From df369b4c1255ee89303fd82f4da3388e8e480c07 Mon Sep 17 00:00:00 2001 From: Radomir Dopieralski Date: Wed, 1 Feb 2017 15:23:34 +0100 Subject: [PATCH] Disentangle domain context from effective domain Since the existence of a domain token was equivalent with having selected a domain context with Keystone V2, some code confuses the two. This is no longer true for Kestone V3, so we have to separate the two concepts and use domain context when we mean the domain context. Close-bug: #1661537 Change-Id: Ifa66d8c397e34d16a4534e7216eb11c752699505 (cherry picked from commit 8b839938bca245fcb36988ce6dcd3f5d0d96cf3b) Conflicts: openstack_dashboard/dashboards/identity/groups/views.py openstack_dashboard/dashboards/identity/projects/views.py openstack_dashboard/dashboards/identity/users/views.py --- .../dashboards/identity/domains/views.py | 3 +- .../dashboards/identity/groups/forms.py | 5 ++-- .../dashboards/identity/groups/tests.py | 8 ------ .../dashboards/identity/groups/views.py | 5 ++-- .../dashboards/identity/projects/tests.py | 3 -- .../dashboards/identity/projects/views.py | 5 ++-- .../dashboards/identity/projects/workflows.py | 3 +- .../dashboards/identity/users/tests.py | 8 ++++-- .../dashboards/identity/users/views.py | 5 ++-- openstack_dashboard/utils/identity.py | 28 +++++++++++++++++++ 10 files changed, 49 insertions(+), 24 deletions(-) create mode 100644 openstack_dashboard/utils/identity.py diff --git a/openstack_dashboard/dashboards/identity/domains/views.py b/openstack_dashboard/dashboards/identity/domains/views.py index 16ddec804c..b1301cf7b7 100644 --- a/openstack_dashboard/dashboards/identity/domains/views.py +++ b/openstack_dashboard/dashboards/identity/domains/views.py @@ -28,6 +28,7 @@ from openstack_dashboard.dashboards.identity.domains \ import tables as project_tables from openstack_dashboard.dashboards.identity.domains \ import workflows as project_workflows +from openstack_dashboard.utils import identity class IndexView(tables.DataTableView): @@ -37,7 +38,7 @@ class IndexView(tables.DataTableView): def get_data(self): domains = [] - domain_id = api.keystone.get_effective_domain_id(self.request) + domain_id = identity.get_domain_id_for_operation(self.request) if policy.check((("identity", "identity:list_domains"),), self.request): diff --git a/openstack_dashboard/dashboards/identity/groups/forms.py b/openstack_dashboard/dashboards/identity/groups/forms.py index e0041bee5e..379d83ff87 100644 --- a/openstack_dashboard/dashboards/identity/groups/forms.py +++ b/openstack_dashboard/dashboards/identity/groups/forms.py @@ -21,6 +21,7 @@ from horizon import forms from horizon import messages from openstack_dashboard import api +from openstack_dashboard.utils import identity as identity_utils LOG = logging.getLogger(__name__) @@ -36,10 +37,10 @@ class CreateGroupForm(forms.SelfHandlingForm): def handle(self, request, data): try: LOG.info('Creating group with name "%s"' % data['name']) - domain_context = api.keystone.get_effective_domain_id(request) api.keystone.group_create( request, - domain_id=domain_context, + domain_id=identity_utils.get_domain_id_for_operation( + self.request), name=data['name'], description=data['description']) messages.success(request, diff --git a/openstack_dashboard/dashboards/identity/groups/tests.py b/openstack_dashboard/dashboards/identity/groups/tests.py index c80451c596..c1ea673cec 100644 --- a/openstack_dashboard/dashboards/identity/groups/tests.py +++ b/openstack_dashboard/dashboards/identity/groups/tests.py @@ -49,8 +49,6 @@ class GroupsViewTests(test.BaseAdminViewTests): domain_id = self._get_domain_id() groups = self._get_groups(domain_id) filters = {} - domain = self.domains.get(id="1") - api.keystone.domain_get(IsA(http.HttpRequest), '1').AndReturn(domain) api.keystone.group_list(IgnoreArg(), domain=domain_id, filters=filters) \ @@ -79,8 +77,6 @@ class GroupsViewTests(test.BaseAdminViewTests): domain_context_name=domain.name) groups = self._get_groups(domain.id) - api.keystone.get_effective_domain_id(IgnoreArg()).AndReturn(domain.id) - api.keystone.group_list(IsA(http.HttpRequest), domain=domain.id, filters=filters).AndReturn(groups) @@ -105,9 +101,7 @@ class GroupsViewTests(test.BaseAdminViewTests): def test_index_with_keystone_can_edit_group_false(self): domain_id = self._get_domain_id() groups = self._get_groups(domain_id) - domain = self.domains.get(id="1") filters = {} - api.keystone.domain_get(IsA(http.HttpRequest), '1').AndReturn(domain) api.keystone.group_list(IgnoreArg(), domain=domain_id, filters=filters) \ @@ -204,8 +198,6 @@ class GroupsViewTests(test.BaseAdminViewTests): filters = {} group = self.groups.get(id="2") - domain = self.domains.get(id="1") - api.keystone.domain_get(IsA(http.HttpRequest), '1').AndReturn(domain) api.keystone.group_list(IgnoreArg(), domain=domain_id, filters=filters) \ diff --git a/openstack_dashboard/dashboards/identity/groups/views.py b/openstack_dashboard/dashboards/identity/groups/views.py index 547d9530fb..3c65a1ebf5 100644 --- a/openstack_dashboard/dashboards/identity/groups/views.py +++ b/openstack_dashboard/dashboards/identity/groups/views.py @@ -30,6 +30,7 @@ from openstack_dashboard.dashboards.identity.groups \ import forms as project_forms from openstack_dashboard.dashboards.identity.groups \ import tables as project_tables +from openstack_dashboard.utils import identity class IndexView(tables.DataTableView): @@ -39,7 +40,7 @@ class IndexView(tables.DataTableView): def get_data(self): groups = [] - domain_id = api.keystone.get_effective_domain_id(self.request) + domain_id = identity.get_domain_id_for_operation(self.request) filters = self.get_filters() if policy.check((("identity", "identity:list_groups"),), self.request): @@ -110,7 +111,7 @@ class GroupManageMixin(object): @memoized.memoized_method def _get_group_members(self): group_id = self.kwargs['group_id'] - domain_id = api.keystone.get_effective_domain_id(self.request) + domain_id = identity.get_domain_id_for_operation(self.request) return api.keystone.user_list(self.request, domain=domain_id, group=group_id) diff --git a/openstack_dashboard/dashboards/identity/projects/tests.py b/openstack_dashboard/dashboards/identity/projects/tests.py index 9e4e08fe8f..2cdbf9708b 100644 --- a/openstack_dashboard/dashboards/identity/projects/tests.py +++ b/openstack_dashboard/dashboards/identity/projects/tests.py @@ -50,7 +50,6 @@ class TenantsViewTests(test.BaseAdminViewTests): def test_index(self): domain = self.domains.get(id="1") filters = {} - api.keystone.domain_get(IsA(http.HttpRequest), '1').AndReturn(domain) api.keystone.tenant_list(IsA(http.HttpRequest), domain=None, paginate=True, @@ -80,8 +79,6 @@ class TenantsViewTests(test.BaseAdminViewTests): domain_tenants = [tenant for tenant in self.tenants.list() if tenant.domain_id == domain.id] - api.keystone.get_effective_domain_id(IgnoreArg()).AndReturn(domain.id) - api.keystone.tenant_list(IsA(http.HttpRequest), domain=domain.id, paginate=True, diff --git a/openstack_dashboard/dashboards/identity/projects/views.py b/openstack_dashboard/dashboards/identity/projects/views.py index a0a3589c7d..669185b821 100644 --- a/openstack_dashboard/dashboards/identity/projects/views.py +++ b/openstack_dashboard/dashboards/identity/projects/views.py @@ -39,6 +39,7 @@ from openstack_dashboard.dashboards.identity.projects \ import workflows as project_workflows from openstack_dashboard.dashboards.project.overview \ import views as project_views +from openstack_dashboard.utils import identity PROJECT_INFO_FIELDS = ("domain_id", "domain_name", @@ -82,11 +83,11 @@ class IndexView(tables.DataTableView): filters = self.get_filters() if policy.check((("identity", "identity:list_projects"),), self.request): - domain_context = api.keystone.get_effective_domain_id(self.request) + domain_id = identity.get_domain_id_for_operation(self.request) try: tenants, self._more = api.keystone.tenant_list( self.request, - domain=domain_context, + domain=domain_id, paginate=True, filters=filters, marker=marker) diff --git a/openstack_dashboard/dashboards/identity/projects/workflows.py b/openstack_dashboard/dashboards/identity/projects/workflows.py index c304d0da82..3c8bb7f8ed 100644 --- a/openstack_dashboard/dashboards/identity/projects/workflows.py +++ b/openstack_dashboard/dashboards/identity/projects/workflows.py @@ -35,6 +35,7 @@ from openstack_dashboard.api import cinder from openstack_dashboard.api import keystone from openstack_dashboard.api import nova from openstack_dashboard.usage import quotas +from openstack_dashboard.utils import identity as identity LOG = logging.getLogger(__name__) @@ -677,7 +678,7 @@ class UpdateProject(CommonQuotaWorkflow): def _update_project(self, request, data): """Update project info""" - domain_id = api.keystone.get_effective_domain_id(self.request) + domain_id = identity.get_domain_id_for_operation(request) try: project_id = data['project_id'] diff --git a/openstack_dashboard/dashboards/identity/users/tests.py b/openstack_dashboard/dashboards/identity/users/tests.py index 99ae894a08..8147d5f6d1 100644 --- a/openstack_dashboard/dashboards/identity/users/tests.py +++ b/openstack_dashboard/dashboards/identity/users/tests.py @@ -57,13 +57,15 @@ class UsersViewTests(test.BaseAdminViewTests): @test.create_stubs({api.keystone: ('user_list', 'get_effective_domain_id', 'domain_lookup')}) - def test_index(self): + def test_index(self, with_domain=False): domain = self._get_default_domain() domain_id = domain.id filters = {} users = self._get_users(domain_id) - api.keystone.get_effective_domain_id(IgnoreArg()).AndReturn(domain_id) + if not with_domain: + api.keystone.get_effective_domain_id( + IgnoreArg()).AndReturn(domain_id) api.keystone.user_list(IgnoreArg(), domain=domain_id, @@ -84,7 +86,7 @@ class UsersViewTests(test.BaseAdminViewTests): domain = self.domains.get(id="1") self.setSessionValues(domain_context=domain.id, domain_context_name=domain.name) - self.test_index() + self.test_index(with_domain=True) @override_settings(USER_TABLE_EXTRA_INFO={'phone_num': 'Phone Number'}) @test.create_stubs({api.keystone: ('user_create', diff --git a/openstack_dashboard/dashboards/identity/users/views.py b/openstack_dashboard/dashboards/identity/users/views.py index 1fdf2b3b65..9ea4fbb440 100644 --- a/openstack_dashboard/dashboards/identity/users/views.py +++ b/openstack_dashboard/dashboards/identity/users/views.py @@ -40,6 +40,7 @@ from openstack_dashboard.dashboards.identity.users \ import forms as project_forms from openstack_dashboard.dashboards.identity.users \ import tables as project_tables +from openstack_dashboard.utils import identity LOG = logging.getLogger(__name__) @@ -54,10 +55,10 @@ class IndexView(tables.DataTableView): filters = self.get_filters() if policy.check((("identity", "identity:list_users"),), self.request): - domain_context = api.keystone.get_effective_domain_id(self.request) + domain_id = identity.get_domain_id_for_operation(self.request) try: users = api.keystone.user_list(self.request, - domain=domain_context, + domain=domain_id, filters=filters) except Exception: exceptions.handle(self.request, diff --git a/openstack_dashboard/utils/identity.py b/openstack_dashboard/utils/identity.py new file mode 100644 index 0000000000..cef1f0e316 --- /dev/null +++ b/openstack_dashboard/utils/identity.py @@ -0,0 +1,28 @@ +# Copyright 2017 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from openstack_dashboard import api + + +def get_domain_id_for_operation(request): + """Get the ID of the domain in which the current operation should happen. + + If the user has a domain context set, use that, otherwise use the user's + effective domain. + """ + + domain_context = request.session.get('domain_context') + if domain_context: + return domain_context + return api.keystone.get_effective_domain_id(request)