aboutsummaryrefslogtreecommitdiffstats
path: root/keystone-moon/keystone/resource/backends/sql.py
diff options
context:
space:
mode:
Diffstat (limited to 'keystone-moon/keystone/resource/backends/sql.py')
-rw-r--r--keystone-moon/keystone/resource/backends/sql.py239
1 files changed, 123 insertions, 116 deletions
diff --git a/keystone-moon/keystone/resource/backends/sql.py b/keystone-moon/keystone/resource/backends/sql.py
index 59bab372..39bb4f3b 100644
--- a/keystone-moon/keystone/resource/backends/sql.py
+++ b/keystone-moon/keystone/resource/backends/sql.py
@@ -10,87 +10,123 @@
# License for the specific language governing permissions and limitations
# under the License.
-from oslo_config import cfg
from oslo_log import log
from keystone.common import clean
+from keystone.common import driver_hints
from keystone.common import sql
from keystone import exception
-from keystone.i18n import _LE
+from keystone.i18n import _LE, _LW
from keystone import resource as keystone_resource
-CONF = cfg.CONF
LOG = log.getLogger(__name__)
-class Resource(keystone_resource.ResourceDriverV8):
+class Resource(keystone_resource.ResourceDriverV9):
def default_assignment_driver(self):
return 'sql'
+ def _encode_domain_id(self, ref):
+ if 'domain_id' in ref and ref['domain_id'] is None:
+ new_ref = ref.copy()
+ new_ref['domain_id'] = keystone_resource.NULL_DOMAIN_ID
+ return new_ref
+ else:
+ return ref
+
+ def _is_hidden_ref(self, ref):
+ return ref.id == keystone_resource.NULL_DOMAIN_ID
+
def _get_project(self, session, project_id):
project_ref = session.query(Project).get(project_id)
- if project_ref is None:
+ if project_ref is None or self._is_hidden_ref(project_ref):
raise exception.ProjectNotFound(project_id=project_id)
return project_ref
- def get_project(self, tenant_id):
- with sql.transaction() as session:
- return self._get_project(session, tenant_id).to_dict()
+ def get_project(self, project_id):
+ with sql.session_for_read() as session:
+ return self._get_project(session, project_id).to_dict()
- def get_project_by_name(self, tenant_name, domain_id):
- with sql.transaction() as session:
+ def get_project_by_name(self, project_name, domain_id):
+ with sql.session_for_read() as session:
query = session.query(Project)
- query = query.filter_by(name=tenant_name)
- query = query.filter_by(domain_id=domain_id)
+ query = query.filter_by(name=project_name)
+ if domain_id is None:
+ query = query.filter_by(
+ domain_id=keystone_resource.NULL_DOMAIN_ID)
+ else:
+ query = query.filter_by(domain_id=domain_id)
try:
project_ref = query.one()
except sql.NotFound:
- raise exception.ProjectNotFound(project_id=tenant_name)
+ raise exception.ProjectNotFound(project_id=project_name)
+
+ if self._is_hidden_ref(project_ref):
+ raise exception.ProjectNotFound(project_id=project_name)
return project_ref.to_dict()
- @sql.truncated
+ @driver_hints.truncated
def list_projects(self, hints):
- with sql.transaction() as session:
+ # If there is a filter on domain_id and the value is None, then to
+ # ensure that the sql filtering works correctly, we need to patch
+ # the value to be NULL_DOMAIN_ID. This is safe to do here since we
+ # know we are able to satisfy any filter of this type in the call to
+ # filter_limit_query() below, which will remove the filter from the
+ # hints (hence ensuring our substitution is not exposed to the caller).
+ for f in hints.filters:
+ if (f['name'] == 'domain_id' and f['value'] is None):
+ f['value'] = keystone_resource.NULL_DOMAIN_ID
+ with sql.session_for_read() as session:
query = session.query(Project)
project_refs = sql.filter_limit_query(Project, query, hints)
- return [project_ref.to_dict() for project_ref in project_refs]
+ return [project_ref.to_dict() for project_ref in project_refs
+ if not self._is_hidden_ref(project_ref)]
def list_projects_from_ids(self, ids):
if not ids:
return []
else:
- with sql.transaction() as session:
+ with sql.session_for_read() as session:
query = session.query(Project)
query = query.filter(Project.id.in_(ids))
- return [project_ref.to_dict() for project_ref in query.all()]
+ return [project_ref.to_dict() for project_ref in query.all()
+ if not self._is_hidden_ref(project_ref)]
def list_project_ids_from_domain_ids(self, domain_ids):
if not domain_ids:
return []
else:
- with sql.transaction() as session:
+ with sql.session_for_read() as session:
query = session.query(Project.id)
query = (
query.filter(Project.domain_id.in_(domain_ids)))
- return [x.id for x in query.all()]
+ return [x.id for x in query.all()
+ if not self._is_hidden_ref(x)]
def list_projects_in_domain(self, domain_id):
- with sql.transaction() as session:
- self._get_domain(session, domain_id)
+ with sql.session_for_read() as session:
+ try:
+ self._get_project(session, domain_id)
+ except exception.ProjectNotFound:
+ raise exception.DomainNotFound(domain_id=domain_id)
query = session.query(Project)
- project_refs = query.filter_by(domain_id=domain_id)
+ project_refs = query.filter(Project.domain_id == domain_id)
return [project_ref.to_dict() for project_ref in project_refs]
- def _get_children(self, session, project_ids):
+ def list_projects_acting_as_domain(self, hints):
+ hints.add_filter('is_domain', True)
+ return self.list_projects(hints)
+
+ def _get_children(self, session, project_ids, domain_id=None):
query = session.query(Project)
query = query.filter(Project.parent_id.in_(project_ids))
project_refs = query.all()
return [project_ref.to_dict() for project_ref in project_refs]
def list_projects_in_subtree(self, project_id):
- with sql.transaction() as session:
+ with sql.session_for_read() as session:
children = self._get_children(session, [project_id])
subtree = []
examined = set([project_id])
@@ -111,7 +147,7 @@ class Resource(keystone_resource.ResourceDriverV8):
return subtree
def list_project_parents(self, project_id):
- with sql.transaction() as session:
+ with sql.session_for_read() as session:
project = self._get_project(session, project_id).to_dict()
parents = []
examined = set()
@@ -131,105 +167,61 @@ class Resource(keystone_resource.ResourceDriverV8):
return parents
def is_leaf_project(self, project_id):
- with sql.transaction() as session:
+ with sql.session_for_read() as session:
project_refs = self._get_children(session, [project_id])
return not project_refs
# CRUD
@sql.handle_conflicts(conflict_type='project')
- def create_project(self, tenant_id, tenant):
- tenant['name'] = clean.project_name(tenant['name'])
- with sql.transaction() as session:
- tenant_ref = Project.from_dict(tenant)
- session.add(tenant_ref)
- return tenant_ref.to_dict()
+ def create_project(self, project_id, project):
+ project['name'] = clean.project_name(project['name'])
+ new_project = self._encode_domain_id(project)
+ with sql.session_for_write() as session:
+ project_ref = Project.from_dict(new_project)
+ session.add(project_ref)
+ return project_ref.to_dict()
@sql.handle_conflicts(conflict_type='project')
- def update_project(self, tenant_id, tenant):
- if 'name' in tenant:
- tenant['name'] = clean.project_name(tenant['name'])
-
- with sql.transaction() as session:
- tenant_ref = self._get_project(session, tenant_id)
- old_project_dict = tenant_ref.to_dict()
- for k in tenant:
- old_project_dict[k] = tenant[k]
+ def update_project(self, project_id, project):
+ if 'name' in project:
+ project['name'] = clean.project_name(project['name'])
+
+ update_project = self._encode_domain_id(project)
+ with sql.session_for_write() as session:
+ project_ref = self._get_project(session, project_id)
+ old_project_dict = project_ref.to_dict()
+ for k in update_project:
+ old_project_dict[k] = update_project[k]
+ # When we read the old_project_dict, any "null" domain_id will have
+ # been decoded, so we need to re-encode it
+ old_project_dict = self._encode_domain_id(old_project_dict)
new_project = Project.from_dict(old_project_dict)
for attr in Project.attributes:
if attr != 'id':
- setattr(tenant_ref, attr, getattr(new_project, attr))
- tenant_ref.extra = new_project.extra
- return tenant_ref.to_dict(include_extra_dict=True)
+ setattr(project_ref, attr, getattr(new_project, attr))
+ project_ref.extra = new_project.extra
+ return project_ref.to_dict(include_extra_dict=True)
@sql.handle_conflicts(conflict_type='project')
- def delete_project(self, tenant_id):
- with sql.transaction() as session:
- tenant_ref = self._get_project(session, tenant_id)
- session.delete(tenant_ref)
-
- # domain crud
-
- @sql.handle_conflicts(conflict_type='domain')
- def create_domain(self, domain_id, domain):
- with sql.transaction() as session:
- ref = Domain.from_dict(domain)
- session.add(ref)
- return ref.to_dict()
-
- @sql.truncated
- def list_domains(self, hints):
- with sql.transaction() as session:
- query = session.query(Domain)
- refs = sql.filter_limit_query(Domain, query, hints)
- return [ref.to_dict() for ref in refs]
-
- def list_domains_from_ids(self, ids):
- if not ids:
- return []
- else:
- with sql.transaction() as session:
- query = session.query(Domain)
- query = query.filter(Domain.id.in_(ids))
- domain_refs = query.all()
- return [domain_ref.to_dict() for domain_ref in domain_refs]
-
- def _get_domain(self, session, domain_id):
- ref = session.query(Domain).get(domain_id)
- if ref is None:
- raise exception.DomainNotFound(domain_id=domain_id)
- return ref
-
- def get_domain(self, domain_id):
- with sql.transaction() as session:
- return self._get_domain(session, domain_id).to_dict()
-
- def get_domain_by_name(self, domain_name):
- with sql.transaction() as session:
- try:
- ref = (session.query(Domain).
- filter_by(name=domain_name).one())
- except sql.NotFound:
- raise exception.DomainNotFound(domain_id=domain_name)
- return ref.to_dict()
-
- @sql.handle_conflicts(conflict_type='domain')
- def update_domain(self, domain_id, domain):
- with sql.transaction() as session:
- ref = self._get_domain(session, domain_id)
- old_dict = ref.to_dict()
- for k in domain:
- old_dict[k] = domain[k]
- new_domain = Domain.from_dict(old_dict)
- for attr in Domain.attributes:
- if attr != 'id':
- setattr(ref, attr, getattr(new_domain, attr))
- ref.extra = new_domain.extra
- return ref.to_dict()
+ def delete_project(self, project_id):
+ with sql.session_for_write() as session:
+ project_ref = self._get_project(session, project_id)
+ session.delete(project_ref)
- def delete_domain(self, domain_id):
- with sql.transaction() as session:
- ref = self._get_domain(session, domain_id)
- session.delete(ref)
+ @sql.handle_conflicts(conflict_type='project')
+ def delete_projects_from_ids(self, project_ids):
+ if not project_ids:
+ return
+ with sql.session_for_write() as session:
+ query = session.query(Project).filter(Project.id.in_(
+ project_ids))
+ project_ids_from_bd = [p['id'] for p in query.all()]
+ for project_id in project_ids:
+ if (project_id not in project_ids_from_bd or
+ project_id == keystone_resource.NULL_DOMAIN_ID):
+ LOG.warning(_LW('Project %s does not exist and was not '
+ 'deleted.') % project_id)
+ query.delete(synchronize_session=False)
class Domain(sql.ModelBase, sql.DictBase):
@@ -239,22 +231,37 @@ class Domain(sql.ModelBase, sql.DictBase):
name = sql.Column(sql.String(64), nullable=False)
enabled = sql.Column(sql.Boolean, default=True, nullable=False)
extra = sql.Column(sql.JsonBlob())
- __table_args__ = (sql.UniqueConstraint('name'), {})
+ __table_args__ = (sql.UniqueConstraint('name'),)
class Project(sql.ModelBase, sql.DictBase):
+ # NOTE(henry-nash): From the manager and above perspective, the domain_id
+ # is nullable. However, to ensure uniqueness in multi-process
+ # configurations, it is better to still use the sql uniqueness constraint.
+ # Since the support for a nullable component of a uniqueness constraint
+ # across different sql databases is mixed, we instead store a special value
+ # to represent null, as defined in NULL_DOMAIN_ID above.
+
+ def to_dict(self, include_extra_dict=False):
+ d = super(Project, self).to_dict(
+ include_extra_dict=include_extra_dict)
+ if d['domain_id'] == keystone_resource.NULL_DOMAIN_ID:
+ d['domain_id'] = None
+ return d
+
__tablename__ = 'project'
attributes = ['id', 'name', 'domain_id', 'description', 'enabled',
'parent_id', 'is_domain']
id = sql.Column(sql.String(64), primary_key=True)
name = sql.Column(sql.String(64), nullable=False)
- domain_id = sql.Column(sql.String(64), sql.ForeignKey('domain.id'),
+ domain_id = sql.Column(sql.String(64), sql.ForeignKey('project.id'),
nullable=False)
description = sql.Column(sql.Text())
enabled = sql.Column(sql.Boolean)
extra = sql.Column(sql.JsonBlob())
parent_id = sql.Column(sql.String(64), sql.ForeignKey('project.id'))
- is_domain = sql.Column(sql.Boolean, default=False, nullable=False)
+ is_domain = sql.Column(sql.Boolean, default=False, nullable=False,
+ server_default='0')
# Unique constraint across two columns to create the separation
# rather than just only 'name' being unique
- __table_args__ = (sql.UniqueConstraint('domain_id', 'name'), {})
+ __table_args__ = (sql.UniqueConstraint('domain_id', 'name'),)