openstack
/
keystone
Code Issues Proposed changes

Use keystone.common.provider_api for resource APIs 

This change converts the usage of self.<provider_api> to
keystone.common.providers_api.ProviderAPIs.<provider_api> in manager
and controller logic. This is the correct way to reference
providers from other managers and controllers now that dependency
injection has been eliminated.

Change-Id: Id0305ce4e782dc8e8977dc7f802110148da2c901
This commit is contained in:
Lance Bragstad 2017-12-27 17:30:00 +00:00
parent 1e21c52f3b
commit bf548cb0fd
2 changed files with 61 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
keystone/resource/controllers.py
View File

@ -18,6 +18,7 @@
from six.moves import http_client
from keystone.common import controller
from keystone.common import provider_api
from keystone.common import validation
from keystone.common import wsgi
import keystone.conf
@ -27,6 +28,7 @@ from keystone.resource import schema
CONF = keystone.conf.CONF
PROVIDERS = provider_api.ProviderAPIs
class DomainV3(controller.V3Controller):
@ -35,13 +37,13 @@ class DomainV3(controller.V3Controller):
def __init__(self):
super(DomainV3, self).__init__()
self.get_member_from_driver = self.resource_api.get_domain
self.get_member_from_driver = PROVIDERS.resource_api.get_domain
@controller.protected()
def create_domain(self, request, domain):
validation.lazy_validate(schema.domain_create, domain)
ref = self._assign_unique_id(self._normalize_dict(domain))
ref = self.resource_api.create_domain(
ref = PROVIDERS.resource_api.create_domain(
ref['id'], ref, initiator=request.audit_initiator
)
return DomainV3.wrap_member(request.context_dict, ref)
@ -49,27 +51,27 @@ class DomainV3(controller.V3Controller):
@controller.filterprotected('enabled', 'name')
def list_domains(self, request, filters):
hints = DomainV3.build_driver_hints(request, filters)
refs = self.resource_api.list_domains(hints=hints)
refs = PROVIDERS.resource_api.list_domains(hints=hints)
return DomainV3.wrap_collection(request.context_dict,
refs, hints=hints)
@controller.protected()
def get_domain(self, request, domain_id):
ref = self.resource_api.get_domain(domain_id)
ref = PROVIDERS.resource_api.get_domain(domain_id)
return DomainV3.wrap_member(request.context_dict, ref)
@controller.protected()
def update_domain(self, request, domain_id, domain):
validation.lazy_validate(schema.domain_update, domain)
self._require_matching_id(domain_id, domain)
ref = self.resource_api.update_domain(
ref = PROVIDERS.resource_api.update_domain(
domain_id, domain, initiator=request.audit_initiator
)
return DomainV3.wrap_member(request.context_dict, ref)
@controller.protected()
def delete_domain(self, request, domain_id):
return self.resource_api.delete_domain(
return PROVIDERS.resource_api.delete_domain(
domain_id, initiator=request.audit_initiator
)
@ -79,10 +81,13 @@ class DomainConfigV3(controller.V3Controller):
@controller.protected()
def create_domain_config(self, request, domain_id, config):
self.resource_api.get_domain(domain_id)
PROVIDERS.resource_api.get_domain(domain_id)
original_config = (
self.domain_config_api.get_config_with_sensitive_info(domain_id))
ref = self.domain_config_api.create_config(domain_id, config)
PROVIDERS.domain_config_api.get_config_with_sensitive_info(
domain_id
)
)
ref = PROVIDERS.domain_config_api.create_config(domain_id, config)
if original_config:
# Return status code 200, since config already existed
return wsgi.render_response(body={self.member_name: ref})
@ -106,44 +111,44 @@ class DomainConfigV3(controller.V3Controller):
@controller.protected()
def get_security_compliance_domain_config(self, request, domain_id,
group=None, option=None):
ref = self.domain_config_api.get_security_compliance_config(
ref = PROVIDERS.domain_config_api.get_security_compliance_config(
domain_id, group, option=option
)
return {self.member_name: ref}
@controller.protected()
def get_domain_config(self, request, domain_id, group=None, option=None):
self.resource_api.get_domain(domain_id)
ref = self.domain_config_api.get_config(domain_id, group, option)
PROVIDERS.resource_api.get_domain(domain_id)
ref = PROVIDERS.domain_config_api.get_config(domain_id, group, option)
return {self.member_name: ref}
@controller.protected()
def update_domain_config(
self, request, domain_id, config, group, option):
self.resource_api.get_domain(domain_id)
ref = self.domain_config_api.update_config(
PROVIDERS.resource_api.get_domain(domain_id)
ref = PROVIDERS.domain_config_api.update_config(
domain_id, config, group, option)
return wsgi.render_response(body={self.member_name: ref})
def update_domain_config_group(self, context, domain_id, group, config):
self.resource_api.get_domain(domain_id)
PROVIDERS.resource_api.get_domain(domain_id)
return self.update_domain_config(
context, domain_id, config, group, option=None)
def update_domain_config_only(self, context, domain_id, config):
self.resource_api.get_domain(domain_id)
PROVIDERS.resource_api.get_domain(domain_id)
return self.update_domain_config(
context, domain_id, config, group=None, option=None)
@controller.protected()
def delete_domain_config(
self, request, domain_id, group=None, option=None):
self.resource_api.get_domain(domain_id)
self.domain_config_api.delete_config(domain_id, group, option)
PROVIDERS.resource_api.get_domain(domain_id)
PROVIDERS.domain_config_api.delete_config(domain_id, group, option)
@controller.protected()
def get_domain_config_default(self, request, group=None, option=None):
ref = self.domain_config_api.get_config_default(group, option)
ref = PROVIDERS.domain_config_api.get_config_default(group, option)
return {self.member_name: ref}
@ -153,7 +158,7 @@ class ProjectV3(controller.V3Controller):
def __init__(self):
super(ProjectV3, self).__init__()
self.get_member_from_driver = self.resource_api.get_project
self.get_member_from_driver = PROVIDERS.resource_api.get_project
@controller.protected()
def create_project(self, request, project):
@ -169,7 +174,7 @@ class ProjectV3(controller.V3Controller):
ref['parent_id'] = ref.get('domain_id')
try:
ref = self.resource_api.create_project(
ref = PROVIDERS.resource_api.create_project(
ref['id'],
ref,
initiator=request.audit_initiator)
@ -191,7 +196,7 @@ class ProjectV3(controller.V3Controller):
for t in tag_params:
if t in request.params:
hints.add_filter(t, request.params[t])
refs = self.resource_api.list_projects(hints=hints)
refs = PROVIDERS.resource_api.list_projects(hints=hints)
return ProjectV3.wrap_collection(request.context_dict,
refs, hints=hints)
@ -222,25 +227,30 @@ class ProjectV3(controller.V3Controller):
raise exception.ValidationError(msg)
if parents_as_list:
parents = self.resource_api.list_project_parents(
parents = PROVIDERS.resource_api.list_project_parents(
ref['id'], request.context.user_id)
ref['parents'] = [ProjectV3.wrap_member(context, p)
for p in parents]
elif parents_as_ids:
ref['parents'] = self.resource_api.get_project_parents_as_ids(ref)
ref['parents'] = PROVIDERS.resource_api.get_project_parents_as_ids(
ref
)
if subtree_as_list:
subtree = self.resource_api.list_projects_in_subtree(
subtree = PROVIDERS.resource_api.list_projects_in_subtree(
ref['id'], request.context.user_id)
ref['subtree'] = [ProjectV3.wrap_member(context, p)
for p in subtree]
elif subtree_as_ids:
ref['subtree'] = self.resource_api.get_projects_in_subtree_as_ids(
ref['id'])
ref['subtree'] = (
PROVIDERS.resource_api.get_projects_in_subtree_as_ids(
ref['id']
)
)
@controller.protected()
def get_project(self, request, project_id):
ref = self.resource_api.get_project(project_id)
ref = PROVIDERS.resource_api.get_project(project_id)
self._expand_project_ref(request, ref)
return ProjectV3.wrap_member(request.context_dict, ref)
@ -248,7 +258,7 @@ class ProjectV3(controller.V3Controller):
def update_project(self, request, project_id, project):
validation.lazy_validate(schema.project_update, project)
self._require_matching_id(project_id, project)
ref = self.resource_api.update_project(
ref = PROVIDERS.resource_api.update_project(
project_id,
project,
initiator=request.audit_initiator)
@ -256,7 +266,7 @@ class ProjectV3(controller.V3Controller):
@controller.protected()
def delete_project(self, request, project_id):
return self.resource_api.delete_project(
return PROVIDERS.resource_api.delete_project(
project_id,
initiator=request.audit_initiator)
@ -267,7 +277,7 @@ class ProjectTagV3(controller.V3Controller):
def __init__(self):
super(ProjectTagV3, self).__init__()
self.get_member_from_driver = self.resource_api.get_project_tag
self.get_member_from_driver = PROVIDERS.resource_api.get_project_tag
@classmethod
def wrap_member(cls, context, ref):
@ -293,34 +303,34 @@ class ProjectTagV3(controller.V3Controller):
def create_project_tag(self, request, project_id, value):
validation.lazy_validate(schema.project_tag_create, value)
# Check if we will exceed the max number of tags on this project
tags = self.resource_api.list_project_tags(project_id)
tags = PROVIDERS.resource_api.list_project_tags(project_id)
tags.append(value)
validation.lazy_validate(schema.project_tags_update, tags)
self.resource_api.create_project_tag(
PROVIDERS.resource_api.create_project_tag(
project_id, value, initiator=request.audit_initiator)
query = '/'.join((project_id, 'tags', value))
return ProjectTagV3.wrap_header(request.context_dict, query)
@controller.protected()
def get_project_tag(self, request, project_id, value):
self.resource_api.get_project_tag(project_id, value)
PROVIDERS.resource_api.get_project_tag(project_id, value)
@controller.protected()
def delete_project_tag(self, request, project_id, value):
self.resource_api.delete_project_tag(project_id, value)
PROVIDERS.resource_api.delete_project_tag(project_id, value)
@controller.protected()
def list_project_tags(self, request, project_id):
ref = self.resource_api.list_project_tags(project_id)
ref = PROVIDERS.resource_api.list_project_tags(project_id)
return ProjectTagV3.wrap_member(request.context_dict, ref)
@controller.protected()
def update_project_tags(self, request, project_id, tags):
validation.lazy_validate(schema.project_tags_update, tags)
ref = self.resource_api.update_project_tags(
ref = PROVIDERS.resource_api.update_project_tags(
project_id, tags, initiator=request.audit_initiator)
return ProjectTagV3.wrap_member(request.context_dict, ref)
@controller.protected()
def delete_project_tags(self, request, project_id):
self.resource_api.update_project_tags(project_id, [])
PROVIDERS.resource_api.update_project_tags(project_id, [])

21
keystone/resource/core.py
View File

@ -20,6 +20,7 @@ from keystone.common import cache
from keystone.common import clean
from keystone.common import driver_hints
from keystone.common import manager
from keystone.common import provider_api
from keystone.common import utils
import keystone.conf
from keystone import exception
@ -32,6 +33,8 @@ from keystone.token import provider as token_provider
CONF = keystone.conf.CONF
LOG = log.getLogger(__name__)
MEMOIZE = cache.get_memoization_decorator(group='resource')
PROVIDERS = provider_api.ProviderAPIs
TAG_SEARCH_FILTERS = ('tags', 'tags-any', 'not-tags', 'not-tags-any')
@ -89,7 +92,7 @@ class Manager(manager.Manager):
:raises keystone.exception.ValidationError: If one of the constraints
was not satisfied.
"""
if (not self.identity_api.multiple_domains_supported and
if (not PROVIDERS.identity_api.multiple_domains_supported and
project_ref['id'] != CONF.identity.default_domain_id):
raise exception.ValidationError(
message=_('Multiple domains are not supported'))
@ -426,7 +429,7 @@ class Manager(manager.Manager):
def _pre_delete_cleanup_project(self, project_id):
project_user_ids = (
self.assignment_api.list_user_ids_for_project(project_id))
PROVIDERS.assignment_api.list_user_ids_for_project(project_id))
for user_id in project_user_ids:
payload = {'user_id': user_id, 'project_id': project_id}
notifications.Audit.internal(
@ -440,13 +443,13 @@ class Manager(manager.Manager):
self.get_project.invalidate(self, project_id)
self.get_project_by_name.invalidate(self, project['name'],
project['domain_id'])
self.assignment_api.delete_project_assignments(project_id)
PROVIDERS.assignment_api.delete_project_assignments(project_id)
# Invalidate user role assignments cache region, as it may
# be caching role assignments where the target is
# the specified project
assignment.COMPUTED_ASSIGNMENTS_REGION.invalidate()
self.credential_api.delete_credentials_for_project(project_id)
self.trust_api.delete_trusts_for_project(project_id)
PROVIDERS.credential_api.delete_credentials_for_project(project_id)
PROVIDERS.trust_api.delete_trusts_for_project(project_id)
finally:
# attempt to send audit event even if the cache invalidation raises
notifications.Audit.deleted(self._PROJECT, project_id, initiator)
@ -511,7 +514,9 @@ class Manager(manager.Manager):
return ret
def _filter_projects_list(self, projects_list, user_id):
user_projects = self.assignment_api.list_projects_for_user(user_id)
user_projects = PROVIDERS.assignment_api.list_projects_for_user(
user_id
)
user_projects_ids = set([proj['id'] for proj in user_projects])
# Keep only the projects present in user_projects
return [proj for proj in projects_list
@ -773,8 +778,8 @@ class Manager(manager.Manager):
self.get_domain.invalidate(self, domain_id)
self.get_domain_by_name.invalidate(self, domain['name'])
# Delete any database stored domain config
self.domain_config_api.delete_config_options(domain_id)
self.domain_config_api.release_registration(domain_id)
PROVIDERS.domain_config_api.delete_config_options(domain_id)
PROVIDERS.domain_config_api.release_registration(domain_id)
finally:
# attempt to send audit event even if the cache invalidation raises
notifications.Audit.deleted(self._DOMAIN, domain_id, initiator)