diff options
| author | Yogeshwar Srikrishnan <yoga80@yahoo.com> | 2011-06-17 10:46:27 -0500 |
|---|---|---|
| committer | Yogeshwar Srikrishnan <yoga80@yahoo.com> | 2011-06-17 10:46:27 -0500 |
| commit | 12ba4271ffa6889afbb1e2544b10125f74bde5d6 (patch) | |
| tree | c65e7aa39b24c1fe7dd5cf97dd1123d191f82191 | |
| parent | ca5ba70f68311c435531167a8e89f465507cf078 (diff) | |
| parent | c3ac911f7cf70c6e8debc7c31d347795c3c6a7d3 (diff) | |
Merging changes from rackspace.
| -rwxr-xr-x | bin/keystone-manage | 2 | ||||
| -rwxr-xr-x | bin/sampledata.sh | 4 | ||||
| -rwxr-xr-x | etc/keystone.conf | 4 | ||||
| -rw-r--r-- | keystone/db/sqlalchemy/__init__.py | 78 | ||||
| -rwxr-xr-x | keystone/db/sqlalchemy/api.py | 1318 | ||||
| -rw-r--r-- | keystone/db/sqlalchemy/api/__init__.py | 1 | ||||
| -rw-r--r-- | keystone/db/sqlalchemy/api/baseurl.py | 185 | ||||
| -rw-r--r-- | keystone/db/sqlalchemy/api/group.py | 170 | ||||
| -rw-r--r-- | keystone/db/sqlalchemy/api/role.py | 174 | ||||
| -rwxr-xr-x | keystone/db/sqlalchemy/api/tenant.py | 197 | ||||
| -rw-r--r-- | keystone/db/sqlalchemy/api/tenant_group.py | 118 | ||||
| -rw-r--r-- | keystone/db/sqlalchemy/api/token.py | 61 | ||||
| -rw-r--r-- | keystone/db/sqlalchemy/api/user.py | 421 | ||||
| -rw-r--r-- | keystone/db/sqlalchemy/models.py | 9 | ||||
| -rw-r--r-- | keystone/frontends/legacy_token_auth.py | 12 | ||||
| -rwxr-xr-x | keystone/logic/service.py | 344 | ||||
| -rwxr-xr-x | keystone/server.py | 9 | ||||
| -rw-r--r-- | keystone/test/unit/base.py | 24 | ||||
| -rwxr-xr-x | keystone/test/unit/test_BaseURLs.py | 36 | ||||
| -rwxr-xr-x | keystone/test/unit/test_authentication.py | 5 | ||||
| -rwxr-xr-x | keystone/test/unit/test_common.py | 14 | ||||
| -rwxr-xr-x | keystone/test/unit/test_roles.py | 6 |
22 files changed, 1639 insertions, 1553 deletions
diff --git a/bin/keystone-manage b/bin/keystone-manage index df8d055b..a3b986c9 100755 --- a/bin/keystone-manage +++ b/bin/keystone-manage @@ -253,7 +253,7 @@ def Main(): if tenant != None: object.tenant_id = tenant db_api.user_role_add(object) - print "SUCCESS: Granted %s the %s role on %s." %\ + print "SUCCESS: Granted %s the %s role on %s." % \ (object.user_id, object.role_id, object.tenant_id) except Exception as exc: print "ERROR: Failed to grant role %s to %s on %s: %s" % (object_id, user, tenant, exc) diff --git a/bin/sampledata.sh b/bin/sampledata.sh index 3f8fc86c..6f73e06c 100755 --- a/bin/sampledata.sh +++ b/bin/sampledata.sh @@ -39,7 +39,8 @@ #BaseURLs ./keystone-manage $* baseURLs add RegionOne swift http://swift.publicinternets.com/v1/AUTH_%tenant_id% http://swift.admin-nets.local:8080/ http://127.0.0.1:8080/v1/AUTH_%tenant_id% 1 -./keystone-manage $* baseURLs add RegionOne nova http://nova.publicinternets.com/v1.1/%tenant_id% http://127.0.0.1:8774/v1.1 http://127.0.0.1:8774/v1.1/%tenant_id% 1 +./keystone-manage $* baseURLs add RegionOne nova_compat http://nova.publicinternets.com/v1.0/ http://127.0.0.1:8774/v1.0 http://localhost:8774/v1.0 1 +./keystone-manage $* baseURLs add RegionOne nova http://nova.publicinternets.com/v1.1/ http://127.0.0.1:8774/v1.1 http://localhost:8774/v1.1 1 ./keystone-manage $* baseURLs add RegionOne glance http://glance.publicinternets.com/v1.1/%tenant_id% http://nova.admin-nets.local/v1.1/%tenant_id% http://127.0.0.1:9292/v1.1/%tenant_id% 1 ./keystone-manage $* baseURLs add RegionOne cdn http://cdn.publicinternets.com/v1.1/%tenant_id% http://cdn.admin-nets.local/v1.1/%tenant_id% http://127.0.0.1:7777/v1.1/%tenant_id% 1 ./keystone-manage $* baseURLs add RegionOne keystone http://keystone.publicinternets.com/v2.0 http://127.0.0.1:8081/v2.0 http://127.0.0.1:8080/v2.0 1 @@ -66,3 +67,4 @@ ./keystone-manage $* tenant_baseURL add 1234 3 ./keystone-manage $* tenant_baseURL add 1234 4 ./keystone-manage $* tenant_baseURL add 1234 5 +./keystone-manage $* tenant_baseURL add 1234 6 diff --git a/etc/keystone.conf b/etc/keystone.conf index db0eeb44..c0fa1353 100755 --- a/etc/keystone.conf +++ b/etc/keystone.conf @@ -12,7 +12,6 @@ default_store = sqlite # Log to this file. Make sure you do not set the same log # file for both the API and registry servers! -# #log_file = /var/log/keystone.log log_file = keystone.log @@ -23,7 +22,6 @@ sql_connection = sqlite:///../keystone/keystone.db # Period in seconds after which SQLAlchemy should reestablish its connection # to the database. -# sql_idle_timeout = 30 #Dictionary Maps every service to a header.Missing services would get header X_(SERVICE_NAME) Key => Service Name, Value => Header Name @@ -44,7 +42,6 @@ bind_host = 0.0.0.0 # Port the bind the Admin API server to bind_port = 8081 - [app:server] paste.app_factory = keystone.server:app_factory @@ -55,4 +52,3 @@ pipeline = [filter:legacy_auth] paste.filter_factory = keystone.frontends.legacy_token_auth:filter_factory - diff --git a/keystone/db/sqlalchemy/__init__.py b/keystone/db/sqlalchemy/__init__.py index e69de29b..bdb9a5ba 100644 --- a/keystone/db/sqlalchemy/__init__.py +++ b/keystone/db/sqlalchemy/__init__.py @@ -0,0 +1,78 @@ +# vim: tabstop=4 shiftwidth=4 softtabstop=4 + +# Copyright 2010 OpenStack LLC. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import logging + +from sqlalchemy import create_engine +from sqlalchemy.orm import joinedload, aliased, sessionmaker + +from keystone.common import config +from keystone.db.sqlalchemy import models + +_ENGINE = None +_MAKER = None +BASE = models.Base + + +def configure_db(options): + """ + Establish the database, create an engine if needed, and + register the models. + + :param options: Mapping of configuration options + """ + global _ENGINE + if not _ENGINE: + debug = config.get_option( + options, 'debug', type='bool', default=False) + verbose = config.get_option( + options, 'verbose', type='bool', default=False) + timeout = config.get_option( + options, 'sql_idle_timeout', type='int', default=3600) + _ENGINE = create_engine(options['sql_connection'], + pool_recycle=timeout) + logger = logging.getLogger('sqlalchemy.engine') + if debug: + logger.setLevel(logging.DEBUG) + elif verbose: + logger.setLevel(logging.INFO) + register_models() + + +def get_session(autocommit=True, expire_on_commit=False): + """Helper method to grab session""" + global _MAKER, _ENGINE + if not _MAKER: + assert _ENGINE + _MAKER = sessionmaker(bind=_ENGINE, + autocommit=autocommit, + expire_on_commit=expire_on_commit) + return _MAKER() + + +def register_models(): + """Register Models and create properties""" + global _ENGINE + assert _ENGINE + BASE.metadata.create_all(_ENGINE) + + +def unregister_models(): + """Unregister Models, useful clearing out data before testing""" + global _ENGINE + assert _ENGINE + BASE.metadata.drop_all(_ENGINE) diff --git a/keystone/db/sqlalchemy/api.py b/keystone/db/sqlalchemy/api.py deleted file mode 100755 index 89ab223f..00000000 --- a/keystone/db/sqlalchemy/api.py +++ /dev/null @@ -1,1318 +0,0 @@ -# vim: tabstop=4 shiftwidth=4 softtabstop=4 -# Copyright (c) 2010-2011 OpenStack, LLC. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -# implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# Not Yet PEP8 standardized - -import logging - -from sqlalchemy.orm import joinedload, aliased -from sqlalchemy import create_engine -from sqlalchemy.orm import sessionmaker -from keystone.common import config -import models - - -_ENGINE = None -_MAKER = None -BASE = models.Base - - -def configure_db(options): - """ - Establish the database, create an engine if needed, and - register the models. - - :param options: Mapping of configuration options - """ - global _ENGINE - if not _ENGINE: - debug = config.get_option( - options, 'debug', type='bool', default=False) - verbose = config.get_option( - options, 'verbose', type='bool', default=False) - timeout = config.get_option( - options, 'sql_idle_timeout', type='int', default=3600) - _ENGINE = create_engine(options['sql_connection'], - pool_recycle=timeout) - logger = logging.getLogger('sqlalchemy.engine') - if debug: - logger.setLevel(logging.DEBUG) - elif verbose: - logger.setLevel(logging.INFO) - register_models() - - -def get_session(autocommit=True, expire_on_commit=False): - """Helper method to grab session""" - global _MAKER, _ENGINE - if not _MAKER: - assert _ENGINE - _MAKER = sessionmaker(bind=_ENGINE, - autocommit=autocommit, - expire_on_commit=expire_on_commit) - return _MAKER() - - -def register_models(): - """Register Models and create properties""" - global _ENGINE - assert _ENGINE - BASE.metadata.create_all(_ENGINE) - - -def unregister_models(): - """Unregister Models, useful clearing out data before testing""" - global _ENGINE - assert _ENGINE - BASE.metadata.drop_all(_ENGINE) - - -# -# Role API operations -# -def role_create(values): - role_ref = models.Role() - role_ref.update(values) - role_ref.save() - return role_ref - - -def role_get(id, session=None): - if not session: - session = get_session() - result = session.query(models.Role).filter_by(id=id).first() - return result - - -def role_get_all(session=None): - if not session: - session = get_session() - return session.query(models.Role).all() - - -def role_get_page(marker, limit, session=None): - if not session: - session = get_session() - - if marker: - return session.query(models.Role).filter("id>:marker").params(\ - marker='%s' % marker).order_by(\ - models.Role.id.desc()).limit(limit).all() - else: - return session.query(models.Role).order_by(\ - models.Role.id.desc()).limit(limit).all() - - -def role_ref_get_page(marker, limit, user_id, session=None): - if not session: - session = get_session() - - if marker: - return session.query(models.UserRoleAssociation).\ - filter("id>:marker").params(\ - marker='%s' % marker).filter_by(user_id=user_id).order_by(\ - models.UserRoleAssociation.id.desc()).limit(limit).all() - else: - return session.query(models.UserRoleAssociation).\ - filter_by(user_id=user_id).order_by(\ - models.UserRoleAssociation.id.desc()).limit(limit).all() - - -def role_ref_get_all_global_roles(user_id, session=None): - if not session: - session = get_session() - return session.query(models.UserRoleAssociation).\ - filter_by(user_id=user_id).filter("tenant_id is null").all() - - -def role_ref_get_all_tenant_roles(user_id, tenant_id, session=None): - if not session: - session = get_session() - return session.query(models.UserRoleAssociation).\ - filter_by(user_id=user_id).filter_by(tenant_id=tenant_id).all() - - -def role_ref_get(id, session=None): - if not session: - session = get_session() - result = session.query(models.UserRoleAssociation).filter_by(id=id).first() - return result - - -def role_ref_delete(id, session=None): - if not session: - session = get_session() - with session.begin(): - role_ref = role_ref_get(id, session) - session.delete(role_ref) - - -# -# Tenant API operations -# -def tenant_create(values): - tenant_ref = models.Tenant() - tenant_ref.update(values) - tenant_ref.save() - return tenant_ref - - -def tenant_get(id, session=None): - if not session: - session = get_session() - result = session.query(models.Tenant).filter_by(id=id).first() - return result - - -def tenant_get_all(session=None): - if not session: - session = get_session() - return session.query(models.Tenant).all() - - -def tenants_for_user_get_page(user, marker, limit, session=None): - if not session: - session = get_session() - ura = aliased(models.UserRoleAssociation) - tenant = aliased(models.Tenant) - q1 = session.query(tenant).join((ura, ura.tenant_id == tenant.id)).\ - filter(ura.user_id == user.id) - q2 = session.query(tenant).filter(tenant.id == user.tenant_id) - q3 = q1.union(q2) - if marker: - return q3.filter("tenant.id>:marker").params(\ - marker='%s' % marker).order_by(\ - tenant.id.desc()).limit(limit).all() - else: - return q3.order_by(\ - tenant.id.desc()).limit(limit).all() - - -def tenants_for_user_get_page_markers(user, marker, limit, session=None): - if not session: - session = get_session() - ura = aliased(models.UserRoleAssociation) - tenant = aliased(models.Tenant) - q1 = session.query(tenant).join((ura, ura.tenant_id == tenant.id)).\ - filter(ura.user_id == user.id) - q2 = session.query(tenant).filter(tenant.id == user.tenant_id) - q3 = q1.union(q2) - - first = q3.order_by(\ - tenant.id).first() - last = q3.order_by(\ - tenant.id.desc()).first() - if first is None: - return (None, None) - if marker is None: - marker = first.id - next = q3.filter(tenant.id > marker).order_by(\ - tenant.id).limit(limit).all() - prev = q3.filter(tenant.id > marker).order_by(\ - tenant.id.desc()).limit(int(limit)).all() - if len(next) == 0: - next = last - else: - for t in next: - next = t - if len(prev) == 0: - prev = first - else: - for t in prev: - prev = t - if prev.id == marker: - prev = None - else: - prev = prev.id - if next.id == last.id: - next = None - else: - next = next.id - return (prev, next) - - -def tenant_get_page(marker, limit, session=None): - if not session: - session = get_session() - - if marker: - return session.query(models.Tenant).filter("id>:marker").params(\ - marker='%s' % marker).order_by(\ - models.Tenant.id.desc()).limit(limit).all() - else: - return session.query(models.Tenant).order_by(\ - models.Tenant.id.desc()).limit(limit).all() - - -def tenant_get_page_markers(marker, limit, session=None): - if not session: - session = get_session() - first = session.query(models.Tenant).order_by(\ - models.Tenant.id).first() - last = session.query(models.Tenant).order_by(\ - models.Tenant.id.desc()).first() - if first is None: - return (None, None) - if marker is None: - marker = first.id - next = session.query(models.Tenant).filter("id > :marker").params(\ - marker='%s' % marker).order_by(\ - models.Tenant.id).limit(limit).all() - prev = session.query(models.Tenant).filter("id < :marker").params(\ - marker='%s' % marker).order_by(\ - models.Tenant.id.desc()).limit(int(limit)).all() - if len(next) == 0: - next = last - else: - for t in next: - next = t - if len(prev) == 0: - prev = first - else: - for t in prev: - prev = t - if prev.id == marker: - prev = None - else: - prev = prev.id - if next.id == last.id: - next = None - else: - next = next.id - return (prev, next) - - -def tenant_is_empty(id, session=None): - if not session: - session = get_session() - a_user = session.query(models.UserRoleAssociation).filter_by(\ - tenant_id=id).first() - if a_user != None: - return False - a_group = session.query(models.Group).filter_by(tenant_id=id).first() - if a_group != None: - return False - a_user = session.query(models.User).filter_by(tenant_id=id).first() - if a_user != None: - return False - return True - - -def tenant_update(id, values, session=None): - if not session: - session = get_session() - with session.begin(): - tenant_ref = tenant_get(id, session) - tenant_ref.update(values) - tenant_ref.save(session=session) - - -def tenant_delete(id, session=None): - if not session: - session = get_session() - with session.begin(): - tenant_ref = tenant_get(id, session) - session.delete(tenant_ref) - - -# -# Tenant Group Operations API -# -def tenant_group_create(values): - group_ref = models.Group() - group_ref.update(values) - group_ref.save() - return group_ref - - -def tenant_group_is_empty(id, session=None): - if not session: - session = get_session() - a_user = session.query(models.UserGroupAssociation).filter_by( - group_id=id).first() - if a_user != None: - return False - return True - - -def tenant_group_get(id, tenant, session=None): - if not session: - session = get_session() - result = session.query(models.Group).filter_by(id=id, \ - tenant_id=tenant).first() - - return result - - -def tenant_group_get_page(tenantId, marker, limit, session=None): - if not session: - session = get_session() - - if marker: - return session.query(models.Group).filter("id>:marker").params(\ - marker='%s' % marker).filter_by(\ - tenant_id=tenantId).order_by(\ - models.Group.id.desc()).limit(limit).all() - else: - return session.query(models.Group).filter_by(tenant_id=tenantId)\ - .order_by(models.Group.id.desc()).limit(limit).all() - #return session.query(models.Tenant).all() - - -def tenant_group_get_page_markers(tenantId, marker, limit, session=None): - if not session: - session = get_session() - first = session.query(models.Group).filter_by(\ - tenant_id=tenantId).order_by(\ - models.Group.id).first() - last = session.query(models.Group).filter_by(\ - tenant_id=tenantId).order_by(\ - models.Group.id.desc()).first() - - if first is None: - return (None, None) - if marker is None: - marker = first.id - next = session.query(models.Group).filter("id > :marker").params(\ - marker='%s' % marker).filter_by(\ - tenant_id=tenantId).order_by(\ - models.Group.id).limit(limit).all() - prev = session.query(models.Group).filter("id < :marker").params(\ - marker='%s' % marker).filter_by(\ - tenant_id=tenantId).order_by(\ - models.Group.id.desc()).limit(int(limit)).all() - if len(next) == 0: - next = last - else: - for t in next: - next = t - if len(prev) == 0: - prev = first - else: - for t in prev: - prev = t - if prev.id == marker: - prev = None - else: - prev = prev.id - if next.id == last.id: - next = None - else: - next = next.id - return (prev, next) - - -def tenant_group_update(id, tenant_id, values, session=None): - if not session: - session = get_session() - with session.begin(): - tenant_ref = tenant_group_get(id, tenant_id, session) - tenant_ref.update(values) - tenant_ref.save(session=session) - - -def tenant_group_delete(id, tenant_id, session=None): - if not session: - session = get_session() - with session.begin(): - tenantgroup_ref = tenant_group_get(id, tenant_id, session) - session.delete(tenantgroup_ref) - - -def tenant_role_assignments_get(tenant_id, session=None): - if not session: - session = get_session() - return session.query(models.UserRoleAssociation).\ - filter_by(tenant_id=tenant_id) - - -# -# User Operations -# -def user_get_all(session=None): - if not session: - session = get_session() - result = session.query(models.User) - return result - - -def get_user_by_group(user_id, group_id, session=None): - if not session: - session = get_session() - result = session.query(models.UserGroupAssociation).filter_by(\ - group_id=group_id, user_id=user_id).first() - return result - - -def user_tenant_group(values): - user_ref = models.UserGroupAssociation() - user_ref.update(values) - user_ref.save() - return user_ref - - -def user_tenant_group_delete(id, group_id, session=None): - if not session: - session = get_session() - with session.begin(): - usertenantgroup_ref = get_user_by_group(id, group_id, session) - session.delete(usertenantgroup_ref) - - -def user_create(values): - user_ref = models.User() - user_ref.update(values) - user_ref.save() - return user_ref - - -def user_get(id, session=None): - if not session: - session = get_session() - #TODO(Ziad): finish cleaning up model - # result = session.query(models.User).options(joinedload('groups')).\ - # options(joinedload('tenants')).filter_by(id=id).first() - result = session.query(models.User).filter_by(id=id).first() - return result - - -def user_get_page(marker, limit, session=None): - if not session: - session = get_session() - - if marker: - return session.query(models.User).filter("id>:marker").params(\ - marker='%s' % marker).order_by(\ - models.User.id.desc()).limit(limit).all() - else: - return session.query(models.User).order_by(\ - models.User.id.desc()).limit(limit).all() - - -def user_get_page_markers(marker, limit, session=None): - if not session: - session = get_session() - first = session.query(models.User).order_by(\ - models.User.id).first() - last = session.query(models.User).order_by(\ - models.User.id.desc()).first() - if first is None: - return (None, None) - if marker is None: - marker = first.id - next = session.query(models.User).filter("id > :marker").params(\ - marker='%s' % marker).order_by(\ - models.User.id).limit(limit).all() - prev = session.query(models.User).filter("id < :marker").params(\ - marker='%s' % marker).order_by(\ - models.User.id.desc()).limit(int(limit)).all() - if len(next) == 0: - next = last - else: - for t in next: - next = t - if len(prev) == 0: - prev = first - else: - for t in prev: - prev = t - if prev.id == marker: - prev = None - else: - prev = prev.id - if next.id == last.id: - next = None - else: - next = next.id - return (prev, next) - - -def user_get_email(email, session=None): - if not session: - session = get_session() - result = session.query(models.User).filter_by(email=email).first() - return result - - -def user_groups(id, session=None): - if not session: - session = get_session() - result = session.query(models.Group).filter_by(\ - user_id=id) - return result - - -def user_roles_by_tenant(user_id, tenant_id, session=None): - if not session: - session = get_session() - result = session.query(models.UserRoleAssociation).filter_by(\ - user_id=user_id, tenant_id=tenant_id).options(joinedload('roles')) - return result - - -def user_update(id, values, session=None): - if not session: - session = get_session() - with session.begin(): - user_ref = user_get(id, session) - user_ref.update(values) - user_ref.save(session=session) - - -def users_tenant_group_get_page(group_id, marker, limit, session=None): - if not session: - session = get_session() - uga = aliased(models.UserGroupAssociation) - user = aliased(models.User) - if marker: - return session.query(user, uga).join(\ - (uga, uga.user_id == user.id)).\ - filter(uga.group_id == group_id).\ - filter("id>=:marker").params(\ - marker='%s' % marker).order_by(\ - user.id).limit(limit).all() - else: - return session.query(user, uga).\ - join((uga, uga.user_id == user.id)).\ - filter(uga.group_id == group_id).order_by(\ - user.id).limit(limit).all() - - -def users_tenant_group_get_page_markers(group_id, marker, limit, session=None): - if not session: - session = get_session() - uga = aliased(models.UserGroupAssociation) - user = aliased(models.User) - first = session.query(models.User).order_by(\ - models.User.id).first() - last = session.query(models.User).order_by(\ - models.User.id.desc()).first() - if first is None: - return (None, None) - if marker is None: - marker = first.id - next = session.query(user).join( - (uga, uga.user_id == user.id)).\ - filter(uga.group_id == group_id).\ - filter("id > :marker").params(\ - marker='%s' % marker).order_by(\ - user.id).limit(limit).all() - prev = session.query(user).join(\ - (uga, uga.user_id == user.id)).\ - filter(uga.group_id == group_id).\ - filter("id < :marker").params(\ - marker='%s' % marker).order_by(\ - user.id.desc()).limit(int(limit)).all() - if len(next) == 0: - next = last - else: - for t in next: - next = t - if len(prev) == 0: - prev = first - else: - for t in prev: - prev = t - if prev.id == marker: - prev = None - else: - prev = prev.id - if next.id == last.id: - next = None - else: - next = next.id - return (prev, next) - - -def user_delete(id, session=None): - if not session: - session = get_session() - with session.begin(): - user_ref = user_get(id, session) - session.delete(user_ref) - - -def user_get_by_tenant(id, tenant_id, session=None): - if not session: - session = get_session() - # Most common use case: user lives in tenant - user = session.query(models.User).\ - filter_by(id=id, tenant_id=tenant_id).first() - if user: - return user - - # Find user through grants to this tenant - user_tenant = session.query(models.UserRoleAssociation).filter_by(\ - tenant_id=tenant_id, user_id=id).first() - if user_tenant: - return user_get(id, session) - else: - return None - - -def user_get_by_group(id, session=None): - if not session: - session = get_session() - user_group = session.query(models.Group).filter_by(tenant_id=id).all() - return user_group - - -def user_delete_tenant_user(id, tenant_id, session=None): - if not session: - session = get_session() - with session.begin(): - users_tenant_ref = users_get_by_tenant(id, tenant_id, session) - if users_tenant_ref is not None: - for user_tenant_ref in users_tenant_ref: - session.delete(user_tenant_ref) - - user_group_ref = user_get_by_group(tenant_id, session) - - if user_group_ref is not None: - for user_group in user_group_ref: - group_users = session.query(models.UserGroupAssociation)\ - .filter_by(user_id=id, - group_id=user_group.id).all() - for group_user in group_users: - session.delete(group_user) - - -def users_get_by_tenant(user_id, tenant_id, session=None): - if not session: - session = get_session() - result = session.query(models.User).filter_by(id=user_id, - tenant_id=tenant_id) - return result - - -# -# Group Operations -# -def group_get(id, session=None): - if not session: - session = get_session() - result = session.query(models.Group).filter_by(id=id).first() - return result - - -def group_users(id, session=None): - if not session: - session = get_session() - result = session.query(models.User).filter_by(\ - group_id=id) - return result - - -def group_get_all(session=None): - if not session: - session = get_session() - result = session.query(models.Group) - return result - - -def group_get_page(marker, limit, session=None): - if not session: - session = get_session() - - if marker: - return session.query(models.Group).filter("id>:marker").params(\ - marker='%s' % marker).order_by(\ - models.Group.id.desc()).limit(limit).all() - else: - return session.query(models.Group).order_by(\ - models.Group.id.desc()).limit(limit).all() - - -def group_get_page_markers(marker, limit, session=None): - if not session: - session = get_session() - first = session.query(models.Group).order_by(\ - models.Group.id).first() - last = session.query(models.Group).order_by(\ - models.Group.id.desc()).first() - if first is None: - return (None, None) - if marker is None: - marker = first.id - next = session.query(models.Group).filter("id > :marker").params(\ - marker='%s' % marker).order_by(\ - models.Group.id).limit(limit).all() - prev = session.query(models.Group).filter("id < :marker").params(\ - marker='%s' % marker).order_by(\ - models.Group.id.desc()).limit(int(limit)).all() - if len(next) == 0: - next = last - else: - for t in next: - next = t - if len(prev) == 0: - prev = first - else: - for t in prev: - prev = t - if prev.id == marker: - prev = None - else: - prev = prev.id - if next.id == last.id: - next = None - else: - next = next.id - return (prev, next) - - -def group_delete(id, session=None): - if not session: - session = get_session() - with session.begin(): - group_ref = group_get(id, session) - session.delete(group_ref) - - -# -# Token Operations -# -def token_create(values): - token_ref = models.Token() - token_ref.update(values) - token_ref.save() - return token_ref - - -def token_get(id, session=None): - if not session: - session = get_session() - result = session.query(models.Token).filter_by(token_id=id).first() - return result - - -def token_delete(id, session=None): - if not session: - session = get_session() - with session.begin(): - token_ref = token_get(id, session) - session.delete(token_ref) - - -def token_for_user(user_id, session=None): - if not session: - session = get_session() - result = session.query(models.Token).filter_by( - user_id=user_id, tenant_id=None).order_by("expires desc").first() - return result - - -def token_for_user_tenant(user_id, tenant_id, session=None): - if not session: - session = get_session() - result = session.query(models.Token).filter_by( - user_id=user_id, tenant_id=tenant_id).order_by("expires desc").first() - return result - - -def token_get_all(session=None): - if not session: - session = get_session() - return session.query(models.Token).all() - - -# -# Unsorted operations -# - -def user_role_add(values): - user_role_ref = models.UserRoleAssociation() - user_role_ref.update(values) - user_role_ref.save() - return user_role_ref - - -def user_get_update(id, session=None): - if not session: - session = get_session() - result = session.query(models.User).filter_by(id=id).first() - return result - - -def users_get_page(marker, limit, session=None): - if not session: - session = get_session() - user = aliased(models.User) - if marker: - return session.query(user).\ - filter("id>=:marker").params( - marker='%s' % marker).order_by( - "id").limit(limit).all() - else: - return session.query(user).\ - order_by("id").limit(limit).all() - - -def users_get_page_markers(marker, limit, \ - session=None): - if not session: - session = get_session() - user = aliased(models.User) - first = session.query(user).\ - order_by(user.id).first() - last = session.query(user).\ - order_by(user.id.desc()).first() - if first is None: - return (None, None) - if marker is None: - marker = first.id - next = session.query(user).\ - filter("id > :marker").params(\ - marker='%s' % marker).order_by(user.id).\ - limit(int(limit)).all() - prev = session.query(user).\ - filter("id < :marker").params( - marker='%s' % marker).order_by( - user.id.desc()).limit(int(limit)).all() - next_len = len(next) - prev_len = len(prev) - - if next_len == 0: - next = last - else: - for t in next: - next = t - if prev_len == 0: - prev = first - else: - for t in prev: - prev = t - if first.id == marker: - prev = None - else: - prev = prev.id - if marker == last.id: - next = None - else: - next = next.id - return (prev, next) - - -def users_get_by_tenant_get_page(tenant_id, marker, limit, session=None): - if not session: - session = get_session() - user = aliased(models.User) - if marker: - return session.query(user).\ - filter("tenant_id = :tenant_id").\ - params(tenant_id='%s' % tenant_id).\ - filter("id>=:marker").params( - marker='%s' % marker).order_by( - "id").limit(limit).all() - else: - return session.query(user).\ - filter("tenant_id = :tenant_id").\ - params(tenant_id='%s' % tenant_id).order_by( - "id").limit(limit).all() - - -def users_get_by_tenant_get_page_markers(tenant_id, marker, limit, \ - session=None): - if not session: - session = get_session() - user = aliased(models.User) - first = session.query(user).\ - filter(user.tenant_id == tenant_id).\ - order_by(user.id).first() - last = session.query(user).\ - filter(user.tenant_id == tenant_id).\ - order_by(user.id.desc()).first() - if first is None: - return (None, None) - if marker is None: - marker = first.id - next = session.query(user).\ - filter(user.tenant_id == tenant_id).\ - filter("id > :marker").params(\ - marker='%s' % marker).order_by(user.id).\ - limit(int(limit)).all() - prev = session.query(user).\ - filter(user.tenant_id == tenant_id).\ - filter("id < :marker").params( - marker='%s' % marker).order_by( - user.id.desc()).limit(int(limit)).all() - next_len = len(next) - prev_len = len(prev) - - if next_len == 0: - next = last - else: - for t in next: - next = t - if prev_len == 0: - prev = first - else: - for t in prev: - prev = t - if first.id == marker: - prev = None - else: - prev = prev.id - if marker == last.id: - next = None - else: - next = next.id - return (prev, next) - - -def user_groups_get_all(user_id, session=None): - if not session: - session = get_session() - uga = aliased(models.UserGroupAssociation) - group = aliased(models.Group) - return session.query(group, uga).\ - join((uga, uga.group_id == group.id)).\ - filter(uga.user_id == user_id).order_by( - group.id).all() - - -def groups_get_by_user_get_page(user_id, marker, limit, session=None): - if not session: - session = get_session() - uga = aliased(models.UserGroupAssociation) - group = aliased(models.Group) - if marker: - return session.query(group, uga).join(\ - (uga, uga.group_id == group.id)).\ - filter(uga.user_id == user_id).\ - filter("id>=:marker").params( - marker='%s' % marker).order_by( - group.id).limit(limit).all() - else: - return session.query(group, uga).\ - join((uga, uga.group_id == group.id)).\ - filter(uga.user_id == user_id).order_by( - group.id).limit(limit).all() - - -def groups_get_by_user_get_page_markers(user_id, marker, limit, session=None): - if not session: - session = get_session() - uga = aliased(models.UserGroupAssociation) - group = aliased(models.Group) - first, _firstassoc = session.query(group, uga).\ - join((uga, uga.group_id == group.id)).\ - filter(uga.user_id == user_id).\ - order_by(group.id).first() - last, _lastassoc = session.query(group, uga).\ - join((uga, uga.group_id == group.id)).\ - filter(uga.user_id == user_id).\ - order_by(group.id.desc()).first() - if first is None: - return (None, None) - if marker is None: - marker = first.id - next = session.query(group, uga).join( - (uga, uga.group_id == group.id)).\ - filter(uga.user_id == user_id).\ - filter("id>=:marker").params( - marker='%s' % marker).order_by( - group.id).limit(int(limit)).all() - - prev = session.query(group, uga).join( - (uga, uga.group_id == group.id)).\ - filter(uga.user_id == user_id).\ - filter("id < :marker").params( - marker='%s' % marker).order_by( - group.id).limit(int(limit) + 1).all() - next_len = len(next) - prev_len = len(prev) - - if next_len == 0: - next = last - else: - for t, _a in next: - next = t - if prev_len == 0: - prev = first - else: - for t, _a in prev: - prev = t - if first.id == marker: - prev = None - else: - prev = prev.id - if marker == last.id: - next = None - else: - next = next.id - return (prev, next) - - -def role_get_page_markers(marker, limit, session=None): - if not session: - session = get_session() - first = session.query(models.Role).order_by(\ - models.Role.id).first() - last = session.query(models.Role).order_by(\ - models.Role.id.desc()).first() - if first is None: - return (None, None) - if marker is None: - marker = first.id - next = session.query(models.Role).filter("id > :marker").params(\ - marker='%s' % marker).order_by(\ - models.Role.id).limit(limit).all() - prev = session.query(models.Role).filter("id < :marker").params(\ - marker='%s' % marker).order_by(\ - models.Role.id.desc()).limit(int(limit)).all() - if len(next) == 0: - next = last - else: - for t in next: - next = t - if len(prev) == 0: - prev = first - else: - for t in prev: - prev = t - if prev.id == marker: - prev = None - else: - prev = prev.id - if next.id == last.id: - next = None - else: - next = next.id - return (prev, next) - - -def role_ref_get_page_markers(user_id, marker, limit, session=None): - if not session: - session = get_session() - first = session.query(models.UserRoleAssociation).filter_by(\ - user_id=user_id).order_by(\ - models.UserRoleAssociation.id).first() - last = session.query(models.UserRoleAssociation).filter_by(\ - user_id=user_id).order_by(\ - models.UserRoleAssociation.id.desc()).first() - if first is None: - return (None, None) - if marker is None: - marker = first.id - next = session.query(models.UserRoleAssociation).filter_by(\ - user_id=user_id).filter("id > :marker").params(\ - marker='%s' % marker).order_by(\ - models.UserRoleAssociation.id).limit(limit).all() - prev = session.query(models.UserRoleAssociation).filter_by(\ - user_id=user_id).filter("id < :marker").params(\ - marker='%s' % marker).order_by(\ - models.UserRoleAssociation.id.desc()).limit(int(limit)).\ - all() - if len(next) == 0: - next = last - else: - for t in next: - next = t - if len(prev) == 0: - prev = first - else: - for t in prev: - prev = t - if prev.id == marker: - prev = None - else: - prev = prev.id - if next.id == last.id: - next = None - else: - next = next.id - return (prev, next) - - -# -# BaseURL API operations -# -def baseurls_create(values): - baseurls_ref = models.BaseUrls() - baseurls_ref.update(values) - baseurls_ref.save() - return baseurls_ref - - -def baseurls_get(id, session=None): - if not session: - session = get_session() - result = session.query(models.BaseUrls).filter_by(id=id).first() - return result - - -def baseurls_get_all(session=None): - if not session: - session = get_session() - return session.query(models.BaseUrls).all() - - -def baseurls_get_page(marker, limit, session=None): - if not session: - session = get_session() - - if marker: - return session.query(models.BaseUrls).filter("id>:marker").params(\ - marker='%s' % marker).order_by(\ - models.BaseUrls.id.desc()).limit(limit).all() - else: - return session.query(models.BaseUrls).order_by(\ - models.BaseUrls.id.desc()).limit(limit).all() - - -def baseurls_get_page_markers(marker, limit, session=None): - if not session: - session = get_session() - first = session.query(models.BaseUrls).order_by(\ - models.BaseUrls.id).first() - last = session.query(models.BaseUrls).order_by(\ - models.BaseUrls.id.desc()).first() - if first is None: - return (None, None) - if marker is None: - marker = first.id - next = session.query(models.BaseUrls).filter("id > :marker").params(\ - marker='%s' % marker).order_by(\ - models.BaseUrls.id).limit(limit).all() - prev = session.query(models.BaseUrls).filter("id < :marker").params(\ - marker='%s' % marker).order_by(\ - models.BaseUrls.id.desc()).limit(int(limit)).all() - if len(next) == 0: - next = last - else: - for t in next: - next = t - if len(prev) == 0: - prev = first - else: - for t in prev: - prev = t - if prev.id == marker: - prev = None - else: - prev = prev.id - if next.id == last.id: - next = None - else: - next = next.id - return (prev, next) - - -def baseurls_ref_get_by_tenant_get_page(tenant_id, marker, limit, - session=None): - if not session: - session = get_session() - if marker: - return session.query(models.TenantBaseURLAssociation).\ - filter(models.TenantBaseURLAssociation.tenant_id == tenant_id).\ - filter("id >= :marker").params( - marker='%s' % marker).order_by( - models.TenantBaseURLAssociation.id).limit(limit).all() - else: - return session.query(models.TenantBaseURLAssociation).\ - filter(models.TenantBaseURLAssociation.tenant_id == tenant_id).\ - order_by(models.TenantBaseURLAssociation.id).limit(limit).all() - - -def baseurls_ref_get_by_tenant_get_page_markers(tenant_id, marker, limit, - session=None): - if not session: - session = get_session() - tba = aliased(models.TenantBaseURLAssociation) - first = session.query(tba).\ - filter(tba.tenant_id == tenant_id).\ - order_by(tba.id).first() - last = session.query(tba).\ - filter(tba.tenant_id == tenant_id).\ - order_by(tba.id.desc()).first() - if first is None: - return (None, None) - if marker is None: - marker = first.id - next = session.query(tba).\ - filter(tba.tenant_id == tenant_id).\ - filter("id>=:marker").params( - marker='%s' % marker).order_by( - tba.id).limit(int(limit)).all() - - prev = session.query(tba).\ - filter(tba.tenant_id == tenant_id).\ - filter("id < :marker").params( - marker='%s' % marker).order_by( - tba.id).limit(int(limit) + 1).all() - next_len = len(next) - prev_len = len(prev) - - if next_len == 0: - next = last - else: - for t in next: - next = t - if prev_len == 0: - prev = first - else: - for t in prev: - prev = t - if first.id == marker: - prev = None - else: - prev = prev.id - if marker == last.id: - next = None - else: - next = next.id - return (prev, next) - - -def baseurls_ref_add(values): - baseurls_ref = models.TenantBaseURLAssociation() - baseurls_ref.update(values) - baseurls_ref.save() - return baseurls_ref - - -def baseurls_ref_get(id, session=None): - if not session: - session = get_session() - result = session.query(models.TenantBaseURLAssociation).\ - filter_by(id=id).first() - return result - - -def baseurls_ref_get_by_tenant(tenant_id, session=None): - if not session: - session = get_session() - result = session.query(models.TenantBaseURLAssociation).\ - filter_by(tenant_id=tenant_id).first() - return result - - -def baseurls_ref_delete(id, session=None): - if not session: - session = get_session() - with session.begin(): - baseurls_ref = baseurls_ref_get(id, session) - session.delete(baseurls_ref) - - -def tenant_baseurls_get_all(tenant_id, session=None): - if not session: - session = get_session() - tba = aliased(models.TenantBaseURLAssociation) - baseUrls = aliased(models.BaseUrls) - return session.query(baseUrls).join((tba, - tba.baseURLs_id == baseUrls.id)).\ - filter(tba.tenant_id == tenant_id).all() diff --git a/keystone/db/sqlalchemy/api/__init__.py b/keystone/db/sqlalchemy/api/__init__.py new file mode 100644 index 00000000..7741861c --- /dev/null +++ b/keystone/db/sqlalchemy/api/__init__.py @@ -0,0 +1 @@ +import baseurl, group, role, tenant_group, tenant, token, user diff --git a/keystone/db/sqlalchemy/api/baseurl.py b/keystone/db/sqlalchemy/api/baseurl.py new file mode 100644 index 00000000..3a046c22 --- /dev/null +++ b/keystone/db/sqlalchemy/api/baseurl.py @@ -0,0 +1,185 @@ +# vim: tabstop=4 shiftwidth=4 softtabstop=4 + +# Copyright 2010 OpenStack LLC. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from keystone.db.sqlalchemy import get_session, models, aliased + +def create(values): + baseurls_ref = models.BaseUrls() + baseurls_ref.update(values) + baseurls_ref.save() + return baseurls_ref + + +def get(id, session=None): + if not session: + session = get_session() + result = session.query(models.BaseUrls).filter_by(id=id).first() + return result + + +def get_all(session=None): + if not session: + session = get_session() + return session.query(models.BaseUrls).all() + + +def get_page(marker, limit, session=None): + if not session: + session = get_session() + + if marker: + return session.query(models.BaseUrls).filter("id>:marker").params(\ + marker='%s' % marker).order_by(\ + models.BaseUrls.id.desc()).limit(limit).all() + else: + return session.query(models.BaseUrls).order_by(\ + models.BaseUrls.id.desc()).limit(limit).all() + + +def get_page_markers(marker, limit, session=None): + if not session: + session = get_session() + first = session.query(models.BaseUrls).order_by(\ + models.BaseUrls.id).first() + last = session.query(models.BaseUrls).order_by(\ + models.BaseUrls.id.desc()).first() + if first is None: + return (None, None) + if marker is None: + marker = first.id + next = session.query(models.BaseUrls).filter("id > :marker").params(\ + marker='%s' % marker).order_by(\ + models.BaseUrls.id).limit(limit).all() + prev = session.query(models.BaseUrls).filter("id < :marker").params(\ + marker='%s' % marker).order_by(\ + models.BaseUrls.id.desc()).limit(int(limit)).all() + if len(next) == 0: + next = last + else: + for t in next: + next = t + if len(prev) == 0: + prev = first + else: + for t in prev: + prev = t + if prev.id == marker: + prev = None + else: + prev = prev.id + if next.id == last.id: + next = None + else: + next = next.id + return (prev, next) + + +def ref_get_by_tenant_get_page(tenant_id, marker, limit, + session=None): + if not session: + session = get_session() + if marker: + return session.query(models.TenantBaseURLAssociation).\ + filter(models.TenantBaseURLAssociation.tenant_id == tenant_id).\ + filter("id >= :marker").params( + marker='%s' % marker).order_by( + models.TenantBaseURLAssociation.id).limit(limit).all() + else: + return session.query(models.TenantBaseURLAssociation).\ + filter(models.TenantBaseURLAssociation.tenant_id == tenant_id).\ + order_by(models.TenantBaseURLAssociation.id).limit(limit).all() + + +def ref_get_by_tenant_get_page_markers(tenant_id, marker, limit, + session=None): + if not session: + session = get_session() + tba = aliased(models.TenantBaseURLAssociation) + first = session.query(tba).\ + filter(tba.tenant_id == tenant_id).\ + order_by(tba.id).first() + last = session.query(tba).\ + filter(tba.tenant_id == tenant_id).\ + order_by(tba.id.desc()).first() + if first is None: + return (None, None) + if marker is None: + marker = first.id + next = session.query(tba).\ + filter(tba.tenant_id == tenant_id).\ + filter("id>=:marker").params( + marker='%s' % marker).order_by( + tba.id).limit(int(limit)).all() + + prev = session.query(tba).\ + filter(tba.tenant_id == tenant_id).\ + filter("id < :marker").params( + marker='%s' % marker).order_by( + tba.id).limit(int(limit) + 1).all() + next_len = len(next) + prev_len = len(prev) + + if next_len == 0: + next = last + else: + for t in next: + next = t + if prev_len == 0: + prev = first + else: + for t in prev: + prev = t + if first.id == marker: + prev = None + else: + prev = prev.id + if marker == last.id: + next = None + else: + next = next.id + return (prev, next) + + +def ref_add(values): + baseurls_ref = models.TenantBaseURLAssociation() + baseurls_ref.update(values) + baseurls_ref.save() + return baseurls_ref + + +def ref_get(id, session=None): + if not session: + session = get_session() + result = session.query(models.TenantBaseURLAssociation).\ + filter_by(id=id).first() + return result + + +def ref_get_by_tenant(tenant_id, session=None): + if not session: + session = get_session() + result = session.query(models.TenantBaseURLAssociation).\ + filter_by(tenant_id=tenant_id).first() + return result + + +def ref_delete(id, session=None): + if not session: + session = get_session() + with session.begin(): + baseurls_ref = ref_get(id, session) + session.delete(baseurls_ref) diff --git a/keystone/db/sqlalchemy/api/group.py b/keystone/db/sqlalchemy/api/group.py new file mode 100644 index 00000000..dbc75752 --- /dev/null +++ b/keystone/db/sqlalchemy/api/group.py @@ -0,0 +1,170 @@ +# vim: tabstop=4 shiftwidth=4 softtabstop=4 + +# Copyright 2010 OpenStack LLC. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from keystone.db.sqlalchemy import get_session, models, aliased + +def get(id, session=None): + if not session: + session = get_session() + result = session.query(models.Group).filter_by(id=id).first() + return result + + +def get_users(id, session=None): + if not session: + session = get_session() + result = session.query(models.User).filter_by(\ + group_id=id) + return result + + +def get_all(session=None): + if not session: + session = get_session() + result = session.query(models.Group) + return result + + +def get_page(marker, limit, session=None): + if not session: + session = get_session() + + if marker: + return session.query(models.Group).filter("id>:marker").params(\ + marker='%s' % marker).order_by(\ + models.Group.id.desc()).limit(limit).all() + else: + return session.query(models.Group).order_by(\ + models.Group.id.desc()).limit(limit).all() + + +def get_page_markers(marker, limit, session=None): + if not session: + session = get_session() + first = session.query(models.Group).order_by(\ + models.Group.id).first() + last = session.query(models.Group).order_by(\ + models.Group.id.desc()).first() + if first is None: + return (None, None) + if marker is None: + marker = first.id + next = session.query(models.Group).filter("id > :marker").params(\ + marker='%s' % marker).order_by(\ + models.Group.id).limit(limit).all() + prev = session.query(models.Group).filter("id < :marker").params(\ + marker='%s' % marker).order_by(\ + models.Group.id.desc()).limit(int(limit)).all() + if len(next) == 0: + next = last + else: + for t in next: + next = t + if len(prev) == 0: + prev = first + else: + for t in prev: + prev = t + if prev.id == marker: + prev = None + else: + prev = prev.id + if next.id == last.id: + next = None + else: + next = next.id + return (prev, next) + + +def delete(id, session=None): + if not session: + session = get_session() + with session.begin(): + group_ref = get(id, session) + session.delete(group_ref) + +def get_by_user_get_page(user_id, marker, limit, session=None): + if not session: + session = get_session() + uga = aliased(models.UserGroupAssociation) + group = aliased(models.Group) + if marker: + return session.query(group, uga).join(\ + (uga, uga.group_id == group.id)).\ + filter(uga.user_id == user_id).\ + filter("id>=:marker").params( + marker='%s' % marker).order_by( + group.id).limit(limit).all() + else: + return session.query(group, uga).\ + join((uga, uga.group_id == group.id)).\ + filter(uga.user_id == user_id).order_by( + group.id).limit(limit).all() + + +def get_by_user_get_page_markers(user_id, marker, limit, session=None): + if not session: + session = get_session() + uga = aliased(models.UserGroupAssociation) + group = aliased(models.Group) + first, _firstassoc = session.query(group, uga).\ + join((uga, uga.group_id == group.id)).\ + filter(uga.user_id == user_id).\ + order_by(group.id).first() + last, _lastassoc = session.query(group, uga).\ + join((uga, uga.group_id == group.id)).\ + filter(uga.user_id == user_id).\ + order_by(group.id.desc()).first() + if first is None: + return (None, None) + if marker is None: + marker = first.id + next = session.query(group, uga).join( + (uga, uga.group_id == group.id)).\ + filter(uga.user_id == user_id).\ + filter("id>=:marker").params( + marker='%s' % marker).order_by( + group.id).limit(int(limit)).all() + + prev = session.query(group, uga).join( + (uga, uga.group_id == group.id)).\ + filter(uga.user_id == user_id).\ + filter("id < :marker").params( + marker='%s' % marker).order_by( + group.id).limit(int(limit) + 1).all() + next_len = len(next) + prev_len = len(prev) + + if next_len == 0: + next = last + else: + for t, _a in next: + next = t + if prev_len == 0: + prev = first + else: + for t, _a in prev: + prev = t + if first.id == marker: + prev = None + else: + prev = prev.id + if marker == last.id: + next = None + else: + next = next.id + return (prev, next) diff --git a/keystone/db/sqlalchemy/api/role.py b/keystone/db/sqlalchemy/api/role.py new file mode 100644 index 00000000..1d39be0a --- /dev/null +++ b/keystone/db/sqlalchemy/api/role.py @@ -0,0 +1,174 @@ +# vim: tabstop=4 shiftwidth=4 softtabstop=4 + +# Copyright 2010 OpenStack LLC. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from keystone.db.sqlalchemy import get_session, models + +def create(values): + role_ref = models.Role() + role_ref.update(values) + role_ref.save() + return role_ref + + +def get(id, session=None): + if not session: + session = get_session() + result = session.query(models.Role).filter_by(id=id).first() + return result + + +def get_all(session=None): + if not session: + session = get_session() + return session.query(models.Role).all() + + +def get_page(marker, limit, session=None): + if not session: + session = get_session() + + if marker: + return session.query(models.Role).filter("id>:marker").params(\ + marker='%s' % marker).order_by(\ + models.Role.id.desc()).limit(limit).all() + else: + return session.query(models.Role).order_by(\ + models.Role.id.desc()).limit(limit).all() + + +def ref_get_page(marker, limit, user_id, session=None): + if not session: + session = get_session() + + if marker: + return session.query(models.UserRoleAssociation).\ + filter("id>:marker").params(\ + marker='%s' % marker).filter_by(user_id=user_id).order_by(\ + models.UserRoleAssociation.id.desc()).limit(limit).all() + else: + return session.query(models.UserRoleAssociation).\ + filter_by(user_id=user_id).order_by(\ + models.UserRoleAssociation.id.desc()).limit(limit).all() + + +def ref_get_all_global_roles(user_id, session=None): + if not session: + session = get_session() + return session.query(models.UserRoleAssociation).\ + filter_by(user_id=user_id).filter("tenant_id is null").all() + + +def ref_get_all_tenant_roles(user_id, tenant_id, session=None): + if not session: + session = get_session() + return session.query(models.UserRoleAssociation).\ + filter_by(user_id=user_id).filter_by(tenant_id=tenant_id).all() + + +def ref_get(id, session=None): + if not session: + session = get_session() + result = session.query(models.UserRoleAssociation).filter_by(id=id).first() + return result + + +def ref_delete(id, session=None): + if not session: + session = get_session() + with session.begin(): + role_ref = ref_get(id, session) + session.delete(role_ref) + +def get_page_markers(marker, limit, session=None): + if not session: + session = get_session() + first = session.query(models.Role).order_by(\ + models.Role.id).first() + last = session.query(models.Role).order_by(\ + models.Role.id.desc()).first() + if first is None: + return (None, None) + if marker is None: + marker = first.id + next = session.query(models.Role).filter("id > :marker").params(\ + marker='%s' % marker).order_by(\ + models.Role.id).limit(limit).all() + prev = session.query(models.Role).filter("id < :marker").params(\ + marker='%s' % marker).order_by(\ + models.Role.id.desc()).limit(int(limit)).all() + if len(next) == 0: + next = last + else: + for t in next: + next = t + if len(prev) == 0: + prev = first + else: + for t in prev: + prev = t + if prev.id == marker: + prev = None + else: + prev = prev.id + if next.id == last.id: + next = None + else: + next = next.id + return (prev, next) + + +def ref_get_page_markers(user_id, marker, limit, session=None): + if not session: + session = get_session() + first = session.query(models.UserRoleAssociation).filter_by(\ + user_id=user_id).order_by(\ + models.UserRoleAssociation.id).first() + last = session.query(models.UserRoleAssociation).filter_by(\ + user_id=user_id).order_by(\ + models.UserRoleAssociation.id.desc()).first() + if first is None: + return (None, None) + if marker is None: + marker = first.id + next = session.query(models.UserRoleAssociation).filter_by(\ + user_id=user_id).filter("id > :marker").params(\ + marker='%s' % marker).order_by(\ + models.UserRoleAssociation.id).limit(limit).all() + prev = session.query(models.UserRoleAssociation).filter_by(\ + user_id=user_id).filter("id < :marker").params(\ + marker='%s' % marker).order_by(\ + models.UserRoleAssociation.id.desc()).limit(int(limit)).\ + all() + if len(next) == 0: + next = last + else: + for t in next: + next = t + if len(prev) == 0: + prev = first + else: + for t in prev: + prev = t + if prev.id == marker: + prev = None + else: + prev = prev.id + if next.id == last.id: + next = None + else: + next = next.id + return (prev, next) diff --git a/keystone/db/sqlalchemy/api/tenant.py b/keystone/db/sqlalchemy/api/tenant.py new file mode 100755 index 00000000..2af370a0 --- /dev/null +++ b/keystone/db/sqlalchemy/api/tenant.py @@ -0,0 +1,197 @@ +# vim: tabstop=4 shiftwidth=4 softtabstop=4 + +# Copyright 2010 OpenStack LLC. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from keystone.db.sqlalchemy import get_session, models, aliased + +def create(values): + tenant_ref = models.Tenant() + tenant_ref.update(values) + tenant_ref.save() + return tenant_ref + + +def get(id, session=None): + if not session: + session = get_session() + result = session.query(models.Tenant).filter_by(id=id).first() + return result + + +def get_all(session=None): + if not session: + session = get_session() + return session.query(models.Tenant).all() + + +def tenants_for_user_get_page(user, marker, limit, session=None): + if not session: + session = get_session() + ura = aliased(models.UserRoleAssociation) + tenant = aliased(models.Tenant) + q1 = session.query(tenant).join((ura, ura.tenant_id == tenant.id)).\ + filter(ura.user_id == user.id) + q2 = session.query(tenant).filter(tenant.id == user.tenant_id) + q3 = q1.union(q2) + if marker: + return q3.filter("tenant.id>:marker").params(\ + marker='%s' % marker).order_by(\ + tenant.id.desc()).limit(limit).all() + else: + return q3.order_by(tenant.id.desc()).limit(limit).all() + + +def tenants_for_user_get_page_markers(user, marker, limit, session=None): + if not session: + session = get_session() + ura = aliased(models.UserRoleAssociation) + tenant = aliased(models.Tenant) + q1 = session.query(tenant).join((ura, ura.tenant_id == tenant.id)).\ + filter(ura.user_id == user.id) + q2 = session.query(tenant).filter(tenant.id == user.tenant_id) + q3 = q1.union(q2) + + first = q3.order_by(\ + tenant.id).first() + last = q3.order_by(\ + tenant.id.desc()).first() + if first is None: + return (None, None) + if marker is None: + marker = first.id + next = q3.filter(tenant.id > marker).order_by(\ + tenant.id).limit(limit).all() + prev = q3.filter(tenant.id > marker).order_by(\ + tenant.id.desc()).limit(int(limit)).all() + if len(next) == 0: + next = last + else: + for t in next: + next = t + if len(prev) == 0: + prev = first + else: + for t in prev: + prev = t + if prev.id == marker: + prev = None + else: + prev = prev.id + if next.id == last.id: + next = None + else: + next = next.id + return (prev, next) + + +def get_page(marker, limit, session=None): + if not session: + session = get_session() + + if marker: + return session.query(models.Tenant).filter("id>:marker").params(\ + marker='%s' % marker).order_by(\ + models.Tenant.id.desc()).limit(limit).all() + else: + return session.query(models.Tenant).order_by(\ + models.Tenant.id.desc()).limit(limit).all() + + +def get_page_markers(marker, limit, session=None): + if not session: + session = get_session() + first = session.query(models.Tenant).order_by(\ + models.Tenant.id).first() + last = session.query(models.Tenant).order_by(\ + models.Tenant.id.desc()).first() + if first is None: + return (None, None) + if marker is None: + marker = first.id + next = session.query(models.Tenant).filter("id > :marker").params(\ + marker='%s' % marker).order_by(\ + models.Tenant.id).limit(limit).all() + prev = session.query(models.Tenant).filter("id < :marker").params(\ + marker='%s' % marker).order_by(\ + models.Tenant.id.desc()).limit(int(limit)).all() + if len(next) == 0: + next = last + else: + for t in next: + next = t + if len(prev) == 0: + prev = first + else: + for t in prev: + prev = t + if prev.id == marker: + prev = None + else: + prev = prev.id + if next.id == last.id: + next = None + else: + next = next.id + return (prev, next) + + +def is_empty(id, session=None): + if not session: + session = get_session() + a_user = session.query(models.UserRoleAssociation).filter_by(\ + tenant_id=id).first() + if a_user != None: + return False + a_group = session.query(models.Group).filter_by(tenant_id=id).first() + if a_group != None: + return False + a_user = session.query(models.User).filter_by(tenant_id=id).first() + if a_user != None: + return False + return True + + +def update(id, values, session=None): + if not session: + session = get_session() + with session.begin(): + tenant_ref = get(id, session) + tenant_ref.update(values) + tenant_ref.save(session=session) + + +def delete(id, session=None): + if not session: + session = get_session() + with session.begin(): + tenant_ref = get(id, session) + session.delete(tenant_ref) + + +def get_all_baseurls(tenant_id, session=None): + if not session: + session = get_session() + tba = aliased(models.TenantBaseURLAssociation) + baseUrls = aliased(models.BaseUrls) + return session.query(baseUrls).join((tba, + tba.baseURLs_id == baseUrls.id)).\ + filter(tba.tenant_id == tenant_id).all() + +def get_role_assignments(tenant_id, session=None): + if not session: + session = get_session() + return session.query(models.UserRoleAssociation).\ + filter_by(tenant_id=tenant_id) diff --git a/keystone/db/sqlalchemy/api/tenant_group.py b/keystone/db/sqlalchemy/api/tenant_group.py new file mode 100644 index 00000000..4efce544 --- /dev/null +++ b/keystone/db/sqlalchemy/api/tenant_group.py @@ -0,0 +1,118 @@ +# vim: tabstop=4 shiftwidth=4 softtabstop=4 + +# Copyright 2010 OpenStack LLC. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from keystone.db.sqlalchemy import get_session, models + +def create(values): + group_ref = models.Group() + group_ref.update(values) + group_ref.save() + return group_ref + + +def is_empty(id, session=None): + if not session: + session = get_session() + a_user = session.query(models.UserGroupAssociation).filter_by( + group_id=id).first() + if a_user != None: + return False + return True + + +def get(id, tenant, session=None): + if not session: + session = get_session() + result = session.query(models.Group).filter_by(id=id, \ + tenant_id=tenant).first() + + return result + + +def get_page(tenantId, marker, limit, session=None): + if not session: + session = get_session() + + if marker: + return session.query(models.Group).filter("id>:marker").params(\ + marker='%s' % marker).filter_by(\ + tenant_id=tenantId).order_by(\ + models.Group.id.desc()).limit(limit).all() + else: + return session.query(models.Group).filter_by(tenant_id=tenantId)\ + .order_by(models.Group.id.desc()).limit(limit).all() + #return session.query(models.Tenant).all() + + +def get_page_markers(tenantId, marker, limit, session=None): + if not session: + session = get_session() + first = session.query(models.Group).filter_by(\ + tenant_id=tenantId).order_by(\ + models.Group.id).first() + last = session.query(models.Group).filter_by(\ + tenant_id=tenantId).order_by(\ + models.Group.id.desc()).first() + + if first is None: + return (None, None) + if marker is None: + marker = first.id + next = session.query(models.Group).filter("id > :marker").params(\ + marker='%s' % marker).filter_by(\ + tenant_id=tenantId).order_by(\ + models.Group.id).limit(limit).all() + prev = session.query(models.Group).filter("id < :marker").params(\ + marker='%s' % marker).filter_by(\ + tenant_id=tenantId).order_by(\ + models.Group.id.desc()).limit(int(limit)).all() + if len(next) == 0: + next = last + else: + for t in next: + next = t + if len(prev) == 0: + prev = first + else: + for t in prev: + prev = t + if prev.id == marker: + prev = None + else: + prev = prev.id + if next.id == last.id: + next = None + else: + next = next.id + return (prev, next) + + +def update(id, tenant_id, values, session=None): + if not session: + session = get_session() + with session.begin(): + tenant_ref = get(id, tenant_id, session) + tenant_ref.update(values) + tenant_ref.save(session=session) + + +def delete(id, tenant_id, session=None): + if not session: + session = get_session() + with session.begin(): + tenantgroup_ref = get(id, tenant_id, session) + session.delete(tenantgroup_ref) diff --git a/keystone/db/sqlalchemy/api/token.py b/keystone/db/sqlalchemy/api/token.py new file mode 100644 index 00000000..1863292f --- /dev/null +++ b/keystone/db/sqlalchemy/api/token.py @@ -0,0 +1,61 @@ +# vim: tabstop=4 shiftwidth=4 softtabstop=4 + +# Copyright 2010 OpenStack LLC. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from keystone.db.sqlalchemy import get_session, models + +def create(values): + token_ref = models.Token() + token_ref.update(values) + token_ref.save() + return token_ref + + +def get(id, session=None): + if not session: + session = get_session() + result = session.query(models.Token).filter_by(token_id=id).first() + return result + + +def delete(id, session=None): + if not session: + session = get_session() + with session.begin(): + token_ref = get(id, session) + session.delete(token_ref) + + +def get_for_user(user_id, session=None): + if not session: + session = get_session() + result = session.query(models.Token).filter_by( + user_id=user_id, tenant_id=None).order_by("expires desc").first() + return result + + +def get_for_user_by_tenant(user_id, tenant_id, session=None): + if not session: + session = get_session() + result = session.query(models.Token).filter_by( + user_id=user_id, tenant_id=tenant_id).order_by("expires desc").first() + return result + + +def get_all(session=None): + if not session: + session = get_session() + return session.query(models.Token).all() diff --git a/keystone/db/sqlalchemy/api/user.py b/keystone/db/sqlalchemy/api/user.py new file mode 100644 index 00000000..dfc7bbcf --- /dev/null +++ b/keystone/db/sqlalchemy/api/user.py @@ -0,0 +1,421 @@ +# vim: tabstop=4 shiftwidth=4 softtabstop=4 + +# Copyright 2010 OpenStack LLC. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from keystone.db.sqlalchemy import get_session, models, aliased, joinedload + +def get_all(session=None): + if not session: + session = get_session() + result = session.query(models.User) + return result + + +def get_by_group(user_id, group_id, session=None): + if not session: + session = get_session() + result = session.query(models.UserGroupAssociation).filter_by(\ + group_id=group_id, user_id=user_id).first() + return result + + +def tenant_group(values): + user_ref = models.UserGroupAssociation() + user_ref.update(values) + user_ref.save() + return user_ref + + +def tenant_group_delete(id, group_id, session=None): + if not session: + session = get_session() + with session.begin(): + usertenantgroup_ref = get_by_group(id, group_id, session) + session.delete(usertenantgroup_ref) + + +def create(values): + user_ref = models.User() + user_ref.update(values) + user_ref.save() + return user_ref + + +def get(id, session=None): + if not session: + session = get_session() + #TODO(Ziad): finish cleaning up model + # result = session.query(models.User).options(joinedload('groups')).\ + # options(joinedload('tenants')).filter_by(id=id).first() + result = session.query(models.User).filter_by(id=id).first() + return result + + +def get_page(marker, limit, session=None): + if not session: + session = get_session() + + if marker: + return session.query(models.User).filter("id>:marker").params(\ + marker='%s' % marker).order_by(\ + models.User.id.desc()).limit(limit).all() + else: + return session.query(models.User).order_by(\ + models.User.id.desc()).limit(limit).all() + + +def get_page_markers(marker, limit, session=None): + if not session: + session = get_session() + first = session.query(models.User).order_by(\ + models.User.id).first() + last = session.query(models.User).order_by(\ + models.User.id.desc()).first() + if first is None: + return (None, None) + if marker is None: + marker = first.id + next = session.query(models.User).filter("id > :marker").params(\ + marker='%s' % marker).order_by(\ + models.User.id).limit(limit).all() + prev = session.query(models.User).filter("id < :marker").params(\ + marker='%s' % marker).order_by(\ + models.User.id.desc()).limit(int(limit)).all() + if len(next) == 0: + next = last + else: + for t in next: + next = t + if len(prev) == 0: + prev = first + else: + for t in prev: + prev = t + if prev.id == marker: + prev = None + else: + prev = prev.id + if next.id == last.id: + next = None + else: + next = next.id + return (prev, next) + + +def get_by_email(email, session=None): + if not session: + session = get_session() + result = session.query(models.User).filter_by(email=email).first() + return result + + +def get_groups(id, session=None): + if not session: + session = get_session() + result = session.query(models.Group).filter_by(\ + user_id=id) + return result + + +def user_roles_by_tenant(user_id, tenant_id, session=None): + if not session: + session = get_session() + result = session.query(models.UserRoleAssociation).filter_by(\ + user_id=user_id, tenant_id=tenant_id).options(joinedload('roles')) + return result + + +def update(id, values, session=None): + if not session: + session = get_session() + with session.begin(): + user_ref = get(id, session) + user_ref.update(values) + user_ref.save(session=session) + + +def users_tenant_group_get_page(group_id, marker, limit, session=None): + if not session: + session = get_session() + uga = aliased(models.UserGroupAssociation) + user = aliased(models.User) + if marker: + return session.query(user, uga).join(\ + (uga, uga.user_id == user.id)).\ + filter(uga.group_id == group_id).\ + filter("id>=:marker").params(\ + marker='%s' % marker).order_by(\ + user.id).limit(limit).all() + else: + return session.query(user, uga).\ + join((uga, uga.user_id == user.id)).\ + filter(uga.group_id == group_id).order_by(\ + user.id).limit(limit).all() + + +def users_tenant_group_get_page_markers(group_id, marker, limit, session=None): + if not session: + session = get_session() + uga = aliased(models.UserGroupAssociation) + user = aliased(models.User) + first = session.query(models.User).order_by(\ + models.User.id).first() + last = session.query(models.User).order_by(\ + models.User.id.desc()).first() + if first is None: + return (None, None) + if marker is None: + marker = first.id + next = session.query(user).join( + (uga, uga.user_id == user.id)).\ + filter(uga.group_id == group_id).\ + filter("id > :marker").params(\ + marker='%s' % marker).order_by(\ + user.id).limit(limit).all() + prev = session.query(user).join(\ + (uga, uga.user_id == user.id)).\ + filter(uga.group_id == group_id).\ + filter("id < :marker").params(\ + marker='%s' % marker).order_by(\ + user.id.desc()).limit(int(limit)).all() + if len(next) == 0: + next = last + else: + for t in next: + next = t + if len(prev) == 0: + prev = first + else: + for t in prev: + prev = t + if prev.id == marker: + prev = None + else: + prev = prev.id + if next.id == last.id: + next = None + else: + next = next.id + return (prev, next) + + +def delete(id, session=None): + if not session: + session = get_session() + with session.begin(): + user_ref = get(id, session) + session.delete(user_ref) + + +def get_by_tenant(id, tenant_id, session=None): + if not session: + session = get_session() + # Most common use case: user lives in tenant + user = session.query(models.User).\ + filter_by(id=id, tenant_id=tenant_id).first() + if user: + return user + + # Find user through grants to this tenant + user_tenant = session.query(models.UserRoleAssociation).filter_by(\ + tenant_id=tenant_id, user_id=id).first() + if user_tenant: + return get(id, session) + else: + return None + + +def get_group_by_tenant(id, session=None): + if not session: + session = get_session() + user_group = session.query(models.Group).filter_by(tenant_id=id).all() + return user_group + + +def delete_tenant(id, tenant_id, session=None): + if not session: + session = get_session() + with session.begin(): + users_tenant_ref = users_get_by_tenant(id, tenant_id, session) + if users_tenant_ref is not None: + for user_tenant_ref in users_tenant_ref: + session.delete(user_tenant_ref) + + user_group_ref = get_group_by_tenant(tenant_id, session) + + if user_group_ref is not None: + for user_group in user_group_ref: + get_users = session.query(models.UserGroupAssociation)\ + .filter_by(user_id=id, + group_id=user_group.id).all() + for group_user in get_users: + session.delete(group_user) + + +def users_get_by_tenant(user_id, tenant_id, session=None): + if not session: + session = get_session() + result = session.query(models.User).filter_by(id=user_id, + tenant_id=tenant_id) + return result + +def user_role_add(values): + user_role_ref = models.UserRoleAssociation() + user_role_ref.update(values) + user_role_ref.save() + return user_role_ref + + +def user_get_update(id, session=None): + if not session: + session = get_session() + result = session.query(models.User).filter_by(id=id).first() + return result + + +def users_get_page(marker, limit, session=None): + if not session: + session = get_session() + user = aliased(models.User) + if marker: + return session.query(user).\ + filter("id>=:marker").params( + marker='%s' % marker).order_by( + "id").limit(limit).all() + else: + return session.query(user).\ + order_by("id").limit(limit).all() + +def users_get_page_markers(marker, limit, \ + session=None): + if not session: + session = get_session() + user = aliased(models.User) + first = session.query(user).\ + order_by(user.id).first() + last = session.query(user).\ + order_by(user.id.desc()).first() + if first is None: + return (None, None) + if marker is None: + marker = first.id + next = session.query(user).\ + filter("id > :marker").params(\ + marker='%s' % marker).order_by(user.id).\ + limit(int(limit)).all() + prev = session.query(user).\ + filter("id < :marker").params( + marker='%s' % marker).order_by( + user.id.desc()).limit(int(limit)).all() + next_len = len(next) + prev_len = len(prev) + + if next_len == 0: + next = last + else: + for t in next: + next = t + if prev_len == 0: + prev = first + else: + for t in prev: + prev = t + if first.id == marker: + prev = None + else: + prev = prev.id + if marker == last.id: + next = None + else: + next = next.id + return (prev, next) + + +def users_get_by_tenant_get_page(tenant_id, marker, limit, session=None): + if not session: + session = get_session() + user = aliased(models.User) + if marker: + return session.query(user).\ + filter("tenant_id = :tenant_id").\ + params(tenant_id='%s' % tenant_id).\ + filter("id>=:marker").params( + marker='%s' % marker).order_by( + "id").limit(limit).all() + else: + return session.query(user).\ + filter("tenant_id = :tenant_id").\ + params(tenant_id='%s' % tenant_id).order_by( + "id").limit(limit).all() + + +def users_get_by_tenant_get_page_markers(tenant_id, marker, limit, \ + session=None): + if not session: + session = get_session() + user = aliased(models.User) + first = session.query(user).\ + filter(user.tenant_id == tenant_id).\ + order_by(user.id).first() + last = session.query(user).\ + filter(user.tenant_id == tenant_id).\ + order_by(user.id.desc()).first() + if first is None: + return (None, None) + if marker is None: + marker = first.id + next = session.query(user).\ + filter(user.tenant_id == tenant_id).\ + filter("id > :marker").params(\ + marker='%s' % marker).order_by(user.id).\ + limit(int(limit)).all() + prev = session.query(user).\ + filter(user.tenant_id == tenant_id).\ + filter("id < :marker").params( + marker='%s' % marker).order_by( + user.id.desc()).limit(int(limit)).all() + next_len = len(next) + prev_len = len(prev) + + if next_len == 0: + next = last + else: + for t in next: + next = t + if prev_len == 0: + prev = first + else: + for t in prev: + prev = t + if first.id == marker: + prev = None + else: + prev = prev.id + if marker == last.id: + next = None + else: + next = next.id + return (prev, next) + +def user_groups_get_all(user_id, session=None): + if not session: + session = get_session() + uga = aliased(models.UserGroupAssociation) + group = aliased(models.Group) + return session.query(group, uga).\ + join((uga, uga.group_id == group.id)).\ + filter(uga.user_id == user_id).order_by( + group.id).all() diff --git a/keystone/db/sqlalchemy/models.py b/keystone/db/sqlalchemy/models.py index d9b3af63..5de12701 100644 --- a/keystone/db/sqlalchemy/models.py +++ b/keystone/db/sqlalchemy/models.py @@ -16,12 +16,11 @@ # Not Yet PEP8 standardized from sqlalchemy import Column, String, Integer, ForeignKey, \ - UniqueConstraint, Boolean -from sqlalchemy import DateTime + UniqueConstraint, Boolean, DateTime from sqlalchemy.exc import IntegrityError from sqlalchemy.ext.declarative import declarative_base from sqlalchemy.orm import relationship, object_mapper -import api as db_api + Base = declarative_base() @@ -30,8 +29,10 @@ class KeystoneBase(object): def save(self, session=None): """Save this object.""" + if not session: - session = db_api.get_session() + from keystone.db.sqlalchemy import get_session + session = get_session() session.add(self) try: session.flush() diff --git a/keystone/frontends/legacy_token_auth.py b/keystone/frontends/legacy_token_auth.py index dcd03477..647a5697 100644 --- a/keystone/frontends/legacy_token_auth.py +++ b/keystone/frontends/legacy_token_auth.py @@ -15,7 +15,7 @@ # implied. # See the License for the specific language governing permissions and # limitations under the License. -# Not Yet PEP8 standardized + """ RACKSPACE LEGACY AUTH - STUB @@ -25,16 +25,13 @@ and makes an authentication call on keystone.- transforms response it receives into custom headers defined in properties and returns the response. """ + import os import sys -import optparse -import httplib import json import ast -from webob.exc import Request, Response -from paste.deploy import loadapp -from webob.exc import HTTPUnauthorized, HTTPInternalServerError +from webob.exc import Request POSSIBLE_TOPDIR = os.path.normpath(os.path.join(os.path.abspath(sys.argv[0]), os.pardir, @@ -43,10 +40,7 @@ POSSIBLE_TOPDIR = os.path.normpath(os.path.join(os.path.abspath(sys.argv[0]), if os.path.exists(os.path.join(POSSIBLE_TOPDIR, 'keystone', '__init__.py')): sys.path.insert(0, POSSIBLE_TOPDIR) -import keystone import keystone.utils as utils -from keystone.common import wsgi -from keystone.common import config PROTOCOL_NAME = "Legacy Authentication" diff --git a/keystone/logic/service.py b/keystone/logic/service.py index 8b954899..ed624515 100755 --- a/keystone/logic/service.py +++ b/keystone/logic/service.py @@ -19,12 +19,13 @@ import uuid import keystone.logic.types.auth as auth import keystone.logic.types.atom as atom +import keystone.db.sqlalchemy as db import keystone.db.sqlalchemy.api as db_api import keystone.db.sqlalchemy.models as db_models import keystone.logic.types.fault as fault import keystone.logic.types.tenant as tenants import keystone.logic.types.role as roles -import keystone.logic.types.user as users +import keystone.logic.types.user as get_users import keystone.logic.types.baseURL as baseURLs @@ -41,11 +42,11 @@ class IdentityService(object): raise fault.BadRequestFault("Expecting Password Credentials!") if not credentials.tenant_id: - duser = db_api.user_get(credentials.username) + duser = db_api.user.get(credentials.username) if duser == None: raise fault.UnauthorizedFault("Unauthorized") else: - duser = db_api.user_get_by_tenant(credentials.username, + duser = db_api.user.get_by_tenant(credentials.username, credentials.tenant_id) if duser == None: raise fault.UnauthorizedFault("Unauthorized on this tenant") @@ -60,9 +61,9 @@ class IdentityService(object): # TODO: Handle tenant/token search # if not credentials.tenant_id: - dtoken = db_api.token_for_user(duser.id) + dtoken = db_api.token.get_for_user(duser.id) else: - dtoken = db_api.token_for_user_tenant(duser.id, + dtoken = db_api.token.get_for_user_by_tenant(duser.id, credentials.tenant_id) tenant_id = None if credentials.tenant_id: @@ -78,7 +79,7 @@ class IdentityService(object): if credentials.tenant_id: dtoken.tenant_id = credentials.tenant_id dtoken.expires = datetime.now() + timedelta(days=1) - db_api.token_create(dtoken) + db_api.token.create(dtoken) #if tenant_id is passed in the call that tenant_id is passed else #user's default tenant_id is used. return self.__get_auth_data(dtoken, tenant_id) @@ -101,11 +102,11 @@ class IdentityService(object): def revoke_token(self, admin_token, token_id): self.__validate_token(admin_token) - dtoken = db_api.token_get(token_id) + dtoken = db_api.token.get(token_id) if not dtoken: raise fault.ItemNotFoundFault("Token not found") - db_api.token_delete(token_id) + db_api.token.delete(token_id) # # Tenant Operations @@ -120,7 +121,7 @@ class IdentityService(object): if tenant.tenant_id == None: raise fault.BadRequestFault("Expecting a unique Tenant Id") - if db_api.tenant_get(tenant.tenant_id) != None: + if db_api.tenant.get(tenant.tenant_id) != None: raise fault.TenantConflictFault( "A tenant with that id already exists") @@ -129,7 +130,7 @@ class IdentityService(object): dtenant.desc = tenant.description dtenant.enabled = tenant.enabled - db_api.tenant_create(dtenant) + db_api.tenant.create(dtenant) return tenant ## @@ -140,11 +141,11 @@ class IdentityService(object): (token, user) = self.__validate_token(admin_token) # If Global admin return all tenants. ts = [] - dtenants = db_api.tenant_get_page(marker, limit) + dtenants = db_api.tenant.get_page(marker, limit) for dtenant in dtenants: ts.append(tenants.Tenant(dtenant.id, dtenant.desc, dtenant.enabled)) - prev, next = db_api.tenant_get_page_markers(marker, limit) + prev, next = db_api.tenant.get_page_markers(marker, limit) links = [] if prev: links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" \ @@ -157,11 +158,11 @@ class IdentityService(object): #If not global admin ,return tenants specific to user. (token, user) = self.__validate_token(admin_token, False) ts = [] - dtenants = db_api.tenants_for_user_get_page(user, marker, limit) + dtenants = db_api.tenant.tenants_for_user_get_page(user, marker, limit) for dtenant in dtenants: ts.append(tenants.Tenant(dtenant.id, dtenant.desc, dtenant.enabled)) - prev, next = db_api.tenants_for_user_get_page_markers(user, marker, + prev, next = db_api.tenant.tenants_for_user_get_page_markers(user, marker, limit) links = [] if prev: @@ -175,7 +176,7 @@ class IdentityService(object): def get_tenant(self, admin_token, tenant_id): self.__validate_token(admin_token) - dtenant = db_api.tenant_get(tenant_id) + dtenant = db_api.tenant.get(tenant_id) if not dtenant: raise fault.ItemNotFoundFault("The tenant could not be found") return tenants.Tenant(dtenant.id, dtenant.desc, dtenant.enabled) @@ -186,25 +187,25 @@ class IdentityService(object): if not isinstance(tenant, tenants.Tenant): raise fault.BadRequestFault("Expecting a Tenant") - dtenant = db_api.tenant_get(tenant_id) + dtenant = db_api.tenant.get(tenant_id) if dtenant == None: raise fault.ItemNotFoundFault("The tenant cloud not be found") values = {'desc': tenant.description, 'enabled': tenant.enabled} - db_api.tenant_update(tenant_id, values) + db_api.tenant.update(tenant_id, values) return tenants.Tenant(dtenant.id, tenant.description, tenant.enabled) def delete_tenant(self, admin_token, tenant_id): self.__validate_token(admin_token) - dtenant = db_api.tenant_get(tenant_id) + dtenant = db_api.tenant.get(tenant_id) if dtenant == None: raise fault.ItemNotFoundFault("The tenant cloud not be found") - if not db_api.tenant_is_empty(tenant_id): + if not db_api.tenant.is_empty(tenant_id): raise fault.ForbiddenFault("You may not delete a tenant that " - "contains users or groups") + "contains get_users or groups") - db_api.tenant_delete(dtenant.id) + db_api.tenant.delete(dtenant.id) return None # @@ -220,14 +221,14 @@ class IdentityService(object): if tenant == None: raise fault.BadRequestFault("Expecting a Tenant Id") - dtenant = db_api.tenant_get(tenant) + dtenant = db_api.tenant.get(tenant) if dtenant == None: raise fault.ItemNotFoundFault("The tenant not found") if group.group_id == None: raise fault.BadRequestFault("Expecting a Group Id") - if db_api.group_get(group.group_id) != None: + if db_api.group.get(group.group_id) != None: raise fault.TenantGroupConflictFault( "A tenant group with that id already exists") @@ -235,7 +236,7 @@ class IdentityService(object): dtenant.id = group.group_id dtenant.desc = group.description dtenant.tenant_id = tenant - db_api.tenant_group_create(dtenant) + db_api.tenant_group.create(dtenant) return tenants.Group(dtenant.id, dtenant.desc, dtenant.tenant_id) def get_tenant_groups(self, admin_token, tenant_id, marker, limit, url): @@ -243,18 +244,18 @@ class IdentityService(object): if tenant_id == None: raise fault.BadRequestFault("Expecting a Tenant Id") - dtenant = db_api.tenant_get(tenant_id) + dtenant = db_api.tenant.get(tenant_id) if dtenant == None: raise fault.ItemNotFoundFault("The tenant not found") ts = [] - dtenantgroups = db_api.tenant_group_get_page(tenant_id, marker, limit) + dtenantgroups = db_api.tenant_group.get_page(tenant_id, marker, limit) for dtenantgroup in dtenantgroups: ts.append(tenants.Group(dtenantgroup.id, dtenantgroup.desc, dtenantgroup.tenant_id)) - prev, next = db_api.tenant_group_get_page_markers(tenant_id, marker, + prev, next = db_api.tenant_group.get_page_markers(tenant_id, marker, limit) links = [] if prev: @@ -269,11 +270,11 @@ class IdentityService(object): def get_tenant_group(self, admin_token, tenant_id, group_id): self.__validate_token(admin_token) - dtenant = db_api.tenant_get(tenant_id) + dtenant = db_api.tenant.get(tenant_id) if dtenant == None: raise fault.ItemNotFoundFault("The tenant not found") - dtenant = db_api.tenant_group_get(group_id, tenant_id) + dtenant = db_api.tenant_group.get(group_id, tenant_id) if not dtenant: raise fault.ItemNotFoundFault("The tenant group not found") @@ -286,11 +287,11 @@ class IdentityService(object): raise fault.BadRequestFault("Expecting a Group") True - dtenant = db_api.tenant_get(tenant_id) + dtenant = db_api.tenant.get(tenant_id) if dtenant == None: raise fault.ItemNotFoundFault("The tenant not found") - dtenant = db_api.tenant_group_get(group_id, tenant_id) + dtenant = db_api.tenant_group.get(group_id, tenant_id) if not dtenant: raise fault.ItemNotFoundFault("The tenant group not found") @@ -304,27 +305,27 @@ class IdentityService(object): values = {'desc': group.description} - db_api.tenant_group_update(group_id, tenant_id, values) + db_api.tenant_group.update(group_id, tenant_id, values) return tenants.Group(group_id, group.description, tenant_id) def delete_tenant_group(self, admin_token, tenant_id, group_id): self.__validate_token(admin_token) - dtenant = db_api.tenant_get(tenant_id) + dtenant = db_api.tenant.get(tenant_id) if dtenant == None: raise fault.ItemNotFoundFault("The tenant not found") - dtenant = db_api.tenant_group_get(group_id, tenant_id) + dtenant = db_api.tenant_group.get(group_id, tenant_id) if not dtenant: raise fault.ItemNotFoundFault("The tenant group not found") - if not db_api.tenant_group_is_empty(group_id): + if not db_api.tenant_group.is_empty(group_id): raise fault.ForbiddenFault("You may not delete a tenant that " - "contains users or groups") + "contains get_users or groups") - db_api.tenant_group_delete(group_id, tenant_id) + db_api.tenant_group.delete(group_id, tenant_id) return None def get_users_tenant_group(self, admin_token, tenantId, groupId, marker, @@ -333,14 +334,14 @@ class IdentityService(object): if tenantId == None: raise fault.BadRequestFault("Expecting a Tenant Id") - if db_api.tenant_get(tenantId) == None: + if db_api.tenant.get(tenantId) == None: raise fault.ItemNotFoundFault("The tenant not found") - if db_api.tenant_group_get(groupId, tenantId) == None: + if db_api.tenant_group.get(groupId, tenantId) == None: raise fault.ItemNotFoundFault( "A tenant group with that id not found") ts = [] - dgroupusers = db_api.users_tenant_group_get_page(groupId, marker, + dgroupusers = db_api.user.users_tenant_group_get_page(groupId, marker, limit) for dgroupuser, dgroupuserAsso in dgroupusers: @@ -349,40 +350,40 @@ class IdentityService(object): tenantId, None)) links = [] if ts.__len__(): - prev, next = db_api.users_tenant_group_get_page_markers(groupId, + prev, next = db_api.user.users_tenant_group_get_page_markers(groupId, marker, limit) if prev: - links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" % + links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" % (url, prev, limit))) if next: - links.append(atom.Link('next', "%s?'marker=%s&limit=%s'" % + links.append(atom.Link('next', "%s?'marker=%s&limit=%s'" % (url, next, limit))) return tenants.Users(ts, links) def add_user_tenant_group(self, admin_token, tenant, group, user): self.__validate_token(admin_token) - if db_api.tenant_get(tenant) == None: + if db_api.tenant.get(tenant) == None: raise fault.ItemNotFoundFault("The Tenant not found") - if db_api.group_get(group) == None: + if db_api.group.get(group) == None: raise fault.ItemNotFoundFault("The Group not found") - duser = db_api.user_get(user) + duser = db_api.user.get(user) if duser == None: raise fault.ItemNotFoundFault("The User not found") - if db_api.tenant_group_get(group, tenant) == None: + if db_api.tenant_group.get(group, tenant) == None: raise fault.ItemNotFoundFault("A tenant group with" " that id not found") - if db_api.get_user_by_group(user, group) != None: + if db_api.user.get_by_group(user, group) != None: raise fault.UserGroupConflictFault( "A user with that id already exists in group") dusergroup = db_models.UserGroupAssociation() dusergroup.user_id = user dusergroup.group_id = group - db_api.user_tenant_group(dusergroup) + db_api.user.tenant_group(dusergroup) return tenants.User(duser.id, duser.email, duser.enabled, tenant, group) @@ -390,24 +391,24 @@ class IdentityService(object): def delete_user_tenant_group(self, admin_token, tenant, group, user): self.__validate_token(admin_token) - if db_api.tenant_get(tenant) == None: + if db_api.tenant.get(tenant) == None: raise fault.ItemNotFoundFault("The Tenant not found") - if db_api.group_get(group) == None: + if db_api.group.get(group) == None: raise fault.ItemNotFoundFault("The Group not found") - duser = db_api.user_get(user) + duser = db_api.user.get(user) if duser == None: raise fault.ItemNotFoundFault("The User not found") - if db_api.tenant_group_get(group, tenant) == None: + if db_api.tenant_group.get(group, tenant) == None: raise fault.ItemNotFoundFault("A tenant group with" " that id not found") - if db_api.get_user_by_group(user, group) == None: + if db_api.user.get_by_group(user, group) == None: raise fault.ItemNotFoundFault("A user with that id " "in a group not found") - db_api.user_tenant_group_delete(user, group) + db_api.user.tenant_group_delete(user, group) return None # @@ -419,9 +420,9 @@ class IdentityService(object): token = None user = None if token_id: - token = db_api.token_get(token_id) + token = db_api.token.get(token_id) if token: - user = db_api.user_get(token.user_id) + user = db_api.user.get(token.user_id) return (token, user) # @@ -432,17 +433,17 @@ class IdentityService(object): dtenant = self.validate_and_fetch_user_tenant(user.tenant_id) - if not isinstance(user, users.User): + if not isinstance(user, get_users.User): raise fault.BadRequestFault("Expecting a User") if user.user_id == None: raise fault.BadRequestFault("Expecting a unique User Id") - if db_api.user_get(user.user_id) != None: + if db_api.user.get(user.user_id) != None: raise fault.UserConflictFault( "An user with that id already exists") - if db_api.user_get_email(user.email) != None: + if db_api.user.get_by_email(user.email) != None: raise fault.EmailConflictFault( "Email already exists") @@ -452,13 +453,13 @@ class IdentityService(object): duser.email = user.email duser.enabled = user.enabled duser.tenant_id = user.tenant_id - db_api.user_create(duser) + db_api.user.create(duser) return user def validate_and_fetch_user_tenant(self, tenant_id): if tenant_id != None and len(tenant_id) > 0: - dtenant = db_api.tenant_get(tenant_id) + dtenant = db_api.tenant.get(tenant_id) if dtenant == None: raise fault.ItemNotFoundFault("The tenant is not found") elif not dtenant.enabled: @@ -473,71 +474,71 @@ class IdentityService(object): if tenant_id == None: raise fault.BadRequestFault("Expecting a Tenant Id") - dtenant = db_api.tenant_get(tenant_id) + dtenant = db_api.tenant.get(tenant_id) if dtenant is None: raise fault.ItemNotFoundFault("The tenant not found") if not dtenant.enabled: raise fault.TenantDisabledFault("Your account has been disabled") ts = [] - dtenantusers = db_api.users_get_by_tenant_get_page(tenant_id, marker, + dtenantusers = db_api.user.users_get_by_tenant_get_page(tenant_id, marker, limit) for dtenantuser in dtenantusers: - ts.append(users.User(None, dtenantuser.id, tenant_id, + ts.append(get_users.User(None, dtenantuser.id, tenant_id, dtenantuser.email, dtenantuser.enabled)) links = [] if ts.__len__(): - prev, next = db_api.users_get_by_tenant_get_page_markers(tenant_id, + prev, next = db_api.user.users_get_by_tenant_get_page_markers(tenant_id, marker, limit) if prev: - links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" % + links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" % (url, prev, limit))) if next: - links.append(atom.Link('next', "%s?'marker=%s&limit=%s'" % + links.append(atom.Link('next', "%s?'marker=%s&limit=%s'" % (url, next, limit))) - return users.Users(ts, links) + return get_users.Users(ts, links) def get_users(self, admin_token, marker, limit, url): self.__validate_token(admin_token) ts = [] - dusers = db_api.users_get_page(marker, limit) + dusers = db_api.user.users_get_page(marker, limit) for duser in dusers: - ts.append(users.User(None, duser.id, duser.tenant_id, + ts.append(get_users.User(None, duser.id, duser.tenant_id, duser.email, duser.enabled)) links = [] if ts.__len__(): - prev, next = db_api.users_get_page_markers(marker, limit) + prev, next = db_api.user.users_get_page_markers(marker, limit) if prev: - links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" % + links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" % (url, prev, limit))) if next: - links.append(atom.Link('next', "%s?'marker=%s&limit=%s'" % + links.append(atom.Link('next', "%s?'marker=%s&limit=%s'" % (url, next, limit))) - return users.Users(ts, links) + return get_users.Users(ts, links) def get_user(self, admin_token, user_id): self.__validate_token(admin_token) - duser = db_api.user_get(user_id) + duser = db_api.user.get(user_id) if not duser: raise fault.ItemNotFoundFault("The user could not be found") if not duser.enabled: raise fault.UserDisabledFault("User has been disabled") - dtenant = db_api.tenant_get(duser.tenant_id) + dtenant = db_api.tenant.get(duser.tenant_id) ts = [] - dusergroups = db_api.user_groups_get_all(user_id) + dusergroups = db_api.user.user_groups_get_all(user_id) for dusergroup, dusergroupAsso in dusergroups: ts.append(tenants.Group(dusergroup.id, dusergroup.tenant_id, None)) - return users.User_Update(None, duser.id, duser.tenant_id, duser.email, + return get_users.User_Update(None, duser.id, duser.tenant_id, duser.email, duser.enabled, ts) def update_user(self, admin_token, user_id, user): self.__validate_token(admin_token) - duser = db_api.user_get(user_id) + duser = db_api.user.get(user_id) if not duser: raise fault.ItemNotFoundFault("The user could not be found") @@ -545,95 +546,96 @@ class IdentityService(object): if not duser.enabled: raise fault.UserDisabledFault("User has been disabled") - if not isinstance(user, users.User): + if not isinstance(user, get_users.User): raise fault.BadRequestFault("Expecting a User") if user.email != duser.email and \ - db_api.user_get_email(user.email) is not None: + db_api.user.get_by_email(user.email) is not None: raise fault.EmailConflictFault( "Email already exists") values = {'email': user.email} - db_api.user_update(user_id, values) - duser = db_api.user_get_update(user_id) - return users.User(duser.password, duser.id, duser.tenant_id, + db_api.user.update(user_id, values) + duser = db_api.user.user_get_update(user_id) + return get_users.User(duser.password, duser.id, duser.tenant_id, duser.email, duser.enabled) def set_user_password(self, admin_token, user_id, user): self.__validate_token(admin_token) - duser = db_api.user_get(user_id) + duser = db_api.user.get(user_id) if not duser: raise fault.ItemNotFoundFault("The user could not be found") if not duser.enabled: raise fault.UserDisabledFault("User has been disabled") - if not isinstance(user, users.User): + if not isinstance(user, get_users.User): raise fault.BadRequestFault("Expecting a User") - duser = db_api.user_get(user_id) + duser = db_api.user.get(user_id) if duser == None: raise fault.ItemNotFoundFault("The user could not be found") values = {'password': user.password} - db_api.user_update(user_id, values) + db_api.user.update(user_id, values) - return users.User_Update(user.password, None, None, None, None, None) + return get_users.User_Update(user.password, None, None, None, None, None) def enable_disable_user(self, admin_token, user_id, user): self.__validate_token(admin_token) - duser = db_api.user_get(user_id) + duser = db_api.user.get(user_id) if not duser: raise fault.ItemNotFoundFault("The user could not be found") - if not isinstance(user, users.User): + if not isinstance(user, get_users.User): raise fault.BadRequestFault("Expecting a User") - duser = db_api.user_get(user_id) + duser = db_api.user.get(user_id) if duser == None: raise fault.ItemNotFoundFault("The user could not be found") values = {'enabled': user.enabled} - db_api.user_update(user_id, values) + db_api.user.update(user_id, values) - return users.User_Update(None, None, None, None, user.enabled, None) + return get_users.User_Update(None, None, None, None, user.enabled, None) def set_user_tenant(self, admin_token, user_id, user): self.__validate_token(admin_token) - duser = db_api.user_get(user_id) + duser = db_api.user.get(user_id) if not duser: raise fault.ItemNotFoundFault("The user could not be found") - if not isinstance(user, users.User): + if not isinstance(user, get_users.User): raise fault.BadRequestFault("Expecting a User") - duser = db_api.user_get(user_id) + duser = db_api.user.get(user_id) if duser == None: raise fault.ItemNotFoundFault("The user could not be found") + dtenant = self.validate_and_fetch_user_tenant(user.tenant_id) values = {'tenant_id': user.tenant_id} - db_api.user_update(user_id, values) - return users.User_Update(None, None, user.tenant_id, None, None, None) + db_api.user.update(user_id, values) + return get_users.User_Update(None, None, user.tenant_id, None, None, None) def delete_user(self, admin_token, user_id): self.__validate_token(admin_token) - duser = db_api.user_get(user_id) + duser = db_api.user.get(user_id) if not duser: raise fault.ItemNotFoundFault("The user could not be found") - dtenant = db_api.tenant_get(duser.tenant_id) + dtenant = db_api.tenant.get(duser.tenant_id) if dtenant != None: - db_api.user_delete_tenant_user(user_id, dtenant.id) + db_api.user.delete_tenant_user(user_id, dtenant.id) else: - db_api.user_delete(user_id) + db_api.user.user_delete(user_id) return None def get_user_groups(self, admin_token, user_id, marker, limit, url): self.__validate_token(admin_token) ts = [] - dusergroups = db_api.groups_get_by_user_get_page(user_id, marker, + dusergroups = db_api.group.get_by_user_get_page(user_id, marker, limit) for dusergroup, dusergroupAsso in dusergroups: @@ -641,13 +643,13 @@ class IdentityService(object): dusergroup.tenant_id)) links = [] if ts.__len__(): - prev, next = db_api.groups_get_by_user_get_page_markers(user_id, + prev, next = db_api.group.get_by_user_get_page_markers(user_id, marker, limit) if prev: - links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" % + links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" % (url, prev, limit))) if next: - links.append(atom.Link('next', "%s?'marker=%s&limit=%s'" % + links.append(atom.Link('next', "%s?'marker=%s&limit=%s'" % (url, next, limit))) return tenants.Groups(ts, links) @@ -658,14 +660,14 @@ class IdentityService(object): # with server.py def __check_create_global_tenant(self): - dtenant = db_api.tenant_get('GlobalTenant') + dtenant = db_api.tenant.get('GlobalTenant') if dtenant is None: dtenant = db_models.Tenant() dtenant.id = 'GlobalTenant' dtenant.desc = 'GlobalTenant is Default tenant for global groups' dtenant.enabled = True - db_api.tenant_create(dtenant) + db_api.tenant.create(dtenant) return dtenant def create_global_group(self, admin_token, group): @@ -677,7 +679,7 @@ class IdentityService(object): if group.group_id == None: raise fault.BadRequestFault("Expecting a Group Id") - if db_api.group_get(group.group_id) != None: + if db_api.group.get(group.group_id) != None: raise fault.TenantGroupConflictFault( "A tenant group with that id already exists") gtenant = self.__check_create_global_tenant() @@ -685,37 +687,37 @@ class IdentityService(object): dtenant.id = group.group_id dtenant.desc = group.description dtenant.tenant_id = gtenant.id - db_api.tenant_group_create(dtenant) + db_api.tenant_group.create(dtenant) return tenants.GlobalGroup(dtenant.id, dtenant.desc, None) def get_global_groups(self, admin_token, marker, limit, url): self.__validate_token(admin_token) gtenant = self.__check_create_global_tenant() ts = [] - dtenantgroups = db_api.tenant_group_get_page(gtenant.id, \ + dtenantgroups = db_api.tenant_group.get_page(gtenant.id, \ marker, limit) for dtenantgroup in dtenantgroups: ts.append(tenants.GlobalGroup(dtenantgroup.id, dtenantgroup.desc)) - prev, next = db_api.tenant_group_get_page_markers(gtenant.id, + prev, next = db_api.tenant_group.get_page_markers(gtenant.id, marker, limit) links = [] if prev: - links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" % + links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" % (url, prev, limit))) if next: - links.append(atom.Link('next', "%s?'marker=%s&limit=%s'" % + links.append(atom.Link('next', "%s?'marker=%s&limit=%s'" % (url, next, limit))) return tenants.GlobalGroups(ts, links) def get_global_group(self, admin_token, group_id): self.__validate_token(admin_token) gtenant = self.__check_create_global_tenant() - dtenant = db_api.tenant_get(gtenant.id) + dtenant = db_api.tenant.get(gtenant.id) if dtenant == None: raise fault.ItemNotFoundFault("The Global tenant not found") - dtenant = db_api.tenant_group_get(group_id, gtenant.id) + dtenant = db_api.tenant_group.get(group_id, gtenant.id) if not dtenant: raise fault.ItemNotFoundFault("The Global tenant group not found") @@ -727,11 +729,11 @@ class IdentityService(object): if not isinstance(group, tenants.GlobalGroup): raise fault.BadRequestFault("Expecting a Group") - dtenant = db_api.tenant_get(gtenant.id) + dtenant = db_api.tenant.get(gtenant.id) if dtenant == None: raise fault.ItemNotFoundFault("The global tenant not found") - dtenant = db_api.tenant_group_get(group_id, gtenant.id) + dtenant = db_api.tenant_group.get(group_id, gtenant.id) if not dtenant: raise fault.ItemNotFoundFault("The Global tenant group not found") if group_id != group.group_id: @@ -739,26 +741,26 @@ class IdentityService(object): "Group id not matching") values = {'desc': group.description} - db_api.tenant_group_update(group_id, gtenant.id, values) + db_api.tenant_group.update(group_id, gtenant.id, values) return tenants.GlobalGroup(group_id, group.description, gtenant.id) def delete_global_group(self, admin_token, group_id): self.__validate_token(admin_token) gtenant = self.__check_create_global_tenant() - dtenant = db_api.tenant_get(gtenant.id) + dtenant = db_api.tenant.get(gtenant.id) if dtenant == None: raise fault.ItemNotFoundFault("The global tenant not found") - dtenant = db_api.tenant_group_get(group_id, dtenant.id) + dtenant = db_api.tenant_group.get(group_id, dtenant.id) if not dtenant: raise fault.ItemNotFoundFault("The global tenant group not found") - if not db_api.tenant_group_is_empty(group_id): + if not db_api.tenant_group.is_empty(group_id): raise fault.ForbiddenFault("You may not delete a group that " - "contains users") + "contains get_users") - db_api.tenant_group_delete(group_id, gtenant.id) + db_api.tenant_group.delete(group_id, gtenant.id) return None def get_users_global_group(self, admin_token, groupId, marker, limit, url): @@ -768,21 +770,21 @@ class IdentityService(object): if gtenant.id == None: raise fault.BadRequestFault("Expecting a global Tenant") - if db_api.tenant_get(gtenant.id) == None: + if db_api.tenant.get(gtenant.id) == None: raise fault.ItemNotFoundFault("The global tenant not found") - if db_api.tenant_group_get(groupId, gtenant.id) == None: + if db_api.tenant_group.get(groupId, gtenant.id) == None: raise fault.ItemNotFoundFault( "A global tenant group with that id not found") ts = [] - dgroupusers = db_api.users_tenant_group_get_page(groupId, marker, + dgroupusers = db_api.user.users_tenant_group_get_page(groupId, marker, limit) for dgroupuser, dgroupuserassoc in dgroupusers: ts.append(tenants.User(dgroupuser.id, dgroupuser.email, dgroupuser.enabled)) links = [] if ts.__len__(): - prev, next = db_api.users_tenant_group_get_page_markers(groupId, + prev, next = db_api.user.users_tenant_group_get_page_markers(groupId, marker, limit) if prev: links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" @@ -796,27 +798,27 @@ class IdentityService(object): self.__validate_token(admin_token) gtenant = self.__check_create_global_tenant() - if db_api.tenant_get(gtenant.id) == None: + if db_api.tenant.get(gtenant.id) == None: raise fault.ItemNotFoundFault("The Global Tenant not found") - if db_api.group_get(group) == None: + if db_api.group.get(group) == None: raise fault.ItemNotFoundFault("The Group not found") - duser = db_api.user_get(user) + duser = db_api.user.get(user) if duser == None: raise fault.ItemNotFoundFault("The User not found") - if db_api.tenant_group_get(group, gtenant.id) == None: + if db_api.tenant_group.get(group, gtenant.id) == None: raise fault.ItemNotFoundFault("A global tenant group with" " that id not found") - if db_api.get_user_by_group(user, group) != None: + if db_api.user.get_by_group(user, group) != None: raise fault.UserGroupConflictFault( "A user with that id already exists in group") dusergroup = db_models.UserGroupAssociation() dusergroup.user_id = user dusergroup.group_id = group - db_api.user_tenant_group(dusergroup) + db_api.user.tenant_group(dusergroup) return tenants.User(duser.id, duser.email, duser.enabled, group_id=group) @@ -825,24 +827,24 @@ class IdentityService(object): self.__validate_token(admin_token) gtenant = self.__check_create_global_tenant() - if db_api.tenant_get(gtenant.id) == None: + if db_api.tenant.get(gtenant.id) == None: raise fault.ItemNotFoundFault("The Global Tenant not found") - if db_api.group_get(group) == None: + if db_api.group.get(group) == None: raise fault.ItemNotFoundFault("The Group not found") - duser = db_api.user_get(user) + duser = db_api.user.get(user) if duser == None: raise fault.ItemNotFoundFault("The User not found") - if db_api.tenant_group_get(group, gtenant.id) == None: + if db_api.tenant_group.get(group, gtenant.id) == None: raise fault.ItemNotFoundFault("A global tenant group with " "that id not found") - if db_api.get_user_by_group(user, group) == None: + if db_api.user.get_by_group(user, group) == None: raise fault.ItemNotFoundFault("A user with that id in a " "group not found") - db_api.user_tenant_group_delete(user, group) + db_api.user.tenant_group_delete(user, group) return None # @@ -851,7 +853,7 @@ class IdentityService(object): """return AuthData object for a token""" base_urls = None if tenant_id != None: - base_urls = db_api.tenant_baseurls_get_all(tenant_id) + base_urls = db_api.tenant.get_all_baseurls(tenant_id) token = auth.Token(dtoken.expires, dtoken.token_id, tenant_id) return auth.AuthData(token, base_urls) @@ -861,12 +863,12 @@ class IdentityService(object): token = auth.Token(dtoken.expires, dtoken.token_id, dtoken.tenant_id) ts = [] if dtoken.tenant_id: - droleRefs = db_api.role_ref_get_all_tenant_roles(duser.id, + droleRefs = db_api.role.ref_get_all_tenant_roles(duser.id, dtoken.tenant_id) for droleRef in droleRefs: ts.append(roles.RoleRef(droleRef.id, droleRef.role_id, droleRef.tenant_id)) - droleRefs = db_api.role_ref_get_all_global_roles(duser.id) + droleRefs = db_api.role.ref_get_all_global_roles(duser.id) for droleRef in droleRefs: ts.append(roles.RoleRef(droleRef.id, droleRef.role_id, droleRef.tenant_id)) @@ -887,7 +889,7 @@ class IdentityService(object): raise fault.UserDisabledFault("The user %s has been disabled!" % user.id) if admin: - roleRefs = db_api.role_ref_get_all_global_roles(user.id) + roleRefs = db_api.role.ref_get_all_global_roles(user.id) for roleRef in roleRefs: if roleRef.role_id == "Admin" and roleRef.tenant_id is None: return (token, user) @@ -904,24 +906,24 @@ class IdentityService(object): if role.role_id == None: raise fault.BadRequestFault("Expecting a Role Id") - if db_api.role_get(role.role_id) != None: + if db_api.role.get(role.role_id) != None: raise fault.RoleConflictFault( "A role with that id already exists") drole = db_models.Role() drole.id = role.role_id drole.desc = role.desc - db_api.role_create(drole) + db_api.role.create(drole) return role def get_roles(self, admin_token, marker, limit, url): self.__validate_token(admin_token) ts = [] - droles = db_api.role_get_page(marker, limit) + droles = db_api.role.get_page(marker, limit) for drole in droles: ts.append(roles.Role(drole.id, drole.desc)) - prev, next = db_api.role_get_page_markers(marker, limit) + prev, next = db_api.role.get_page_markers(marker, limit) links = [] if prev: links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" \ @@ -934,14 +936,14 @@ class IdentityService(object): def get_role(self, admin_token, role_id): self.__validate_token(admin_token) - drole = db_api.role_get(role_id) + drole = db_api.role.get(role_id) if not drole: raise fault.ItemNotFoundFault("The role could not be found") return roles.Role(drole.id, drole.desc) def create_role_ref(self, admin_token, user_id, roleRef): self.__validate_token(admin_token) - duser = db_api.user_get(user_id) + duser = db_api.user.get(user_id) if not duser: raise fault.ItemNotFoundFault("The user could not be found") @@ -952,12 +954,12 @@ class IdentityService(object): if roleRef.role_id == None: raise fault.BadRequestFault("Expecting a Role Id") - drole = db_api.role_get(roleRef.role_id) + drole = db_api.role.get(roleRef.role_id) if drole == None: raise fault.ItemNotFoundFault("The role not found") if roleRef.tenant_id != None: - dtenant = db_api.tenant_get(roleRef.tenant_id) + dtenant = db_api.tenant.get(roleRef.tenant_id) if dtenant == None: raise fault.ItemNotFoundFault("The tenant not found") @@ -966,28 +968,28 @@ class IdentityService(object): drole_ref.role_id = drole.id if roleRef.tenant_id != None: drole_ref.tenant_id = dtenant.id - user_role_ref = db_api.user_role_add(drole_ref) + user_role_ref = db_api.user.user_role_add(drole_ref) roleRef.role_ref_id = user_role_ref.id return roleRef def delete_role_ref(self, admin_token, role_ref_id): self.__validate_token(admin_token) - db_api.role_ref_delete(role_ref_id) + db_api.role.ref_delete(role_ref_id) return None def get_user_roles(self, admin_token, marker, limit, url, user_id): self.__validate_token(admin_token) - duser = db_api.user_get(user_id) + duser = db_api.user.get(user_id) if not duser: raise fault.ItemNotFoundFault("The user could not be found") ts = [] - droleRefs = db_api.role_ref_get_page(marker, limit, user_id) + droleRefs = db_api.role.ref_get_page(marker, limit, user_id) for droleRef in droleRefs: ts.append(roles.RoleRef(droleRef.id, droleRef.role_id, droleRef.tenant_id)) - prev, next = db_api.role_ref_get_page_markers(user_id, marker, limit) + prev, next = db_api.role.ref_get_page_markers(user_id, marker, limit) links = [] if prev: links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" \ @@ -1001,14 +1003,14 @@ class IdentityService(object): self.__validate_token(admin_token) ts = [] - dbaseurls = db_api.baseurls_get_page(marker, limit) + dbaseurls = db_api.baseurl.get_page(marker, limit) for dbaseurl in dbaseurls: ts.append(baseURLs.BaseURL(dbaseurl.id, dbaseurl.region, dbaseurl.service, dbaseurl.public_url, dbaseurl.admin_url, dbaseurl.internal_url, dbaseurl.enabled)) - prev, next = db_api.baseurls_get_page_markers(marker, limit) + prev, next = db_api.baseurl.get_page_markers(marker, limit) links = [] if prev: links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" \ @@ -1021,7 +1023,7 @@ class IdentityService(object): def get_baseurl(self, admin_token, baseurl_id): self.__validate_token(admin_token) - dbaseurl = db_api.baseurls_get(baseurl_id) + dbaseurl = db_api.baseurl.get(baseurl_id) if not dbaseurl: raise fault.ItemNotFoundFault("The base URL could not be found") return baseURLs.BaseURL(dbaseurl.id, dbaseurl.region, dbaseurl.service, @@ -1033,13 +1035,13 @@ class IdentityService(object): if tenant_id == None: raise fault.BadRequestFault("Expecting a Tenant Id") - if db_api.tenant_get(tenant_id) == None: + if db_api.tenant.get(tenant_id) == None: raise fault.ItemNotFoundFault("The tenant not found") ts = [] dtenantBaseURLAssociations = \ - db_api.baseurls_ref_get_by_tenant_get_page(tenant_id, marker, + db_api.baseurl.ref_get_by_tenant_get_page(tenant_id, marker, limit) for dtenantBaseURLAssociation in dtenantBaseURLAssociations: ts.append(baseURLs.BaseURLRef(dtenantBaseURLAssociation.id, @@ -1048,13 +1050,13 @@ class IdentityService(object): links = [] if ts.__len__(): prev, next = \ - db_api.baseurls_ref_get_by_tenant_get_page_markers(tenant_id, + db_api.baseurl.ref_get_by_tenant_get_page_markers(tenant_id, marker, limit) if prev: - links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" % + links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" % (url, prev, limit))) if next: - links.append(atom.Link('next', "%s?'marker=%s&limit=%s'" % + links.append(atom.Link('next', "%s?'marker=%s&limit=%s'" % (url, next, limit))) return baseURLs.BaseURLRefs(ts, links) @@ -1064,16 +1066,16 @@ class IdentityService(object): if tenant_id == None: raise fault.BadRequestFault("Expecting a Tenant Id") - if db_api.tenant_get(tenant_id) == None: + if db_api.tenant.get(tenant_id) == None: raise fault.ItemNotFoundFault("The tenant not found") - dbaseurl = db_api.baseurls_get(baseurl.id) + dbaseurl = db_api.baseurl.get(baseurl.id) if not dbaseurl: raise fault.ItemNotFoundFault("The base URL could not be found") dbaseurl_ref = db_models.TenantBaseURLAssociation() dbaseurl_ref.tenant_id = tenant_id dbaseurl_ref.baseURLs_id = baseurl.id - dbaseurl_ref = db_api.baseurls_ref_add(dbaseurl_ref) + dbaseurl_ref = db_api.baseurl.ref_add(dbaseurl_ref) baseurlRef = baseURLs.BaseURLRef(dbaseurl_ref.id, url + \ '/baseURLs/' + \ dbaseurl_ref.baseURLs_id) @@ -1081,5 +1083,5 @@ class IdentityService(object): def delete_baseurls_ref(self, admin_token, baseurls_id): self.__validate_token(admin_token) - db_api.baseurls_ref_delete(baseurls_id) + db_api.baseurl.ref_delete(baseurls_id) return None diff --git a/keystone/server.py b/keystone/server.py index 1c1e6445..fc8b24d1 100755 --- a/keystone/server.py +++ b/keystone/server.py @@ -40,9 +40,6 @@ import os import routes import sys from webob import Response -from webob.exc import (HTTPNotFound, - HTTPConflict, - HTTPBadRequest) POSSIBLE_TOPDIR = os.path.normpath(os.path.join(os.path.abspath(sys.argv[0]), os.pardir, @@ -52,7 +49,7 @@ if os.path.exists(os.path.join(POSSIBLE_TOPDIR, 'keystone', '__init__.py')): from keystone.common import wsgi -from keystone.db.sqlalchemy import api as db_api +import keystone.db.sqlalchemy as db import keystone.logic.service as serv import keystone.logic.types.tenant as tenants import keystone.logic.types.role as roles @@ -538,7 +535,7 @@ class KeystoneAPI(wsgi.Router): self.options = options mapper = routes.Mapper() - db_api.configure_db(options) + db.configure_db(options) # Token Operations auth_controller = AuthController(options) @@ -589,7 +586,7 @@ class KeystoneAdminAPI(wsgi.Router): self.options = options mapper = routes.Mapper() - db_api.configure_db(options) + db.configure_db(options) # Token Operations auth_controller = AuthController(options) mapper.connect("/v2.0/tokens", controller=auth_controller, diff --git a/keystone/test/unit/base.py b/keystone/test/unit/base.py index 0d59bba1..631e6cd3 100644 --- a/keystone/test/unit/base.py +++ b/keystone/test/unit/base.py @@ -18,7 +18,6 @@ import datetime import functools -import json import httplib import logging import pprint @@ -28,7 +27,8 @@ from lxml import etree, objectify import webob from keystone import server -from keystone.db.sqlalchemy import api as db_api +import keystone.db.sqlalchemy as db +import keystone.db.sqlalchemy.api as db_api logger = logging.getLogger('test.unit.base') @@ -48,7 +48,7 @@ class ServiceAPITest(unittest.TestCase): """ Dict of configuration options to pass to the API controller """ - options = {'sql_connection': 'sqlite:///', # in-memory db + options = {'sql_connection': 'sqlite:///', # in-memory db 'verbose': False, 'debug': False} @@ -117,9 +117,9 @@ class ServiceAPITest(unittest.TestCase): """ Purges the database of all data """ - db_api.unregister_models() + db.unregister_models() logger.debug("Cleared all data from database") - db_api.register_models() + db.register_models() def fixture_create_tenant(self, **kwargs): """ @@ -128,7 +128,7 @@ class ServiceAPITest(unittest.TestCase): :params **kwargs: Attributes of the tenant to create """ values = kwargs.copy() - tenant = db_api.tenant_create(values) + tenant = db_api.tenant.create(values) logger.debug("Created tenant fixture %s", values['id']) return tenant @@ -142,11 +142,11 @@ class ServiceAPITest(unittest.TestCase): values = kwargs.copy() tenant_id = values.get('tenant_id') if tenant_id: - if not db_api.tenant_get(tenant_id): - db_api.tenant_create({'id': tenant_id, + if not db_api.tenant.get(tenant_id): + db_api.tenant.create({'id': tenant_id, 'enabled': True, 'desc': tenant_id}) - user = db_api.user_create(values) + user = db_api.user.create(values) logger.debug("Created user fixture %s", values['id']) return user @@ -157,7 +157,7 @@ class ServiceAPITest(unittest.TestCase): :params **kwargs: Attributes of the token to create """ values = kwargs.copy() - token = db_api.token_create(values) + token = db_api.token.create(values) logger.debug("Created token fixture %s", values['token_id']) return token @@ -225,7 +225,7 @@ class ServiceAPITest(unittest.TestCase): nicely formatted for easy comparison if there is a failure. """ self.assertEqual(expected, got, "Mappings are not equal.\n" - "Got:\n%s\nExpected:\n%s" % + "Got:\n%s\nExpected:\n%s" % (pprint.pformat(got), pprint.pformat(expected))) @@ -242,7 +242,7 @@ class ServiceAPITest(unittest.TestCase): expected = objectify.fromstring(expected) self.assertEqual(etree.tostring(expected), etree.tostring(got), "DOMs are not equal.\n" - "Got:\n%s\nExpected:\n%s" % + "Got:\n%s\nExpected:\n%s" % (etree.tostring(got, pretty_print=True), etree.tostring(expected, pretty_print=True))) diff --git a/keystone/test/unit/test_BaseURLs.py b/keystone/test/unit/test_BaseURLs.py index c1740d89..5cc99ff9 100755 --- a/keystone/test/unit/test_BaseURLs.py +++ b/keystone/test/unit/test_BaseURLs.py @@ -27,6 +27,8 @@ import unittest import test_common as utils from test_common import URL +from keystone.logic.types import fault + class BaseURLsTest(unittest.TestCase): def setUp(self): self.tenant = utils.get_tenant() @@ -272,7 +274,7 @@ class GetBaseURLTest(BaseURLsTest): def test_get_baseURL_xml(self): header = httplib2.Http(".cache") - url = '%sbaseURLs/%s' % (utils.URL,'1') + url = '%sbaseURLs/%s' % (utils.URL, '1') #test for Content-Type = application/json resp, content = header.request(url, "GET", body='{}', headers={"Content-Type": "application/xml", @@ -296,35 +298,35 @@ class GetBaseURLTest(BaseURLsTest): class CreateBaseURLRefsTest(BaseURLsTest): def test_baseurls_ref_create_json(self): header = httplib2.Http(".cache") - resp, content = utils.create_baseurls_ref(self.tenant,"1", + resp, content = utils.create_baseurls_ref(self.tenant, "1", str(self.auth_token)) resp_val = int(resp['status']) self.assertEqual(201, resp_val) def test_baseurls_ref_create_json_using_expired_token(self): header = httplib2.Http(".cache") - resp, content = utils.create_baseurls_ref(self.tenant,"1", + resp, content = utils.create_baseurls_ref(self.tenant, "1", str(self.exp_auth_token)) resp_val = int(resp['status']) self.assertEqual(403, resp_val) def test_baseurls_ref_create_json_using_disabled_token(self): header = httplib2.Http(".cache") - resp, content = utils.create_baseurls_ref(self.tenant,"1", + resp, content = utils.create_baseurls_ref(self.tenant, "1", str(self.disabled_token)) resp_val = int(resp['status']) self.assertEqual(403, resp_val) def test_baseurls_ref_create_json_using_missing_token(self): header = httplib2.Http(".cache") - resp, content = utils.create_baseurls_ref(self.tenant,"1", + resp, content = utils.create_baseurls_ref(self.tenant, "1", str(self.missing_token)) resp_val = int(resp['status']) self.assertEqual(401, resp_val) def test_baseurls_ref_create_json_using_invalid_token(self): header = httplib2.Http(".cache") - resp, content = utils.create_baseurls_ref(self.tenant,"1", + resp, content = utils.create_baseurls_ref(self.tenant, "1", str(self.invalid_token)) resp_val = int(resp['status']) self.assertEqual(404, resp_val) @@ -332,7 +334,7 @@ class CreateBaseURLRefsTest(BaseURLsTest): def test_baseurls_ref_create_xml(self): header = httplib2.Http(".cache") - resp, content = utils.create_baseurls_ref_xml(self.tenant,"1", + resp, content = utils.create_baseurls_ref_xml(self.tenant, "1", str(self.auth_token)) resp_val = int(resp['status']) self.assertEqual(201, resp_val) @@ -346,7 +348,7 @@ class CreateBaseURLRefsTest(BaseURLsTest): def test_baseurls_ref_create_xml_using_expired_token(self): header = httplib2.Http(".cache") - resp, content = utils.create_baseurls_ref_xml(self.tenant,"1", + resp, content = utils.create_baseurls_ref_xml(self.tenant, "1", str(self.auth_token)) resp_val = int(resp['status']) self.assertEqual(201, resp_val) @@ -360,7 +362,7 @@ class CreateBaseURLRefsTest(BaseURLsTest): def test_baseurls_ref_create_xml_using_disabled_token(self): header = httplib2.Http(".cache") - resp, content = utils.create_baseurls_ref_xml(self.tenant,"1", + resp, content = utils.create_baseurls_ref_xml(self.tenant, "1", str(self.auth_token)) resp_val = int(resp['status']) self.assertEqual(201, resp_val) @@ -374,7 +376,7 @@ class CreateBaseURLRefsTest(BaseURLsTest): def test_baseurls_ref_create_xml_using_missing_token(self): header = httplib2.Http(".cache") - resp, content = utils.create_baseurls_ref_xml(self.tenant,"1", + resp, content = utils.create_baseurls_ref_xml(self.tenant, "1", str(self.auth_token)) resp_val = int(resp['status']) self.assertEqual(201, resp_val) @@ -388,7 +390,7 @@ class CreateBaseURLRefsTest(BaseURLsTest): def test_baseurls_ref_create_xml_using_invalid_token(self): header = httplib2.Http(".cache") - resp, content = utils.create_baseurls_ref_xml(self.tenant,"1", + resp, content = utils.create_baseurls_ref_xml(self.tenant, "1", str(self.auth_token)) resp_val = int(resp['status']) self.assertEqual(201, resp_val) @@ -550,7 +552,7 @@ class GetBaseURLRefsTest(BaseURLsTest): class DeleteBaseURLRefsTest(BaseURLsTest): def test_delete_baseurlref(self): header = httplib2.Http(".cache") - resp, content = utils.create_baseurls_ref(self.tenant,"1", + resp, content = utils.create_baseurls_ref(self.tenant, "1", str(self.auth_token)) resp_val = int(resp['status']) self.assertEqual(201, resp_val) @@ -573,7 +575,7 @@ class DeleteBaseURLRefsTest(BaseURLsTest): def test_delete_baseurlref_using_expired_auth_token(self): header = httplib2.Http(".cache") - resp, content = utils.create_baseurls_ref(self.tenant,"1", + resp, content = utils.create_baseurls_ref(self.tenant, "1", str(self.auth_token)) resp_val = int(resp['status']) self.assertEqual(201, resp_val) @@ -596,7 +598,7 @@ class DeleteBaseURLRefsTest(BaseURLsTest): def test_delete_baseurlref_using_disabled_auth_token(self): header = httplib2.Http(".cache") - resp, content = utils.create_baseurls_ref(self.tenant,"1", + resp, content = utils.create_baseurls_ref(self.tenant, "1", str(self.auth_token)) resp_val = int(resp['status']) self.assertEqual(201, resp_val) @@ -619,7 +621,7 @@ class DeleteBaseURLRefsTest(BaseURLsTest): def test_delete_baseurlref_using_missing_auth_token(self): header = httplib2.Http(".cache") - resp, content = utils.create_baseurls_ref(self.tenant,"1", + resp, content = utils.create_baseurls_ref(self.tenant, "1", str(self.auth_token)) resp_val = int(resp['status']) self.assertEqual(201, resp_val) @@ -642,7 +644,7 @@ class DeleteBaseURLRefsTest(BaseURLsTest): def test_delete_baseurlref_using_invalid_auth_token(self): header = httplib2.Http(".cache") - resp, content = utils.create_baseurls_ref(self.tenant,"1", + resp, content = utils.create_baseurls_ref(self.tenant, "1", str(self.auth_token)) resp_val = int(resp['status']) self.assertEqual(201, resp_val) @@ -664,4 +666,4 @@ class DeleteBaseURLRefsTest(BaseURLsTest): self.assertEqual(404, resp_val) if __name__ == '__main__': - unittest.main()
\ No newline at end of file + unittest.main() diff --git a/keystone/test/unit/test_authentication.py b/keystone/test/unit/test_authentication.py index 13f3a9ba..fb79c319 100755 --- a/keystone/test/unit/test_authentication.py +++ b/keystone/test/unit/test_authentication.py @@ -22,12 +22,11 @@ import os import sys # Need to access identity module sys.path.append(os.path.abspath(os.path.join(os.path.abspath(__file__), - '..', '..', '..', '..', '..','keystone'))) + '..', '..', '..', '..', '..', 'keystone'))) import unittest -from webtest import TestApp - import test_common as utils +from keystone.logic.types import fault class AuthenticationTest(unittest.TestCase): diff --git a/keystone/test/unit/test_common.py b/keystone/test/unit/test_common.py index 96635c52..bfad2d62 100755 --- a/keystone/test/unit/test_common.py +++ b/keystone/test/unit/test_common.py @@ -21,9 +21,11 @@ from lxml import etree import os import sys sys.path.append(os.path.abspath(os.path.join(os.path.abspath(__file__), - '..', '..', '..', '..', '..','keystone'))) + '..', '..', '..', '..', '..', 'keystone'))) import unittest + + URL = 'http://localhost:8081/v2.0/' URLv1 = 'http://localhost:8080/v1.0/' @@ -358,7 +360,7 @@ def user_update_json(auth_token, user_id, email=None): return (resp, content) -def user_update_xml(auth_token, user_id, email=None): +def user_update_xml(auth_token, user_id, email=None): h = httplib2.Http(".cache") url = '%susers/%s' % (URL, user_id) if email is None: @@ -807,9 +809,11 @@ def delete_all_baseurls_ref(tenant_id, auth_token): headers={"Content-Type": "application/json", "X-Auth-Token": auth_token}) if int(resp['status']) == 500: - self.fail('Identity Fault') + assert False + # self.fail('Identity Fault') elif int(resp['status']) == 503: - self.fail('Service Not Available') + assert False + # self.fail('Service Not Available') #verify content obj = json.loads(content) @@ -821,4 +825,4 @@ def delete_all_baseurls_ref(tenant_id, auth_token): "X-Auth-Token": str(auth_token)}) if __name__ == '__main__': - unittest.main()
\ No newline at end of file + unittest.main() diff --git a/keystone/test/unit/test_roles.py b/keystone/test/unit/test_roles.py index 4a52a794..b16892ab 100755 --- a/keystone/test/unit/test_roles.py +++ b/keystone/test/unit/test_roles.py @@ -27,6 +27,8 @@ import unittest import test_common as utils from test_common import URL +from keystone.logic.types import fault + class RolesTest(unittest.TestCase): def setUp(self): self.tenant = utils.get_tenant() @@ -522,7 +524,7 @@ class GetRoleRefsTest(RolesTest): self.fail('Service Not Available') self.assertEqual(401, int(resp['status'])) - def test_get_rolerefs_using_invalid_token(self): + def test_get_rolerefs_json_using_invalid_token(self): header = httplib2.Http(".cache") utils.add_user_json(self.tenant, self.user, self.auth_token) resp, content = utils.create_role_ref(self.user, 'Admin', self.tenant, @@ -538,7 +540,7 @@ class GetRoleRefsTest(RolesTest): self.fail('Service Not Available') self.assertEqual(404, int(resp['status'])) - def test_get_rolerefs_xml_using_missing_token(self): + def test_get_rolerefs_xml_using_invalid_token(self): header = httplib2.Http(".cache") utils.add_user_json(self.tenant, self.user, self.auth_token) resp, content = utils.create_role_ref(self.user, 'Admin', self.tenant, |