Move v3_to_v2_user from manager to controller
Managers should have no knowledge of v2 or v3, only the controllers should, so this moves the v3_to_v2_user function from the identity manager to common.controller.V2Controller. Change-Id: I0c111245965a2578cfe1d7c9f1ca2df2f612b0d9
This commit is contained in:
parent
211bfc3f72
commit
85f9a93f16
@ -135,7 +135,7 @@ class Tenant(controller.V2Controller):
|
|||||||
user_ids = self.assignment_api.list_user_ids_for_project(tenant_id)
|
user_ids = self.assignment_api.list_user_ids_for_project(tenant_id)
|
||||||
for user_id in user_ids:
|
for user_id in user_ids:
|
||||||
user_ref = self.identity_api.get_user(user_id)
|
user_ref = self.identity_api.get_user(user_id)
|
||||||
user_refs.append(self.identity_api.v3_to_v2_user(user_ref))
|
user_refs.append(self.v3_to_v2_user(user_ref))
|
||||||
return {'users': user_refs}
|
return {'users': user_refs}
|
||||||
|
|
||||||
def _format_project_list(self, tenant_refs, **kwargs):
|
def _format_project_list(self, tenant_refs, **kwargs):
|
||||||
|
@ -221,6 +221,47 @@ class V2Controller(wsgi.Application):
|
|||||||
ref['name'] = ref.pop('username')
|
ref['name'] = ref.pop('username')
|
||||||
return ref
|
return ref
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def v3_to_v2_user(ref):
|
||||||
|
"""Convert a user_ref from v3 to v2 compatible.
|
||||||
|
|
||||||
|
* v2.0 users are not domain aware, and should have domain_id removed
|
||||||
|
* v2.0 users expect the use of tenantId instead of default_project_id
|
||||||
|
* v2.0 users have a username attribute
|
||||||
|
|
||||||
|
This method should only be applied to user_refs being returned from the
|
||||||
|
v2.0 controller(s).
|
||||||
|
|
||||||
|
If ref is a list type, we will iterate through each element and do the
|
||||||
|
conversion.
|
||||||
|
"""
|
||||||
|
|
||||||
|
def _format_default_project_id(ref):
|
||||||
|
"""Convert default_project_id to tenantId for v2 calls."""
|
||||||
|
default_project_id = ref.pop('default_project_id', None)
|
||||||
|
if default_project_id is not None:
|
||||||
|
ref['tenantId'] = default_project_id
|
||||||
|
elif 'tenantId' in ref:
|
||||||
|
# NOTE(morganfainberg): To avoid v2.0 confusion if somehow a
|
||||||
|
# tenantId property sneaks its way into the extra blob on the
|
||||||
|
# user, we remove it here. If default_project_id is set, we
|
||||||
|
# would override it in either case.
|
||||||
|
del ref['tenantId']
|
||||||
|
|
||||||
|
def _normalize_and_filter_user_properties(ref):
|
||||||
|
"""Run through the various filter/normalization methods."""
|
||||||
|
_format_default_project_id(ref)
|
||||||
|
V2Controller.filter_domain_id(ref)
|
||||||
|
V2Controller.normalize_username_in_response(ref)
|
||||||
|
return ref
|
||||||
|
|
||||||
|
if isinstance(ref, dict):
|
||||||
|
return _normalize_and_filter_user_properties(ref)
|
||||||
|
elif isinstance(ref, list):
|
||||||
|
return [_normalize_and_filter_user_properties(x) for x in ref]
|
||||||
|
else:
|
||||||
|
raise ValueError(_('Expected dict or list: %s') % type(ref))
|
||||||
|
|
||||||
|
|
||||||
@dependency.requires('policy_api', 'token_api')
|
@dependency.requires('policy_api', 'token_api')
|
||||||
class V3Controller(wsgi.Application):
|
class V3Controller(wsgi.Application):
|
||||||
|
@ -128,7 +128,7 @@ class Ec2Controller(controller.V2Controller):
|
|||||||
# NOTE(morganfainberg): Make sure the data is in correct form since it
|
# NOTE(morganfainberg): Make sure the data is in correct form since it
|
||||||
# might be consumed external to Keystone and this is a v2.0 controller.
|
# might be consumed external to Keystone and this is a v2.0 controller.
|
||||||
# The token provider doesn't actually expect either v2 or v3 user data.
|
# The token provider doesn't actually expect either v2 or v3 user data.
|
||||||
user_ref = self.identity_api.v3_to_v2_user(user_ref)
|
user_ref = self.v3_to_v2_user(user_ref)
|
||||||
auth_token_data = dict(user=user_ref,
|
auth_token_data = dict(user=user_ref,
|
||||||
tenant=tenant_ref,
|
tenant=tenant_ref,
|
||||||
metadata=metadata_ref,
|
metadata=metadata_ref,
|
||||||
|
@ -98,7 +98,7 @@ class User(controller.V2Controller):
|
|||||||
def get_user(self, context, user_id):
|
def get_user(self, context, user_id):
|
||||||
self.assert_admin(context)
|
self.assert_admin(context)
|
||||||
ref = self.identity_api.get_user(user_id)
|
ref = self.identity_api.get_user(user_id)
|
||||||
return {'user': self.identity_api.v3_to_v2_user(ref)}
|
return {'user': self.v3_to_v2_user(ref)}
|
||||||
|
|
||||||
@controller.v2_deprecated
|
@controller.v2_deprecated
|
||||||
def get_users(self, context):
|
def get_users(self, context):
|
||||||
@ -110,14 +110,14 @@ class User(controller.V2Controller):
|
|||||||
|
|
||||||
self.assert_admin(context)
|
self.assert_admin(context)
|
||||||
user_list = self.identity_api.list_users()
|
user_list = self.identity_api.list_users()
|
||||||
return {'users': self.identity_api.v3_to_v2_user(user_list)}
|
return {'users': self.v3_to_v2_user(user_list)}
|
||||||
|
|
||||||
@controller.v2_deprecated
|
@controller.v2_deprecated
|
||||||
def get_user_by_name(self, context, user_name):
|
def get_user_by_name(self, context, user_name):
|
||||||
self.assert_admin(context)
|
self.assert_admin(context)
|
||||||
ref = self.identity_api.get_user_by_name(
|
ref = self.identity_api.get_user_by_name(
|
||||||
user_name, CONF.identity.default_domain_id)
|
user_name, CONF.identity.default_domain_id)
|
||||||
return {'user': self.identity_api.v3_to_v2_user(ref)}
|
return {'user': self.v3_to_v2_user(ref)}
|
||||||
|
|
||||||
# CRUD extension
|
# CRUD extension
|
||||||
@controller.v2_deprecated
|
@controller.v2_deprecated
|
||||||
@ -143,7 +143,7 @@ class User(controller.V2Controller):
|
|||||||
user_id = uuid.uuid4().hex
|
user_id = uuid.uuid4().hex
|
||||||
user_ref = self._normalize_domain_id(context, user.copy())
|
user_ref = self._normalize_domain_id(context, user.copy())
|
||||||
user_ref['id'] = user_id
|
user_ref['id'] = user_id
|
||||||
new_user_ref = self.identity_api.v3_to_v2_user(
|
new_user_ref = self.v3_to_v2_user(
|
||||||
self.identity_api.create_user(user_id, user_ref))
|
self.identity_api.create_user(user_id, user_ref))
|
||||||
|
|
||||||
if default_project_id is not None:
|
if default_project_id is not None:
|
||||||
@ -165,7 +165,7 @@ class User(controller.V2Controller):
|
|||||||
if default_project_id is not None:
|
if default_project_id is not None:
|
||||||
user['default_project_id'] = default_project_id
|
user['default_project_id'] = default_project_id
|
||||||
|
|
||||||
old_user_ref = self.identity_api.v3_to_v2_user(
|
old_user_ref = self.v3_to_v2_user(
|
||||||
self.identity_api.get_user(user_id))
|
self.identity_api.get_user(user_id))
|
||||||
|
|
||||||
# Check whether a tenant is being added or changed for the user.
|
# Check whether a tenant is being added or changed for the user.
|
||||||
@ -181,7 +181,7 @@ class User(controller.V2Controller):
|
|||||||
# user update.
|
# user update.
|
||||||
self.assignment_api.get_project(default_project_id)
|
self.assignment_api.get_project(default_project_id)
|
||||||
|
|
||||||
user_ref = self.identity_api.v3_to_v2_user(
|
user_ref = self.v3_to_v2_user(
|
||||||
self.identity_api.update_user(user_id, user))
|
self.identity_api.update_user(user_id, user))
|
||||||
|
|
||||||
# If 'tenantId' is in either ref, we might need to add or remove the
|
# If 'tenantId' is in either ref, we might need to add or remove the
|
||||||
|
@ -24,7 +24,6 @@ from oslo.config import cfg
|
|||||||
import six
|
import six
|
||||||
|
|
||||||
from keystone import clean
|
from keystone import clean
|
||||||
from keystone.common import controller
|
|
||||||
from keystone.common import dependency
|
from keystone.common import dependency
|
||||||
from keystone.common import driver_hints
|
from keystone.common import driver_hints
|
||||||
from keystone.common import manager
|
from keystone.common import manager
|
||||||
@ -218,47 +217,6 @@ class Manager(manager.Manager):
|
|||||||
super(Manager, self).__init__(CONF.identity.driver)
|
super(Manager, self).__init__(CONF.identity.driver)
|
||||||
self.domain_configs = DomainConfigs()
|
self.domain_configs = DomainConfigs()
|
||||||
|
|
||||||
@staticmethod
|
|
||||||
def v3_to_v2_user(ref):
|
|
||||||
"""Convert a user_ref from v3 to v2 compatible.
|
|
||||||
|
|
||||||
* v2.0 users are not domain aware, and should have domain_id removed
|
|
||||||
* v2.0 users expect the use of tenantId instead of default_project_id
|
|
||||||
* v2.0 users have a username attribute
|
|
||||||
|
|
||||||
This method should only be applied to user_refs being returned from the
|
|
||||||
v2.0 controller(s).
|
|
||||||
|
|
||||||
If ref is a list type, we will iterate through each element and do the
|
|
||||||
conversion.
|
|
||||||
"""
|
|
||||||
|
|
||||||
def _format_default_project_id(ref):
|
|
||||||
"""Convert default_project_id to tenantId for v2 calls."""
|
|
||||||
default_project_id = ref.pop('default_project_id', None)
|
|
||||||
if default_project_id is not None:
|
|
||||||
ref['tenantId'] = default_project_id
|
|
||||||
elif 'tenantId' in ref:
|
|
||||||
# NOTE(morganfainberg): To avoid v2.0 confusion if somehow a
|
|
||||||
# tenantId property sneaks its way into the extra blob on the
|
|
||||||
# user, we remove it here. If default_project_id is set, we
|
|
||||||
# would override it in either case.
|
|
||||||
del ref['tenantId']
|
|
||||||
|
|
||||||
def _normalize_and_filter_user_properties(ref):
|
|
||||||
"""Run through the various filter/normalization methods."""
|
|
||||||
_format_default_project_id(ref)
|
|
||||||
controller.V2Controller.filter_domain_id(ref)
|
|
||||||
controller.V2Controller.normalize_username_in_response(ref)
|
|
||||||
return ref
|
|
||||||
|
|
||||||
if isinstance(ref, dict):
|
|
||||||
return _normalize_and_filter_user_properties(ref)
|
|
||||||
elif isinstance(ref, list):
|
|
||||||
return [_normalize_and_filter_user_properties(x) for x in ref]
|
|
||||||
else:
|
|
||||||
raise ValueError(_('Expected dict or list: %s') % type(ref))
|
|
||||||
|
|
||||||
# Domain ID normalization methods
|
# Domain ID normalization methods
|
||||||
|
|
||||||
def _set_domain_id(self, ref, domain_id):
|
def _set_domain_id(self, ref, domain_id):
|
||||||
|
@ -1706,22 +1706,22 @@ class TestV3toV2Methods(tests.TestCase):
|
|||||||
|
|
||||||
def test_v3_to_v2_user_method(self):
|
def test_v3_to_v2_user_method(self):
|
||||||
|
|
||||||
updated_user1 = self.identity_api.v3_to_v2_user(self.user1)
|
updated_user1 = controller.V2Controller.v3_to_v2_user(self.user1)
|
||||||
self.assertIs(self.user1, updated_user1)
|
self.assertIs(self.user1, updated_user1)
|
||||||
self.assertDictEqual(self.user1, self.expected_user)
|
self.assertDictEqual(self.user1, self.expected_user)
|
||||||
updated_user2 = self.identity_api.v3_to_v2_user(self.user2)
|
updated_user2 = controller.V2Controller.v3_to_v2_user(self.user2)
|
||||||
self.assertIs(self.user2, updated_user2)
|
self.assertIs(self.user2, updated_user2)
|
||||||
self.assertDictEqual(self.user2, self.expected_user_no_tenant_id)
|
self.assertDictEqual(self.user2, self.expected_user_no_tenant_id)
|
||||||
updated_user3 = self.identity_api.v3_to_v2_user(self.user3)
|
updated_user3 = controller.V2Controller.v3_to_v2_user(self.user3)
|
||||||
self.assertIs(self.user3, updated_user3)
|
self.assertIs(self.user3, updated_user3)
|
||||||
self.assertDictEqual(self.user3, self.expected_user)
|
self.assertDictEqual(self.user3, self.expected_user)
|
||||||
updated_user4 = self.identity_api.v3_to_v2_user(self.user4)
|
updated_user4 = controller.V2Controller.v3_to_v2_user(self.user4)
|
||||||
self.assertIs(self.user4, updated_user4)
|
self.assertIs(self.user4, updated_user4)
|
||||||
self.assertDictEqual(self.user4, self.expected_user_no_tenant_id)
|
self.assertDictEqual(self.user4, self.expected_user_no_tenant_id)
|
||||||
|
|
||||||
def test_v3_to_v2_user_method_list(self):
|
def test_v3_to_v2_user_method_list(self):
|
||||||
user_list = [self.user1, self.user2, self.user3, self.user4]
|
user_list = [self.user1, self.user2, self.user3, self.user4]
|
||||||
updated_list = self.identity_api.v3_to_v2_user(user_list)
|
updated_list = controller.V2Controller.v3_to_v2_user(user_list)
|
||||||
|
|
||||||
self.assertEqual(len(updated_list), len(user_list))
|
self.assertEqual(len(updated_list), len(user_list))
|
||||||
|
|
||||||
|
@ -106,7 +106,7 @@ class Auth(controller.V2Controller):
|
|||||||
# The user_ref is encoded into the auth_token_data which is returned as
|
# The user_ref is encoded into the auth_token_data which is returned as
|
||||||
# part of the token data. The token provider doesn't care about the
|
# part of the token data. The token provider doesn't care about the
|
||||||
# format.
|
# format.
|
||||||
user_ref = self.identity_api.v3_to_v2_user(user_ref)
|
user_ref = self.v3_to_v2_user(user_ref)
|
||||||
if tenant_ref:
|
if tenant_ref:
|
||||||
tenant_ref = self.filter_domain_id(tenant_ref)
|
tenant_ref = self.filter_domain_id(tenant_ref)
|
||||||
auth_token_data = self._get_auth_token_data(user_ref,
|
auth_token_data = self._get_auth_token_data(user_ref,
|
||||||
|
Loading…
x
Reference in New Issue
Block a user