diff options
Diffstat (limited to 'keystone-moon/keystone/credential')
| -rw-r--r-- | keystone-moon/keystone/credential/__init__.py | 16 | ||||
| -rw-r--r-- | keystone-moon/keystone/credential/backends/__init__.py | 0 | ||||
| -rw-r--r-- | keystone-moon/keystone/credential/backends/sql.py | 100 | ||||
| -rw-r--r-- | keystone-moon/keystone/credential/controllers.py | 108 | ||||
| -rw-r--r-- | keystone-moon/keystone/credential/core.py | 149 | ||||
| -rw-r--r-- | keystone-moon/keystone/credential/routers.py | 28 | ||||
| -rw-r--r-- | keystone-moon/keystone/credential/schema.py | 62 |
7 files changed, 0 insertions, 463 deletions
diff --git a/keystone-moon/keystone/credential/__init__.py b/keystone-moon/keystone/credential/__init__.py deleted file mode 100644 index ea9d906c..00000000 --- a/keystone-moon/keystone/credential/__init__.py +++ /dev/null @@ -1,16 +0,0 @@ -# Copyright 2013 OpenStack Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from keystone.credential import controllers # noqa -from keystone.credential.core import * # noqa diff --git a/keystone-moon/keystone/credential/backends/__init__.py b/keystone-moon/keystone/credential/backends/__init__.py deleted file mode 100644 index e69de29b..00000000 --- a/keystone-moon/keystone/credential/backends/__init__.py +++ /dev/null diff --git a/keystone-moon/keystone/credential/backends/sql.py b/keystone-moon/keystone/credential/backends/sql.py deleted file mode 100644 index dfb9d20a..00000000 --- a/keystone-moon/keystone/credential/backends/sql.py +++ /dev/null @@ -1,100 +0,0 @@ -# Copyright 2013 OpenStack Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from keystone.common import driver_hints -from keystone.common import sql -from keystone import credential -from keystone import exception - - -class CredentialModel(sql.ModelBase, sql.DictBase): - __tablename__ = 'credential' - attributes = ['id', 'user_id', 'project_id', 'blob', 'type'] - id = sql.Column(sql.String(64), primary_key=True) - user_id = sql.Column(sql.String(64), - nullable=False) - project_id = sql.Column(sql.String(64)) - blob = sql.Column(sql.JsonBlob(), nullable=False) - type = sql.Column(sql.String(255), nullable=False) - extra = sql.Column(sql.JsonBlob()) - - -class Credential(credential.CredentialDriverV8): - - # credential crud - - @sql.handle_conflicts(conflict_type='credential') - def create_credential(self, credential_id, credential): - with sql.session_for_write() as session: - ref = CredentialModel.from_dict(credential) - session.add(ref) - return ref.to_dict() - - @driver_hints.truncated - def list_credentials(self, hints): - with sql.session_for_read() as session: - credentials = session.query(CredentialModel) - credentials = sql.filter_limit_query(CredentialModel, - credentials, hints) - return [s.to_dict() for s in credentials] - - def list_credentials_for_user(self, user_id, type=None): - with sql.session_for_read() as session: - query = session.query(CredentialModel) - query = query.filter_by(user_id=user_id) - if type: - query = query.filter_by(type=type) - refs = query.all() - return [ref.to_dict() for ref in refs] - - def _get_credential(self, session, credential_id): - ref = session.query(CredentialModel).get(credential_id) - if ref is None: - raise exception.CredentialNotFound(credential_id=credential_id) - return ref - - def get_credential(self, credential_id): - with sql.session_for_read() as session: - return self._get_credential(session, credential_id).to_dict() - - @sql.handle_conflicts(conflict_type='credential') - def update_credential(self, credential_id, credential): - with sql.session_for_write() as session: - ref = self._get_credential(session, credential_id) - old_dict = ref.to_dict() - for k in credential: - old_dict[k] = credential[k] - new_credential = CredentialModel.from_dict(old_dict) - for attr in CredentialModel.attributes: - if attr != 'id': - setattr(ref, attr, getattr(new_credential, attr)) - ref.extra = new_credential.extra - return ref.to_dict() - - def delete_credential(self, credential_id): - with sql.session_for_write() as session: - ref = self._get_credential(session, credential_id) - session.delete(ref) - - def delete_credentials_for_project(self, project_id): - with sql.session_for_write() as session: - query = session.query(CredentialModel) - query = query.filter_by(project_id=project_id) - query.delete() - - def delete_credentials_for_user(self, user_id): - with sql.session_for_write() as session: - query = session.query(CredentialModel) - query = query.filter_by(user_id=user_id) - query.delete() diff --git a/keystone-moon/keystone/credential/controllers.py b/keystone-moon/keystone/credential/controllers.py deleted file mode 100644 index 321acc48..00000000 --- a/keystone-moon/keystone/credential/controllers.py +++ /dev/null @@ -1,108 +0,0 @@ -# Copyright 2013 OpenStack Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import hashlib - -from oslo_serialization import jsonutils - -from keystone.common import controller -from keystone.common import dependency -from keystone.common import validation -from keystone.credential import schema -from keystone import exception -from keystone.i18n import _ - - -@dependency.requires('credential_api') -class CredentialV3(controller.V3Controller): - collection_name = 'credentials' - member_name = 'credential' - - def __init__(self): - super(CredentialV3, self).__init__() - self.get_member_from_driver = self.credential_api.get_credential - - def _assign_unique_id(self, ref, trust_id=None): - # Generates and assigns a unique identifier to - # a credential reference. - if ref.get('type', '').lower() == 'ec2': - try: - blob = jsonutils.loads(ref.get('blob')) - except (ValueError, TypeError): - raise exception.ValidationError( - message=_('Invalid blob in credential')) - if not blob or not isinstance(blob, dict): - raise exception.ValidationError(attribute='blob', - target='credential') - if blob.get('access') is None: - raise exception.ValidationError(attribute='access', - target='blob') - ret_ref = ref.copy() - ret_ref['id'] = hashlib.sha256(blob['access']).hexdigest() - # Update the blob with the trust_id, so credentials created - # with a trust scoped token will result in trust scoped - # tokens when authentication via ec2tokens happens - if trust_id is not None: - blob['trust_id'] = trust_id - ret_ref['blob'] = jsonutils.dumps(blob) - return ret_ref - else: - return super(CredentialV3, self)._assign_unique_id(ref) - - @controller.protected() - @validation.validated(schema.credential_create, 'credential') - def create_credential(self, context, credential): - trust_id = self._get_trust_id_for_request(context) - ref = self._assign_unique_id(self._normalize_dict(credential), - trust_id) - ref = self.credential_api.create_credential(ref['id'], ref) - return CredentialV3.wrap_member(context, ref) - - @staticmethod - def _blob_to_json(ref): - # credentials stored via ec2tokens before the fix for #1259584 - # need json serializing, as that's the documented API format - blob = ref.get('blob') - if isinstance(blob, dict): - new_ref = ref.copy() - new_ref['blob'] = jsonutils.dumps(blob) - return new_ref - else: - return ref - - @controller.filterprotected('user_id', 'type') - def list_credentials(self, context, filters): - hints = CredentialV3.build_driver_hints(context, filters) - refs = self.credential_api.list_credentials(hints) - ret_refs = [self._blob_to_json(r) for r in refs] - return CredentialV3.wrap_collection(context, ret_refs, - hints=hints) - - @controller.protected() - def get_credential(self, context, credential_id): - ref = self.credential_api.get_credential(credential_id) - ret_ref = self._blob_to_json(ref) - return CredentialV3.wrap_member(context, ret_ref) - - @controller.protected() - @validation.validated(schema.credential_update, 'credential') - def update_credential(self, context, credential_id, credential): - self._require_matching_id(credential_id, credential) - - ref = self.credential_api.update_credential(credential_id, credential) - return CredentialV3.wrap_member(context, ref) - - @controller.protected() - def delete_credential(self, context, credential_id): - return self.credential_api.delete_credential(credential_id) diff --git a/keystone-moon/keystone/credential/core.py b/keystone-moon/keystone/credential/core.py deleted file mode 100644 index 1550fc99..00000000 --- a/keystone-moon/keystone/credential/core.py +++ /dev/null @@ -1,149 +0,0 @@ -# Copyright 2013 OpenStack Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -"""Main entry point into the Credential service.""" - -import abc - -from oslo_config import cfg -from oslo_log import log -import six - -from keystone.common import dependency -from keystone.common import driver_hints -from keystone.common import manager -from keystone import exception - - -CONF = cfg.CONF - -LOG = log.getLogger(__name__) - - -@dependency.provider('credential_api') -class Manager(manager.Manager): - """Default pivot point for the Credential backend. - - See :mod:`keystone.common.manager.Manager` for more details on how this - dynamically calls the backend. - - """ - - driver_namespace = 'keystone.credential' - - def __init__(self): - super(Manager, self).__init__(CONF.credential.driver) - - @manager.response_truncated - def list_credentials(self, hints=None): - return self.driver.list_credentials(hints or driver_hints.Hints()) - - -@six.add_metaclass(abc.ABCMeta) -class CredentialDriverV8(object): - # credential crud - - @abc.abstractmethod - def create_credential(self, credential_id, credential): - """Creates a new credential. - - :raises keystone.exception.Conflict: If a duplicate credential exists. - - """ - raise exception.NotImplemented() # pragma: no cover - - @abc.abstractmethod - def list_credentials(self, hints): - """List all credentials. - - :param hints: contains the list of filters yet to be satisfied. - Any filters satisfied here will be removed so that - the caller will know if any filters remain. - - :returns: a list of credential_refs or an empty list. - - """ - raise exception.NotImplemented() # pragma: no cover - - @abc.abstractmethod - def list_credentials_for_user(self, user_id, type=None): - """List credentials for a user. - - :param user_id: ID of a user to filter credentials by. - :param type: type of credentials to filter on. - - :returns: a list of credential_refs or an empty list. - - """ - raise exception.NotImplemented() # pragma: no cover - - @abc.abstractmethod - def get_credential(self, credential_id): - """Get a credential by ID. - - :returns: credential_ref - :raises keystone.exception.CredentialNotFound: If credential doesn't - exist. - - """ - raise exception.NotImplemented() # pragma: no cover - - @abc.abstractmethod - def update_credential(self, credential_id, credential): - """Updates an existing credential. - - :raises keystone.exception.CredentialNotFound: If credential doesn't - exist. - :raises keystone.exception.Conflict: If a duplicate credential exists. - - """ - raise exception.NotImplemented() # pragma: no cover - - @abc.abstractmethod - def delete_credential(self, credential_id): - """Deletes an existing credential. - - :raises keystone.exception.CredentialNotFound: If credential doesn't - exist. - - """ - raise exception.NotImplemented() # pragma: no cover - - @abc.abstractmethod - def delete_credentials_for_project(self, project_id): - """Deletes all credentials for a project.""" - self._delete_credentials(lambda cr: cr['project_id'] == project_id) - - @abc.abstractmethod - def delete_credentials_for_user(self, user_id): - """Deletes all credentials for a user.""" - self._delete_credentials(lambda cr: cr['user_id'] == user_id) - - def _delete_credentials(self, match_fn): - """Do the actual credential deletion work (default implementation). - - :param match_fn: function that takes a credential dict as the - parameter and returns true or false if the - identifier matches the credential dict. - """ - for cr in self.list_credentials(): - if match_fn(cr): - try: - self.credential_api.delete_credential(cr['id']) - except exception.CredentialNotFound: - LOG.debug('Deletion of credential is not required: %s', - cr['id']) - - -Driver = manager.create_legacy_driver(CredentialDriverV8) diff --git a/keystone-moon/keystone/credential/routers.py b/keystone-moon/keystone/credential/routers.py deleted file mode 100644 index db3651f4..00000000 --- a/keystone-moon/keystone/credential/routers.py +++ /dev/null @@ -1,28 +0,0 @@ -# Copyright 2013 OpenStack Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -"""WSGI Routers for the Credentials service.""" - -from keystone.common import router -from keystone.common import wsgi -from keystone.credential import controllers - - -class Routers(wsgi.RoutersBase): - - def append_v3_routers(self, mapper, routers): - routers.append( - router.Router(controllers.CredentialV3(), - 'credentials', 'credential', - resource_descriptions=self.v3_resources)) diff --git a/keystone-moon/keystone/credential/schema.py b/keystone-moon/keystone/credential/schema.py deleted file mode 100644 index 749f0c0a..00000000 --- a/keystone-moon/keystone/credential/schema.py +++ /dev/null @@ -1,62 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -_credential_properties = { - 'blob': { - 'type': 'string' - }, - 'project_id': { - 'type': 'string' - }, - 'type': { - 'type': 'string' - }, - 'user_id': { - 'type': 'string' - } -} - -credential_create = { - 'type': 'object', - 'properties': _credential_properties, - 'additionalProperties': True, - 'oneOf': [ - { - 'title': 'ec2 credential requires project_id', - 'required': ['blob', 'type', 'user_id', 'project_id'], - 'properties': { - 'type': { - 'enum': ['ec2'] - } - } - }, - { - 'title': 'non-ec2 credential does not require project_id', - 'required': ['blob', 'type', 'user_id'], - 'properties': { - 'type': { - 'not': { - 'enum': ['ec2'] - } - } - } - } - ] -} - -credential_update = { - 'type': 'object', - 'properties': _credential_properties, - 'minProperties': 1, - 'additionalProperties': True -} |