From 920a49cfa055733d575282973e23558c33087a4a Mon Sep 17 00:00:00 2001 From: RHE Date: Fri, 24 Nov 2017 13:54:26 +0100 Subject: remove keystone-moon Change-Id: I80d7c9b669f19d5f6607e162de8e0e55c2f80fdd Signed-off-by: RHE --- .../keystone/resource/backends/__init__.py | 0 keystone-moon/keystone/resource/backends/ldap.py | 217 ----------------- keystone-moon/keystone/resource/backends/sql.py | 267 --------------------- 3 files changed, 484 deletions(-) delete mode 100644 keystone-moon/keystone/resource/backends/__init__.py delete mode 100644 keystone-moon/keystone/resource/backends/ldap.py delete mode 100644 keystone-moon/keystone/resource/backends/sql.py (limited to 'keystone-moon/keystone/resource/backends') diff --git a/keystone-moon/keystone/resource/backends/__init__.py b/keystone-moon/keystone/resource/backends/__init__.py deleted file mode 100644 index e69de29b..00000000 diff --git a/keystone-moon/keystone/resource/backends/ldap.py b/keystone-moon/keystone/resource/backends/ldap.py deleted file mode 100644 index 566adc5d..00000000 --- a/keystone-moon/keystone/resource/backends/ldap.py +++ /dev/null @@ -1,217 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from __future__ import absolute_import - -import uuid - -from oslo_config import cfg -from oslo_log import log -from oslo_log import versionutils - -from keystone.common import clean -from keystone.common import driver_hints -from keystone.common import ldap as common_ldap -from keystone.common import models -from keystone import exception -from keystone.i18n import _ -from keystone.identity.backends import ldap as ldap_identity -from keystone import resource - - -CONF = cfg.CONF -LOG = log.getLogger(__name__) - - -class Resource(resource.ResourceDriverV8): - @versionutils.deprecated( - versionutils.deprecated.LIBERTY, - remove_in=+1, - what='ldap resource') - def __init__(self): - super(Resource, self).__init__() - self.LDAP_URL = CONF.ldap.url - self.LDAP_USER = CONF.ldap.user - self.LDAP_PASSWORD = CONF.ldap.password - self.suffix = CONF.ldap.suffix - - # This is the only deep dependency from resource back to identity. - # This is safe to do since if you are using LDAP for resource, it is - # required that you are using it for identity as well. - self.user = ldap_identity.UserApi(CONF) - - self.project = ProjectApi(CONF) - - def default_assignment_driver(self): - return 'ldap' - - def _set_default_parent_project(self, ref): - """If the parent project ID has not been set, set it to None.""" - if isinstance(ref, dict): - if 'parent_id' not in ref: - ref = dict(ref, parent_id=None) - return ref - elif isinstance(ref, list): - return [self._set_default_parent_project(x) for x in ref] - else: - raise ValueError(_('Expected dict or list: %s') % type(ref)) - - def _set_default_is_domain_project(self, ref): - if isinstance(ref, dict): - return dict(ref, is_domain=False) - elif isinstance(ref, list): - return [self._set_default_is_domain_project(x) for x in ref] - else: - raise ValueError(_('Expected dict or list: %s') % type(ref)) - - def _validate_parent_project_is_none(self, ref): - """If a parent_id different from None was given, - raises InvalidProjectException. - - """ - parent_id = ref.get('parent_id') - if parent_id is not None: - raise exception.InvalidParentProject(parent_id) - - def _validate_is_domain_field_is_false(self, ref): - is_domain = ref.pop('is_domain', None) - if is_domain: - raise exception.ValidationError(_('LDAP does not support projects ' - 'with is_domain flag enabled')) - - def _set_default_attributes(self, project_ref): - project_ref = self._set_default_domain(project_ref) - project_ref = self._set_default_is_domain_project(project_ref) - return self._set_default_parent_project(project_ref) - - def get_project(self, tenant_id): - return self._set_default_attributes( - self.project.get(tenant_id)) - - def list_projects(self, hints): - return self._set_default_attributes( - self.project.get_all_filtered(hints)) - - def list_projects_in_domain(self, domain_id): - # We don't support multiple domains within this driver, so ignore - # any domain specified - return self.list_projects(driver_hints.Hints()) - - def list_projects_in_subtree(self, project_id): - # We don't support projects hierarchy within this driver, so a - # project will never have children - return [] - - def list_project_parents(self, project_id): - # We don't support projects hierarchy within this driver, so a - # project will never have parents - return [] - - def is_leaf_project(self, project_id): - # We don't support projects hierarchy within this driver, so a - # project will always be a root and a leaf at the same time - return True - - def list_projects_from_ids(self, ids): - return [self.get_project(id) for id in ids] - - def list_project_ids_from_domain_ids(self, domain_ids): - # We don't support multiple domains within this driver, so ignore - # any domain specified - return [x.id for x in self.list_projects(driver_hints.Hints())] - - def get_project_by_name(self, tenant_name, domain_id): - self._validate_default_domain_id(domain_id) - return self._set_default_attributes( - self.project.get_by_name(tenant_name)) - - def create_project(self, tenant_id, tenant): - self.project.check_allow_create() - self._validate_parent_project_is_none(tenant) - self._validate_is_domain_field_is_false(tenant) - tenant['name'] = clean.project_name(tenant['name']) - data = tenant.copy() - if 'id' not in data or data['id'] is None: - data['id'] = str(uuid.uuid4().hex) - if 'description' in data and data['description'] in ['', None]: - data.pop('description') - return self._set_default_attributes( - self.project.create(data)) - - def update_project(self, tenant_id, tenant): - self.project.check_allow_update() - tenant = self._validate_default_domain(tenant) - self._validate_is_domain_field_is_false(tenant) - if 'name' in tenant: - tenant['name'] = clean.project_name(tenant['name']) - return self._set_default_attributes( - self.project.update(tenant_id, tenant)) - - def delete_project(self, tenant_id): - self.project.check_allow_delete() - if self.project.subtree_delete_enabled: - self.project.deleteTree(tenant_id) - else: - # The manager layer will call assignments to delete the - # role assignments, so we just have to delete the project itself. - self.project.delete(tenant_id) - - def create_domain(self, domain_id, domain): - if domain_id == CONF.identity.default_domain_id: - msg = _('Duplicate ID, %s.') % domain_id - raise exception.Conflict(type='domain', details=msg) - raise exception.Forbidden(_('Domains are read-only against LDAP')) - - def get_domain(self, domain_id): - self._validate_default_domain_id(domain_id) - return resource.calc_default_domain() - - def update_domain(self, domain_id, domain): - self._validate_default_domain_id(domain_id) - raise exception.Forbidden(_('Domains are read-only against LDAP')) - - def delete_domain(self, domain_id): - self._validate_default_domain_id(domain_id) - raise exception.Forbidden(_('Domains are read-only against LDAP')) - - def list_domains(self, hints): - return [resource.calc_default_domain()] - - def list_domains_from_ids(self, ids): - return [resource.calc_default_domain()] - - def get_domain_by_name(self, domain_name): - default_domain = resource.calc_default_domain() - if domain_name != default_domain['name']: - raise exception.DomainNotFound(domain_id=domain_name) - return default_domain - - -# TODO(termie): turn this into a data object and move logic to driver -class ProjectApi(common_ldap.ProjectLdapStructureMixin, - common_ldap.EnabledEmuMixIn, common_ldap.BaseLdap): - - model = models.Project - - def create(self, values): - data = values.copy() - if data.get('id') is None: - data['id'] = uuid.uuid4().hex - return super(ProjectApi, self).create(data) - - def update(self, project_id, values): - old_obj = self.get(project_id) - return super(ProjectApi, self).update(project_id, values, old_obj) - - def get_all_filtered(self, hints): - query = self.filter_query(hints) - return super(ProjectApi, self).get_all(query) diff --git a/keystone-moon/keystone/resource/backends/sql.py b/keystone-moon/keystone/resource/backends/sql.py deleted file mode 100644 index 39bb4f3b..00000000 --- a/keystone-moon/keystone/resource/backends/sql.py +++ /dev/null @@ -1,267 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from oslo_log import log - -from keystone.common import clean -from keystone.common import driver_hints -from keystone.common import sql -from keystone import exception -from keystone.i18n import _LE, _LW -from keystone import resource as keystone_resource - - -LOG = log.getLogger(__name__) - - -class Resource(keystone_resource.ResourceDriverV9): - - def default_assignment_driver(self): - return 'sql' - - def _encode_domain_id(self, ref): - if 'domain_id' in ref and ref['domain_id'] is None: - new_ref = ref.copy() - new_ref['domain_id'] = keystone_resource.NULL_DOMAIN_ID - return new_ref - else: - return ref - - def _is_hidden_ref(self, ref): - return ref.id == keystone_resource.NULL_DOMAIN_ID - - def _get_project(self, session, project_id): - project_ref = session.query(Project).get(project_id) - if project_ref is None or self._is_hidden_ref(project_ref): - raise exception.ProjectNotFound(project_id=project_id) - return project_ref - - def get_project(self, project_id): - with sql.session_for_read() as session: - return self._get_project(session, project_id).to_dict() - - def get_project_by_name(self, project_name, domain_id): - with sql.session_for_read() as session: - query = session.query(Project) - query = query.filter_by(name=project_name) - if domain_id is None: - query = query.filter_by( - domain_id=keystone_resource.NULL_DOMAIN_ID) - else: - query = query.filter_by(domain_id=domain_id) - try: - project_ref = query.one() - except sql.NotFound: - raise exception.ProjectNotFound(project_id=project_name) - - if self._is_hidden_ref(project_ref): - raise exception.ProjectNotFound(project_id=project_name) - return project_ref.to_dict() - - @driver_hints.truncated - def list_projects(self, hints): - # If there is a filter on domain_id and the value is None, then to - # ensure that the sql filtering works correctly, we need to patch - # the value to be NULL_DOMAIN_ID. This is safe to do here since we - # know we are able to satisfy any filter of this type in the call to - # filter_limit_query() below, which will remove the filter from the - # hints (hence ensuring our substitution is not exposed to the caller). - for f in hints.filters: - if (f['name'] == 'domain_id' and f['value'] is None): - f['value'] = keystone_resource.NULL_DOMAIN_ID - with sql.session_for_read() as session: - query = session.query(Project) - project_refs = sql.filter_limit_query(Project, query, hints) - return [project_ref.to_dict() for project_ref in project_refs - if not self._is_hidden_ref(project_ref)] - - def list_projects_from_ids(self, ids): - if not ids: - return [] - else: - with sql.session_for_read() as session: - query = session.query(Project) - query = query.filter(Project.id.in_(ids)) - return [project_ref.to_dict() for project_ref in query.all() - if not self._is_hidden_ref(project_ref)] - - def list_project_ids_from_domain_ids(self, domain_ids): - if not domain_ids: - return [] - else: - with sql.session_for_read() as session: - query = session.query(Project.id) - query = ( - query.filter(Project.domain_id.in_(domain_ids))) - return [x.id for x in query.all() - if not self._is_hidden_ref(x)] - - def list_projects_in_domain(self, domain_id): - with sql.session_for_read() as session: - try: - self._get_project(session, domain_id) - except exception.ProjectNotFound: - raise exception.DomainNotFound(domain_id=domain_id) - query = session.query(Project) - project_refs = query.filter(Project.domain_id == domain_id) - return [project_ref.to_dict() for project_ref in project_refs] - - def list_projects_acting_as_domain(self, hints): - hints.add_filter('is_domain', True) - return self.list_projects(hints) - - def _get_children(self, session, project_ids, domain_id=None): - query = session.query(Project) - query = query.filter(Project.parent_id.in_(project_ids)) - project_refs = query.all() - return [project_ref.to_dict() for project_ref in project_refs] - - def list_projects_in_subtree(self, project_id): - with sql.session_for_read() as session: - children = self._get_children(session, [project_id]) - subtree = [] - examined = set([project_id]) - while children: - children_ids = set() - for ref in children: - if ref['id'] in examined: - msg = _LE('Circular reference or a repeated ' - 'entry found in projects hierarchy - ' - '%(project_id)s.') - LOG.error(msg, {'project_id': ref['id']}) - return - children_ids.add(ref['id']) - - examined.update(children_ids) - subtree += children - children = self._get_children(session, children_ids) - return subtree - - def list_project_parents(self, project_id): - with sql.session_for_read() as session: - project = self._get_project(session, project_id).to_dict() - parents = [] - examined = set() - while project.get('parent_id') is not None: - if project['id'] in examined: - msg = _LE('Circular reference or a repeated ' - 'entry found in projects hierarchy - ' - '%(project_id)s.') - LOG.error(msg, {'project_id': project['id']}) - return - - examined.add(project['id']) - parent_project = self._get_project( - session, project['parent_id']).to_dict() - parents.append(parent_project) - project = parent_project - return parents - - def is_leaf_project(self, project_id): - with sql.session_for_read() as session: - project_refs = self._get_children(session, [project_id]) - return not project_refs - - # CRUD - @sql.handle_conflicts(conflict_type='project') - def create_project(self, project_id, project): - project['name'] = clean.project_name(project['name']) - new_project = self._encode_domain_id(project) - with sql.session_for_write() as session: - project_ref = Project.from_dict(new_project) - session.add(project_ref) - return project_ref.to_dict() - - @sql.handle_conflicts(conflict_type='project') - def update_project(self, project_id, project): - if 'name' in project: - project['name'] = clean.project_name(project['name']) - - update_project = self._encode_domain_id(project) - with sql.session_for_write() as session: - project_ref = self._get_project(session, project_id) - old_project_dict = project_ref.to_dict() - for k in update_project: - old_project_dict[k] = update_project[k] - # When we read the old_project_dict, any "null" domain_id will have - # been decoded, so we need to re-encode it - old_project_dict = self._encode_domain_id(old_project_dict) - new_project = Project.from_dict(old_project_dict) - for attr in Project.attributes: - if attr != 'id': - setattr(project_ref, attr, getattr(new_project, attr)) - project_ref.extra = new_project.extra - return project_ref.to_dict(include_extra_dict=True) - - @sql.handle_conflicts(conflict_type='project') - def delete_project(self, project_id): - with sql.session_for_write() as session: - project_ref = self._get_project(session, project_id) - session.delete(project_ref) - - @sql.handle_conflicts(conflict_type='project') - def delete_projects_from_ids(self, project_ids): - if not project_ids: - return - with sql.session_for_write() as session: - query = session.query(Project).filter(Project.id.in_( - project_ids)) - project_ids_from_bd = [p['id'] for p in query.all()] - for project_id in project_ids: - if (project_id not in project_ids_from_bd or - project_id == keystone_resource.NULL_DOMAIN_ID): - LOG.warning(_LW('Project %s does not exist and was not ' - 'deleted.') % project_id) - query.delete(synchronize_session=False) - - -class Domain(sql.ModelBase, sql.DictBase): - __tablename__ = 'domain' - attributes = ['id', 'name', 'enabled'] - id = sql.Column(sql.String(64), primary_key=True) - name = sql.Column(sql.String(64), nullable=False) - enabled = sql.Column(sql.Boolean, default=True, nullable=False) - extra = sql.Column(sql.JsonBlob()) - __table_args__ = (sql.UniqueConstraint('name'),) - - -class Project(sql.ModelBase, sql.DictBase): - # NOTE(henry-nash): From the manager and above perspective, the domain_id - # is nullable. However, to ensure uniqueness in multi-process - # configurations, it is better to still use the sql uniqueness constraint. - # Since the support for a nullable component of a uniqueness constraint - # across different sql databases is mixed, we instead store a special value - # to represent null, as defined in NULL_DOMAIN_ID above. - - def to_dict(self, include_extra_dict=False): - d = super(Project, self).to_dict( - include_extra_dict=include_extra_dict) - if d['domain_id'] == keystone_resource.NULL_DOMAIN_ID: - d['domain_id'] = None - return d - - __tablename__ = 'project' - attributes = ['id', 'name', 'domain_id', 'description', 'enabled', - 'parent_id', 'is_domain'] - id = sql.Column(sql.String(64), primary_key=True) - name = sql.Column(sql.String(64), nullable=False) - domain_id = sql.Column(sql.String(64), sql.ForeignKey('project.id'), - nullable=False) - description = sql.Column(sql.Text()) - enabled = sql.Column(sql.Boolean) - extra = sql.Column(sql.JsonBlob()) - parent_id = sql.Column(sql.String(64), sql.ForeignKey('project.id')) - is_domain = sql.Column(sql.Boolean, default=False, nullable=False, - server_default='0') - # Unique constraint across two columns to create the separation - # rather than just only 'name' being unique - __table_args__ = (sql.UniqueConstraint('domain_id', 'name'),) -- cgit 1.2.3-korg