Move role normalization to normalize.py
Location has specific semantics for identity resources. Add a method to get a projectless location. Add domain_id to project since all of the identity resources have it already, but keep the parent-project semantics already in place for project. Change-Id: Ife37833baabf58d9e329071acb4187842815c7d2
This commit is contained in:
parent
835d6555c3
commit
c39d98ccaf
@ -65,6 +65,9 @@ If all of the project information is None, then
|
||||
domain_name=str() or None))
|
||||
|
||||
|
||||
Resources
|
||||
=========
|
||||
|
||||
Flavor
|
||||
------
|
||||
|
||||
@ -324,34 +327,6 @@ A Floating IP from Neutron or Nova
|
||||
revision_number=int() or None,
|
||||
properties=dict())
|
||||
|
||||
Project
|
||||
-------
|
||||
|
||||
A Project from Keystone (or a tenant if Keystone v2)
|
||||
|
||||
Location information for Project has some specific semantics.
|
||||
|
||||
If the project has a parent project, that will be in location.project.id,
|
||||
and if it doesn't that should be None. If the Project is associated with
|
||||
a domain that will be in location.project.domain_id regardless of the current
|
||||
user's token scope. location.project.name and location.project.domain_name
|
||||
will always be None. Finally, location.region_name will always be None as
|
||||
Projects are global to a cloud. If a deployer happens to deploy OpenStack
|
||||
in such a way that users and projects are not shared amongst regions, that
|
||||
necessitates treating each of those regions as separate clouds from shade's
|
||||
POV.
|
||||
|
||||
.. code-block:: python
|
||||
|
||||
Project = dict(
|
||||
location=Location(),
|
||||
id=str(),
|
||||
name=str(),
|
||||
description=str(),
|
||||
is_enabled=bool(),
|
||||
is_domain=bool(),
|
||||
properties=dict())
|
||||
|
||||
Volume
|
||||
------
|
||||
|
||||
@ -502,3 +477,56 @@ A Stack from Heat
|
||||
tempate_description=str(),
|
||||
timeout_mins=int(),
|
||||
properties=dict())
|
||||
|
||||
Identity Resources
|
||||
==================
|
||||
|
||||
Identity Resources are slightly different.
|
||||
|
||||
They are global to a cloud, so location.availability_zone and
|
||||
location.region_name and will always be None. If a deployer happens to deploy
|
||||
OpenStack in such a way that users and projects are not shared amongst regions,
|
||||
that necessitates treating each of those regions as separate clouds from
|
||||
shade's POV.
|
||||
|
||||
The Identity Resources that are not Project do not exist within a Project,
|
||||
so all of the values in ``location.project`` will be None.
|
||||
|
||||
Project
|
||||
-------
|
||||
|
||||
A Project from Keystone (or a tenant if Keystone v2)
|
||||
|
||||
Location information for Project has some additional specific semantics.
|
||||
If the project has a parent project, that will be in ``location.project.id``,
|
||||
and if it doesn't that should be ``None``.
|
||||
|
||||
If the Project is associated with a domain that will be in
|
||||
``location.project.domain_id`` in addition to the normal ``domain_id``
|
||||
regardless of the current user's token scope.
|
||||
|
||||
.. code-block:: python
|
||||
|
||||
Project = dict(
|
||||
location=Location(),
|
||||
id=str(),
|
||||
name=str(),
|
||||
description=str(),
|
||||
is_enabled=bool(),
|
||||
is_domain=bool(),
|
||||
domain_id=str(),
|
||||
properties=dict())
|
||||
|
||||
Role
|
||||
----
|
||||
|
||||
A Role from Keystone
|
||||
|
||||
.. code-block:: python
|
||||
|
||||
Project = dict(
|
||||
location=Location(),
|
||||
id=str(),
|
||||
name=str(),
|
||||
domain_id=str(),
|
||||
properties=dict())
|
||||
|
@ -643,19 +643,14 @@ class Normalizer(object):
|
||||
description = project.pop('description', '')
|
||||
is_enabled = project.pop('enabled', True)
|
||||
|
||||
# Projects are global - strip region
|
||||
location = self._get_current_location(project_id=project_id)
|
||||
location['region_name'] = None
|
||||
|
||||
# v3 additions
|
||||
domain_id = project.pop('domain_id', 'default')
|
||||
parent_id = project.pop('parent_id', None)
|
||||
is_domain = project.pop('is_domain', False)
|
||||
|
||||
# Projects have a special relationship with location
|
||||
location = self._get_identity_location()
|
||||
location['project']['domain_id'] = domain_id
|
||||
location['project']['domain_name'] = None
|
||||
location['project']['name'] = None
|
||||
location['project']['id'] = parent_id
|
||||
|
||||
ret = munch.Munch(
|
||||
@ -665,13 +660,13 @@ class Normalizer(object):
|
||||
description=description,
|
||||
is_enabled=is_enabled,
|
||||
is_domain=is_domain,
|
||||
domain_id=domain_id,
|
||||
properties=project.copy()
|
||||
)
|
||||
|
||||
# Backwards compat
|
||||
if not self.strict_mode:
|
||||
ret['enabled'] = is_enabled
|
||||
ret['domain_id'] = domain_id
|
||||
ret['parent_id'] = parent_id
|
||||
for key, val in ret['properties'].items():
|
||||
ret.setdefault(key, val)
|
||||
@ -1089,3 +1084,21 @@ class Normalizer(object):
|
||||
# TODO(mordred) Normalize this resource
|
||||
|
||||
return machine
|
||||
|
||||
def _normalize_roles(self, roles):
|
||||
"""Normalize Keystone roles"""
|
||||
ret = []
|
||||
for role in roles:
|
||||
ret.append(self._normalize_role(role))
|
||||
return ret
|
||||
|
||||
def _normalize_role(self, role):
|
||||
"""Normalize Identity roles."""
|
||||
|
||||
return munch.Munch(
|
||||
id=role.get('id'),
|
||||
name=role.get('name'),
|
||||
domain_id=role.get('domain_id'),
|
||||
location=self._get_identity_location(),
|
||||
properties={},
|
||||
)
|
||||
|
@ -374,18 +374,6 @@ def normalize_role_assignments(assignments):
|
||||
return new_assignments
|
||||
|
||||
|
||||
def normalize_roles(roles):
|
||||
"""Normalize Identity roles."""
|
||||
ret = [
|
||||
dict(
|
||||
domain_id=role.get('domain_id'),
|
||||
id=role.get('id'),
|
||||
name=role.get('name'),
|
||||
) for role in roles
|
||||
]
|
||||
return meta.obj_list_to_munch(ret)
|
||||
|
||||
|
||||
def normalize_flavor_accesses(flavor_accesses):
|
||||
"""Normalize Flavor access list."""
|
||||
return [munch.Munch(
|
||||
|
@ -670,6 +670,18 @@ class OpenStackCloud(
|
||||
project=self._get_project_info(project_id),
|
||||
)
|
||||
|
||||
def _get_identity_location(self):
|
||||
'''Identity resources do not exist inside of projects.'''
|
||||
return munch.Munch(
|
||||
cloud=self.name,
|
||||
region_name=None,
|
||||
zone=None,
|
||||
project=munch.Munch(
|
||||
id=None,
|
||||
name=None,
|
||||
domain_id=None,
|
||||
domain_name=None))
|
||||
|
||||
def _get_project_id_param_dict(self, name_or_id):
|
||||
if name_or_id:
|
||||
project = self.get_project(name_or_id)
|
||||
|
@ -1390,7 +1390,7 @@ class OperatorCloud(openstackcloud.OpenStackCloud):
|
||||
url = '/OS-KSADM/roles' if v2 else '/roles'
|
||||
data = self._identity_client.get(
|
||||
url, params=kwargs, error_message="Failed to list roles")
|
||||
return _utils.normalize_roles(self._get_and_munchify('roles', data))
|
||||
return self._normalize_roles(self._get_and_munchify('roles', data))
|
||||
|
||||
@_utils.valid_kwargs('domain_id')
|
||||
def search_roles(self, name_or_id=None, filters=None, **kwargs):
|
||||
@ -1711,7 +1711,7 @@ class OperatorCloud(openstackcloud.OpenStackCloud):
|
||||
data = self._identity_client.post(
|
||||
url, json={'role': kwargs}, error_message=msg)
|
||||
role = self._get_and_munchify('role', data)
|
||||
return _utils.normalize_roles([role])[0]
|
||||
return self._normalize_role(role)
|
||||
|
||||
@_utils.valid_kwargs('domain_id')
|
||||
def update_role(self, name_or_id, name, **kwargs):
|
||||
@ -1740,7 +1740,7 @@ class OperatorCloud(openstackcloud.OpenStackCloud):
|
||||
data = self._identity_client.patch('/roles', error_message=msg,
|
||||
json=json_kwargs)
|
||||
role = self._get_and_munchify('role', data)
|
||||
return _utils.normalize_roles([role])[0]
|
||||
return self._normalize_role(role)
|
||||
|
||||
@_utils.valid_kwargs('domain_id')
|
||||
def delete_role(self, name_or_id, **kwargs):
|
||||
|
Loading…
x
Reference in New Issue
Block a user