1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
|
# Copyright 2013 OpenStack Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
"""Main entry point into the Credentials service."""
import abc
from oslo_config import cfg
from oslo_log import log
import six
from keystone.common import dependency
from keystone.common import driver_hints
from keystone.common import manager
from keystone import exception
CONF = cfg.CONF
LOG = log.getLogger(__name__)
@dependency.provider('credential_api')
class Manager(manager.Manager):
"""Default pivot point for the Credential backend.
See :mod:`keystone.common.manager.Manager` for more details on how this
dynamically calls the backend.
"""
def __init__(self):
super(Manager, self).__init__(CONF.credential.driver)
@manager.response_truncated
def list_credentials(self, hints=None):
return self.driver.list_credentials(hints or driver_hints.Hints())
@six.add_metaclass(abc.ABCMeta)
class Driver(object):
# credential crud
@abc.abstractmethod
def create_credential(self, credential_id, credential):
"""Creates a new credential.
:raises: keystone.exception.Conflict
"""
raise exception.NotImplemented() # pragma: no cover
@abc.abstractmethod
def list_credentials(self, hints):
"""List all credentials.
:param hints: contains the list of filters yet to be satisfied.
Any filters satisfied here will be removed so that
the caller will know if any filters remain.
:returns: a list of credential_refs or an empty list.
"""
raise exception.NotImplemented() # pragma: no cover
@abc.abstractmethod
def list_credentials_for_user(self, user_id):
"""List credentials for a user.
:param user_id: ID of a user to filter credentials by.
:returns: a list of credential_refs or an empty list.
"""
raise exception.NotImplemented() # pragma: no cover
@abc.abstractmethod
def get_credential(self, credential_id):
"""Get a credential by ID.
:returns: credential_ref
:raises: keystone.exception.CredentialNotFound
"""
raise exception.NotImplemented() # pragma: no cover
@abc.abstractmethod
def update_credential(self, credential_id, credential):
"""Updates an existing credential.
:raises: keystone.exception.CredentialNotFound,
keystone.exception.Conflict
"""
raise exception.NotImplemented() # pragma: no cover
@abc.abstractmethod
def delete_credential(self, credential_id):
"""Deletes an existing credential.
:raises: keystone.exception.CredentialNotFound
"""
raise exception.NotImplemented() # pragma: no cover
@abc.abstractmethod
def delete_credentials_for_project(self, project_id):
"""Deletes all credentials for a project."""
self._delete_credentials(lambda cr: cr['project_id'] == project_id)
@abc.abstractmethod
def delete_credentials_for_user(self, user_id):
"""Deletes all credentials for a user."""
self._delete_credentials(lambda cr: cr['user_id'] == user_id)
def _delete_credentials(self, match_fn):
"""Do the actual credential deletion work (default implementation).
:param match_fn: function that takes a credential dict as the
parameter and returns true or false if the
identifier matches the credential dict.
"""
for cr in self.list_credentials():
if match_fn(cr):
try:
self.credential_api.delete_credential(cr['id'])
except exception.CredentialNotFound:
LOG.debug('Deletion of credential is not required: %s',
cr['id'])
|