aboutsummaryrefslogtreecommitdiffstats
path: root/keystone-moon/keystone/identity/mapping_backends
diff options
context:
space:
mode:
Diffstat (limited to 'keystone-moon/keystone/identity/mapping_backends')
-rw-r--r--keystone-moon/keystone/identity/mapping_backends/__init__.py0
-rw-r--r--keystone-moon/keystone/identity/mapping_backends/mapping.py18
-rw-r--r--keystone-moon/keystone/identity/mapping_backends/sql.py97
3 files changed, 115 insertions, 0 deletions
diff --git a/keystone-moon/keystone/identity/mapping_backends/__init__.py b/keystone-moon/keystone/identity/mapping_backends/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/keystone-moon/keystone/identity/mapping_backends/__init__.py
diff --git a/keystone-moon/keystone/identity/mapping_backends/mapping.py b/keystone-moon/keystone/identity/mapping_backends/mapping.py
new file mode 100644
index 00000000..dddf36c1
--- /dev/null
+++ b/keystone-moon/keystone/identity/mapping_backends/mapping.py
@@ -0,0 +1,18 @@
+# Copyright 2014 IBM Corp.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+class EntityType(object):
+ USER = 'user'
+ GROUP = 'group'
diff --git a/keystone-moon/keystone/identity/mapping_backends/sql.py b/keystone-moon/keystone/identity/mapping_backends/sql.py
new file mode 100644
index 00000000..b2f9cb95
--- /dev/null
+++ b/keystone-moon/keystone/identity/mapping_backends/sql.py
@@ -0,0 +1,97 @@
+# Copyright 2014 IBM Corp.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from keystone.common import dependency
+from keystone.common import sql
+from keystone import identity
+from keystone.identity.mapping_backends import mapping as identity_mapping
+
+
+class IDMapping(sql.ModelBase, sql.ModelDictMixin):
+ __tablename__ = 'id_mapping'
+ public_id = sql.Column(sql.String(64), primary_key=True)
+ domain_id = sql.Column(sql.String(64), nullable=False)
+ local_id = sql.Column(sql.String(64), nullable=False)
+ # NOTE(henry-nash); Postgres requires a name to be defined for an Enum
+ entity_type = sql.Column(
+ sql.Enum(identity_mapping.EntityType.USER,
+ identity_mapping.EntityType.GROUP,
+ name='entity_type'),
+ nullable=False)
+ # Unique constraint to ensure you can't store more than one mapping to the
+ # same underlying values
+ __table_args__ = (
+ sql.UniqueConstraint('domain_id', 'local_id', 'entity_type'), {})
+
+
+@dependency.requires('id_generator_api')
+class Mapping(identity.MappingDriver):
+
+ def get_public_id(self, local_entity):
+ # NOTE(henry-nash): Since the Public ID is regeneratable, rather
+ # than search for the entry using the local entity values, we
+ # could create the hash and do a PK lookup. However this would only
+ # work if we hashed all the entries, even those that already generate
+ # UUIDs, like SQL. Further, this would only work if the generation
+ # algorithm was immutable (e.g. it had always been sha256).
+ session = sql.get_session()
+ query = session.query(IDMapping.public_id)
+ query = query.filter_by(domain_id=local_entity['domain_id'])
+ query = query.filter_by(local_id=local_entity['local_id'])
+ query = query.filter_by(entity_type=local_entity['entity_type'])
+ try:
+ public_ref = query.one()
+ public_id = public_ref.public_id
+ return public_id
+ except sql.NotFound:
+ return None
+
+ def get_id_mapping(self, public_id):
+ session = sql.get_session()
+ mapping_ref = session.query(IDMapping).get(public_id)
+ if mapping_ref:
+ return mapping_ref.to_dict()
+
+ def create_id_mapping(self, local_entity, public_id=None):
+ entity = local_entity.copy()
+ with sql.transaction() as session:
+ if public_id is None:
+ public_id = self.id_generator_api.generate_public_ID(entity)
+ entity['public_id'] = public_id
+ mapping_ref = IDMapping.from_dict(entity)
+ session.add(mapping_ref)
+ return public_id
+
+ def delete_id_mapping(self, public_id):
+ with sql.transaction() as session:
+ try:
+ session.query(IDMapping).filter(
+ IDMapping.public_id == public_id).delete()
+ except sql.NotFound:
+ # NOTE(morganfainberg): There is nothing to delete and nothing
+ # to do.
+ pass
+
+ def purge_mappings(self, purge_filter):
+ session = sql.get_session()
+ query = session.query(IDMapping)
+ if 'domain_id' in purge_filter:
+ query = query.filter_by(domain_id=purge_filter['domain_id'])
+ if 'public_id' in purge_filter:
+ query = query.filter_by(public_id=purge_filter['public_id'])
+ if 'local_id' in purge_filter:
+ query = query.filter_by(local_id=purge_filter['local_id'])
+ if 'entity_type' in purge_filter:
+ query = query.filter_by(entity_type=purge_filter['entity_type'])
+ query.delete()