From bf548cb0fda8564dd1ea70368e49da059d4d75d0 Mon Sep 17 00:00:00 2001 From: Lance Bragstad Date: Wed, 27 Dec 2017 17:30:00 +0000 Subject: [PATCH] Use keystone.common.provider_api for resource APIs This change converts the usage of self. to keystone.common.providers_api.ProviderAPIs. in manager and controller logic. This is the correct way to reference providers from other managers and controllers now that dependency injection has been eliminated. Change-Id: Id0305ce4e782dc8e8977dc7f802110148da2c901 --- keystone/resource/controllers.py | 86 ++++++++++++++++++-------------- keystone/resource/core.py | 21 +++++--- 2 files changed, 61 insertions(+), 46 deletions(-) diff --git a/keystone/resource/controllers.py b/keystone/resource/controllers.py index b51cc7b6fe..1725f42641 100644 --- a/keystone/resource/controllers.py +++ b/keystone/resource/controllers.py @@ -18,6 +18,7 @@ from six.moves import http_client from keystone.common import controller +from keystone.common import provider_api from keystone.common import validation from keystone.common import wsgi import keystone.conf @@ -27,6 +28,7 @@ from keystone.resource import schema CONF = keystone.conf.CONF +PROVIDERS = provider_api.ProviderAPIs class DomainV3(controller.V3Controller): @@ -35,13 +37,13 @@ class DomainV3(controller.V3Controller): def __init__(self): super(DomainV3, self).__init__() - self.get_member_from_driver = self.resource_api.get_domain + self.get_member_from_driver = PROVIDERS.resource_api.get_domain @controller.protected() def create_domain(self, request, domain): validation.lazy_validate(schema.domain_create, domain) ref = self._assign_unique_id(self._normalize_dict(domain)) - ref = self.resource_api.create_domain( + ref = PROVIDERS.resource_api.create_domain( ref['id'], ref, initiator=request.audit_initiator ) return DomainV3.wrap_member(request.context_dict, ref) @@ -49,27 +51,27 @@ class DomainV3(controller.V3Controller): @controller.filterprotected('enabled', 'name') def list_domains(self, request, filters): hints = DomainV3.build_driver_hints(request, filters) - refs = self.resource_api.list_domains(hints=hints) + refs = PROVIDERS.resource_api.list_domains(hints=hints) return DomainV3.wrap_collection(request.context_dict, refs, hints=hints) @controller.protected() def get_domain(self, request, domain_id): - ref = self.resource_api.get_domain(domain_id) + ref = PROVIDERS.resource_api.get_domain(domain_id) return DomainV3.wrap_member(request.context_dict, ref) @controller.protected() def update_domain(self, request, domain_id, domain): validation.lazy_validate(schema.domain_update, domain) self._require_matching_id(domain_id, domain) - ref = self.resource_api.update_domain( + ref = PROVIDERS.resource_api.update_domain( domain_id, domain, initiator=request.audit_initiator ) return DomainV3.wrap_member(request.context_dict, ref) @controller.protected() def delete_domain(self, request, domain_id): - return self.resource_api.delete_domain( + return PROVIDERS.resource_api.delete_domain( domain_id, initiator=request.audit_initiator ) @@ -79,10 +81,13 @@ class DomainConfigV3(controller.V3Controller): @controller.protected() def create_domain_config(self, request, domain_id, config): - self.resource_api.get_domain(domain_id) + PROVIDERS.resource_api.get_domain(domain_id) original_config = ( - self.domain_config_api.get_config_with_sensitive_info(domain_id)) - ref = self.domain_config_api.create_config(domain_id, config) + PROVIDERS.domain_config_api.get_config_with_sensitive_info( + domain_id + ) + ) + ref = PROVIDERS.domain_config_api.create_config(domain_id, config) if original_config: # Return status code 200, since config already existed return wsgi.render_response(body={self.member_name: ref}) @@ -106,44 +111,44 @@ class DomainConfigV3(controller.V3Controller): @controller.protected() def get_security_compliance_domain_config(self, request, domain_id, group=None, option=None): - ref = self.domain_config_api.get_security_compliance_config( + ref = PROVIDERS.domain_config_api.get_security_compliance_config( domain_id, group, option=option ) return {self.member_name: ref} @controller.protected() def get_domain_config(self, request, domain_id, group=None, option=None): - self.resource_api.get_domain(domain_id) - ref = self.domain_config_api.get_config(domain_id, group, option) + PROVIDERS.resource_api.get_domain(domain_id) + ref = PROVIDERS.domain_config_api.get_config(domain_id, group, option) return {self.member_name: ref} @controller.protected() def update_domain_config( self, request, domain_id, config, group, option): - self.resource_api.get_domain(domain_id) - ref = self.domain_config_api.update_config( + PROVIDERS.resource_api.get_domain(domain_id) + ref = PROVIDERS.domain_config_api.update_config( domain_id, config, group, option) return wsgi.render_response(body={self.member_name: ref}) def update_domain_config_group(self, context, domain_id, group, config): - self.resource_api.get_domain(domain_id) + PROVIDERS.resource_api.get_domain(domain_id) return self.update_domain_config( context, domain_id, config, group, option=None) def update_domain_config_only(self, context, domain_id, config): - self.resource_api.get_domain(domain_id) + PROVIDERS.resource_api.get_domain(domain_id) return self.update_domain_config( context, domain_id, config, group=None, option=None) @controller.protected() def delete_domain_config( self, request, domain_id, group=None, option=None): - self.resource_api.get_domain(domain_id) - self.domain_config_api.delete_config(domain_id, group, option) + PROVIDERS.resource_api.get_domain(domain_id) + PROVIDERS.domain_config_api.delete_config(domain_id, group, option) @controller.protected() def get_domain_config_default(self, request, group=None, option=None): - ref = self.domain_config_api.get_config_default(group, option) + ref = PROVIDERS.domain_config_api.get_config_default(group, option) return {self.member_name: ref} @@ -153,7 +158,7 @@ class ProjectV3(controller.V3Controller): def __init__(self): super(ProjectV3, self).__init__() - self.get_member_from_driver = self.resource_api.get_project + self.get_member_from_driver = PROVIDERS.resource_api.get_project @controller.protected() def create_project(self, request, project): @@ -169,7 +174,7 @@ class ProjectV3(controller.V3Controller): ref['parent_id'] = ref.get('domain_id') try: - ref = self.resource_api.create_project( + ref = PROVIDERS.resource_api.create_project( ref['id'], ref, initiator=request.audit_initiator) @@ -191,7 +196,7 @@ class ProjectV3(controller.V3Controller): for t in tag_params: if t in request.params: hints.add_filter(t, request.params[t]) - refs = self.resource_api.list_projects(hints=hints) + refs = PROVIDERS.resource_api.list_projects(hints=hints) return ProjectV3.wrap_collection(request.context_dict, refs, hints=hints) @@ -222,25 +227,30 @@ class ProjectV3(controller.V3Controller): raise exception.ValidationError(msg) if parents_as_list: - parents = self.resource_api.list_project_parents( + parents = PROVIDERS.resource_api.list_project_parents( ref['id'], request.context.user_id) ref['parents'] = [ProjectV3.wrap_member(context, p) for p in parents] elif parents_as_ids: - ref['parents'] = self.resource_api.get_project_parents_as_ids(ref) + ref['parents'] = PROVIDERS.resource_api.get_project_parents_as_ids( + ref + ) if subtree_as_list: - subtree = self.resource_api.list_projects_in_subtree( + subtree = PROVIDERS.resource_api.list_projects_in_subtree( ref['id'], request.context.user_id) ref['subtree'] = [ProjectV3.wrap_member(context, p) for p in subtree] elif subtree_as_ids: - ref['subtree'] = self.resource_api.get_projects_in_subtree_as_ids( - ref['id']) + ref['subtree'] = ( + PROVIDERS.resource_api.get_projects_in_subtree_as_ids( + ref['id'] + ) + ) @controller.protected() def get_project(self, request, project_id): - ref = self.resource_api.get_project(project_id) + ref = PROVIDERS.resource_api.get_project(project_id) self._expand_project_ref(request, ref) return ProjectV3.wrap_member(request.context_dict, ref) @@ -248,7 +258,7 @@ class ProjectV3(controller.V3Controller): def update_project(self, request, project_id, project): validation.lazy_validate(schema.project_update, project) self._require_matching_id(project_id, project) - ref = self.resource_api.update_project( + ref = PROVIDERS.resource_api.update_project( project_id, project, initiator=request.audit_initiator) @@ -256,7 +266,7 @@ class ProjectV3(controller.V3Controller): @controller.protected() def delete_project(self, request, project_id): - return self.resource_api.delete_project( + return PROVIDERS.resource_api.delete_project( project_id, initiator=request.audit_initiator) @@ -267,7 +277,7 @@ class ProjectTagV3(controller.V3Controller): def __init__(self): super(ProjectTagV3, self).__init__() - self.get_member_from_driver = self.resource_api.get_project_tag + self.get_member_from_driver = PROVIDERS.resource_api.get_project_tag @classmethod def wrap_member(cls, context, ref): @@ -293,34 +303,34 @@ class ProjectTagV3(controller.V3Controller): def create_project_tag(self, request, project_id, value): validation.lazy_validate(schema.project_tag_create, value) # Check if we will exceed the max number of tags on this project - tags = self.resource_api.list_project_tags(project_id) + tags = PROVIDERS.resource_api.list_project_tags(project_id) tags.append(value) validation.lazy_validate(schema.project_tags_update, tags) - self.resource_api.create_project_tag( + PROVIDERS.resource_api.create_project_tag( project_id, value, initiator=request.audit_initiator) query = '/'.join((project_id, 'tags', value)) return ProjectTagV3.wrap_header(request.context_dict, query) @controller.protected() def get_project_tag(self, request, project_id, value): - self.resource_api.get_project_tag(project_id, value) + PROVIDERS.resource_api.get_project_tag(project_id, value) @controller.protected() def delete_project_tag(self, request, project_id, value): - self.resource_api.delete_project_tag(project_id, value) + PROVIDERS.resource_api.delete_project_tag(project_id, value) @controller.protected() def list_project_tags(self, request, project_id): - ref = self.resource_api.list_project_tags(project_id) + ref = PROVIDERS.resource_api.list_project_tags(project_id) return ProjectTagV3.wrap_member(request.context_dict, ref) @controller.protected() def update_project_tags(self, request, project_id, tags): validation.lazy_validate(schema.project_tags_update, tags) - ref = self.resource_api.update_project_tags( + ref = PROVIDERS.resource_api.update_project_tags( project_id, tags, initiator=request.audit_initiator) return ProjectTagV3.wrap_member(request.context_dict, ref) @controller.protected() def delete_project_tags(self, request, project_id): - self.resource_api.update_project_tags(project_id, []) + PROVIDERS.resource_api.update_project_tags(project_id, []) diff --git a/keystone/resource/core.py b/keystone/resource/core.py index d8335e4fe7..efd9077806 100644 --- a/keystone/resource/core.py +++ b/keystone/resource/core.py @@ -20,6 +20,7 @@ from keystone.common import cache from keystone.common import clean from keystone.common import driver_hints from keystone.common import manager +from keystone.common import provider_api from keystone.common import utils import keystone.conf from keystone import exception @@ -32,6 +33,8 @@ from keystone.token import provider as token_provider CONF = keystone.conf.CONF LOG = log.getLogger(__name__) MEMOIZE = cache.get_memoization_decorator(group='resource') +PROVIDERS = provider_api.ProviderAPIs + TAG_SEARCH_FILTERS = ('tags', 'tags-any', 'not-tags', 'not-tags-any') @@ -89,7 +92,7 @@ class Manager(manager.Manager): :raises keystone.exception.ValidationError: If one of the constraints was not satisfied. """ - if (not self.identity_api.multiple_domains_supported and + if (not PROVIDERS.identity_api.multiple_domains_supported and project_ref['id'] != CONF.identity.default_domain_id): raise exception.ValidationError( message=_('Multiple domains are not supported')) @@ -426,7 +429,7 @@ class Manager(manager.Manager): def _pre_delete_cleanup_project(self, project_id): project_user_ids = ( - self.assignment_api.list_user_ids_for_project(project_id)) + PROVIDERS.assignment_api.list_user_ids_for_project(project_id)) for user_id in project_user_ids: payload = {'user_id': user_id, 'project_id': project_id} notifications.Audit.internal( @@ -440,13 +443,13 @@ class Manager(manager.Manager): self.get_project.invalidate(self, project_id) self.get_project_by_name.invalidate(self, project['name'], project['domain_id']) - self.assignment_api.delete_project_assignments(project_id) + PROVIDERS.assignment_api.delete_project_assignments(project_id) # Invalidate user role assignments cache region, as it may # be caching role assignments where the target is # the specified project assignment.COMPUTED_ASSIGNMENTS_REGION.invalidate() - self.credential_api.delete_credentials_for_project(project_id) - self.trust_api.delete_trusts_for_project(project_id) + PROVIDERS.credential_api.delete_credentials_for_project(project_id) + PROVIDERS.trust_api.delete_trusts_for_project(project_id) finally: # attempt to send audit event even if the cache invalidation raises notifications.Audit.deleted(self._PROJECT, project_id, initiator) @@ -511,7 +514,9 @@ class Manager(manager.Manager): return ret def _filter_projects_list(self, projects_list, user_id): - user_projects = self.assignment_api.list_projects_for_user(user_id) + user_projects = PROVIDERS.assignment_api.list_projects_for_user( + user_id + ) user_projects_ids = set([proj['id'] for proj in user_projects]) # Keep only the projects present in user_projects return [proj for proj in projects_list @@ -773,8 +778,8 @@ class Manager(manager.Manager): self.get_domain.invalidate(self, domain_id) self.get_domain_by_name.invalidate(self, domain['name']) # Delete any database stored domain config - self.domain_config_api.delete_config_options(domain_id) - self.domain_config_api.release_registration(domain_id) + PROVIDERS.domain_config_api.delete_config_options(domain_id) + PROVIDERS.domain_config_api.release_registration(domain_id) finally: # attempt to send audit event even if the cache invalidation raises notifications.Audit.deleted(self._DOMAIN, domain_id, initiator)