diff options
Diffstat (limited to 'keystone-moon/keystone/credential/core.py')
-rw-r--r-- | keystone-moon/keystone/credential/core.py | 140 |
1 files changed, 140 insertions, 0 deletions
diff --git a/keystone-moon/keystone/credential/core.py b/keystone-moon/keystone/credential/core.py new file mode 100644 index 00000000..d3354ea3 --- /dev/null +++ b/keystone-moon/keystone/credential/core.py @@ -0,0 +1,140 @@ +# Copyright 2013 OpenStack Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +"""Main entry point into the Credentials service.""" + +import abc + +from oslo_config import cfg +from oslo_log import log +import six + +from keystone.common import dependency +from keystone.common import driver_hints +from keystone.common import manager +from keystone import exception + + +CONF = cfg.CONF + +LOG = log.getLogger(__name__) + + +@dependency.provider('credential_api') +class Manager(manager.Manager): + """Default pivot point for the Credential backend. + + See :mod:`keystone.common.manager.Manager` for more details on how this + dynamically calls the backend. + + """ + + def __init__(self): + super(Manager, self).__init__(CONF.credential.driver) + + @manager.response_truncated + def list_credentials(self, hints=None): + return self.driver.list_credentials(hints or driver_hints.Hints()) + + +@six.add_metaclass(abc.ABCMeta) +class Driver(object): + # credential crud + + @abc.abstractmethod + def create_credential(self, credential_id, credential): + """Creates a new credential. + + :raises: keystone.exception.Conflict + + """ + raise exception.NotImplemented() # pragma: no cover + + @abc.abstractmethod + def list_credentials(self, hints): + """List all credentials. + + :param hints: contains the list of filters yet to be satisfied. + Any filters satisfied here will be removed so that + the caller will know if any filters remain. + + :returns: a list of credential_refs or an empty list. + + """ + raise exception.NotImplemented() # pragma: no cover + + @abc.abstractmethod + def list_credentials_for_user(self, user_id): + """List credentials for a user. + + :param user_id: ID of a user to filter credentials by. + + :returns: a list of credential_refs or an empty list. + + """ + raise exception.NotImplemented() # pragma: no cover + + @abc.abstractmethod + def get_credential(self, credential_id): + """Get a credential by ID. + + :returns: credential_ref + :raises: keystone.exception.CredentialNotFound + + """ + raise exception.NotImplemented() # pragma: no cover + + @abc.abstractmethod + def update_credential(self, credential_id, credential): + """Updates an existing credential. + + :raises: keystone.exception.CredentialNotFound, + keystone.exception.Conflict + + """ + raise exception.NotImplemented() # pragma: no cover + + @abc.abstractmethod + def delete_credential(self, credential_id): + """Deletes an existing credential. + + :raises: keystone.exception.CredentialNotFound + + """ + raise exception.NotImplemented() # pragma: no cover + + @abc.abstractmethod + def delete_credentials_for_project(self, project_id): + """Deletes all credentials for a project.""" + self._delete_credentials(lambda cr: cr['project_id'] == project_id) + + @abc.abstractmethod + def delete_credentials_for_user(self, user_id): + """Deletes all credentials for a user.""" + self._delete_credentials(lambda cr: cr['user_id'] == user_id) + + def _delete_credentials(self, match_fn): + """Do the actual credential deletion work (default implementation). + + :param match_fn: function that takes a credential dict as the + parameter and returns true or false if the + identifier matches the credential dict. + """ + for cr in self.list_credentials(): + if match_fn(cr): + try: + self.credential_api.delete_credential(cr['id']) + except exception.CredentialNotFound: + LOG.debug('Deletion of credential is not required: %s', + cr['id']) |