diff options
Diffstat (limited to 'keystone-moon/keystone/trust/backends/sql.py')
-rw-r--r-- | keystone-moon/keystone/trust/backends/sql.py | 78 |
1 files changed, 40 insertions, 38 deletions
diff --git a/keystone-moon/keystone/trust/backends/sql.py b/keystone-moon/keystone/trust/backends/sql.py index a017056b..cb8446b3 100644 --- a/keystone-moon/keystone/trust/backends/sql.py +++ b/keystone-moon/keystone/trust/backends/sql.py @@ -14,7 +14,6 @@ import time -from oslo_log import log from oslo_utils import timeutils from six.moves import range @@ -23,7 +22,6 @@ from keystone import exception from keystone import trust -LOG = log.getLogger(__name__) # The maximum number of iterations that will be attempted for optimistic # locking on consuming a limited-use trust. MAXIMUM_CONSUME_ATTEMPTS = 10 @@ -45,6 +43,10 @@ class TrustModel(sql.ModelBase, sql.DictBase): expires_at = sql.Column(sql.DateTime) remaining_uses = sql.Column(sql.Integer, nullable=True) extra = sql.Column(sql.JsonBlob()) + __table_args__ = (sql.UniqueConstraint( + 'trustor_user_id', 'trustee_user_id', 'project_id', + 'impersonation', 'expires_at', + name='duplicate_trust_constraint'),) class TrustRole(sql.ModelBase): @@ -57,7 +59,7 @@ class TrustRole(sql.ModelBase): class Trust(trust.TrustDriverV8): @sql.handle_conflicts(conflict_type='trust') def create_trust(self, trust_id, trust, roles): - with sql.transaction() as session: + with sql.session_for_write() as session: ref = TrustModel.from_dict(trust) ref['id'] = trust_id if ref.get('expires_at') and ref['expires_at'].tzinfo is not None: @@ -70,9 +72,9 @@ class Trust(trust.TrustDriverV8): trust_role.role_id = role['id'] added_roles.append({'id': role['id']}) session.add(trust_role) - trust_dict = ref.to_dict() - trust_dict['roles'] = added_roles - return trust_dict + trust_dict = ref.to_dict() + trust_dict['roles'] = added_roles + return trust_dict def _add_roles(self, trust_id, session, trust_dict): roles = [] @@ -84,7 +86,7 @@ class Trust(trust.TrustDriverV8): def consume_use(self, trust_id): for attempt in range(MAXIMUM_CONSUME_ATTEMPTS): - with sql.transaction() as session: + with sql.session_for_write() as session: try: query_result = (session.query(TrustModel.remaining_uses). filter_by(id=trust_id). @@ -130,51 +132,51 @@ class Trust(trust.TrustDriverV8): raise exception.TrustConsumeMaximumAttempt(trust_id=trust_id) def get_trust(self, trust_id, deleted=False): - session = sql.get_session() - query = session.query(TrustModel).filter_by(id=trust_id) - if not deleted: - query = query.filter_by(deleted_at=None) - ref = query.first() - if ref is None: - raise exception.TrustNotFound(trust_id=trust_id) - if ref.expires_at is not None and not deleted: - now = timeutils.utcnow() - if now > ref.expires_at: + with sql.session_for_read() as session: + query = session.query(TrustModel).filter_by(id=trust_id) + if not deleted: + query = query.filter_by(deleted_at=None) + ref = query.first() + if ref is None: raise exception.TrustNotFound(trust_id=trust_id) - # Do not return trusts that can't be used anymore - if ref.remaining_uses is not None and not deleted: - if ref.remaining_uses <= 0: - raise exception.TrustNotFound(trust_id=trust_id) - trust_dict = ref.to_dict() + if ref.expires_at is not None and not deleted: + now = timeutils.utcnow() + if now > ref.expires_at: + raise exception.TrustNotFound(trust_id=trust_id) + # Do not return trusts that can't be used anymore + if ref.remaining_uses is not None and not deleted: + if ref.remaining_uses <= 0: + raise exception.TrustNotFound(trust_id=trust_id) + trust_dict = ref.to_dict() - self._add_roles(trust_id, session, trust_dict) - return trust_dict + self._add_roles(trust_id, session, trust_dict) + return trust_dict @sql.handle_conflicts(conflict_type='trust') def list_trusts(self): - session = sql.get_session() - trusts = session.query(TrustModel).filter_by(deleted_at=None) - return [trust_ref.to_dict() for trust_ref in trusts] + with sql.session_for_read() as session: + trusts = session.query(TrustModel).filter_by(deleted_at=None) + return [trust_ref.to_dict() for trust_ref in trusts] @sql.handle_conflicts(conflict_type='trust') def list_trusts_for_trustee(self, trustee_user_id): - session = sql.get_session() - trusts = (session.query(TrustModel). - filter_by(deleted_at=None). - filter_by(trustee_user_id=trustee_user_id)) - return [trust_ref.to_dict() for trust_ref in trusts] + with sql.session_for_read() as session: + trusts = (session.query(TrustModel). + filter_by(deleted_at=None). + filter_by(trustee_user_id=trustee_user_id)) + return [trust_ref.to_dict() for trust_ref in trusts] @sql.handle_conflicts(conflict_type='trust') def list_trusts_for_trustor(self, trustor_user_id): - session = sql.get_session() - trusts = (session.query(TrustModel). - filter_by(deleted_at=None). - filter_by(trustor_user_id=trustor_user_id)) - return [trust_ref.to_dict() for trust_ref in trusts] + with sql.session_for_read() as session: + trusts = (session.query(TrustModel). + filter_by(deleted_at=None). + filter_by(trustor_user_id=trustor_user_id)) + return [trust_ref.to_dict() for trust_ref in trusts] @sql.handle_conflicts(conflict_type='trust') def delete_trust(self, trust_id): - with sql.transaction() as session: + with sql.session_for_write() as session: trust_ref = session.query(TrustModel).get(trust_id) if not trust_ref: raise exception.TrustNotFound(trust_id=trust_id) |