openstack/keystone
Code Issues Proposed changes

Merge "Use keystone.common.provider_api for identity APIs"

Browse Source
This commit is contained in:
Zuul
2018-01-05 07:53:14 +00:00
committed by Gerrit Code Review
parent fc542cb185 26b8fb0c51
commit c59c660a10
2 changed files with 73 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
keystone/identity/controllers.py
View File

@@ -17,6 +17,7 @@
from oslo_log import log from oslo_log import log
from keystone.common import controller from keystone.common import controller
from keystone.common import provider_api
from keystone.common import validation from keystone.common import validation
import keystone.conf import keystone.conf
from keystone import exception from keystone import exception
@@ -26,6 +27,7 @@ from keystone.identity import schema
CONF = keystone.conf.CONF CONF = keystone.conf.CONF
LOG = log.getLogger(__name__) LOG = log.getLogger(__name__)
PROVIDERS = provider_api.ProviderAPIs
class UserV3(controller.V3Controller): class UserV3(controller.V3Controller):
@@ -34,18 +36,18 @@ class UserV3(controller.V3Controller):
def __init__(self): def __init__(self):
super(UserV3, self).__init__() super(UserV3, self).__init__()
self.get_member_from_driver = self.identity_api.get_user self.get_member_from_driver = PROVIDERS.identity_api.get_user
def _check_user_and_group_protection(self, request, prep_info, def _check_user_and_group_protection(self, request, prep_info,
user_id, group_id): user_id, group_id):
ref = {} ref = {}
ref['user'] = self.identity_api.get_user(user_id) ref['user'] = PROVIDERS.identity_api.get_user(user_id)
ref['group'] = self.identity_api.get_group(group_id) ref['group'] = PROVIDERS.identity_api.get_group(group_id)
self.check_protection(request, prep_info, ref) self.check_protection(request, prep_info, ref)
def _check_group_protection(self, request, prep_info, group_id): def _check_group_protection(self, request, prep_info, group_id):
ref = {} ref = {}
ref['group'] = self.identity_api.get_group(group_id) ref['group'] = PROVIDERS.identity_api.get_group(group_id)
self.check_protection(request, prep_info, ref) self.check_protection(request, prep_info, ref)
@controller.protected() @controller.protected()
@@ -54,7 +56,7 @@ class UserV3(controller.V3Controller):
# The manager layer will generate the unique ID for users # The manager layer will generate the unique ID for users
ref = self._normalize_dict(user) ref = self._normalize_dict(user)
ref = self._normalize_domain_id(request, ref) ref = self._normalize_domain_id(request, ref)
ref = self.identity_api.create_user( ref = PROVIDERS.identity_api.create_user(
ref, initiator=request.audit_initiator ref, initiator=request.audit_initiator
) )
return UserV3.wrap_member(request.context_dict, ref) return UserV3.wrap_member(request.context_dict, ref)
@@ -65,7 +67,9 @@ class UserV3(controller.V3Controller):
def list_users(self, request, filters): def list_users(self, request, filters):
hints = UserV3.build_driver_hints(request, filters) hints = UserV3.build_driver_hints(request, filters)
domain = self._get_domain_id_for_list_request(request) domain = self._get_domain_id_for_list_request(request)
refs = self.identity_api.list_users(domain_scope=domain, hints=hints) refs = PROVIDERS.identity_api.list_users(
domain_scope=domain, hints=hints
)
return UserV3.wrap_collection(request.context_dict, refs, hints=hints) return UserV3.wrap_collection(request.context_dict, refs, hints=hints)
@controller.filterprotected('domain_id', 'enabled', 'name', @controller.filterprotected('domain_id', 'enabled', 'name',
@@ -73,17 +77,19 @@ class UserV3(controller.V3Controller):
callback=_check_group_protection) callback=_check_group_protection)
def list_users_in_group(self, request, filters, group_id): def list_users_in_group(self, request, filters, group_id):
hints = UserV3.build_driver_hints(request, filters) hints = UserV3.build_driver_hints(request, filters)
refs = self.identity_api.list_users_in_group(group_id, hints=hints) refs = PROVIDERS.identity_api.list_users_in_group(
group_id, hints=hints
)
return UserV3.wrap_collection(request.context_dict, refs, hints=hints) return UserV3.wrap_collection(request.context_dict, refs, hints=hints)
@controller.protected() @controller.protected()
def get_user(self, request, user_id): def get_user(self, request, user_id):
ref = self.identity_api.get_user(user_id) ref = PROVIDERS.identity_api.get_user(user_id)
return UserV3.wrap_member(request.context_dict, ref) return UserV3.wrap_member(request.context_dict, ref)
def _update_user(self, request, user_id, user): def _update_user(self, request, user_id, user):
self._require_matching_id(user_id, user) self._require_matching_id(user_id, user)
ref = self.identity_api.update_user( ref = PROVIDERS.identity_api.update_user(
user_id, user, initiator=request.audit_initiator user_id, user, initiator=request.audit_initiator
) )
return UserV3.wrap_member(request.context_dict, ref) return UserV3.wrap_member(request.context_dict, ref)
@@ -95,23 +101,23 @@ class UserV3(controller.V3Controller):
@controller.protected(callback=_check_user_and_group_protection) @controller.protected(callback=_check_user_and_group_protection)
def add_user_to_group(self, request, user_id, group_id): def add_user_to_group(self, request, user_id, group_id):
self.identity_api.add_user_to_group( PROVIDERS.identity_api.add_user_to_group(
user_id, group_id, initiator=request.audit_initiator user_id, group_id, initiator=request.audit_initiator
) )
@controller.protected(callback=_check_user_and_group_protection) @controller.protected(callback=_check_user_and_group_protection)
def check_user_in_group(self, request, user_id, group_id): def check_user_in_group(self, request, user_id, group_id):
return self.identity_api.check_user_in_group(user_id, group_id) return PROVIDERS.identity_api.check_user_in_group(user_id, group_id)
@controller.protected(callback=_check_user_and_group_protection) @controller.protected(callback=_check_user_and_group_protection)
def remove_user_from_group(self, request, user_id, group_id): def remove_user_from_group(self, request, user_id, group_id):
self.identity_api.remove_user_from_group( PROVIDERS.identity_api.remove_user_from_group(
user_id, group_id, initiator=request.audit_initiator user_id, group_id, initiator=request.audit_initiator
) )
@controller.protected() @controller.protected()
def delete_user(self, request, user_id): def delete_user(self, request, user_id):
return self.identity_api.delete_user( return PROVIDERS.identity_api.delete_user(
user_id, initiator=request.audit_initiator user_id, initiator=request.audit_initiator
) )
@@ -129,7 +135,7 @@ class UserV3(controller.V3Controller):
raise exception.ValidationError(target='user', raise exception.ValidationError(target='user',
attribute='password') attribute='password')
try: try:
self.identity_api.change_password( PROVIDERS.identity_api.change_password(
request, user_id, original_password, request, user_id, original_password,
password, initiator=request.audit_initiator) password, initiator=request.audit_initiator)
except AssertionError as e: except AssertionError as e:
@@ -143,11 +149,11 @@ class GroupV3(controller.V3Controller):
def __init__(self): def __init__(self):
super(GroupV3, self).__init__() super(GroupV3, self).__init__()
self.get_member_from_driver = self.identity_api.get_group self.get_member_from_driver = PROVIDERS.identity_api.get_group
def _check_user_protection(self, request, prep_info, user_id): def _check_user_protection(self, request, prep_info, user_id):
ref = {} ref = {}
ref['user'] = self.identity_api.get_user(user_id) ref['user'] = PROVIDERS.identity_api.get_user(user_id)
self.check_protection(request, prep_info, ref) self.check_protection(request, prep_info, ref)
@controller.protected() @controller.protected()
@@ -156,7 +162,7 @@ class GroupV3(controller.V3Controller):
# The manager layer will generate the unique ID for groups # The manager layer will generate the unique ID for groups
ref = self._normalize_dict(group) ref = self._normalize_dict(group)
ref = self._normalize_domain_id(request, ref) ref = self._normalize_domain_id(request, ref)
ref = self.identity_api.create_group( ref = PROVIDERS.identity_api.create_group(
ref, initiator=request.audit_initiator ref, initiator=request.audit_initiator
) )
return GroupV3.wrap_member(request.context_dict, ref) return GroupV3.wrap_member(request.context_dict, ref)
@@ -165,31 +171,35 @@ class GroupV3(controller.V3Controller):
def list_groups(self, request, filters): def list_groups(self, request, filters):
hints = GroupV3.build_driver_hints(request, filters) hints = GroupV3.build_driver_hints(request, filters)
domain = self._get_domain_id_for_list_request(request) domain = self._get_domain_id_for_list_request(request)
refs = self.identity_api.list_groups(domain_scope=domain, hints=hints) refs = PROVIDERS.identity_api.list_groups(
domain_scope=domain, hints=hints
)
return GroupV3.wrap_collection(request.context_dict, refs, hints=hints) return GroupV3.wrap_collection(request.context_dict, refs, hints=hints)
@controller.filterprotected('name', callback=_check_user_protection) @controller.filterprotected('name', callback=_check_user_protection)
def list_groups_for_user(self, request, filters, user_id): def list_groups_for_user(self, request, filters, user_id):
hints = GroupV3.build_driver_hints(request, filters) hints = GroupV3.build_driver_hints(request, filters)
refs = self.identity_api.list_groups_for_user(user_id, hints=hints) refs = PROVIDERS.identity_api.list_groups_for_user(
user_id, hints=hints
)
return GroupV3.wrap_collection(request.context_dict, refs, hints=hints) return GroupV3.wrap_collection(request.context_dict, refs, hints=hints)
@controller.protected() @controller.protected()
def get_group(self, request, group_id): def get_group(self, request, group_id):
ref = self.identity_api.get_group(group_id) ref = PROVIDERS.identity_api.get_group(group_id)
return GroupV3.wrap_member(request.context_dict, ref) return GroupV3.wrap_member(request.context_dict, ref)
@controller.protected() @controller.protected()
def update_group(self, request, group_id, group): def update_group(self, request, group_id, group):
validation.lazy_validate(schema.group_update, group) validation.lazy_validate(schema.group_update, group)
self._require_matching_id(group_id, group) self._require_matching_id(group_id, group)
ref = self.identity_api.update_group( ref = PROVIDERS.identity_api.update_group(
group_id, group, initiator=request.audit_initiator group_id, group, initiator=request.audit_initiator
) )
return GroupV3.wrap_member(request.context_dict, ref) return GroupV3.wrap_member(request.context_dict, ref)
@controller.protected() @controller.protected()
def delete_group(self, request, group_id): def delete_group(self, request, group_id):
self.identity_api.delete_group( PROVIDERS.identity_api.delete_group(
group_id, initiator=request.audit_initiator group_id, initiator=request.audit_initiator
) )

74
keystone/identity/core.py
View File

@@ -44,6 +44,8 @@ CONF = keystone.conf.CONF
LOG = log.getLogger(__name__) LOG = log.getLogger(__name__)
PROVIDERS = provider_api.ProviderAPIs
MEMOIZE = cache.get_memoization_decorator(group='identity') MEMOIZE = cache.get_memoization_decorator(group='identity')
ID_MAPPING_REGION = cache.create_region(name='id mapping') ID_MAPPING_REGION = cache.create_region(name='id mapping')
@@ -175,7 +177,7 @@ class DomainConfigs(provider_api.ProviderAPIMixin, dict):
""" """
if not new_config['driver'].is_sql: if not new_config['driver'].is_sql:
self.domain_config_api.release_registration(domain_id) PROVIDERS.domain_config_api.release_registration(domain_id)
return return
# To ensure the current domain is the only SQL driver, we attempt # To ensure the current domain is the only SQL driver, we attempt
@@ -191,7 +193,7 @@ class DomainConfigs(provider_api.ProviderAPIMixin, dict):
domain_registered = 'Unknown' domain_registered = 'Unknown'
for attempt in range(REGISTRATION_ATTEMPTS): for attempt in range(REGISTRATION_ATTEMPTS):
if self.domain_config_api.obtain_registration( if PROVIDERS.domain_config_api.obtain_registration(
domain_id, SQL_DRIVER): domain_id, SQL_DRIVER):
LOG.debug('Domain %s successfully registered to use the ' LOG.debug('Domain %s successfully registered to use the '
'SQL driver.', domain_id) 'SQL driver.', domain_id)
@@ -200,7 +202,7 @@ class DomainConfigs(provider_api.ProviderAPIMixin, dict):
# We failed to register our use, let's find out who is using it # We failed to register our use, let's find out who is using it
try: try:
domain_registered = ( domain_registered = (
self.domain_config_api.read_registration( PROVIDERS.domain_config_api.read_registration(
SQL_DRIVER)) SQL_DRIVER))
except exception.ConfigRegistrationNotFound: except exception.ConfigRegistrationNotFound:
msg = ('While attempting to register domain %(domain)s to ' msg = ('While attempting to register domain %(domain)s to '
@@ -225,7 +227,7 @@ class DomainConfigs(provider_api.ProviderAPIMixin, dict):
# So we don't have it, but someone else does...let's check that # So we don't have it, but someone else does...let's check that
# this domain is still valid # this domain is still valid
try: try:
self.resource_api.get_domain(domain_registered) PROVIDERS.resource_api.get_domain(domain_registered)
except exception.DomainNotFound: except exception.DomainNotFound:
msg = ('While attempting to register domain %(domain)s to ' msg = ('While attempting to register domain %(domain)s to '
'use the SQL driver, found that it was already ' 'use the SQL driver, found that it was already '
@@ -235,7 +237,7 @@ class DomainConfigs(provider_api.ProviderAPIMixin, dict):
LOG.debug(msg, {'domain': domain_id, LOG.debug(msg, {'domain': domain_id,
'old_domain': domain_registered, 'old_domain': domain_registered,
'attempt': attempt + 1}) 'attempt': attempt + 1})
self.domain_config_api.release_registration( PROVIDERS.domain_config_api.release_registration(
domain_registered, type=SQL_DRIVER) domain_registered, type=SQL_DRIVER)
continue continue
@@ -288,7 +290,7 @@ class DomainConfigs(provider_api.ProviderAPIMixin, dict):
""" """
for domain in resource_api.list_domains(): for domain in resource_api.list_domains():
domain_config_options = ( domain_config_options = (
self.domain_config_api. PROVIDERS.domain_config_api.
get_config_with_sensitive_info(domain['id'])) get_config_with_sensitive_info(domain['id']))
if domain_config_options: if domain_config_options:
self._load_config_from_database(domain['id'], self._load_config_from_database(domain['id'],
@@ -364,7 +366,7 @@ class DomainConfigs(provider_api.ProviderAPIMixin, dict):
return return
latest_domain_config = ( latest_domain_config = (
self.domain_config_api. PROVIDERS.domain_config_api.
get_config_with_sensitive_info(domain_id)) get_config_with_sensitive_info(domain_id))
domain_config_in_use = domain_id in self domain_config_in_use = domain_id in self
@@ -409,7 +411,7 @@ def domains_configured(f):
# completed domain config. # completed domain config.
if not self.domain_configs.configured: if not self.domain_configs.configured:
self.domain_configs.setup_domain_drivers( self.domain_configs.setup_domain_drivers(
self.driver, self.resource_api) self.driver, PROVIDERS.resource_api)
return f(self, *args, **kwargs) return f(self, *args, **kwargs)
return wrapper return wrapper
@@ -607,7 +609,7 @@ class Manager(manager.Manager):
public_id = None public_id = None
if driver.generates_uuids(): if driver.generates_uuids():
public_id = ref['id'] public_id = ref['id']
ref['id'] = self.id_mapping_api.create_id_mapping( ref['id'] = PROVIDERS.id_mapping_api.create_id_mapping(
local_entity, public_id) local_entity, public_id)
LOG.debug('Created new mapping to public ID: %s', ref['id']) LOG.debug('Created new mapping to public ID: %s', ref['id'])
@@ -622,7 +624,7 @@ class Manager(manager.Manager):
local_entity = {'domain_id': ref['domain_id'], local_entity = {'domain_id': ref['domain_id'],
'local_id': ref['id'], 'local_id': ref['id'],
'entity_type': entity_type} 'entity_type': entity_type}
public_id = self.id_mapping_api.get_public_id(local_entity) public_id = PROVIDERS.id_mapping_api.get_public_id(local_entity)
if public_id: if public_id:
ref['id'] = public_id ref['id'] = public_id
LOG.debug('Found existing mapping to public ID: %s', LOG.debug('Found existing mapping to public ID: %s',
@@ -660,7 +662,7 @@ class Manager(manager.Manager):
# fetch all mappings for the domain, lookup the user at the map built # fetch all mappings for the domain, lookup the user at the map built
# at previous step and replace his id. # at previous step and replace his id.
domain_mappings = self.id_mapping_api.get_domain_mapping_list( domain_mappings = PROVIDERS.id_mapping_api.get_domain_mapping_list(
domain_id) domain_id)
for _mapping in domain_mappings: for _mapping in domain_mappings:
idx = (_mapping.local_id, _mapping.entity_type, _mapping.domain_id) idx = (_mapping.local_id, _mapping.entity_type, _mapping.domain_id)
@@ -774,7 +776,7 @@ class Manager(manager.Manager):
# assume it needs mapping, so long as we are using domain specific # assume it needs mapping, so long as we are using domain specific
# drivers. # drivers.
if conf.domain_specific_drivers_enabled: if conf.domain_specific_drivers_enabled:
local_id_ref = self.id_mapping_api.get_id_mapping(public_id) local_id_ref = PROVIDERS.id_mapping_api.get_id_mapping(public_id)
if local_id_ref: if local_id_ref:
return ( return (
local_id_ref['domain_id'], local_id_ref['domain_id'],
@@ -804,7 +806,7 @@ class Manager(manager.Manager):
if not CONF.identity_mapping.backward_compatible_ids: if not CONF.identity_mapping.backward_compatible_ids:
# We are not running in backward compatibility mode, so we # We are not running in backward compatibility mode, so we
# must use a mapping. # must use a mapping.
local_id_ref = self.id_mapping_api.get_id_mapping(public_id) local_id_ref = PROVIDERS.id_mapping_api.get_id_mapping(public_id)
if local_id_ref: if local_id_ref:
return ( return (
local_id_ref['domain_id'], local_id_ref['domain_id'],
@@ -906,14 +908,16 @@ class Manager(manager.Manager):
ref = self._set_domain_id_and_mapping( ref = self._set_domain_id_and_mapping(
ref, domain_id, driver, mapping.EntityType.USER) ref, domain_id, driver, mapping.EntityType.USER)
ref = self._shadow_nonlocal_user(ref) ref = self._shadow_nonlocal_user(ref)
self.shadow_users_api.set_last_active_at(ref['id']) PROVIDERS.shadow_users_api.set_last_active_at(ref['id'])
return ref return ref
def _assert_default_project_id_is_not_domain(self, default_project_id): def _assert_default_project_id_is_not_domain(self, default_project_id):
if default_project_id: if default_project_id:
# make sure project is not a domain # make sure project is not a domain
try: try:
project_ref = self.resource_api.get_project(default_project_id) project_ref = PROVIDERS.resource_api.get_project(
default_project_id
)
if project_ref['is_domain'] is True: if project_ref['is_domain'] is True:
msg = _("User's default project ID cannot be a " msg = _("User's default project ID cannot be a "
"domain ID: %s") "domain ID: %s")
@@ -934,7 +938,7 @@ class Manager(manager.Manager):
user.setdefault('enabled', True) user.setdefault('enabled', True)
user['enabled'] = clean.user_enabled(user['enabled']) user['enabled'] = clean.user_enabled(user['enabled'])
domain_id = user['domain_id'] domain_id = user['domain_id']
self.resource_api.get_domain(domain_id) PROVIDERS.resource_api.get_domain(domain_id)
self._assert_default_project_id_is_not_domain( self._assert_default_project_id_is_not_domain(
user_ref.get('default_project_id')) user_ref.get('default_project_id'))
@@ -969,7 +973,7 @@ class Manager(manager.Manager):
""" """
if user is None: if user is None:
user = self.get_user(user_id) user = self.get_user(user_id)
self.resource_api.assert_domain_enabled(user['domain_id']) PROVIDERS.resource_api.assert_domain_enabled(user['domain_id'])
if not user.get('enabled', True): if not user.get('enabled', True):
raise AssertionError(_('User is disabled: %s') % user_id) raise AssertionError(_('User is disabled: %s') % user_id)
@@ -1025,7 +1029,7 @@ class Manager(manager.Manager):
federated_attributes = ['idp_id', 'protocol_id', 'unique_id'] federated_attributes = ['idp_id', 'protocol_id', 'unique_id']
for filter_ in hints.filters: for filter_ in hints.filters:
if filter_['name'] in federated_attributes: if filter_['name'] in federated_attributes:
return self.shadow_users_api.get_federated_users(hints) return PROVIDERS.shadow_users_api.get_federated_users(hints)
return driver.list_users(hints) return driver.list_users(hints)
@domains_configured @domains_configured
@@ -1113,12 +1117,12 @@ class Manager(manager.Manager):
# Get user details to invalidate the cache. # Get user details to invalidate the cache.
user_old = self.get_user(user_id) user_old = self.get_user(user_id)
driver.delete_user(entity_id) driver.delete_user(entity_id)
self.assignment_api.delete_user_assignments(user_id) PROVIDERS.assignment_api.delete_user_assignments(user_id)
self.get_user.invalidate(self, user_id) self.get_user.invalidate(self, user_id)
self.get_user_by_name.invalidate(self, user_old['name'], self.get_user_by_name.invalidate(self, user_old['name'],
user_old['domain_id']) user_old['domain_id'])
self.credential_api.delete_credentials_for_user(user_id) PROVIDERS.credential_api.delete_credentials_for_user(user_id)
self.id_mapping_api.delete_id_mapping(user_id) PROVIDERS.id_mapping_api.delete_id_mapping(user_id)
notifications.Audit.deleted(self._USER, user_id, initiator) notifications.Audit.deleted(self._USER, user_id, initiator)
# Invalidate user role assignments cache region, as it may be caching # Invalidate user role assignments cache region, as it may be caching
@@ -1131,7 +1135,7 @@ class Manager(manager.Manager):
group = group_ref.copy() group = group_ref.copy()
group.setdefault('description', '') group.setdefault('description', '')
domain_id = group['domain_id'] domain_id = group['domain_id']
self.resource_api.get_domain(domain_id) PROVIDERS.resource_api.get_domain(domain_id)
# For creating a group, the domain is in the object itself # For creating a group, the domain is in the object itself
domain_id = group_ref['domain_id'] domain_id = group_ref['domain_id']
@@ -1188,12 +1192,14 @@ class Manager(manager.Manager):
def delete_group(self, group_id, initiator=None): def delete_group(self, group_id, initiator=None):
domain_id, driver, entity_id = ( domain_id, driver, entity_id = (
self._get_domain_driver_and_entity_id(group_id)) self._get_domain_driver_and_entity_id(group_id))
roles = self.assignment_api.list_role_assignments(group_id=group_id) roles = PROVIDERS.assignment_api.list_role_assignments(
group_id=group_id
)
user_ids = (u['id'] for u in self.list_users_in_group(group_id)) user_ids = (u['id'] for u in self.list_users_in_group(group_id))
driver.delete_group(entity_id) driver.delete_group(entity_id)
self.get_group.invalidate(self, group_id) self.get_group.invalidate(self, group_id)
self.id_mapping_api.delete_id_mapping(group_id) PROVIDERS.id_mapping_api.delete_id_mapping(group_id)
self.assignment_api.delete_group_assignments(group_id) PROVIDERS.assignment_api.delete_group_assignments(group_id)
notifications.Audit.deleted(self._GROUP, group_id, initiator) notifications.Audit.deleted(self._GROUP, group_id, initiator)
@@ -1383,9 +1389,9 @@ class Manager(manager.Manager):
@MEMOIZE @MEMOIZE
def _shadow_nonlocal_user(self, user): def _shadow_nonlocal_user(self, user):
try: try:
return self.shadow_users_api.get_user(user['id']) return PROVIDERS.shadow_users_api.get_user(user['id'])
except exception.UserNotFound: except exception.UserNotFound:
return self.shadow_users_api.create_nonlocal_user(user) return PROVIDERS.shadow_users_api.create_nonlocal_user(user)
@MEMOIZE @MEMOIZE
def shadow_federated_user(self, idp_id, protocol_id, unique_id, def shadow_federated_user(self, idp_id, protocol_id, unique_id,
@@ -1401,12 +1407,12 @@ class Manager(manager.Manager):
""" """
user_dict = {} user_dict = {}
try: try:
self.shadow_users_api.update_federated_user_display_name( PROVIDERS.shadow_users_api.update_federated_user_display_name(
idp_id, protocol_id, unique_id, display_name) idp_id, protocol_id, unique_id, display_name)
user_dict = self.shadow_users_api.get_federated_user( user_dict = PROVIDERS.shadow_users_api.get_federated_user(
idp_id, protocol_id, unique_id) idp_id, protocol_id, unique_id)
except exception.UserNotFound: except exception.UserNotFound:
idp = self.federation_api.get_idp(idp_id) idp = PROVIDERS.federation_api.get_idp(idp_id)
federated_dict = { federated_dict = {
'idp_id': idp_id, 'idp_id': idp_id,
'protocol_id': protocol_id, 'protocol_id': protocol_id,
@@ -1414,9 +1420,11 @@ class Manager(manager.Manager):
'display_name': display_name 'display_name': display_name
} }
user_dict = ( user_dict = (
self.shadow_users_api.create_federated_user(idp['domain_id'], PROVIDERS.shadow_users_api.create_federated_user(
federated_dict)) idp['domain_id'], federated_dict
self.shadow_users_api.set_last_active_at(user_dict['id']) )
)
PROVIDERS.shadow_users_api.set_last_active_at(user_dict['id'])
return user_dict return user_dict