diff --git a/mistral/db/sqlalchemy/model_base.py b/mistral/db/sqlalchemy/model_base.py index cb37ab1f9..0f32c6bbc 100644 --- a/mistral/db/sqlalchemy/model_base.py +++ b/mistral/db/sqlalchemy/model_base.py @@ -23,7 +23,7 @@ from sqlalchemy import event from sqlalchemy.ext import declarative from sqlalchemy.orm import attributes -from mistral.db import v2 as db_base +from mistral.services import security def _generate_unicode_uuid(): @@ -90,11 +90,11 @@ class MistralSecureModelBase(MistralModelBase): __abstract__ = True scope = sa.Column(sa.String(80), default='private') - project_id = sa.Column(sa.String(80), default=db_base.get_project_id) + project_id = sa.Column(sa.String(80), default=security.get_project_id) def _set_project_id(target, value, oldvalue, initiator): - return db_base.get_project_id() + return security.get_project_id() def register_secure_model_hooks(): diff --git a/mistral/db/v2/__init__.py b/mistral/db/v2/__init__.py index 691a8c4fe..e69de29bb 100644 --- a/mistral/db/v2/__init__.py +++ b/mistral/db/v2/__init__.py @@ -1,32 +0,0 @@ -# Copyright 2014 - Mirantis, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -from oslo.config import cfg - -from mistral import context as auth_context - - -# Make sure to import 'auth_enable' option before using it. -cfg.CONF.import_opt('auth_enable', 'mistral.config', group='pecan') - - -CONF = cfg.CONF -DEFAULT_PROJECT_ID = "" - - -def get_project_id(): - if CONF.pecan.auth_enable and auth_context.has_ctx(): - return auth_context.ctx().project_id - else: - return DEFAULT_PROJECT_ID diff --git a/mistral/db/v2/sqlalchemy/api.py b/mistral/db/v2/sqlalchemy/api.py index 909b9c482..c352130dc 100644 --- a/mistral/db/v2/sqlalchemy/api.py +++ b/mistral/db/v2/sqlalchemy/api.py @@ -21,11 +21,10 @@ from oslo.db import exception as db_exc import sqlalchemy as sa from mistral.db.sqlalchemy import base as b -from mistral.db import v2 as db_base from mistral.db.v2.sqlalchemy import models from mistral import exceptions as exc from mistral.openstack.common import log as logging - +from mistral.services import security CONF = cfg.CONF LOG = logging.getLogger(__name__) @@ -94,7 +93,7 @@ def _get_collection_sorted_by_name(model, **kwargs): query = b.model_query(model) proj = query.filter_by( - project_id=db_base.get_project_id(), + project_id=security.get_project_id(), **kwargs ) public = query.filter_by(scope='public', **kwargs) @@ -106,7 +105,7 @@ def _get_collection_sorted_by_time(model, **kwargs): query = b.model_query(model) return query.filter_by( - project_id=db_base.get_project_id(), + project_id=security.get_project_id(), **kwargs ).order_by(model.created_at).all() @@ -114,7 +113,7 @@ def _get_collection_sorted_by_time(model, **kwargs): def _get_db_object_by_name(model, name): query = b.model_query(model) - private = query.filter_by(name=name, project_id=db_base.get_project_id()) + private = query.filter_by(name=name, project_id=security.get_project_id()) public = query.filter_by(name=name, scope='public') return private.union(public).first() @@ -123,7 +122,7 @@ def _get_db_object_by_name(model, name): def _get_db_object_by_id(model, id): query = b.model_query(model) - return query.filter_by(id=id, project_id=db_base.get_project_id()).first() + return query.filter_by(id=id, project_id=security.get_project_id()).first() # Workbooks. diff --git a/mistral/engine1/default_engine.py b/mistral/engine1/default_engine.py index 03908ef9d..15544eb12 100644 --- a/mistral/engine1/default_engine.py +++ b/mistral/engine1/default_engine.py @@ -16,7 +16,6 @@ import copy from oslo.config import cfg -from mistral.db import v2 as db_base from mistral.db.v2 import api as db_api from mistral.engine1 import base from mistral.engine1 import commands @@ -194,7 +193,6 @@ class DefaultEngine(base.Engine): 'output': {}, 'context': copy.copy(wf_input) or {}, 'parent_task_id': params.get('parent_task_id'), - 'project_id': db_base.get_project_id() }) data_flow.add_openstack_data_to_context(wf_db, exec_db.context) diff --git a/mistral/services/actions.py b/mistral/services/actions.py index 1b3858816..8850209e0 100644 --- a/mistral/services/actions.py +++ b/mistral/services/actions.py @@ -1,4 +1,4 @@ -# Copyright 2013 - Mirantis, Inc. +# Copyright 2015 - Mirantis, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,7 +14,6 @@ from mistral.db.v2 import api as db_api from mistral import exceptions as exc -from mistral.services import security from mistral.workbook import parser as spec_parser @@ -80,6 +79,4 @@ def _get_action_values(action_spec, definition, scope): 'scope': scope } - security.add_project_id(values, scope) - return values diff --git a/mistral/services/security.py b/mistral/services/security.py index e6ed045d8..04b5c8c79 100644 --- a/mistral/services/security.py +++ b/mistral/services/security.py @@ -16,17 +16,31 @@ from oslo.config import cfg -from mistral import context +from mistral import context as auth_ctx from mistral.utils.openstack import keystone CONF = cfg.CONF +# Make sure to import 'auth_enable' option before using it. +# TODO(rakhmerov): Try to find a better solution. +CONF.import_opt('auth_enable', 'mistral.config', group='pecan') + + +DEFAULT_PROJECT_ID = "" + + +def get_project_id(): + if CONF.pecan.auth_enable and auth_ctx.has_ctx(): + return auth_ctx.ctx().project_id + else: + return DEFAULT_PROJECT_ID + def create_trust(): client = keystone.client() - ctx = context.ctx() + ctx = auth_ctx.ctx() trustee_id = keystone.client_for_admin( CONF.keystone_authtoken.admin_tenant_name).user_id @@ -53,13 +67,13 @@ def create_context(trust_id, project_id): if CONF.pecan.auth_enable: client = keystone.client_for_trusts(trust_id) - return context.MistralContext( + return auth_ctx.MistralContext( user_id=client.user_id, project_id=project_id, auth_token=client.auth_token ) - return context.MistralContext( + return auth_ctx.MistralContext( user_id=None, project_id=None, auth_token=None, @@ -75,13 +89,6 @@ def delete_trust(workbook): keystone_client.trusts.delete(workbook.trust_id) -def add_project_id(secure_object_values, scope='private'): - if cfg.CONF.pecan.auth_enable and scope == 'private': - secure_object_values.update({ - 'project_id': context.ctx().project_id - }) - - def add_trust_id(secure_object_values): if cfg.CONF.pecan.auth_enable: secure_object_values.update({ diff --git a/mistral/services/triggers.py b/mistral/services/triggers.py index e4616b5b8..b6fc2b3b0 100644 --- a/mistral/services/triggers.py +++ b/mistral/services/triggers.py @@ -17,7 +17,6 @@ import datetime from mistral.db.v1 import api as db_api_v1 from mistral.db.v2 import api as db_api_v2 -from mistral.services import security from mistral.workbook import parser as spec_parser @@ -100,8 +99,6 @@ def create_cron_trigger(name, pattern, workflow_name, workflow_input, 'scope': 'private' } - security.add_project_id(values) - trig = db_api_v2.create_cron_trigger(values) return trig diff --git a/mistral/services/workbooks.py b/mistral/services/workbooks.py index 1f8373548..4b9f8be6a 100644 --- a/mistral/services/workbooks.py +++ b/mistral/services/workbooks.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # -# Copyright 2013 - Mirantis, Inc. +# Copyright 2015 - Mirantis, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,8 +22,6 @@ from mistral.workbook import parser as spec_parser def create_workbook_v1(values, scope='private'): - security.add_project_id(values, scope) - return db_api_v1.workbook_create(values) @@ -115,6 +113,4 @@ def _get_workbook_values(wb_spec, definition, scope): 'scope': scope } - security.add_project_id(values, scope) - return values diff --git a/mistral/services/workflows.py b/mistral/services/workflows.py index bf37d4892..ee49e103b 100644 --- a/mistral/services/workflows.py +++ b/mistral/services/workflows.py @@ -70,7 +70,6 @@ def _get_workflow_values(wf_spec, definition, scope): 'scope': scope } - security.add_project_id(values, scope) security.add_trust_id(values) return values diff --git a/mistral/tests/unit/api/v1/controllers/test_workbooks.py b/mistral/tests/unit/api/v1/controllers/test_workbooks.py index 03d64d1f4..25600c3d2 100644 --- a/mistral/tests/unit/api/v1/controllers/test_workbooks.py +++ b/mistral/tests/unit/api/v1/controllers/test_workbooks.py @@ -79,8 +79,6 @@ class TestWorkbooksController(base.FunctionalTest): @mock.patch.object(db_api, "workbook_create", mock.MagicMock(side_effect=exceptions.DBDuplicateEntry)) - @mock.patch("mistral.services.security.add_project_id", - mock.MagicMock(return_value=None)) def test_post_dup(self): resp = self.app.post_json('/v1/workbooks', WORKBOOKS[0], expect_errors=True) diff --git a/mistral/tests/unit/db/v2/test_sqlalchemy_db_api.py b/mistral/tests/unit/db/v2/test_sqlalchemy_db_api.py index 154c7f9f0..06a50fa68 100644 --- a/mistral/tests/unit/db/v2/test_sqlalchemy_db_api.py +++ b/mistral/tests/unit/db/v2/test_sqlalchemy_db_api.py @@ -21,9 +21,9 @@ import datetime from oslo.config import cfg from mistral import context as auth_context -from mistral.db import v2 as db_base from mistral.db.v2.sqlalchemy import api as db_api from mistral import exceptions as exc +from mistral.services import security from mistral.tests import base as test_base @@ -335,8 +335,8 @@ class WorkflowTest(SQLAlchemyTest): fetched0 = db_api.load_workflow(created0.name) fetched1 = db_api.load_workflow(created1.name) - self.assertEqual(db_base.get_project_id(), fetched0.project_id) - self.assertEqual(db_base.get_project_id(), fetched1.project_id) + self.assertEqual(security.get_project_id(), fetched0.project_id) + self.assertEqual(security.get_project_id(), fetched1.project_id) fetched = db_api.get_workflows()