Merge "exception sensitive cache/audit changes"
This commit is contained in:
Jenkins
Gerrit Code Review
commit
d3301c14fd
@ -396,25 +396,27 @@ class Manager(manager.Manager):
|
|||||||
type='project',
|
type='project',
|
||||||
details=self._generate_project_name_conflict_msg(project))
|
details=self._generate_project_name_conflict_msg(project))
|
||||||
|
|
||||||
notifications.Audit.updated(self._PROJECT, project_id, initiator)
|
try:
|
||||||
if original_project['is_domain']:
|
self.get_project.invalidate(self, project_id)
|
||||||
notifications.Audit.updated(self._DOMAIN, project_id, initiator)
|
self.get_project_by_name.invalidate(self, original_project['name'],
|
||||||
# If the domain is being disabled, issue the disable notification
|
original_project['domain_id'])
|
||||||
# as well
|
if ('domain_id' in project and
|
||||||
if original_project_enabled and not project_enabled:
|
project['domain_id'] != original_project['domain_id']):
|
||||||
notifications.Audit.disabled(self._DOMAIN, project_id,
|
# If the project's domain_id has been updated, invalidate user
|
||||||
public=False)
|
# role assignments cache region, as it may be caching inherited
|
||||||
|
# assignments from the old domain to the specified project
|
||||||
self.get_project.invalidate(self, project_id)
|
assignment.COMPUTED_ASSIGNMENTS_REGION.invalidate()
|
||||||
self.get_project_by_name.invalidate(self, original_project['name'],
|
finally:
|
||||||
original_project['domain_id'])
|
# attempt to send audit event even if the cache invalidation raises
|
||||||
|
notifications.Audit.updated(self._PROJECT, project_id, initiator)
|
||||||
if ('domain_id' in project and
|
if original_project['is_domain']:
|
||||||
project['domain_id'] != original_project['domain_id']):
|
notifications.Audit.updated(self._DOMAIN, project_id,
|
||||||
# If the project's domain_id has been updated, invalidate user
|
initiator)
|
||||||
# role assignments cache region, as it may be caching inherited
|
# If the domain is being disabled, issue the disable
|
||||||
# assignments from the old domain to the specified project
|
# notification as well
|
||||||
assignment.COMPUTED_ASSIGNMENTS_REGION.invalidate()
|
if original_project_enabled and not project_enabled:
|
||||||
|
notifications.Audit.disabled(self._DOMAIN, project_id,
|
||||||
|
public=False)
|
||||||
|
|
||||||
return ret
|
return ret
|
||||||
|
|
||||||
@ -464,16 +466,19 @@ class Manager(manager.Manager):
|
|||||||
|
|
||||||
def _post_delete_cleanup_project(self, project_id, project,
|
def _post_delete_cleanup_project(self, project_id, project,
|
||||||
initiator=None):
|
initiator=None):
|
||||||
self.assignment_api.delete_project_assignments(project_id)
|
try:
|
||||||
self.get_project.invalidate(self, project_id)
|
self.get_project.invalidate(self, project_id)
|
||||||
self.get_project_by_name.invalidate(self, project['name'],
|
self.get_project_by_name.invalidate(self, project['name'],
|
||||||
project['domain_id'])
|
project['domain_id'])
|
||||||
self.credential_api.delete_credentials_for_project(project_id)
|
self.assignment_api.delete_project_assignments(project_id)
|
||||||
notifications.Audit.deleted(self._PROJECT, project_id, initiator)
|
# Invalidate user role assignments cache region, as it may
|
||||||
# Invalidate user role assignments cache region, as it may
|
# be caching role assignments where the target is
|
||||||
# be caching role assignments where the target is
|
# the specified project
|
||||||
# the specified project
|
assignment.COMPUTED_ASSIGNMENTS_REGION.invalidate()
|
||||||
assignment.COMPUTED_ASSIGNMENTS_REGION.invalidate()
|
self.credential_api.delete_credentials_for_project(project_id)
|
||||||
|
finally:
|
||||||
|
# attempt to send audit event even if the cache invalidation raises
|
||||||
|
notifications.Audit.deleted(self._PROJECT, project_id, initiator)
|
||||||
|
|
||||||
def delete_project(self, project_id, initiator=None, cascade=False):
|
def delete_project(self, project_id, initiator=None, cascade=False):
|
||||||
"""Delete one project or a subtree.
|
"""Delete one project or a subtree.
|
||||||
@ -789,23 +794,15 @@ class Manager(manager.Manager):
|
|||||||
|
|
||||||
self._delete_domain_contents(domain_id)
|
self._delete_domain_contents(domain_id)
|
||||||
self._delete_project(domain_id, initiator)
|
self._delete_project(domain_id, initiator)
|
||||||
# Delete any database stored domain config
|
try:
|
||||||
self.domain_config_api.delete_config_options(domain_id)
|
self.get_domain.invalidate(self, domain_id)
|
||||||
self.domain_config_api.release_registration(domain_id)
|
self.get_domain_by_name.invalidate(self, domain['name'])
|
||||||
# TODO(henry-nash): Although the controller will ensure deletion of
|
# Delete any database stored domain config
|
||||||
# all users & groups within the domain (which will cause all
|
self.domain_config_api.delete_config_options(domain_id)
|
||||||
# assignments for those users/groups to also be deleted), there
|
self.domain_config_api.release_registration(domain_id)
|
||||||
# could still be assignments on this domain for users/groups in
|
finally:
|
||||||
# other domains - so we should delete these here by making a call
|
# attempt to send audit event even if the cache invalidation raises
|
||||||
# to the backend to delete all assignments for this domain.
|
notifications.Audit.deleted(self._DOMAIN, domain_id, initiator)
|
||||||
# (see Bug #1277847)
|
|
||||||
notifications.Audit.deleted(self._DOMAIN, domain_id, initiator)
|
|
||||||
self.get_domain.invalidate(self, domain_id)
|
|
||||||
self.get_domain_by_name.invalidate(self, domain['name'])
|
|
||||||
|
|
||||||
# Invalidate user role assignments cache region, as it may be caching
|
|
||||||
# role assignments where the target is the specified domain
|
|
||||||
assignment.COMPUTED_ASSIGNMENTS_REGION.invalidate()
|
|
||||||
|
|
||||||
def _delete_domain_contents(self, domain_id):
|
def _delete_domain_contents(self, domain_id):
|
||||||
"""Delete the contents of a domain.
|
"""Delete the contents of a domain.
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user