Disentangle domain context from effective domain

Since the existence of a domain token was equivalent with having
selected a domain context with Keystone V2, some code confuses the
two. This is no longer true for Kestone V3, so we have to separate
the two concepts and use domain context when we mean the domain
context.

Close-bug: #1661537

Change-Id: Ifa66d8c397e34d16a4534e7216eb11c752699505
(cherry picked from commit 8b839938bc)
This commit is contained in:
Radomir Dopieralski 2017-02-01 15:23:34 +01:00 committed by Richard Jones
parent bef9bfe05a
commit 1227d3eb14
10 changed files with 49 additions and 25 deletions

View File

@ -28,6 +28,7 @@ from openstack_dashboard.dashboards.identity.domains \
import tables as project_tables
from openstack_dashboard.dashboards.identity.domains \
import workflows as project_workflows
from openstack_dashboard.utils import identity
class IndexView(tables.DataTableView):
@ -37,7 +38,7 @@ class IndexView(tables.DataTableView):
def get_data(self):
domains = []
domain_id = api.keystone.get_effective_domain_id(self.request)
domain_id = identity.get_domain_id_for_operation(self.request)
if policy.check((("identity", "identity:list_domains"),),
self.request):

View File

@ -21,6 +21,7 @@ from horizon import forms
from horizon import messages
from openstack_dashboard import api
from openstack_dashboard.utils import identity as identity_utils
LOG = logging.getLogger(__name__)
@ -36,10 +37,10 @@ class CreateGroupForm(forms.SelfHandlingForm):
def handle(self, request, data):
try:
LOG.info('Creating group with name "%s"' % data['name'])
domain_context = api.keystone.get_effective_domain_id(request)
api.keystone.group_create(
request,
domain_id=domain_context,
domain_id=identity_utils.get_domain_id_for_operation(
self.request),
name=data['name'],
description=data['description'])
messages.success(request,

View File

@ -49,8 +49,6 @@ class GroupsViewTests(test.BaseAdminViewTests):
domain_id = self._get_domain_id()
groups = self._get_groups(domain_id)
filters = {}
domain = self.domains.get(id="1")
api.keystone.domain_get(IsA(http.HttpRequest), '1').AndReturn(domain)
api.keystone.group_list(IgnoreArg(),
domain=domain_id,
filters=filters) \
@ -79,8 +77,6 @@ class GroupsViewTests(test.BaseAdminViewTests):
domain_context_name=domain.name)
groups = self._get_groups(domain.id)
api.keystone.get_effective_domain_id(IgnoreArg()).AndReturn(domain.id)
api.keystone.group_list(IsA(http.HttpRequest),
domain=domain.id,
filters=filters).AndReturn(groups)
@ -105,9 +101,7 @@ class GroupsViewTests(test.BaseAdminViewTests):
def test_index_with_keystone_can_edit_group_false(self):
domain_id = self._get_domain_id()
groups = self._get_groups(domain_id)
domain = self.domains.get(id="1")
filters = {}
api.keystone.domain_get(IsA(http.HttpRequest), '1').AndReturn(domain)
api.keystone.group_list(IgnoreArg(),
domain=domain_id,
filters=filters) \
@ -204,8 +198,6 @@ class GroupsViewTests(test.BaseAdminViewTests):
filters = {}
group = self.groups.get(id="2")
domain = self.domains.get(id="1")
api.keystone.domain_get(IsA(http.HttpRequest), '1').AndReturn(domain)
api.keystone.group_list(IgnoreArg(),
domain=domain_id,
filters=filters) \

View File

@ -31,6 +31,7 @@ from openstack_dashboard.dashboards.identity.groups \
import forms as project_forms
from openstack_dashboard.dashboards.identity.groups \
import tables as project_tables
from openstack_dashboard.utils import identity
class IndexView(tables.DataTableView):
@ -58,8 +59,7 @@ class IndexView(tables.DataTableView):
self._needs_filter_first = True
return groups
domain_id = api.keystone.get_effective_domain_id(self.request)
domain_id = identity.get_domain_id_for_operation(self.request)
try:
groups = api.keystone.group_list(self.request,
domain=domain_id,
@ -125,7 +125,7 @@ class GroupManageMixin(object):
@memoized.memoized_method
def _get_group_members(self):
group_id = self.kwargs['group_id']
domain_id = api.keystone.get_effective_domain_id(self.request)
domain_id = identity.get_domain_id_for_operation(self.request)
return api.keystone.user_list(self.request, domain=domain_id,
group=group_id)

View File

@ -49,7 +49,6 @@ class TenantsViewTests(test.BaseAdminViewTests):
def test_index(self):
domain = self.domains.get(id="1")
filters = {}
api.keystone.domain_get(IsA(http.HttpRequest), '1').AndReturn(domain)
api.keystone.tenant_list(IsA(http.HttpRequest),
domain=None,
paginate=True,
@ -79,8 +78,6 @@ class TenantsViewTests(test.BaseAdminViewTests):
domain_tenants = [tenant for tenant in self.tenants.list()
if tenant.domain_id == domain.id]
api.keystone.get_effective_domain_id(IgnoreArg()).AndReturn(domain.id)
api.keystone.tenant_list(IsA(http.HttpRequest),
domain=domain.id,
paginate=True,

View File

@ -39,6 +39,7 @@ from openstack_dashboard.dashboards.identity.projects \
import workflows as project_workflows
from openstack_dashboard.dashboards.project.overview \
import views as project_views
from openstack_dashboard.utils import identity
PROJECT_INFO_FIELDS = ("domain_id",
"domain_name",
@ -99,11 +100,11 @@ class IndexView(tables.DataTableView):
self._more = False
return tenants
domain_context = api.keystone.get_effective_domain_id(self.request)
domain_id = identity.get_domain_id_for_operation(self.request)
try:
tenants, self._more = api.keystone.tenant_list(
self.request,
domain=domain_context,
domain=domain_id,
paginate=True,
filters=filters,
marker=marker)

View File

@ -35,6 +35,7 @@ from openstack_dashboard.api import cinder
from openstack_dashboard.api import keystone
from openstack_dashboard.api import nova
from openstack_dashboard.usage import quotas
from openstack_dashboard.utils import identity as identity
LOG = logging.getLogger(__name__)
@ -677,7 +678,7 @@ class UpdateProject(CommonQuotaWorkflow):
def _update_project(self, request, data):
"""Update project info"""
domain_id = api.keystone.get_effective_domain_id(self.request)
domain_id = identity.get_domain_id_for_operation(request)
try:
project_id = data['project_id']

View File

@ -57,13 +57,15 @@ class UsersViewTests(test.BaseAdminViewTests):
@test.create_stubs({api.keystone: ('user_list',
'get_effective_domain_id',
'domain_lookup')})
def test_index(self):
def test_index(self, with_domain=False):
domain = self._get_default_domain()
domain_id = domain.id
filters = {}
users = self._get_users(domain_id)
api.keystone.get_effective_domain_id(IgnoreArg()).AndReturn(domain_id)
if not with_domain:
api.keystone.get_effective_domain_id(
IgnoreArg()).AndReturn(domain_id)
api.keystone.user_list(IgnoreArg(),
domain=domain_id,
@ -84,7 +86,7 @@ class UsersViewTests(test.BaseAdminViewTests):
domain = self.domains.get(id="1")
self.setSessionValues(domain_context=domain.id,
domain_context_name=domain.name)
self.test_index()
self.test_index(with_domain=True)
@override_settings(USER_TABLE_EXTRA_INFO={'phone_num': 'Phone Number'})
@test.create_stubs({api.keystone: ('user_create',

View File

@ -40,6 +40,7 @@ from openstack_dashboard.dashboards.identity.users \
import forms as project_forms
from openstack_dashboard.dashboards.identity.users \
import tables as project_tables
from openstack_dashboard.utils import identity
LOG = logging.getLogger(__name__)
@ -69,10 +70,10 @@ class IndexView(tables.DataTableView):
self._needs_filter_first = True
return users
domain_context = api.keystone.get_effective_domain_id(self.request)
domain_id = identity.get_domain_id_for_operation(self.request)
try:
users = api.keystone.user_list(self.request,
domain=domain_context,
domain=domain_id,
filters=filters)
except Exception:
exceptions.handle(self.request,

View File

@ -0,0 +1,28 @@
# Copyright 2017 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from openstack_dashboard import api
def get_domain_id_for_operation(request):
"""Get the ID of the domain in which the current operation should happen.
If the user has a domain context set, use that, otherwise use the user's
effective domain.
"""
domain_context = request.session.get('domain_context')
if domain_context:
return domain_context
return api.keystone.get_effective_domain_id(request)