diff options
| author |   RHE <rebirthmonkey@gmail.com> | 2017-11-24 13:54:26 +0100 |
|---|---|---|
| committer | RHE <rebirthmonkey@gmail.com> | 2017-11-24 13:54:26 +0100 |
| commit | 920a49cfa055733d575282973e23558c33087a4a (patch) | |
| tree | d371dab34efa5028600dad2e7ca58063626e7ba4 /keystone-moon/keystone/trust/backends | |
| parent | ef3eefca70d8abb4a00dafb9419ad32738e934b2 (diff) | |
remove keystone-moon
Change-Id: I80d7c9b669f19d5f6607e162de8e0e55c2f80fdd
Signed-off-by: RHE <rebirthmonkey@gmail.com>
Diffstat (limited to 'keystone-moon/keystone/trust/backends')
| -rw-r--r-- | keystone-moon/keystone/trust/backends/__init__.py | 0 | ||||
| -rw-r--r-- | keystone-moon/keystone/trust/backends/sql.py | 183 |
2 files changed, 0 insertions, 183 deletions
diff --git a/keystone-moon/keystone/trust/backends/__init__.py b/keystone-moon/keystone/trust/backends/__init__.py deleted file mode 100644 index e69de29b..00000000 --- a/keystone-moon/keystone/trust/backends/__init__.py +++ /dev/null diff --git a/keystone-moon/keystone/trust/backends/sql.py b/keystone-moon/keystone/trust/backends/sql.py deleted file mode 100644 index cb8446b3..00000000 --- a/keystone-moon/keystone/trust/backends/sql.py +++ /dev/null @@ -1,183 +0,0 @@ -# Copyright 2012 OpenStack Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import time - -from oslo_utils import timeutils -from six.moves import range - -from keystone.common import sql -from keystone import exception -from keystone import trust - - -# The maximum number of iterations that will be attempted for optimistic -# locking on consuming a limited-use trust. -MAXIMUM_CONSUME_ATTEMPTS = 10 - - -class TrustModel(sql.ModelBase, sql.DictBase): - __tablename__ = 'trust' - attributes = ['id', 'trustor_user_id', 'trustee_user_id', - 'project_id', 'impersonation', 'expires_at', - 'remaining_uses', 'deleted_at'] - id = sql.Column(sql.String(64), primary_key=True) - # user id of owner - trustor_user_id = sql.Column(sql.String(64), nullable=False,) - # user_id of user allowed to consume this preauth - trustee_user_id = sql.Column(sql.String(64), nullable=False) - project_id = sql.Column(sql.String(64)) - impersonation = sql.Column(sql.Boolean, nullable=False) - deleted_at = sql.Column(sql.DateTime) - expires_at = sql.Column(sql.DateTime) - remaining_uses = sql.Column(sql.Integer, nullable=True) - extra = sql.Column(sql.JsonBlob()) - __table_args__ = (sql.UniqueConstraint( - 'trustor_user_id', 'trustee_user_id', 'project_id', - 'impersonation', 'expires_at', - name='duplicate_trust_constraint'),) - - -class TrustRole(sql.ModelBase): - __tablename__ = 'trust_role' - attributes = ['trust_id', 'role_id'] - trust_id = sql.Column(sql.String(64), primary_key=True, nullable=False) - role_id = sql.Column(sql.String(64), primary_key=True, nullable=False) - - -class Trust(trust.TrustDriverV8): - @sql.handle_conflicts(conflict_type='trust') - def create_trust(self, trust_id, trust, roles): - with sql.session_for_write() as session: - ref = TrustModel.from_dict(trust) - ref['id'] = trust_id - if ref.get('expires_at') and ref['expires_at'].tzinfo is not None: - ref['expires_at'] = timeutils.normalize_time(ref['expires_at']) - session.add(ref) - added_roles = [] - for role in roles: - trust_role = TrustRole() - trust_role.trust_id = trust_id - trust_role.role_id = role['id'] - added_roles.append({'id': role['id']}) - session.add(trust_role) - trust_dict = ref.to_dict() - trust_dict['roles'] = added_roles - return trust_dict - - def _add_roles(self, trust_id, session, trust_dict): - roles = [] - for role in session.query(TrustRole).filter_by(trust_id=trust_id): - roles.append({'id': role.role_id}) - trust_dict['roles'] = roles - - @sql.handle_conflicts(conflict_type='trust') - def consume_use(self, trust_id): - - for attempt in range(MAXIMUM_CONSUME_ATTEMPTS): - with sql.session_for_write() as session: - try: - query_result = (session.query(TrustModel.remaining_uses). - filter_by(id=trust_id). - filter_by(deleted_at=None).one()) - except sql.NotFound: - raise exception.TrustNotFound(trust_id=trust_id) - - remaining_uses = query_result.remaining_uses - - if remaining_uses is None: - # unlimited uses, do nothing - break - elif remaining_uses > 0: - # NOTE(morganfainberg): use an optimistic locking method - # to ensure we only ever update a trust that has the - # expected number of remaining uses. - rows_affected = ( - session.query(TrustModel). - filter_by(id=trust_id). - filter_by(deleted_at=None). - filter_by(remaining_uses=remaining_uses). - update({'remaining_uses': (remaining_uses - 1)}, - synchronize_session=False)) - if rows_affected == 1: - # Successfully consumed a single limited-use trust. - # Since trust_id is the PK on the Trust table, there is - # no case we should match more than 1 row in the - # update. We either update 1 row or 0 rows. - break - else: - raise exception.TrustUseLimitReached(trust_id=trust_id) - # NOTE(morganfainberg): Ensure we have a yield point for eventlet - # here. This should cost us nothing otherwise. This can be removed - # if/when oslo_db cleanly handles yields on db calls. - time.sleep(0) - else: - # NOTE(morganfainberg): In the case the for loop is not prematurely - # broken out of, this else block is executed. This means the trust - # was not unlimited nor was it consumed (we hit the maximum - # iteration limit). This is just an indicator that we were unable - # to get the optimistic lock rather than silently failing or - # incorrectly indicating a trust was consumed. - raise exception.TrustConsumeMaximumAttempt(trust_id=trust_id) - - def get_trust(self, trust_id, deleted=False): - with sql.session_for_read() as session: - query = session.query(TrustModel).filter_by(id=trust_id) - if not deleted: - query = query.filter_by(deleted_at=None) - ref = query.first() - if ref is None: - raise exception.TrustNotFound(trust_id=trust_id) - if ref.expires_at is not None and not deleted: - now = timeutils.utcnow() - if now > ref.expires_at: - raise exception.TrustNotFound(trust_id=trust_id) - # Do not return trusts that can't be used anymore - if ref.remaining_uses is not None and not deleted: - if ref.remaining_uses <= 0: - raise exception.TrustNotFound(trust_id=trust_id) - trust_dict = ref.to_dict() - - self._add_roles(trust_id, session, trust_dict) - return trust_dict - - @sql.handle_conflicts(conflict_type='trust') - def list_trusts(self): - with sql.session_for_read() as session: - trusts = session.query(TrustModel).filter_by(deleted_at=None) - return [trust_ref.to_dict() for trust_ref in trusts] - - @sql.handle_conflicts(conflict_type='trust') - def list_trusts_for_trustee(self, trustee_user_id): - with sql.session_for_read() as session: - trusts = (session.query(TrustModel). - filter_by(deleted_at=None). - filter_by(trustee_user_id=trustee_user_id)) - return [trust_ref.to_dict() for trust_ref in trusts] - - @sql.handle_conflicts(conflict_type='trust') - def list_trusts_for_trustor(self, trustor_user_id): - with sql.session_for_read() as session: - trusts = (session.query(TrustModel). - filter_by(deleted_at=None). - filter_by(trustor_user_id=trustor_user_id)) - return [trust_ref.to_dict() for trust_ref in trusts] - - @sql.handle_conflicts(conflict_type='trust') - def delete_trust(self, trust_id): - with sql.session_for_write() as session: - trust_ref = session.query(TrustModel).get(trust_id) - if not trust_ref: - raise exception.TrustNotFound(trust_id=trust_id) - trust_ref.deleted_at = timeutils.utcnow() |