From 8f994a7d4e939713c16432374b1509bd178e70a0 Mon Sep 17 00:00:00 2001 From: Jeremy Stanley Date: Mon, 28 Mar 2022 19:26:18 +0000 Subject: [PATCH] Tenant to project migration for RequestContext As of the oslo.context 4.0.0 release, RequestContext objects no longer have a tenant attribute, instead expecting callers to use project_id for that purpose. Update all context.tenant references to context.project_id in order to facilitate this transition. Change-Id: I2830ccf840bf4d1d8a516287adee51c46d2a5583 --- .zuul.yaml | 1 - murano/api/middleware/context.py | 2 +- murano/api/v1/catalog.py | 2 +- murano/api/v1/deployments.py | 2 +- murano/api/v1/environments.py | 2 +- murano/api/v1/request_statistics.py | 4 ++-- murano/api/v1/schemas.py | 2 +- murano/api/v1/static_actions.py | 2 +- murano/api/v1/templates.py | 8 ++++---- murano/db/catalog/api.py | 18 +++++++++--------- murano/db/services/environments.py | 6 +++--- murano/services/actions.py | 2 +- .../tests/unit/api/middleware/test_context.py | 2 +- murano/tests/unit/api/v1/test_catalog.py | 2 +- murano/tests/unit/services/test_actions.py | 4 ++-- murano/tests/unit/test_utils.py | 4 ++-- murano/tests/unit/utils.py | 2 +- murano/utils.py | 4 ++-- 18 files changed, 34 insertions(+), 35 deletions(-) diff --git a/.zuul.yaml b/.zuul.yaml index 2a8d289b3..b17c936bc 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -2,7 +2,6 @@ templates: - check-requirements - openstack-cover-jobs - - openstack-lower-constraints-jobs - openstack-python3-yoga-jobs - periodic-stable-jobs - publish-openstack-docs-pti diff --git a/murano/api/middleware/context.py b/murano/api/middleware/context.py index d6704105d..29b87272d 100644 --- a/murano/api/middleware/context.py +++ b/murano/api/middleware/context.py @@ -44,7 +44,7 @@ class ContextMiddleware(wsgi.Middleware): roles = [r.strip() for r in req.headers.get('X-Roles').split(',')] kwargs = { 'user': req.headers.get('X-User-Id'), - 'tenant': req.headers.get('X-Tenant-Id'), + 'project_id': req.headers.get('X-Tenant-Id'), 'auth_token': req.headers.get('X-Auth-Token'), 'session': req.headers.get('X-Configuration-Session'), 'is_admin': CONF.admin_role in roles, diff --git a/murano/api/v1/catalog.py b/murano/api/v1/catalog.py index 23bde4cac..9cc951d8a 100644 --- a/murano/api/v1/catalog.py +++ b/murano/api/v1/catalog.py @@ -273,7 +273,7 @@ class Controller(object): raise exc.HTTPBadRequest(explanation=msg) try: package = db_api.package_upload( - package_meta, req.context.tenant) + package_meta, req.context.project_id) except db_exc.DBDuplicateEntry: msg = _('Package with specified full ' 'name is already registered') diff --git a/murano/api/v1/deployments.py b/murano/api/v1/deployments.py index d9d521857..45dfb30fe 100644 --- a/murano/api/v1/deployments.py +++ b/murano/api/v1/deployments.py @@ -50,7 +50,7 @@ class Controller(object): if all_environments: query = unit.query(models.Environment) \ .options(load_only('tenant_id')) \ - .filter_by(tenant_id=request.context.tenant) \ + .filter_by(tenant_id=request.context.project_id) \ .join(models.Task) \ .order_by(desc(models.Task.created)) result = query.all() diff --git a/murano/api/v1/environments.py b/murano/api/v1/environments.py index e79728853..b9b18c503 100644 --- a/murano/api/v1/environments.py +++ b/murano/api/v1/environments.py @@ -65,7 +65,7 @@ class Controller(object): else: policy.check('list_environments', request.context) # Only environments from same tenant as user should be returned - filters = {'tenant_id': request.context.tenant} + filters = {'tenant_id': request.context.project_id} environments = envs.EnvironmentServices.get_environments_by(filters) environments = [env.to_dict() for env in environments] diff --git a/murano/api/v1/request_statistics.py b/murano/api/v1/request_statistics.py index 359d02de4..f16472267 100644 --- a/murano/api/v1/request_statistics.py +++ b/murano/api/v1/request_statistics.py @@ -55,13 +55,13 @@ def stats_count(api, method): ts = time.time() result = func(*args, **kwargs) te = time.time() - tenant = args[1].context.tenant + tenant = args[1].context.project_id update_count(api, method, te - ts, tenant) return result except Exception: te = time.time() - tenant = args[1].context.tenant + tenant = args[1].context.project_id LOG.exception('API {api} method {method} raised an ' 'exception'.format(api=api, method=method)) update_error_count(api, method, te - te, tenant) diff --git a/murano/api/v1/schemas.py b/murano/api/v1/schemas.py index 7fea74fa4..ecb59c62a 100644 --- a/murano/api/v1/schemas.py +++ b/murano/api/v1/schemas.py @@ -36,7 +36,7 @@ class Controller(object): package_name = request.GET.get('packageName') credentials = { 'token': request.context.auth_token, - 'project_id': request.context.tenant + 'project_id': request.context.project_id } try: diff --git a/murano/api/v1/static_actions.py b/murano/api/v1/static_actions.py index 7a1556dc7..8bfe42a2f 100644 --- a/murano/api/v1/static_actions.py +++ b/murano/api/v1/static_actions.py @@ -47,7 +47,7 @@ class Controller(object): credentials = { 'token': request.context.auth_token, - 'project_id': request.context.tenant, + 'project_id': request.context.project_id, 'user_id': request.context.user } diff --git a/murano/api/v1/templates.py b/murano/api/v1/templates.py index 8b0825b56..6c9f859e4 100644 --- a/murano/api/v1/templates.py +++ b/murano/api/v1/templates.py @@ -43,7 +43,7 @@ class Controller(object): """ LOG.debug('EnvTemplates:List') policy.check('list_env_templates', request.context) - tenant_id = request.context.tenant + tenant_id = request.context.project_id filters = {} if request.GET.get('is_public'): is_public = request.GET.get('is_public', 'false').lower() == 'true' @@ -84,7 +84,7 @@ class Controller(object): LOG.debug('ENV TEMP NAME: {templ_name}>'. format(templ_name=body['name'])) template = env_temps.EnvTemplateServices.create( - body.copy(), request.context.tenant) + body.copy(), request.context.project_id) return template.to_dict() except db_exc.DBDuplicateEntry: msg = _('Env Template with specified name already exists') @@ -245,7 +245,7 @@ class Controller(object): try: is_public = body.get('is_public', False) template = env_temps.EnvTemplateServices.clone( - env_template_id, request.context.tenant, body['name'], + env_template_id, request.context.project_id, body['name'], is_public) except db_exc.DBDuplicateEntry: msg = _('Env template with specified name already exists') @@ -258,7 +258,7 @@ class Controller(object): env_template = self._validate_exists(env_template_id) if env_template.is_public or request.context.is_admin: return - if env_template.tenant_id != request.context.tenant: + if env_template.tenant_id != request.context.project_id: msg = _('User has no access to these resources.') LOG.error(msg) raise exc.HTTPForbidden(explanation=msg) diff --git a/murano/db/catalog/api.py b/murano/db/catalog/api.py index 5f120e886..cecb0f93d 100644 --- a/murano/db/catalog/api.py +++ b/murano/db/catalog/api.py @@ -51,17 +51,17 @@ def _package_get(package_id, session): def _authorize_package(package, context, allow_public=False): - if package.owner_id != context.tenant: + if package.owner_id != context.project_id: if not allow_public: msg = _("Package '{pkg_id}' is not owned by tenant " "'{tenant}'").format(pkg_id=package.id, - tenant=context.tenant) + tenant=context.project_id) LOG.error(msg) raise exc.HTTPForbidden(explanation=msg) if not package.is_public: msg = _("Package '{pkg_id}' is not public and not owned by " "tenant '{tenant}' ").format(pkg_id=package.id, - tenant=context.tenant) + tenant=context.project_id) LOG.error(msg) raise exc.HTTPForbidden(explanation=msg) @@ -298,23 +298,23 @@ def package_search(filters, context, manage_public=False, if catalog: # Only show packages one can deploy, i.e. own + public - query = query.filter(or_(pkg.owner_id == context.tenant, + query = query.filter(or_(pkg.owner_id == context.project_id, pkg.is_public)) else: # Show packages one can edit. if not context.is_admin: if manage_public: - query = query.filter(or_(pkg.owner_id == context.tenant, + query = query.filter(or_(pkg.owner_id == context.project_id, pkg.is_public)) else: - query = query.filter(pkg.owner_id == context.tenant) + query = query.filter(pkg.owner_id == context.project_id) # No else here admin can edit everything. if not filters.get('include_disabled', '').lower() == 'true': query = query.filter(pkg.enabled) if filters.get('owned', '').lower() == 'true': - query = query.filter(pkg.owner_id == context.tenant) + query = query.filter(pkg.owner_id == context.project_id) if 'type' in filters.keys(): query = query.filter(pkg.type == filters['type'].title()) @@ -446,10 +446,10 @@ def package_delete(package_id, context): with session.begin(): package = _package_get(package_id, session) - if not context.is_admin and package.owner_id != context.tenant: + if not context.is_admin and package.owner_id != context.project_id: raise exc.HTTPForbidden( explanation="Package is not owned by the" - " tenant '{0}'".format(context.tenant)) + " tenant '{0}'".format(context.project_id)) session.delete(package) diff --git a/murano/db/services/environments.py b/murano/db/services/environments.py index ffea46ffd..7158d4d3f 100644 --- a/murano/db/services/environments.py +++ b/murano/db/services/environments.py @@ -111,11 +111,11 @@ class EnvironmentServices(object): data = { 'Objects': objects, 'Attributes': [], - 'project_id': context.tenant, + 'project_id': context.project_id, 'user_id': context.user } - environment_params['tenant_id'] = context.tenant + environment_params['tenant_id'] = context.project_id environment = models.Environment() environment.update(environment_params) @@ -273,7 +273,7 @@ class EnvironmentServices(object): return driver session = auth_utils.get_token_client_session( - context.auth_token, context.tenant) + context.auth_token, context.project_id) try: session.get_endpoint(service_type='network') except ks_exceptions.EndpointNotFound: diff --git a/murano/services/actions.py b/murano/services/actions.py index d20d5a272..ae21b4463 100644 --- a/murano/services/actions.py +++ b/murano/services/actions.py @@ -31,7 +31,7 @@ class ActionServices(object): 'action': action, 'model': session.description, 'token': context.auth_token, - 'project_id': context.tenant, + 'project_id': context.project_id, 'user_id': context.user, 'id': environment.id } diff --git a/murano/tests/unit/api/middleware/test_context.py b/murano/tests/unit/api/middleware/test_context.py index 7b221c75f..230167b25 100644 --- a/murano/tests/unit/api/middleware/test_context.py +++ b/murano/tests/unit/api/middleware/test_context.py @@ -30,7 +30,7 @@ class MiddlewareContextTest(base.MuranoTestCase): request_headers = { 'X-Roles': 'admin', 'X-User-Id': "", - 'X-Tenant-Id': "", + 'X-Project-Id': "", 'X-Configuration-Session': "", } request = webob.Request.blank('/environments', diff --git a/murano/tests/unit/api/v1/test_catalog.py b/murano/tests/unit/api/v1/test_catalog.py index 97cbfdcb6..a775cce4f 100644 --- a/murano/tests/unit/api/v1/test_catalog.py +++ b/murano/tests/unit/api/v1/test_catalog.py @@ -994,7 +994,7 @@ class TestCatalogApi(test_base.ControllerTest, test_base.MuranoApiTestCase): del test_package_meta[attr] mock_request = mock.MagicMock(context=mock.MagicMock( - tenant=self.tenant)) + project_id=self.tenant)) mock_load_from_file.return_value = pkg_to_upload mock_policy_check.return_value = True diff --git a/murano/tests/unit/services/test_actions.py b/murano/tests/unit/services/test_actions.py index 72aeb1f37..3857cfa10 100644 --- a/murano/tests/unit/services/test_actions.py +++ b/murano/tests/unit/services/test_actions.py @@ -40,7 +40,7 @@ class TestActions(test_base.MuranoTestCase): } mock_session = mock.MagicMock(description=mock_description) mock_context = mock.Mock(auth_token='test_token', - tenant='test_tenant', + project_id='test_tenant', user='test_user') expected_task = { 'action': { @@ -123,7 +123,7 @@ class TestActions(test_base.MuranoTestCase): test_session = 'test_session' context = mock.Mock() context.auth_token = 'test_token' - context.tenant = 'test_tenant' + context.project_id = 'test_tenant' context.user = 'test_user' test_unit = 'test_unit' diff --git a/murano/tests/unit/test_utils.py b/murano/tests/unit/test_utils.py index 270d0ddce..69e8befd5 100644 --- a/murano/tests/unit/test_utils.py +++ b/murano/tests/unit/test_utils.py @@ -30,7 +30,7 @@ class TestUtils(test_base.MuranoTestCase): """Test check env.""" mock_request = mock.MagicMock(context=test_utils.dummy_context()) mock_env = mock.MagicMock(environment_id='test_env_id', - tenant_id=mock_request.context.tenant) + tenant_id=mock_request.context.project_id) mock_db_session.get_session().query().get.return_value = mock_env env = utils.check_env(mock_request, mock_env.environment_id) @@ -117,7 +117,7 @@ class TestUtils(test_base.MuranoTestCase): def test_verify_env_template_with_invalid_tenant(self, mock_db_session): """Test session validation failure throws expected exception.""" mock_request = mock.MagicMock(context=test_utils.dummy_context()) - mock_request.context.tenant = mock.MagicMock( + mock_request.context.project_id = mock.MagicMock( return_value='test_tenant_id') mock_env_template = mock.MagicMock(tenant_id='another_test_tenant_id') mock_db_session.get_session().query().get.return_value =\ diff --git a/murano/tests/unit/utils.py b/murano/tests/unit/utils.py index 87855009a..f57ca34a7 100644 --- a/murano/tests/unit/utils.py +++ b/murano/tests/unit/utils.py @@ -35,7 +35,7 @@ def dummy_context(user='test_username', tenant_id='test_tenant_id', # prevent it being generated by oslo during tests. params = { 'request_id': request_id, - 'tenant': tenant_id, + 'project_id': tenant_id, 'user': user, } params.update(kwargs) diff --git a/murano/utils.py b/murano/utils.py index 7cae92581..3c10c36b1 100644 --- a/murano/utils.py +++ b/murano/utils.py @@ -40,7 +40,7 @@ def check_env(request, environment_id): raise exc.HTTPNotFound(explanation=msg) if hasattr(request, 'context'): - if (environment.tenant_id != request.context.tenant and not + if (environment.tenant_id != request.context.project_id and not request.context.is_admin): msg = _('User is not authorized to access' ' these tenant resources') @@ -87,7 +87,7 @@ def verify_env_template(func): raise exc.HTTPNotFound(explanation=msg) if hasattr(request, 'context'): - if template.tenant_id != request.context.tenant: + if template.tenant_id != request.context.project_id: msg = _('User is not authorized to access' ' this tenant resources') LOG.error(msg)