Keystone DB sync - update sync service for Stein

This commit updates dcdbsync service to support Stein. Changes to the
service includes:
- Update system_assignment table when user id or role id is updated
- Update implied_role table when role id is updated
- Removed "password" field from local_user_table synchronization
- Added "description" field to role table synchronization
- Updated VERSION_ALIASES to Stein 1.0 in API controllers

Story: 2002842
Task: 22787

Change-Id: I40e64d4072201635c7b531575ab5df7cd7b5557d
Signed-off-by: Andy Ning <andy.ning@windriver.com>

dcdbsync/api/controllers/v1/identity/identity.py

@@ -39,7 +39,7 @@ LOG = logging.getLogger(__name__)
 
 class UsersController(object):
     VERSION_ALIASES = {
-        'Pike': '1.0',
+        'Stein': '1.0',
     }
 
     def __init__(self):

dcdbsync/api/controllers/v1/identity/project.py

@@ -39,7 +39,7 @@ LOG = logging.getLogger(__name__)
 
 class ProjectsController(object):
     VERSION_ALIASES = {
-        'Pike': '1.0',
+        'Stein': '1.0',
     }
 
     def __init__(self):

dcdbsync/api/controllers/v1/identity/role.py

@@ -39,7 +39,7 @@ LOG = logging.getLogger(__name__)
 
 class RolesController(object):
     VERSION_ALIASES = {
-        'Pike': '1.0',
+        'Stein': '1.0',
     }
 
     def __init__(self):

dcdbsync/api/controllers/v1/identity/token_revoke_event.py

@@ -40,7 +40,7 @@ LOG = logging.getLogger(__name__)
 
 class RevokeEventsController(object):
     VERSION_ALIASES = {
-        'Pike': '1.0',
+        'Stein': '1.0',
     }
 
     def __init__(self):

dcdbsync/db/identity/sqlalchemy/api.py

@@ -307,12 +307,12 @@ def user_update(context, user_id, payload):
                     password['local_user_id'] = \
                         updated_local_users[0]['id']
                     insert(conn, table, password)
-        # Need to update the actor_id in assignment table
-        # if the user id is updated
+        # Need to update the actor_id in assignment and system_assignment
+        # tables if the user id is updated
         if user_id != new_user_id:
-            table = 'assignment'
             assignment = {'actor_id': new_user_id}
-            update(conn, table, 'actor_id', user_id, assignment)
+            update(conn, 'assignment', 'actor_id', user_id, assignment)
+            update(conn, 'system_assignment', 'actor_id', user_id, assignment)
 
     return user_get(context, new_user_id)
 
@@ -435,16 +435,40 @@ def role_update(context, role_id, payload):
         table = 'role'
         new_role_id = role_id
         if table in payload:
+            prior_roles = []
+            implied_roles = []
             role = payload[table]
-            update(conn, table, 'id', role_id, role)
             new_role_id = role.get('id')
+            if role_id != new_role_id:
+                # implied_role table has foreign key references to role table.
+                # The foreign key references are on DELETE CASCADE only. To
+                # avoid foreign key constraints violation, save these records
+                # from implied_role table, delete them, update role table,
+                # update and insert them back after role table is updated.
+                prior_roles = query(conn, 'implied_role', 'prior_role_id',
+                                    role_id)
+                delete(conn, 'implied_role', 'prior_role_id', role_id)
+                implied_roles = query(conn, 'implied_role', 'implied_role_id',
+                                      role_id)
+                delete(conn, 'implied_role', 'implied_role_id', role_id)
+            # Update role table
+            update(conn, table, 'id', role_id, role)
+            # Update saved records from implied_role table and insert them back
+            if prior_roles:
+                for prior_role in prior_roles:
+                    prior_role['prior_role_id'] = new_role_id
+                insert(conn, 'implied_role', prior_roles)
+            if implied_roles:
+                for implied_role in implied_roles:
+                    implied_role['implied_role_id'] = new_role_id
+                insert(conn, 'implied_role', implied_roles)
 
-        # Need to update the role_id in assignment table
+        # Need to update the role_id in assignment and system_assignment tables
         # if the role id is updated
         if role_id != new_role_id:
-            table = 'assignment'
             assignment = {'role_id': new_role_id}
-            update(conn, table, 'role_id', role_id, assignment)
+            update(conn, 'assignment', 'role_id', role_id, assignment)
+            update(conn, 'system_assignment', 'role_id', role_id, assignment)
 
     return role_get(context, new_role_id)
 

dcdbsync/dbsyncclient/v1/identity/identity_manager.py

@@ -27,14 +27,13 @@ from dcdbsync.dbsyncclient import exceptions
 class Password(base.Resource):
     resource_name = 'password'
 
-    def __init__(self, manager, id, local_user_id, password, self_service,
+    def __init__(self, manager, id, local_user_id, self_service,
                  password_hash, created_at, created_at_int, expires_at,
                  expires_at_int):
         self.manager = manager
         self.id = id
         # Foreign key to local_user.id
         self.local_user_id = local_user_id
-        self.password = password
         self.self_service = self_service
         self.password_hash = password_hash
         self.created_at = created_at
@@ -124,7 +123,6 @@ class identity_manager(base.ResourceManager):
                     self,
                     id=object['id'],
                     local_user_id=object['local_user_id'],
-                    password=object['password'],
                     self_service=object['self_service'],
                     password_hash=object['password_hash'],
                     created_at=object['created_at'],

dcdbsync/dbsyncclient/v1/identity/role_manager.py

@@ -26,12 +26,13 @@ from dcdbsync.dbsyncclient import exceptions
 class Role(base.Resource):
     resource_name = 'role'
 
-    def __init__(self, manager, id, domain_id, name, extra={}):
+    def __init__(self, manager, id, domain_id, name, description, extra={}):
         self.manager = manager
         self.id = id
         self.domain_id = domain_id
         self.name = name
         self.extra = extra
+        self.description = description
 
     def info(self):
         resource_info = dict()
@@ -78,6 +79,7 @@ class role_manager(base.ResourceManager):
                 id=json_object['id'],
                 domain_id=json_object['domain_id'],
                 name=json_object['name'],
+                description=json_object['description'],
                 extra=json_object['extra'])
 
             roles.append(role)