141 lines
4.3 KiB
Python
141 lines
4.3 KiB
Python
# Copyright 2013 OpenStack Foundation
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
"""Main entry point into the Credentials service."""
|
|
|
|
import abc
|
|
|
|
from oslo_config import cfg
|
|
from oslo_log import log
|
|
import six
|
|
|
|
from keystone.common import dependency
|
|
from keystone.common import driver_hints
|
|
from keystone.common import manager
|
|
from keystone import exception
|
|
|
|
|
|
CONF = cfg.CONF
|
|
|
|
LOG = log.getLogger(__name__)
|
|
|
|
|
|
@dependency.provider('credential_api')
|
|
class Manager(manager.Manager):
|
|
"""Default pivot point for the Credential backend.
|
|
|
|
See :mod:`keystone.common.manager.Manager` for more details on how this
|
|
dynamically calls the backend.
|
|
|
|
"""
|
|
|
|
def __init__(self):
|
|
super(Manager, self).__init__(CONF.credential.driver)
|
|
|
|
@manager.response_truncated
|
|
def list_credentials(self, hints=None):
|
|
return self.driver.list_credentials(hints or driver_hints.Hints())
|
|
|
|
|
|
@six.add_metaclass(abc.ABCMeta)
|
|
class Driver(object):
|
|
# credential crud
|
|
|
|
@abc.abstractmethod
|
|
def create_credential(self, credential_id, credential):
|
|
"""Creates a new credential.
|
|
|
|
:raises: keystone.exception.Conflict
|
|
|
|
"""
|
|
raise exception.NotImplemented() # pragma: no cover
|
|
|
|
@abc.abstractmethod
|
|
def list_credentials(self, hints):
|
|
"""List all credentials.
|
|
|
|
:param hints: contains the list of filters yet to be satisfied.
|
|
Any filters satisfied here will be removed so that
|
|
the caller will know if any filters remain.
|
|
|
|
:returns: a list of credential_refs or an empty list.
|
|
|
|
"""
|
|
raise exception.NotImplemented() # pragma: no cover
|
|
|
|
@abc.abstractmethod
|
|
def list_credentials_for_user(self, user_id):
|
|
"""List credentials for a user.
|
|
|
|
:param user_id: ID of a user to filter credentials by.
|
|
|
|
:returns: a list of credential_refs or an empty list.
|
|
|
|
"""
|
|
raise exception.NotImplemented() # pragma: no cover
|
|
|
|
@abc.abstractmethod
|
|
def get_credential(self, credential_id):
|
|
"""Get a credential by ID.
|
|
|
|
:returns: credential_ref
|
|
:raises: keystone.exception.CredentialNotFound
|
|
|
|
"""
|
|
raise exception.NotImplemented() # pragma: no cover
|
|
|
|
@abc.abstractmethod
|
|
def update_credential(self, credential_id, credential):
|
|
"""Updates an existing credential.
|
|
|
|
:raises: keystone.exception.CredentialNotFound,
|
|
keystone.exception.Conflict
|
|
|
|
"""
|
|
raise exception.NotImplemented() # pragma: no cover
|
|
|
|
@abc.abstractmethod
|
|
def delete_credential(self, credential_id):
|
|
"""Deletes an existing credential.
|
|
|
|
:raises: keystone.exception.CredentialNotFound
|
|
|
|
"""
|
|
raise exception.NotImplemented() # pragma: no cover
|
|
|
|
@abc.abstractmethod
|
|
def delete_credentials_for_project(self, project_id):
|
|
"""Deletes all credentials for a project."""
|
|
self._delete_credentials(lambda cr: cr['project_id'] == project_id)
|
|
|
|
@abc.abstractmethod
|
|
def delete_credentials_for_user(self, user_id):
|
|
"""Deletes all credentials for a user."""
|
|
self._delete_credentials(lambda cr: cr['user_id'] == user_id)
|
|
|
|
def _delete_credentials(self, match_fn):
|
|
"""Do the actual credential deletion work (default implementation).
|
|
|
|
:param match_fn: function that takes a credential dict as the
|
|
parameter and returns true or false if the
|
|
identifier matches the credential dict.
|
|
"""
|
|
for cr in self.list_credentials():
|
|
if match_fn(cr):
|
|
try:
|
|
self.credential_api.delete_credential(cr['id'])
|
|
except exception.CredentialNotFound:
|
|
LOG.debug('Deletion of credential is not required: %s',
|
|
cr['id'])
|