ref, dict):
+            return _normalize_and_filter_user_properties(ref)
+        elif isinstance(ref, list):
+            return [_normalize_and_filter_user_properties(x) for x in ref]
+        else:
+            raise ValueError(_('Expected dict or list: %s') % type(ref))
+
 
 @dependency.requires('policy_api', 'token_api')
 class V3Controller(wsgi.Application):

keystone/contrib/ec2/controllers.py

@@ -128,7 +128,7 @@ class Ec2Controller(controller.V2Controller):
         # NOTE(morganfainberg): Make sure the data is in correct form since it
         # might be consumed external to Keystone and this is a v2.0 controller.
         # The token provider doesn't actually expect either v2 or v3 user data.
-        user_ref = self.identity_api.v3_to_v2_user(user_ref)
+        user_ref = self.v3_to_v2_user(user_ref)
         auth_token_data = dict(user=user_ref,
                                tenant=tenant_ref,
                                metadata=metadata_ref,

keystone/identity/controllers.py

@@ -98,7 +98,7 @@ class User(controller.V2Controller):
     def get_user(self, context, user_id):
         self.assert_admin(context)
         ref = self.identity_api.get_user(user_id)
-        return {'user': self.identity_api.v3_to_v2_user(ref)}
+        return {'user': self.v3_to_v2_user(ref)}
 
     @controller.v2_deprecated
     def get_users(self, context):
@@ -110,14 +110,14 @@ class User(controller.V2Controller):
 
         self.assert_admin(context)
         user_list = self.identity_api.list_users()
-        return {'users': self.identity_api.v3_to_v2_user(user_list)}
+        return {'users': self.v3_to_v2_user(user_list)}
 
     @controller.v2_deprecated
     def get_user_by_name(self, context, user_name):
         self.assert_admin(context)
         ref = self.identity_api.get_user_by_name(
             user_name, CONF.identity.default_domain_id)
-        return {'user': self.identity_api.v3_to_v2_user(ref)}
+        return {'user': self.v3_to_v2_user(ref)}
 
     # CRUD extension
     @controller.v2_deprecated
@@ -143,7 +143,7 @@ class User(controller.V2Controller):
         user_id = uuid.uuid4().hex
         user_ref = self._normalize_domain_id(context, user.copy())
         user_ref['id'] = user_id
-        new_user_ref = self.identity_api.v3_to_v2_user(
+        new_user_ref = self.v3_to_v2_user(
             self.identity_api.create_user(user_id, user_ref))
 
         if default_project_id is not None:
@@ -165,7 +165,7 @@ class User(controller.V2Controller):
         if default_project_id is not None:
             user['default_project_id'] = default_project_id
 
-        old_user_ref = self.identity_api.v3_to_v2_user(
+        old_user_ref = self.v3_to_v2_user(
             self.identity_api.get_user(user_id))
 
         # Check whether a tenant is being added or changed for the user.
@@ -181,7 +181,7 @@ class User(controller.V2Controller):
             # user update.
             self.assignment_api.get_project(default_project_id)
 
-        user_ref = self.identity_api.v3_to_v2_user(
+        user_ref = self.v3_to_v2_user(
             self.identity_api.update_user(user_id, user))
 
         # If 'tenantId' is in either ref, we might need to add or remove the

keystone/identity/core.py

@@ -24,7 +24,6 @@ from oslo.config import cfg
 import six
 
 from keystone import clean
-from keystone.common import controller
 from keystone.common import dependency
 from keystone.common import driver_hints
 from keystone.common import manager
@@ -218,47 +217,6 @@ class Manager(manager.Manager):
         super(Manager, self).__init__(CONF.identity.driver)
         self.domain_configs = DomainConfigs()
 
-    @staticmethod
-    def v3_to_v2_user(ref):
-        """Convert a user_ref from v3 to v2 compatible.
-
-        * v2.0 users are not domain aware, and should have domain_id removed
-        * v2.0 users expect the use of tenantId instead of default_project_id
-        * v2.0 users have a username attribute
-
-        This method should only be applied to user_refs being returned from the
-        v2.0 controller(s).
-
-        If ref is a list type, we will iterate through each element and do the
-        conversion.
-        """
-
-        def _format_default_project_id(ref):
-            """Convert default_project_id to tenantId for v2 calls."""
-            default_project_id = ref.pop('default_project_id', None)
-            if default_project_id is not None:
-                ref['tenantId'] = default_project_id
-            elif 'tenantId' in ref:
-                # NOTE(morganfainberg): To avoid v2.0 confusion if somehow a
-                # tenantId property sneaks its way into the extra blob on the
-                # user, we remove it here.  If default_project_id is set, we
-                # would override it in either case.
-                del ref['tenantId']
-
-        def _normalize_and_filter_user_properties(ref):
-            """Run through the various filter/normalization methods."""
-            _format_default_project_id(ref)
-            controller.V2Controller.filter_domain_id(ref)
-            controller.V2Controller.normalize_username_in_response(ref)
-            return ref
-
-        if isinstance(ref, dict):
-            return _normalize_and_filter_user_properties(ref)
-        elif isinstance(ref, list):
-            return [_normalize_and_filter_user_properties(x) for x in ref]
-        else:
-            raise ValueError(_('Expected dict or list: %s') % type(ref))
-
     # Domain ID normalization methods
 
     def _set_domain_id(self, ref, domain_id):

keystone/tests/test_v3_identity.py

@@ -1706,22 +1706,22 @@ class TestV3toV2Methods(tests.TestCase):
 
     def test_v3_to_v2_user_method(self):
 
-        updated_user1 = self.identity_api.v3_to_v2_user(self.user1)
+        updated_user1 = controller.V2Controller.v3_to_v2_user(self.user1)
         self.assertIs(self.user1, updated_user1)
         self.assertDictEqual(self.user1, self.expected_user)
-        updated_user2 = self.identity_api.v3_to_v2_user(self.user2)
+        updated_user2 = controller.V2Controller.v3_to_v2_user(self.user2)
         self.assertIs(self.user2, updated_user2)
         self.assertDictEqual(self.user2, self.expected_user_no_tenant_id)
-        updated_user3 = self.identity_api.v3_to_v2_user(self.user3)
+        updated_user3 = controller.V2Controller.v3_to_v2_user(self.user3)
         self.assertIs(self.user3, updated_user3)
         self.assertDictEqual(self.user3, self.expected_user)
-        updated_user4 = self.identity_api.v3_to_v2_user(self.user4)
+        updated_user4 = controller.V2Controller.v3_to_v2_user(self.user4)
         self.assertIs(self.user4, updated_user4)
         self.assertDictEqual(self.user4, self.expected_user_no_tenant_id)
 
     def test_v3_to_v2_user_method_list(self):
         user_list = [self.user1, self.user2, self.user3, self.user4]
-        updated_list = self.identity_api.v3_to_v2_user(user_list)
+        updated_list = controller.V2Controller.v3_to_v2_user(user_list)
 
         self.assertEqual(len(updated_list), len(user_list))
 

keystone/token/controllers.py

@@ -106,7 +106,7 @@ class Auth(controller.V2Controller):
         # The user_ref is encoded into the auth_token_data which is returned as
         # part of the token data. The token provider doesn't care about the
         # format.
-        user_ref = self.identity_api.v3_to_v2_user(user_ref)
+        user_ref = self.v3_to_v2_user(user_ref)
         if tenant_ref:
             tenant_ref = self.filter_domain_id(tenant_ref)
         auth_token_data = self._get_auth_token_data(user_ref,