diff --git a/keystone/assignment/controllers.py b/keystone/assignment/controllers.py index 416e22fe9f..6fb49b5dda 100644 --- a/keystone/assignment/controllers.py +++ b/keystone/assignment/controllers.py @@ -107,13 +107,13 @@ class Role(controller.V2Controller): role['id'] = role_id role_ref = self.role_api.create_role(role_id, role, - request.audit_initiator) + initiator=request.audit_initiator) return {'role': role_ref} @controller.v2_deprecated def delete_role(self, request, role_id): self.assert_admin(request) - self.role_api.delete_role(role_id, request.audit_initiator) + self.role_api.delete_role(role_id, initiator=request.audit_initiator) @controller.v2_deprecated def get_roles(self, request): @@ -399,7 +399,7 @@ class RoleV3(controller.V3Controller): ref = self._normalize_dict(role) ref = self.role_api.create_role(ref['id'], ref, - request.audit_initiator) + initiator=request.audit_initiator) return RoleV3.wrap_member(request.context_dict, ref) def _list_roles(self, request, filters): @@ -413,11 +413,13 @@ class RoleV3(controller.V3Controller): def _update_role(self, request, role_id, role): self._require_matching_id(role_id, role) - ref = self.role_api.update_role(role_id, role, request.audit_initiator) + ref = self.role_api.update_role( + role_id, role, initiator=request.audit_initiator + ) return RoleV3.wrap_member(request.context_dict, ref) def _delete_role(self, request, role_id): - self.role_api.delete_role(role_id, request.audit_initiator) + self.role_api.delete_role(role_id, initiator=request.audit_initiator) @classmethod def build_driver_hints(cls, request, supported_filters): diff --git a/keystone/catalog/controllers.py b/keystone/catalog/controllers.py index 62f5d66c55..8a5535df63 100644 --- a/keystone/catalog/controllers.py +++ b/keystone/catalog/controllers.py @@ -50,7 +50,9 @@ class Service(controller.V2Controller): @controller.v2_deprecated def delete_service(self, request, service_id): self.assert_admin(request) - self.catalog_api.delete_service(service_id, request.audit_initiator) + self.catalog_api.delete_service( + service_id, initiator=request.audit_initiator + ) @controller.v2_deprecated def create_service(self, request, OS_KSADM_service): @@ -60,7 +62,7 @@ class Service(controller.V2Controller): service_ref = OS_KSADM_service.copy() service_ref['id'] = service_id new_service_ref = self.catalog_api.create_service( - service_id, service_ref, request.audit_initiator) + service_id, service_ref, initiator=request.audit_initiator) return {'OS-KSADM:service': new_service_ref} @@ -150,7 +152,9 @@ class Endpoint(controller.V2Controller): self.catalog_api.get_region(endpoint['region']) except exception.RegionNotFound: region = dict(id=endpoint['region']) - self.catalog_api.create_region(region, request.audit_initiator) + self.catalog_api.create_region( + region, initiator=request.audit_initiator + ) legacy_endpoint_ref = endpoint.copy() @@ -176,7 +180,7 @@ class Endpoint(controller.V2Controller): endpoint_ref['region_id'] = endpoint_ref.pop('region') self.catalog_api.create_endpoint(endpoint_ref['id'], endpoint_ref, - request.audit_initiator) + initiator=request.audit_initiator) legacy_endpoint_ref['id'] = legacy_endpoint_id return {'endpoint': legacy_endpoint_ref} @@ -189,8 +193,10 @@ class Endpoint(controller.V2Controller): deleted_at_least_one = False for endpoint in self.catalog_api.list_endpoints(): if endpoint['legacy_endpoint_id'] == endpoint_id: - self.catalog_api.delete_endpoint(endpoint['id'], - request.audit_initiator) + self.catalog_api.delete_endpoint( + endpoint['id'], + initiator=request.audit_initiator + ) deleted_at_least_one = True if not deleted_at_least_one: @@ -225,7 +231,9 @@ class RegionV3(controller.V3Controller): if not ref.get('id'): ref = self._assign_unique_id(ref) - ref = self.catalog_api.create_region(ref, request.audit_initiator) + ref = self.catalog_api.create_region( + ref, initiator=request.audit_initiator + ) return wsgi.render_response( RegionV3.wrap_member(request.context_dict, ref), status=(http_client.CREATED, @@ -250,13 +258,14 @@ class RegionV3(controller.V3Controller): self._require_matching_id(region_id, region) ref = self.catalog_api.update_region(region_id, region, - request.audit_initiator) + initiator=request.audit_initiator) return RegionV3.wrap_member(request.context_dict, ref) @controller.protected() def delete_region(self, request, region_id): - return self.catalog_api.delete_region(region_id, - request.audit_initiator) + return self.catalog_api.delete_region( + region_id, initiator=request.audit_initiator + ) @dependency.requires('catalog_api') @@ -272,9 +281,9 @@ class ServiceV3(controller.V3Controller): def create_service(self, request, service): validation.lazy_validate(schema.service_create, service) ref = self._assign_unique_id(self._normalize_dict(service)) - ref = self.catalog_api.create_service(ref['id'], - ref, - request.audit_initiator) + ref = self.catalog_api.create_service( + ref['id'], ref, initiator=request.audit_initiator + ) return ServiceV3.wrap_member(request.context_dict, ref) @controller.filterprotected('type', 'name') @@ -294,15 +303,16 @@ class ServiceV3(controller.V3Controller): def update_service(self, request, service_id, service): validation.lazy_validate(schema.service_update, service) self._require_matching_id(service_id, service) - ref = self.catalog_api.update_service(service_id, - service, - request.audit_initiator) + ref = self.catalog_api.update_service( + service_id, service, initiator=request.audit_initiator + ) return ServiceV3.wrap_member(request.context_dict, ref) @controller.protected() def delete_service(self, request, service_id): - return self.catalog_api.delete_service(service_id, - request.audit_initiator) + return self.catalog_api.delete_service( + service_id, initiator=request.audit_initiator + ) @dependency.requires('catalog_api') @@ -345,7 +355,9 @@ class EndpointV3(controller.V3Controller): self.catalog_api.get_region(endpoint['region_id']) except exception.RegionNotFound: region = dict(id=endpoint['region_id']) - self.catalog_api.create_region(region, request.audit_initiator) + self.catalog_api.create_region( + region, initiator=request.audit_initiator + ) return endpoint @@ -355,9 +367,9 @@ class EndpointV3(controller.V3Controller): utils.check_endpoint_url(endpoint['url']) ref = self._assign_unique_id(self._normalize_dict(endpoint)) ref = self._validate_endpoint_region(ref, request) - ref = self.catalog_api.create_endpoint(ref['id'], - ref, - request.audit_initiator) + ref = self.catalog_api.create_endpoint( + ref['id'], ref, initiator=request.audit_initiator + ) return EndpointV3.wrap_member(request.context_dict, ref) @controller.filterprotected('interface', 'service_id', 'region_id') @@ -381,15 +393,16 @@ class EndpointV3(controller.V3Controller): endpoint = self._validate_endpoint_region(endpoint.copy(), request) - ref = self.catalog_api.update_endpoint(endpoint_id, - endpoint, - request.audit_initiator) + ref = self.catalog_api.update_endpoint( + endpoint_id, endpoint, initiator=request.audit_initiator + ) return EndpointV3.wrap_member(request.context_dict, ref) @controller.protected() def delete_endpoint(self, request, endpoint_id): - return self.catalog_api.delete_endpoint(endpoint_id, - request.audit_initiator) + return self.catalog_api.delete_endpoint( + endpoint_id, initiator=request.audit_initiator + ) @dependency.requires('catalog_api', 'resource_api') diff --git a/keystone/identity/controllers.py b/keystone/identity/controllers.py index 18329fa854..d55001a7b2 100644 --- a/keystone/identity/controllers.py +++ b/keystone/identity/controllers.py @@ -77,7 +77,10 @@ class User(controller.V2Controller): # The manager layer will generate the unique ID for users user_ref = self._normalize_domain_id(request, user.copy()) new_user_ref = self.v3_to_v2_user( - self.identity_api.create_user(user_ref, request.audit_initiator)) + self.identity_api.create_user( + user_ref, initiator=request.audit_initiator + ) + ) if default_project_id is not None: self.assignment_api.add_user_to_project(default_project_id, @@ -111,9 +114,9 @@ class User(controller.V2Controller): # user update. self.resource_api.get_project(default_project_id) - user_ref = self.identity_api.update_user(user_id, - user, - request.audit_initiator) + user_ref = self.identity_api.update_user( + user_id, user, initiator=request.audit_initiator + ) user_ref = self.v3_to_v2_user(user_ref) # If 'tenantId' is in either ref, we might need to add or remove the @@ -159,7 +162,9 @@ class User(controller.V2Controller): @controller.v2_deprecated def delete_user(self, request, user_id): self.assert_admin(request) - self.identity_api.delete_user(user_id, request.audit_initiator) + self.identity_api.delete_user( + user_id, initiator=request.audit_initiator + ) @controller.v2_deprecated def set_user_enabled(self, request, user_id, user): @@ -211,7 +216,9 @@ class UserV3(controller.V3Controller): # The manager layer will generate the unique ID for users ref = self._normalize_dict(user) ref = self._normalize_domain_id(request, ref) - ref = self.identity_api.create_user(ref, request.audit_initiator) + ref = self.identity_api.create_user( + ref, initiator=request.audit_initiator + ) return UserV3.wrap_member(request.context_dict, ref) @controller.filterprotected('domain_id', 'enabled', 'name') @@ -237,9 +244,9 @@ class UserV3(controller.V3Controller): self._require_matching_id(user_id, user) self._require_matching_domain_id( user_id, user, self.identity_api.get_user) - ref = self.identity_api.update_user(user_id, - user, - request.audit_initiator) + ref = self.identity_api.update_user( + user_id, user, initiator=request.audit_initiator + ) return UserV3.wrap_member(request.context_dict, ref) @controller.protected() @@ -249,9 +256,9 @@ class UserV3(controller.V3Controller): @controller.protected(callback=_check_user_and_group_protection) def add_user_to_group(self, request, user_id, group_id): - self.identity_api.add_user_to_group(user_id, - group_id, - request.audit_initiator) + self.identity_api.add_user_to_group( + user_id, group_id, initiator=request.audit_initiator + ) @controller.protected(callback=_check_user_and_group_protection) def check_user_in_group(self, request, user_id, group_id): @@ -259,13 +266,15 @@ class UserV3(controller.V3Controller): @controller.protected(callback=_check_user_and_group_protection) def remove_user_from_group(self, request, user_id, group_id): - self.identity_api.remove_user_from_group(user_id, - group_id, - request.audit_initiator) + self.identity_api.remove_user_from_group( + user_id, group_id, initiator=request.audit_initiator + ) @controller.protected() def delete_user(self, request, user_id): - return self.identity_api.delete_user(user_id, request.audit_initiator) + return self.identity_api.delete_user( + user_id, initiator=request.audit_initiator + ) @controller.protected() def change_password(self, request, user_id, user): @@ -305,7 +314,9 @@ class GroupV3(controller.V3Controller): # The manager layer will generate the unique ID for groups ref = self._normalize_dict(group) ref = self._normalize_domain_id(request, ref) - ref = self.identity_api.create_group(ref, request.audit_initiator) + ref = self.identity_api.create_group( + ref, initiator=request.audit_initiator + ) return GroupV3.wrap_member(request.context_dict, ref) @controller.filterprotected('domain_id', 'name') @@ -332,11 +343,13 @@ class GroupV3(controller.V3Controller): self._require_matching_id(group_id, group) self._require_matching_domain_id( group_id, group, self.identity_api.get_group) - ref = self.identity_api.update_group(group_id, - group, - request.audit_initiator) + ref = self.identity_api.update_group( + group_id, group, initiator=request.audit_initiator + ) return GroupV3.wrap_member(request.context_dict, ref) @controller.protected() def delete_group(self, request, group_id): - self.identity_api.delete_group(group_id, request.audit_initiator) + self.identity_api.delete_group( + group_id, initiator=request.audit_initiator + ) diff --git a/keystone/oauth1/controllers.py b/keystone/oauth1/controllers.py index 92428b74aa..6dffa6a82e 100644 --- a/keystone/oauth1/controllers.py +++ b/keystone/oauth1/controllers.py @@ -65,8 +65,9 @@ class ConsumerCrudV3(controller.V3Controller): def create_consumer(self, request, consumer): validation.lazy_validate(schema.consumer_create, consumer) ref = self._assign_unique_id(self._normalize_dict(consumer)) - consumer_ref = self.oauth_api.create_consumer(ref, - request.audit_initiator) + consumer_ref = self.oauth_api.create_consumer( + ref, initiator=request.audit_initiator + ) return ConsumerCrudV3.wrap_member(request.context_dict, consumer_ref) @controller.protected() @@ -74,9 +75,9 @@ class ConsumerCrudV3(controller.V3Controller): validation.lazy_validate(schema.consumer_update, consumer) self._require_matching_id(consumer_id, consumer) ref = self._normalize_dict(consumer) - ref = self.oauth_api.update_consumer(consumer_id, - ref, - request.audit_initiator) + ref = self.oauth_api.update_consumer( + consumer_id, ref, initiator=request.audit_initiator + ) return ConsumerCrudV3.wrap_member(request.context_dict, ref) @controller.protected() @@ -95,7 +96,9 @@ class ConsumerCrudV3(controller.V3Controller): payload = {'user_id': user_token_ref.user_id, 'consumer_id': consumer_id} _emit_user_oauth_consumer_token_invalidate(payload) - self.oauth_api.delete_consumer(consumer_id, request.audit_initiator) + self.oauth_api.delete_consumer( + consumer_id, initiator=request.audit_initiator + ) @dependency.requires('oauth_api') @@ -140,9 +143,9 @@ class AccessTokenCrudV3(controller.V3Controller): consumer_id = access_token['consumer_id'] payload = {'user_id': user_id, 'consumer_id': consumer_id} _emit_user_oauth_consumer_token_invalidate(payload) - return self.oauth_api.delete_access_token(user_id, - access_token_id, - request.audit_initiator) + return self.oauth_api.delete_access_token( + user_id, access_token_id, initiator=request.audit_initiator + ) @staticmethod def _get_user_id(entity): @@ -252,7 +255,7 @@ class OAuthControllerV3(controller.V3Controller): consumer_id, requested_project_id, request_token_duration, - request.audit_initiator) + initiator=request.audit_initiator) result = ('oauth_token=%(key)s&oauth_token_secret=%(secret)s' % {'key': token_ref['id'], @@ -340,9 +343,11 @@ class OAuthControllerV3(controller.V3Controller): raise exception.Unauthorized(message=msg) access_token_duration = CONF.oauth1.access_token_duration - token_ref = self.oauth_api.create_access_token(request_token_id, - access_token_duration, - request.audit_initiator) + token_ref = self.oauth_api.create_access_token( + request_token_id, + access_token_duration, + initiator=request.audit_initiator + ) result = ('oauth_token=%(key)s&oauth_token_secret=%(secret)s' % {'key': token_ref['id'], diff --git a/keystone/policy/controllers.py b/keystone/policy/controllers.py index d7e859b032..1c24d0e2b3 100644 --- a/keystone/policy/controllers.py +++ b/keystone/policy/controllers.py @@ -27,9 +27,9 @@ class PolicyV3(controller.V3Controller): def create_policy(self, request, policy): validation.lazy_validate(schema.policy_create, policy) ref = self._assign_unique_id(self._normalize_dict(policy)) - ref = self.policy_api.create_policy(ref['id'], - ref, - request.audit_initiator) + ref = self.policy_api.create_policy( + ref['id'], ref, initiator=request.audit_initiator + ) return PolicyV3.wrap_member(request.context_dict, ref) @controller.filterprotected('type') @@ -47,12 +47,13 @@ class PolicyV3(controller.V3Controller): @controller.protected() def update_policy(self, request, policy_id, policy): validation.lazy_validate(schema.policy_update, policy) - ref = self.policy_api.update_policy(policy_id, - policy, - request.audit_initiator) + ref = self.policy_api.update_policy( + policy_id, policy, initiator=request.audit_initiator + ) return PolicyV3.wrap_member(request.context_dict, ref) @controller.protected() def delete_policy(self, request, policy_id): - return self.policy_api.delete_policy(policy_id, - request.audit_initiator) + return self.policy_api.delete_policy( + policy_id, initiator=request.audit_initiator + ) diff --git a/keystone/resource/controllers.py b/keystone/resource/controllers.py index c84b2e3a14..73f523eef8 100644 --- a/keystone/resource/controllers.py +++ b/keystone/resource/controllers.py @@ -96,7 +96,7 @@ class Tenant(controller.V2Controller): tenant = self.resource_api.create_project( tenant_ref['id'], self._normalize_domain_id(request, tenant_ref), - request.audit_initiator) + initiator=request.audit_initiator) return {'tenant': self.v3_to_v2_project(tenant)} @controller.v2_deprecated @@ -106,14 +106,17 @@ class Tenant(controller.V2Controller): self._assert_not_is_domain_project(tenant_id) tenant_ref = self.resource_api.update_project( - tenant_id, tenant, request.audit_initiator) + tenant_id, tenant, initiator=request.audit_initiator) return {'tenant': self.v3_to_v2_project(tenant_ref)} @controller.v2_deprecated def delete_project(self, request, tenant_id): self.assert_admin(request) self._assert_not_is_domain_project(tenant_id) - self.resource_api.delete_project(tenant_id, request.audit_initiator) + self.resource_api.delete_project( + tenant_id, + initiator=request.audit_initiator + ) @dependency.requires('resource_api') @@ -129,9 +132,9 @@ class DomainV3(controller.V3Controller): def create_domain(self, request, domain): validation.lazy_validate(schema.domain_create, domain) ref = self._assign_unique_id(self._normalize_dict(domain)) - ref = self.resource_api.create_domain(ref['id'], - ref, - request.audit_initiator) + ref = self.resource_api.create_domain( + ref['id'], ref, initiator=request.audit_initiator + ) return DomainV3.wrap_member(request.context_dict, ref) @controller.filterprotected('enabled', 'name') @@ -150,15 +153,16 @@ class DomainV3(controller.V3Controller): def update_domain(self, request, domain_id, domain): validation.lazy_validate(schema.domain_update, domain) self._require_matching_id(domain_id, domain) - ref = self.resource_api.update_domain(domain_id, - domain, - request.audit_initiator) + ref = self.resource_api.update_domain( + domain_id, domain, initiator=request.audit_initiator + ) return DomainV3.wrap_member(request.context_dict, ref) @controller.protected() def delete_domain(self, request, domain_id): - return self.resource_api.delete_domain(domain_id, - request.audit_initiator) + return self.resource_api.delete_domain( + domain_id, initiator=request.audit_initiator + ) @dependency.requires('domain_config_api') diff --git a/keystone/trust/controllers.py b/keystone/trust/controllers.py index 104a8a495c..1850f94aa3 100644 --- a/keystone/trust/controllers.py +++ b/keystone/trust/controllers.py @@ -136,10 +136,13 @@ class TrustV3(controller.V3Controller): trust['expires_at'] = self._parse_expiration_date( trust.get('expires_at')) trust_id = uuid.uuid4().hex - new_trust = self.trust_api.create_trust(trust_id, trust, - normalized_roles, - redelegated_trust, - request.audit_initiator) + new_trust = self.trust_api.create_trust( + trust_id, + trust, + normalized_roles, + redelegated_trust, + initiator=request.audit_initiator + ) self._fill_in_roles(request.context_dict, new_trust) return TrustV3.wrap_member(request.context_dict, new_trust) @@ -224,7 +227,9 @@ class TrustV3(controller.V3Controller): not request.context.is_admin): raise exception.Forbidden() - self.trust_api.delete_trust(trust_id, request.audit_initiator) + self.trust_api.delete_trust( + trust_id, initiator=request.audit_initiator + ) @controller.protected() def list_roles_for_trust(self, request, trust_id):