Move v3_to_v2_user from manager to controller
Managers should have no knowledge of v2 or v3, only the controllers should, so this moves the v3_to_v2_user function from the identity manager to common.controller.V2Controller. Change-Id: I0c111245965a2578cfe1d7c9f1ca2df2f612b0d9
This commit is contained in:
parent
211bfc3f72
commit
85f9a93f16
@ -135,7 +135,7 @@ class Tenant(controller.V2Controller):
|
||||
user_ids = self.assignment_api.list_user_ids_for_project(tenant_id)
|
||||
for user_id in user_ids:
|
||||
user_ref = self.identity_api.get_user(user_id)
|
||||
user_refs.append(self.identity_api.v3_to_v2_user(user_ref))
|
||||
user_refs.append(self.v3_to_v2_user(user_ref))
|
||||
return {'users': user_refs}
|
||||
|
||||
def _format_project_list(self, tenant_refs, **kwargs):
|
||||
|
@ -221,6 +221,47 @@ class V2Controller(wsgi.Application):
|
||||
ref['name'] = ref.pop('username')
|
||||
return ref
|
||||
|
||||
@staticmethod
|
||||
def v3_to_v2_user(ref):
|
||||
"""Convert a user_ref from v3 to v2 compatible.
|
||||
|
||||
* v2.0 users are not domain aware, and should have domain_id removed
|
||||
* v2.0 users expect the use of tenantId instead of default_project_id
|
||||
* v2.0 users have a username attribute
|
||||
|
||||
This method should only be applied to user_refs being returned from the
|
||||
v2.0 controller(s).
|
||||
|
||||
If ref is a list type, we will iterate through each element and do the
|
||||
conversion.
|
||||
"""
|
||||
|
||||
def _format_default_project_id(ref):
|
||||
"""Convert default_project_id to tenantId for v2 calls."""
|
||||
default_project_id = ref.pop('default_project_id', None)
|
||||
if default_project_id is not None:
|
||||
ref['tenantId'] = default_project_id
|
||||
elif 'tenantId' in ref:
|
||||
# NOTE(morganfainberg): To avoid v2.0 confusion if somehow a
|
||||
# tenantId property sneaks its way into the extra blob on the
|
||||
# user, we remove it here. If default_project_id is set, we
|
||||
# would override it in either case.
|
||||
del ref['tenantId']
|
||||
|
||||
def _normalize_and_filter_user_properties(ref):
|
||||
"""Run through the various filter/normalization methods."""
|
||||
_format_default_project_id(ref)
|
||||
V2Controller.filter_domain_id(ref)
|
||||
V2Controller.normalize_username_in_response(ref)
|
||||
return ref
|
||||
|
||||
if isinstance(ref, dict):
|
||||
return _normalize_and_filter_user_properties(ref)
|
||||
elif isinstance(ref, list):
|
||||
return [_normalize_and_filter_user_properties(x) for x in ref]
|
||||
else:
|
||||
raise ValueError(_('Expected dict or list: %s') % type(ref))
|
||||
|
||||
|
||||
@dependency.requires('policy_api', 'token_api')
|
||||
class V3Controller(wsgi.Application):
|
||||
|
@ -128,7 +128,7 @@ class Ec2Controller(controller.V2Controller):
|
||||
# NOTE(morganfainberg): Make sure the data is in correct form since it
|
||||
# might be consumed external to Keystone and this is a v2.0 controller.
|
||||
# The token provider doesn't actually expect either v2 or v3 user data.
|
||||
user_ref = self.identity_api.v3_to_v2_user(user_ref)
|
||||
user_ref = self.v3_to_v2_user(user_ref)
|
||||
auth_token_data = dict(user=user_ref,
|
||||
tenant=tenant_ref,
|
||||
metadata=metadata_ref,
|
||||
|
@ -98,7 +98,7 @@ class User(controller.V2Controller):
|
||||
def get_user(self, context, user_id):
|
||||
self.assert_admin(context)
|
||||
ref = self.identity_api.get_user(user_id)
|
||||
return {'user': self.identity_api.v3_to_v2_user(ref)}
|
||||
return {'user': self.v3_to_v2_user(ref)}
|
||||
|
||||
@controller.v2_deprecated
|
||||
def get_users(self, context):
|
||||
@ -110,14 +110,14 @@ class User(controller.V2Controller):
|
||||
|
||||
self.assert_admin(context)
|
||||
user_list = self.identity_api.list_users()
|
||||
return {'users': self.identity_api.v3_to_v2_user(user_list)}
|
||||
return {'users': self.v3_to_v2_user(user_list)}
|
||||
|
||||
@controller.v2_deprecated
|
||||
def get_user_by_name(self, context, user_name):
|
||||
self.assert_admin(context)
|
||||
ref = self.identity_api.get_user_by_name(
|
||||
user_name, CONF.identity.default_domain_id)
|
||||
return {'user': self.identity_api.v3_to_v2_user(ref)}
|
||||
return {'user': self.v3_to_v2_user(ref)}
|
||||
|
||||
# CRUD extension
|
||||
@controller.v2_deprecated
|
||||
@ -143,7 +143,7 @@ class User(controller.V2Controller):
|
||||
user_id = uuid.uuid4().hex
|
||||
user_ref = self._normalize_domain_id(context, user.copy())
|
||||
user_ref['id'] = user_id
|
||||
new_user_ref = self.identity_api.v3_to_v2_user(
|
||||
new_user_ref = self.v3_to_v2_user(
|
||||
self.identity_api.create_user(user_id, user_ref))
|
||||
|
||||
if default_project_id is not None:
|
||||
@ -165,7 +165,7 @@ class User(controller.V2Controller):
|
||||
if default_project_id is not None:
|
||||
user['default_project_id'] = default_project_id
|
||||
|
||||
old_user_ref = self.identity_api.v3_to_v2_user(
|
||||
old_user_ref = self.v3_to_v2_user(
|
||||
self.identity_api.get_user(user_id))
|
||||
|
||||
# Check whether a tenant is being added or changed for the user.
|
||||
@ -181,7 +181,7 @@ class User(controller.V2Controller):
|
||||
# user update.
|
||||
self.assignment_api.get_project(default_project_id)
|
||||
|
||||
user_ref = self.identity_api.v3_to_v2_user(
|
||||
user_ref = self.v3_to_v2_user(
|
||||
self.identity_api.update_user(user_id, user))
|
||||
|
||||
# If 'tenantId' is in either ref, we might need to add or remove the
|
||||
|
@ -24,7 +24,6 @@ from oslo.config import cfg
|
||||
import six
|
||||
|
||||
from keystone import clean
|
||||
from keystone.common import controller
|
||||
from keystone.common import dependency
|
||||
from keystone.common import driver_hints
|
||||
from keystone.common import manager
|
||||
@ -218,47 +217,6 @@ class Manager(manager.Manager):
|
||||
super(Manager, self).__init__(CONF.identity.driver)
|
||||
self.domain_configs = DomainConfigs()
|
||||
|
||||
@staticmethod
|
||||
def v3_to_v2_user(ref):
|
||||
"""Convert a user_ref from v3 to v2 compatible.
|
||||
|
||||
* v2.0 users are not domain aware, and should have domain_id removed
|
||||
* v2.0 users expect the use of tenantId instead of default_project_id
|
||||
* v2.0 users have a username attribute
|
||||
|
||||
This method should only be applied to user_refs being returned from the
|
||||
v2.0 controller(s).
|
||||
|
||||
If ref is a list type, we will iterate through each element and do the
|
||||
conversion.
|
||||
"""
|
||||
|
||||
def _format_default_project_id(ref):
|
||||
"""Convert default_project_id to tenantId for v2 calls."""
|
||||
default_project_id = ref.pop('default_project_id', None)
|
||||
if default_project_id is not None:
|
||||
ref['tenantId'] = default_project_id
|
||||
elif 'tenantId' in ref:
|
||||
# NOTE(morganfainberg): To avoid v2.0 confusion if somehow a
|
||||
# tenantId property sneaks its way into the extra blob on the
|
||||
# user, we remove it here. If default_project_id is set, we
|
||||
# would override it in either case.
|
||||
del ref['tenantId']
|
||||
|
||||
def _normalize_and_filter_user_properties(ref):
|
||||
"""Run through the various filter/normalization methods."""
|
||||
_format_default_project_id(ref)
|
||||
controller.V2Controller.filter_domain_id(ref)
|
||||
controller.V2Controller.normalize_username_in_response(ref)
|
||||
return ref
|
||||
|
||||
if isinstance(ref, dict):
|
||||
return _normalize_and_filter_user_properties(ref)
|
||||
elif isinstance(ref, list):
|
||||
return [_normalize_and_filter_user_properties(x) for x in ref]
|
||||
else:
|
||||
raise ValueError(_('Expected dict or list: %s') % type(ref))
|
||||
|
||||
# Domain ID normalization methods
|
||||
|
||||
def _set_domain_id(self, ref, domain_id):
|
||||
|
@ -1706,22 +1706,22 @@ class TestV3toV2Methods(tests.TestCase):
|
||||
|
||||
def test_v3_to_v2_user_method(self):
|
||||
|
||||
updated_user1 = self.identity_api.v3_to_v2_user(self.user1)
|
||||
updated_user1 = controller.V2Controller.v3_to_v2_user(self.user1)
|
||||
self.assertIs(self.user1, updated_user1)
|
||||
self.assertDictEqual(self.user1, self.expected_user)
|
||||
updated_user2 = self.identity_api.v3_to_v2_user(self.user2)
|
||||
updated_user2 = controller.V2Controller.v3_to_v2_user(self.user2)
|
||||
self.assertIs(self.user2, updated_user2)
|
||||
self.assertDictEqual(self.user2, self.expected_user_no_tenant_id)
|
||||
updated_user3 = self.identity_api.v3_to_v2_user(self.user3)
|
||||
updated_user3 = controller.V2Controller.v3_to_v2_user(self.user3)
|
||||
self.assertIs(self.user3, updated_user3)
|
||||
self.assertDictEqual(self.user3, self.expected_user)
|
||||
updated_user4 = self.identity_api.v3_to_v2_user(self.user4)
|
||||
updated_user4 = controller.V2Controller.v3_to_v2_user(self.user4)
|
||||
self.assertIs(self.user4, updated_user4)
|
||||
self.assertDictEqual(self.user4, self.expected_user_no_tenant_id)
|
||||
|
||||
def test_v3_to_v2_user_method_list(self):
|
||||
user_list = [self.user1, self.user2, self.user3, self.user4]
|
||||
updated_list = self.identity_api.v3_to_v2_user(user_list)
|
||||
updated_list = controller.V2Controller.v3_to_v2_user(user_list)
|
||||
|
||||
self.assertEqual(len(updated_list), len(user_list))
|
||||
|
||||
|
@ -106,7 +106,7 @@ class Auth(controller.V2Controller):
|
||||
# The user_ref is encoded into the auth_token_data which is returned as
|
||||
# part of the token data. The token provider doesn't care about the
|
||||
# format.
|
||||
user_ref = self.identity_api.v3_to_v2_user(user_ref)
|
||||
user_ref = self.v3_to_v2_user(user_ref)
|
||||
if tenant_ref:
|
||||
tenant_ref = self.filter_domain_id(tenant_ref)
|
||||
auth_token_data = self._get_auth_token_data(user_ref,
|
||||
|
Loading…
x
Reference in New Issue
Block a user