Use keystone.common.provider_api for resource APIs
This change converts the usage of self.<provider_api> to keystone.common.providers_api.ProviderAPIs.<provider_api> in manager and controller logic. This is the correct way to reference providers from other managers and controllers now that dependency injection has been eliminated. Change-Id: Id0305ce4e782dc8e8977dc7f802110148da2c901
This commit is contained in:
parent
1e21c52f3b
commit
bf548cb0fd
|
@ -18,6 +18,7 @@
|
|||
from six.moves import http_client
|
||||
|
||||
from keystone.common import controller
|
||||
from keystone.common import provider_api
|
||||
from keystone.common import validation
|
||||
from keystone.common import wsgi
|
||||
import keystone.conf
|
||||
|
@ -27,6 +28,7 @@ from keystone.resource import schema
|
|||
|
||||
|
||||
CONF = keystone.conf.CONF
|
||||
PROVIDERS = provider_api.ProviderAPIs
|
||||
|
||||
|
||||
class DomainV3(controller.V3Controller):
|
||||
|
@ -35,13 +37,13 @@ class DomainV3(controller.V3Controller):
|
|||
|
||||
def __init__(self):
|
||||
super(DomainV3, self).__init__()
|
||||
self.get_member_from_driver = self.resource_api.get_domain
|
||||
self.get_member_from_driver = PROVIDERS.resource_api.get_domain
|
||||
|
||||
@controller.protected()
|
||||
def create_domain(self, request, domain):
|
||||
validation.lazy_validate(schema.domain_create, domain)
|
||||
ref = self._assign_unique_id(self._normalize_dict(domain))
|
||||
ref = self.resource_api.create_domain(
|
||||
ref = PROVIDERS.resource_api.create_domain(
|
||||
ref['id'], ref, initiator=request.audit_initiator
|
||||
)
|
||||
return DomainV3.wrap_member(request.context_dict, ref)
|
||||
|
@ -49,27 +51,27 @@ class DomainV3(controller.V3Controller):
|
|||
@controller.filterprotected('enabled', 'name')
|
||||
def list_domains(self, request, filters):
|
||||
hints = DomainV3.build_driver_hints(request, filters)
|
||||
refs = self.resource_api.list_domains(hints=hints)
|
||||
refs = PROVIDERS.resource_api.list_domains(hints=hints)
|
||||
return DomainV3.wrap_collection(request.context_dict,
|
||||
refs, hints=hints)
|
||||
|
||||
@controller.protected()
|
||||
def get_domain(self, request, domain_id):
|
||||
ref = self.resource_api.get_domain(domain_id)
|
||||
ref = PROVIDERS.resource_api.get_domain(domain_id)
|
||||
return DomainV3.wrap_member(request.context_dict, ref)
|
||||
|
||||
@controller.protected()
|
||||
def update_domain(self, request, domain_id, domain):
|
||||
validation.lazy_validate(schema.domain_update, domain)
|
||||
self._require_matching_id(domain_id, domain)
|
||||
ref = self.resource_api.update_domain(
|
||||
ref = PROVIDERS.resource_api.update_domain(
|
||||
domain_id, domain, initiator=request.audit_initiator
|
||||
)
|
||||
return DomainV3.wrap_member(request.context_dict, ref)
|
||||
|
||||
@controller.protected()
|
||||
def delete_domain(self, request, domain_id):
|
||||
return self.resource_api.delete_domain(
|
||||
return PROVIDERS.resource_api.delete_domain(
|
||||
domain_id, initiator=request.audit_initiator
|
||||
)
|
||||
|
||||
|
@ -79,10 +81,13 @@ class DomainConfigV3(controller.V3Controller):
|
|||
|
||||
@controller.protected()
|
||||
def create_domain_config(self, request, domain_id, config):
|
||||
self.resource_api.get_domain(domain_id)
|
||||
PROVIDERS.resource_api.get_domain(domain_id)
|
||||
original_config = (
|
||||
self.domain_config_api.get_config_with_sensitive_info(domain_id))
|
||||
ref = self.domain_config_api.create_config(domain_id, config)
|
||||
PROVIDERS.domain_config_api.get_config_with_sensitive_info(
|
||||
domain_id
|
||||
)
|
||||
)
|
||||
ref = PROVIDERS.domain_config_api.create_config(domain_id, config)
|
||||
if original_config:
|
||||
# Return status code 200, since config already existed
|
||||
return wsgi.render_response(body={self.member_name: ref})
|
||||
|
@ -106,44 +111,44 @@ class DomainConfigV3(controller.V3Controller):
|
|||
@controller.protected()
|
||||
def get_security_compliance_domain_config(self, request, domain_id,
|
||||
group=None, option=None):
|
||||
ref = self.domain_config_api.get_security_compliance_config(
|
||||
ref = PROVIDERS.domain_config_api.get_security_compliance_config(
|
||||
domain_id, group, option=option
|
||||
)
|
||||
return {self.member_name: ref}
|
||||
|
||||
@controller.protected()
|
||||
def get_domain_config(self, request, domain_id, group=None, option=None):
|
||||
self.resource_api.get_domain(domain_id)
|
||||
ref = self.domain_config_api.get_config(domain_id, group, option)
|
||||
PROVIDERS.resource_api.get_domain(domain_id)
|
||||
ref = PROVIDERS.domain_config_api.get_config(domain_id, group, option)
|
||||
return {self.member_name: ref}
|
||||
|
||||
@controller.protected()
|
||||
def update_domain_config(
|
||||
self, request, domain_id, config, group, option):
|
||||
self.resource_api.get_domain(domain_id)
|
||||
ref = self.domain_config_api.update_config(
|
||||
PROVIDERS.resource_api.get_domain(domain_id)
|
||||
ref = PROVIDERS.domain_config_api.update_config(
|
||||
domain_id, config, group, option)
|
||||
return wsgi.render_response(body={self.member_name: ref})
|
||||
|
||||
def update_domain_config_group(self, context, domain_id, group, config):
|
||||
self.resource_api.get_domain(domain_id)
|
||||
PROVIDERS.resource_api.get_domain(domain_id)
|
||||
return self.update_domain_config(
|
||||
context, domain_id, config, group, option=None)
|
||||
|
||||
def update_domain_config_only(self, context, domain_id, config):
|
||||
self.resource_api.get_domain(domain_id)
|
||||
PROVIDERS.resource_api.get_domain(domain_id)
|
||||
return self.update_domain_config(
|
||||
context, domain_id, config, group=None, option=None)
|
||||
|
||||
@controller.protected()
|
||||
def delete_domain_config(
|
||||
self, request, domain_id, group=None, option=None):
|
||||
self.resource_api.get_domain(domain_id)
|
||||
self.domain_config_api.delete_config(domain_id, group, option)
|
||||
PROVIDERS.resource_api.get_domain(domain_id)
|
||||
PROVIDERS.domain_config_api.delete_config(domain_id, group, option)
|
||||
|
||||
@controller.protected()
|
||||
def get_domain_config_default(self, request, group=None, option=None):
|
||||
ref = self.domain_config_api.get_config_default(group, option)
|
||||
ref = PROVIDERS.domain_config_api.get_config_default(group, option)
|
||||
return {self.member_name: ref}
|
||||
|
||||
|
||||
|
@ -153,7 +158,7 @@ class ProjectV3(controller.V3Controller):
|
|||
|
||||
def __init__(self):
|
||||
super(ProjectV3, self).__init__()
|
||||
self.get_member_from_driver = self.resource_api.get_project
|
||||
self.get_member_from_driver = PROVIDERS.resource_api.get_project
|
||||
|
||||
@controller.protected()
|
||||
def create_project(self, request, project):
|
||||
|
@ -169,7 +174,7 @@ class ProjectV3(controller.V3Controller):
|
|||
ref['parent_id'] = ref.get('domain_id')
|
||||
|
||||
try:
|
||||
ref = self.resource_api.create_project(
|
||||
ref = PROVIDERS.resource_api.create_project(
|
||||
ref['id'],
|
||||
ref,
|
||||
initiator=request.audit_initiator)
|
||||
|
@ -191,7 +196,7 @@ class ProjectV3(controller.V3Controller):
|
|||
for t in tag_params:
|
||||
if t in request.params:
|
||||
hints.add_filter(t, request.params[t])
|
||||
refs = self.resource_api.list_projects(hints=hints)
|
||||
refs = PROVIDERS.resource_api.list_projects(hints=hints)
|
||||
return ProjectV3.wrap_collection(request.context_dict,
|
||||
refs, hints=hints)
|
||||
|
||||
|
@ -222,25 +227,30 @@ class ProjectV3(controller.V3Controller):
|
|||
raise exception.ValidationError(msg)
|
||||
|
||||
if parents_as_list:
|
||||
parents = self.resource_api.list_project_parents(
|
||||
parents = PROVIDERS.resource_api.list_project_parents(
|
||||
ref['id'], request.context.user_id)
|
||||
ref['parents'] = [ProjectV3.wrap_member(context, p)
|
||||
for p in parents]
|
||||
elif parents_as_ids:
|
||||
ref['parents'] = self.resource_api.get_project_parents_as_ids(ref)
|
||||
ref['parents'] = PROVIDERS.resource_api.get_project_parents_as_ids(
|
||||
ref
|
||||
)
|
||||
|
||||
if subtree_as_list:
|
||||
subtree = self.resource_api.list_projects_in_subtree(
|
||||
subtree = PROVIDERS.resource_api.list_projects_in_subtree(
|
||||
ref['id'], request.context.user_id)
|
||||
ref['subtree'] = [ProjectV3.wrap_member(context, p)
|
||||
for p in subtree]
|
||||
elif subtree_as_ids:
|
||||
ref['subtree'] = self.resource_api.get_projects_in_subtree_as_ids(
|
||||
ref['id'])
|
||||
ref['subtree'] = (
|
||||
PROVIDERS.resource_api.get_projects_in_subtree_as_ids(
|
||||
ref['id']
|
||||
)
|
||||
)
|
||||
|
||||
@controller.protected()
|
||||
def get_project(self, request, project_id):
|
||||
ref = self.resource_api.get_project(project_id)
|
||||
ref = PROVIDERS.resource_api.get_project(project_id)
|
||||
self._expand_project_ref(request, ref)
|
||||
return ProjectV3.wrap_member(request.context_dict, ref)
|
||||
|
||||
|
@ -248,7 +258,7 @@ class ProjectV3(controller.V3Controller):
|
|||
def update_project(self, request, project_id, project):
|
||||
validation.lazy_validate(schema.project_update, project)
|
||||
self._require_matching_id(project_id, project)
|
||||
ref = self.resource_api.update_project(
|
||||
ref = PROVIDERS.resource_api.update_project(
|
||||
project_id,
|
||||
project,
|
||||
initiator=request.audit_initiator)
|
||||
|
@ -256,7 +266,7 @@ class ProjectV3(controller.V3Controller):
|
|||
|
||||
@controller.protected()
|
||||
def delete_project(self, request, project_id):
|
||||
return self.resource_api.delete_project(
|
||||
return PROVIDERS.resource_api.delete_project(
|
||||
project_id,
|
||||
initiator=request.audit_initiator)
|
||||
|
||||
|
@ -267,7 +277,7 @@ class ProjectTagV3(controller.V3Controller):
|
|||
|
||||
def __init__(self):
|
||||
super(ProjectTagV3, self).__init__()
|
||||
self.get_member_from_driver = self.resource_api.get_project_tag
|
||||
self.get_member_from_driver = PROVIDERS.resource_api.get_project_tag
|
||||
|
||||
@classmethod
|
||||
def wrap_member(cls, context, ref):
|
||||
|
@ -293,34 +303,34 @@ class ProjectTagV3(controller.V3Controller):
|
|||
def create_project_tag(self, request, project_id, value):
|
||||
validation.lazy_validate(schema.project_tag_create, value)
|
||||
# Check if we will exceed the max number of tags on this project
|
||||
tags = self.resource_api.list_project_tags(project_id)
|
||||
tags = PROVIDERS.resource_api.list_project_tags(project_id)
|
||||
tags.append(value)
|
||||
validation.lazy_validate(schema.project_tags_update, tags)
|
||||
self.resource_api.create_project_tag(
|
||||
PROVIDERS.resource_api.create_project_tag(
|
||||
project_id, value, initiator=request.audit_initiator)
|
||||
query = '/'.join((project_id, 'tags', value))
|
||||
return ProjectTagV3.wrap_header(request.context_dict, query)
|
||||
|
||||
@controller.protected()
|
||||
def get_project_tag(self, request, project_id, value):
|
||||
self.resource_api.get_project_tag(project_id, value)
|
||||
PROVIDERS.resource_api.get_project_tag(project_id, value)
|
||||
|
||||
@controller.protected()
|
||||
def delete_project_tag(self, request, project_id, value):
|
||||
self.resource_api.delete_project_tag(project_id, value)
|
||||
PROVIDERS.resource_api.delete_project_tag(project_id, value)
|
||||
|
||||
@controller.protected()
|
||||
def list_project_tags(self, request, project_id):
|
||||
ref = self.resource_api.list_project_tags(project_id)
|
||||
ref = PROVIDERS.resource_api.list_project_tags(project_id)
|
||||
return ProjectTagV3.wrap_member(request.context_dict, ref)
|
||||
|
||||
@controller.protected()
|
||||
def update_project_tags(self, request, project_id, tags):
|
||||
validation.lazy_validate(schema.project_tags_update, tags)
|
||||
ref = self.resource_api.update_project_tags(
|
||||
ref = PROVIDERS.resource_api.update_project_tags(
|
||||
project_id, tags, initiator=request.audit_initiator)
|
||||
return ProjectTagV3.wrap_member(request.context_dict, ref)
|
||||
|
||||
@controller.protected()
|
||||
def delete_project_tags(self, request, project_id):
|
||||
self.resource_api.update_project_tags(project_id, [])
|
||||
PROVIDERS.resource_api.update_project_tags(project_id, [])
|
||||
|
|
|
@ -20,6 +20,7 @@ from keystone.common import cache
|
|||
from keystone.common import clean
|
||||
from keystone.common import driver_hints
|
||||
from keystone.common import manager
|
||||
from keystone.common import provider_api
|
||||
from keystone.common import utils
|
||||
import keystone.conf
|
||||
from keystone import exception
|
||||
|
@ -32,6 +33,8 @@ from keystone.token import provider as token_provider
|
|||
CONF = keystone.conf.CONF
|
||||
LOG = log.getLogger(__name__)
|
||||
MEMOIZE = cache.get_memoization_decorator(group='resource')
|
||||
PROVIDERS = provider_api.ProviderAPIs
|
||||
|
||||
|
||||
TAG_SEARCH_FILTERS = ('tags', 'tags-any', 'not-tags', 'not-tags-any')
|
||||
|
||||
|
@ -89,7 +92,7 @@ class Manager(manager.Manager):
|
|||
:raises keystone.exception.ValidationError: If one of the constraints
|
||||
was not satisfied.
|
||||
"""
|
||||
if (not self.identity_api.multiple_domains_supported and
|
||||
if (not PROVIDERS.identity_api.multiple_domains_supported and
|
||||
project_ref['id'] != CONF.identity.default_domain_id):
|
||||
raise exception.ValidationError(
|
||||
message=_('Multiple domains are not supported'))
|
||||
|
@ -426,7 +429,7 @@ class Manager(manager.Manager):
|
|||
|
||||
def _pre_delete_cleanup_project(self, project_id):
|
||||
project_user_ids = (
|
||||
self.assignment_api.list_user_ids_for_project(project_id))
|
||||
PROVIDERS.assignment_api.list_user_ids_for_project(project_id))
|
||||
for user_id in project_user_ids:
|
||||
payload = {'user_id': user_id, 'project_id': project_id}
|
||||
notifications.Audit.internal(
|
||||
|
@ -440,13 +443,13 @@ class Manager(manager.Manager):
|
|||
self.get_project.invalidate(self, project_id)
|
||||
self.get_project_by_name.invalidate(self, project['name'],
|
||||
project['domain_id'])
|
||||
self.assignment_api.delete_project_assignments(project_id)
|
||||
PROVIDERS.assignment_api.delete_project_assignments(project_id)
|
||||
# Invalidate user role assignments cache region, as it may
|
||||
# be caching role assignments where the target is
|
||||
# the specified project
|
||||
assignment.COMPUTED_ASSIGNMENTS_REGION.invalidate()
|
||||
self.credential_api.delete_credentials_for_project(project_id)
|
||||
self.trust_api.delete_trusts_for_project(project_id)
|
||||
PROVIDERS.credential_api.delete_credentials_for_project(project_id)
|
||||
PROVIDERS.trust_api.delete_trusts_for_project(project_id)
|
||||
finally:
|
||||
# attempt to send audit event even if the cache invalidation raises
|
||||
notifications.Audit.deleted(self._PROJECT, project_id, initiator)
|
||||
|
@ -511,7 +514,9 @@ class Manager(manager.Manager):
|
|||
return ret
|
||||
|
||||
def _filter_projects_list(self, projects_list, user_id):
|
||||
user_projects = self.assignment_api.list_projects_for_user(user_id)
|
||||
user_projects = PROVIDERS.assignment_api.list_projects_for_user(
|
||||
user_id
|
||||
)
|
||||
user_projects_ids = set([proj['id'] for proj in user_projects])
|
||||
# Keep only the projects present in user_projects
|
||||
return [proj for proj in projects_list
|
||||
|
@ -773,8 +778,8 @@ class Manager(manager.Manager):
|
|||
self.get_domain.invalidate(self, domain_id)
|
||||
self.get_domain_by_name.invalidate(self, domain['name'])
|
||||
# Delete any database stored domain config
|
||||
self.domain_config_api.delete_config_options(domain_id)
|
||||
self.domain_config_api.release_registration(domain_id)
|
||||
PROVIDERS.domain_config_api.delete_config_options(domain_id)
|
||||
PROVIDERS.domain_config_api.release_registration(domain_id)
|
||||
finally:
|
||||
# attempt to send audit event even if the cache invalidation raises
|
||||
notifications.Audit.deleted(self._DOMAIN, domain_id, initiator)
|
||||
|
|
Loading…
Reference in New Issue