From ba14a45ba9af982bfe77081d9121fcd8d5ee6b42 Mon Sep 17 00:00:00 2001 From: Adrian Turjak Date: Fri, 1 Feb 2019 13:05:50 +1300 Subject: [PATCH] Fixed some unneeded domain_id handling When you are acting on a user or project with an id there is no need for a domain_id as well, since IDs are unique across all domains. Names are not. Change-Id: Ib49ac4d3e1d3e0869195a67ecc922aae24e2a44e --- adjutant/actions/v1/base.py | 14 +++++++++----- adjutant/actions/v1/resources.py | 9 +-------- adjutant/actions/v1/serializers.py | 1 - adjutant/actions/v1/users.py | 7 +++---- 4 files changed, 13 insertions(+), 18 deletions(-) diff --git a/adjutant/actions/v1/base.py b/adjutant/actions/v1/base.py index e9341ee..43586eb 100644 --- a/adjutant/actions/v1/base.py +++ b/adjutant/actions/v1/base.py @@ -179,16 +179,20 @@ class BaseAction(object): class ResourceMixin(object): """Base Mixin class for dealing with Openstack resources.""" - def _validate_keystone_user(self): + def _validate_keystone_user_project_id(self): + keystone_user = self.action.task.keystone_user + + if keystone_user['project_id'] != self.project_id: + self.add_note('Project id does not match keystone user project.') + return False + return True + + def _validate_keystone_user_domain_id(self): keystone_user = self.action.task.keystone_user if keystone_user['project_domain_id'] != self.domain_id: self.add_note('Domain id does not match keystone user domain.') return False - - if keystone_user['project_id'] != self.project_id: - self.add_note('Project id does not match keystone user project.') - return False return True def _validate_domain_id(self): diff --git a/adjutant/actions/v1/resources.py b/adjutant/actions/v1/resources.py index a67c19a..628b460 100644 --- a/adjutant/actions/v1/resources.py +++ b/adjutant/actions/v1/resources.py @@ -63,19 +63,12 @@ class NewDefaultNetworkAction(BaseAction, ProjectMixin): return False return True - def _validate_keystone_user(self): - keystone_user = self.action.task.keystone_user - if keystone_user.get('project_id') != self.project_id: - self.add_note('Project id does not match keystone user project.') - return False - return True - def _validate(self): self.action.valid = validate_steps([ self._validate_region, self._validate_project_id, self._validate_defaults, - self._validate_keystone_user, + self._validate_keystone_user_project_id, ]) self.action.save() diff --git a/adjutant/actions/v1/serializers.py b/adjutant/actions/v1/serializers.py index 81eed2e..c2e7015 100644 --- a/adjutant/actions/v1/serializers.py +++ b/adjutant/actions/v1/serializers.py @@ -87,7 +87,6 @@ class EditUserRolesSerializer(BaseUserIdSerializer): choices=role_options, default=set) remove = serializers.BooleanField(default=False) project_id = serializers.CharField(max_length=64) - domain_id = serializers.CharField(max_length=64, default='default') def validate(self, data): if not data['roles'] and not data['inherited_roles']: diff --git a/adjutant/actions/v1/users.py b/adjutant/actions/v1/users.py index e20b853..f17659a 100644 --- a/adjutant/actions/v1/users.py +++ b/adjutant/actions/v1/users.py @@ -107,7 +107,8 @@ class NewUserAction(UserNameAction, ProjectMixin, UserMixin): def _validate(self): self.action.valid = validate_steps([ self._validate_role_permissions, - self._validate_keystone_user, + self._validate_keystone_user_domain_id, + self._validate_keystone_user_project_id, self._validate_domain_id, self._validate_project_id, self._validate_target_user, @@ -250,7 +251,6 @@ class EditUserRolesAction(UserIdAction, ProjectMixin, UserMixin): """ required = [ - 'domain_id', 'project_id', 'user_id', 'roles', @@ -328,9 +328,8 @@ class EditUserRolesAction(UserIdAction, ProjectMixin, UserMixin): def _validate(self): self.action.valid = validate_steps([ - self._validate_keystone_user, + self._validate_keystone_user_project_id, self._validate_role_permissions, - self._validate_domain_id, self._validate_project_id, self._validate_target_user, self._validate_user_roles,