diff options
| author | Dolph Mathews <dolph.mathews@rackspace.com> | 2011-06-16 14:17:46 -0500 |
|---|---|---|
| committer | Dolph Mathews <dolph.mathews@rackspace.com> | 2011-06-16 14:17:46 -0500 |
| commit | 375c81f0820a8088a09c9e08ca25bbf9880fcada (patch) | |
| tree | f02b7c4ddf2ba6277c0734315379d1a4b9c06ac5 | |
| parent | 80407c4ca0ff031c5b6403bc841c904609afbc1d (diff) | |
Refactored DB API into modules by model
| -rwxr-xr-x | bin/keystone-manage | 2 | ||||
| -rwxr-xr-x | etc/keystone.conf | 4 | ||||
| -rw-r--r-- | keystone/db/sqlalchemy/__init__.py | 78 | ||||
| -rwxr-xr-x | keystone/db/sqlalchemy/api.py | 1317 | ||||
| -rw-r--r-- | keystone/db/sqlalchemy/api/__init__.py | 1 | ||||
| -rw-r--r-- | keystone/db/sqlalchemy/api/baseurl.py | 185 | ||||
| -rw-r--r-- | keystone/db/sqlalchemy/api/group.py | 170 | ||||
| -rw-r--r-- | keystone/db/sqlalchemy/api/role.py | 174 | ||||
| -rw-r--r-- | keystone/db/sqlalchemy/api/tenant.py | 192 | ||||
| -rw-r--r-- | keystone/db/sqlalchemy/api/tenant_group.py | 125 | ||||
| -rw-r--r-- | keystone/db/sqlalchemy/api/token.py | 61 | ||||
| -rw-r--r-- | keystone/db/sqlalchemy/api/user.py | 421 | ||||
| -rw-r--r-- | keystone/db/sqlalchemy/models.py | 9 | ||||
| -rw-r--r-- | keystone/frontends/legacy_token_auth.py | 12 | ||||
| -rwxr-xr-x | keystone/logic/service.py | 327 | ||||
| -rwxr-xr-x | keystone/server.py | 9 |
16 files changed, 1573 insertions, 1514 deletions
diff --git a/bin/keystone-manage b/bin/keystone-manage index df8d055b..a3b986c9 100755 --- a/bin/keystone-manage +++ b/bin/keystone-manage @@ -253,7 +253,7 @@ def Main(): if tenant != None: object.tenant_id = tenant db_api.user_role_add(object) - print "SUCCESS: Granted %s the %s role on %s." %\ + print "SUCCESS: Granted %s the %s role on %s." % \ (object.user_id, object.role_id, object.tenant_id) except Exception as exc: print "ERROR: Failed to grant role %s to %s on %s: %s" % (object_id, user, tenant, exc) diff --git a/etc/keystone.conf b/etc/keystone.conf index db0eeb44..c0fa1353 100755 --- a/etc/keystone.conf +++ b/etc/keystone.conf @@ -12,7 +12,6 @@ default_store = sqlite # Log to this file. Make sure you do not set the same log # file for both the API and registry servers! -# #log_file = /var/log/keystone.log log_file = keystone.log @@ -23,7 +22,6 @@ sql_connection = sqlite:///../keystone/keystone.db # Period in seconds after which SQLAlchemy should reestablish its connection # to the database. -# sql_idle_timeout = 30 #Dictionary Maps every service to a header.Missing services would get header X_(SERVICE_NAME) Key => Service Name, Value => Header Name @@ -44,7 +42,6 @@ bind_host = 0.0.0.0 # Port the bind the Admin API server to bind_port = 8081 - [app:server] paste.app_factory = keystone.server:app_factory @@ -55,4 +52,3 @@ pipeline = [filter:legacy_auth] paste.filter_factory = keystone.frontends.legacy_token_auth:filter_factory - diff --git a/keystone/db/sqlalchemy/__init__.py b/keystone/db/sqlalchemy/__init__.py index e69de29b..bdb9a5ba 100644 --- a/keystone/db/sqlalchemy/__init__.py +++ b/keystone/db/sqlalchemy/__init__.py @@ -0,0 +1,78 @@ +# vim: tabstop=4 shiftwidth=4 softtabstop=4 + +# Copyright 2010 OpenStack LLC. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import logging + +from sqlalchemy import create_engine +from sqlalchemy.orm import joinedload, aliased, sessionmaker + +from keystone.common import config +from keystone.db.sqlalchemy import models + +_ENGINE = None +_MAKER = None +BASE = models.Base + + +def configure_db(options): + """ + Establish the database, create an engine if needed, and + register the models. + + :param options: Mapping of configuration options + """ + global _ENGINE + if not _ENGINE: + debug = config.get_option( + options, 'debug', type='bool', default=False) + verbose = config.get_option( + options, 'verbose', type='bool', default=False) + timeout = config.get_option( + options, 'sql_idle_timeout', type='int', default=3600) + _ENGINE = create_engine(options['sql_connection'], + pool_recycle=timeout) + logger = logging.getLogger('sqlalchemy.engine') + if debug: + logger.setLevel(logging.DEBUG) + elif verbose: + logger.setLevel(logging.INFO) + register_models() + + +def get_session(autocommit=True, expire_on_commit=False): + """Helper method to grab session""" + global _MAKER, _ENGINE + if not _MAKER: + assert _ENGINE + _MAKER = sessionmaker(bind=_ENGINE, + autocommit=autocommit, + expire_on_commit=expire_on_commit) + return _MAKER() + + +def register_models(): + """Register Models and create properties""" + global _ENGINE + assert _ENGINE + BASE.metadata.create_all(_ENGINE) + + +def unregister_models(): + """Unregister Models, useful clearing out data before testing""" + global _ENGINE + assert _ENGINE + BASE.metadata.drop_all(_ENGINE) diff --git a/keystone/db/sqlalchemy/api.py b/keystone/db/sqlalchemy/api.py deleted file mode 100755 index d3146913..00000000 --- a/keystone/db/sqlalchemy/api.py +++ /dev/null @@ -1,1317 +0,0 @@ -# vim: tabstop=4 shiftwidth=4 softtabstop=4 -# Copyright (c) 2010-2011 OpenStack, LLC. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -# implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# Not Yet PEP8 standardized - -import logging - -from sqlalchemy.orm import joinedload, aliased -from sqlalchemy import create_engine -from sqlalchemy.orm import sessionmaker -from keystone.common import config -import models - - -_ENGINE = None -_MAKER = None -BASE = models.Base - - -def configure_db(options): - """ - Establish the database, create an engine if needed, and - register the models. - - :param options: Mapping of configuration options - """ - global _ENGINE - if not _ENGINE: - debug = config.get_option( - options, 'debug', type='bool', default=False) - verbose = config.get_option( - options, 'verbose', type='bool', default=False) - timeout = config.get_option( - options, 'sql_idle_timeout', type='int', default=3600) - _ENGINE = create_engine(options['sql_connection'], - pool_recycle=timeout) - logger = logging.getLogger('sqlalchemy.engine') - if debug: - logger.setLevel(logging.DEBUG) - elif verbose: - logger.setLevel(logging.INFO) - register_models() - - -def get_session(autocommit=True, expire_on_commit=False): - """Helper method to grab session""" - global _MAKER, _ENGINE - if not _MAKER: - assert _ENGINE - _MAKER = sessionmaker(bind=_ENGINE, - autocommit=autocommit, - expire_on_commit=expire_on_commit) - return _MAKER() - - -def register_models(): - """Register Models and create properties""" - global _ENGINE - assert _ENGINE - BASE.metadata.create_all(_ENGINE) - - -def unregister_models(): - """Unregister Models, useful clearing out data before testing""" - global _ENGINE - assert _ENGINE - BASE.metadata.drop_all(_ENGINE) - - -# -# Role API operations -# -def role_create(values): - role_ref = models.Role() - role_ref.update(values) - role_ref.save() - return role_ref - - -def role_get(id, session=None): - if not session: - session = get_session() - result = session.query(models.Role).filter_by(id=id).first() - return result - - -def role_get_all(session=None): - if not session: - session = get_session() - return session.query(models.Role).all() - - -def role_get_page(marker, limit, session=None): - if not session: - session = get_session() - - if marker: - return session.query(models.Role).filter("id>:marker").params(\ - marker='%s' % marker).order_by(\ - models.Role.id.desc()).limit(limit).all() - else: - return session.query(models.Role).order_by(\ - models.Role.id.desc()).limit(limit).all() - - -def role_ref_get_page(marker, limit, user_id, session=None): - if not session: - session = get_session() - - if marker: - return session.query(models.UserRoleAssociation).\ - filter("id>:marker").params(\ - marker='%s' % marker).filter_by(user_id=user_id).order_by(\ - models.UserRoleAssociation.id.desc()).limit(limit).all() - else: - return session.query(models.UserRoleAssociation).\ - filter_by(user_id=user_id).order_by(\ - models.UserRoleAssociation.id.desc()).limit(limit).all() - - -def role_ref_get_all_global_roles(user_id, session=None): - if not session: - session = get_session() - return session.query(models.UserRoleAssociation).\ - filter_by(user_id=user_id).filter("tenant_id is null").all() - - -def role_ref_get_all_tenant_roles(user_id, tenant_id, session=None): - if not session: - session = get_session() - return session.query(models.UserRoleAssociation).\ - filter_by(user_id=user_id).filter_by(tenant_id=tenant_id).all() - - -def role_ref_get(id, session=None): - if not session: - session = get_session() - result = session.query(models.UserRoleAssociation).filter_by(id=id).first() - return result - - -def role_ref_delete(id, session=None): - if not session: - session = get_session() - with session.begin(): - role_ref = role_ref_get(id, session) - session.delete(role_ref) - - -# -# Tenant API operations -# -def tenant_create(values): - tenant_ref = models.Tenant() - tenant_ref.update(values) - tenant_ref.save() - return tenant_ref - - -def tenant_get(id, session=None): - if not session: - session = get_session() - result = session.query(models.Tenant).filter_by(id=id).first() - return result - - -def tenant_get_all(session=None): - if not session: - session = get_session() - return session.query(models.Tenant).all() - - -def tenants_for_user_get_page(user, marker, limit, session=None): - if not session: - session = get_session() - ura = aliased(models.UserRoleAssociation) - tenant = aliased(models.Tenant) - q1 = session.query(tenant).join((ura, ura.tenant_id == tenant.id)).\ - filter(ura.user_id == user.id) - q2 = session.query(tenant).filter(tenant.id == user.tenant_id) - q3 = q1.union(q2) - if marker: - return q3.filter("tenant.id>:marker").params(\ - marker='%s' % marker).order_by(\ - tenant.id.desc()).limit(limit).all() - else: - return q3.order_by(\ - tenant.id.desc()).limit(limit).all() - - -def tenants_for_user_get_page_markers(user, marker, limit, session=None): - if not session: - session = get_session() - ura = aliased(models.UserRoleAssociation) - tenant = aliased(models.Tenant) - q1 = session.query(tenant).join((ura, ura.tenant_id == tenant.id)).\ - filter(ura.user_id == user.id) - q2 = session.query(tenant).filter(tenant.id == user.tenant_id) - q3 = q1.union(q2) - - first = q3.order_by(\ - tenant.id).first() - last = q3.order_by(\ - tenant.id.desc()).first() - if first is None: - return (None, None) - if marker is None: - marker = first.id - next = q3.filter(tenant.id > marker).order_by(\ - tenant.id).limit(limit).all() - prev = q3.filter(tenant.id > marker).order_by(\ - tenant.id.desc()).limit(int(limit)).all() - if len(next) == 0: - next = last - else: - for t in next: - next = t - if len(prev) == 0: - prev = first - else: - for t in prev: - prev = t - if prev.id == marker: - prev = None - else: - prev = prev.id - if next.id == last.id: - next = None - else: - next = next.id - return (prev, next) - - -def tenant_get_page(marker, limit, session=None): - if not session: - session = get_session() - - if marker: - return session.query(models.Tenant).filter("id>:marker").params(\ - marker='%s' % marker).order_by(\ - models.Tenant.id.desc()).limit(limit).all() - else: - return session.query(models.Tenant).order_by(\ - models.Tenant.id.desc()).limit(limit).all() - - -def tenant_get_page_markers(marker, limit, session=None): - if not session: - session = get_session() - first = session.query(models.Tenant).order_by(\ - models.Tenant.id).first() - last = session.query(models.Tenant).order_by(\ - models.Tenant.id.desc()).first() - if first is None: - return (None, None) - if marker is None: - marker = first.id - next = session.query(models.Tenant).filter("id > :marker").params(\ - marker='%s' % marker).order_by(\ - models.Tenant.id).limit(limit).all() - prev = session.query(models.Tenant).filter("id < :marker").params(\ - marker='%s' % marker).order_by(\ - models.Tenant.id.desc()).limit(int(limit)).all() - if len(next) == 0: - next = last - else: - for t in next: - next = t - if len(prev) == 0: - prev = first - else: - for t in prev: - prev = t - if prev.id == marker: - prev = None - else: - prev = prev.id - if next.id == last.id: - next = None - else: - next = next.id - return (prev, next) - - -def tenant_is_empty(id, session=None): - if not session: - session = get_session() - a_user = session.query(models.UserRoleAssociation).filter_by(\ - tenant_id=id).first() - if a_user != None: - return False - a_group = session.query(models.Group).filter_by(tenant_id=id).first() - if a_group != None: - return False - a_user = session.query(models.User).filter_by(tenant_id=id).first() - if a_user != None: - return False - return True - - -def tenant_update(id, values, session=None): - if not session: - session = get_session() - with session.begin(): - tenant_ref = tenant_get(id, session) - tenant_ref.update(values) - tenant_ref.save(session=session) - - -def tenant_delete(id, session=None): - if not session: - session = get_session() - with session.begin(): - tenant_ref = tenant_get(id, session) - session.delete(tenant_ref) - - -# -# Tenant Group Operations API -# -def tenant_group_create(values): - group_ref = models.Group() - group_ref.update(values) - group_ref.save() - return group_ref - - -def tenant_group_is_empty(id, session=None): - if not session: - session = get_session() - a_user = session.query(models.UserGroupAssociation).filter_by( - group_id=id).first() - if a_user != None: - return False - return True - - -def tenant_group_get(id, tenant, session=None): - if not session: - session = get_session() - result = session.query(models.Group).filter_by(id=id, \ - tenant_id=tenant).first() - - return result - - -def tenant_group_get_page(tenantId, marker, limit, session=None): - if not session: - session = get_session() - - if marker: - return session.query(models.Group).filter("id>:marker").params(\ - marker='%s' % marker).filter_by(\ - tenant_id=tenantId).order_by(\ - models.Group.id.desc()).limit(limit).all() - else: - return session.query(models.Group).filter_by(tenant_id=tenantId)\ - .order_by(models.Group.id.desc()).limit(limit).all() - #return session.query(models.Tenant).all() - - -def tenant_group_get_page_markers(tenantId, marker, limit, session=None): - if not session: - session = get_session() - first = session.query(models.Group).filter_by(\ - tenant_id=tenantId).order_by(\ - models.Group.id).first() - last = session.query(models.Group).filter_by(\ - tenant_id=tenantId).order_by(\ - models.Group.id.desc()).first() - - if first is None: - return (None, None) - if marker is None: - marker = first.id - next = session.query(models.Group).filter("id > :marker").params(\ - marker='%s' % marker).filter_by(\ - tenant_id=tenantId).order_by(\ - models.Group.id).limit(limit).all() - prev = session.query(models.Group).filter("id < :marker").params(\ - marker='%s' % marker).filter_by(\ - tenant_id=tenantId).order_by(\ - models.Group.id.desc()).limit(int(limit)).all() - if len(next) == 0: - next = last - else: - for t in next: - next = t - if len(prev) == 0: - prev = first - else: - for t in prev: - prev = t - if prev.id == marker: - prev = None - else: - prev = prev.id - if next.id == last.id: - next = None - else: - next = next.id - return (prev, next) - - -def tenant_group_update(id, tenant_id, values, session=None): - if not session: - session = get_session() - with session.begin(): - tenant_ref = tenant_group_get(id, tenant_id, session) - tenant_ref.update(values) - tenant_ref.save(session=session) - - -def tenant_group_delete(id, tenant_id, session=None): - if not session: - session = get_session() - with session.begin(): - tenantgroup_ref = tenant_group_get(id, tenant_id, session) - session.delete(tenantgroup_ref) - - -def tenant_role_assignments_get(tenant_id, session=None): - if not session: - session = get_session() - return session.query(models.UserRoleAssociation).\ - filter_by(tenant_id=tenant_id) - - -# -# User Operations -# -def user_get_all(session=None): - if not session: - session = get_session() - result = session.query(models.User) - return result - - -def get_user_by_group(user_id, group_id, session=None): - if not session: - session = get_session() - result = session.query(models.UserGroupAssociation).filter_by(\ - group_id=group_id, user_id=user_id).first() - return result - - -def user_tenant_group(values): - user_ref = models.UserGroupAssociation() - user_ref.update(values) - user_ref.save() - return user_ref - - -def user_tenant_group_delete(id, group_id, session=None): - if not session: - session = get_session() - with session.begin(): - usertenantgroup_ref = get_user_by_group(id, group_id, session) - session.delete(usertenantgroup_ref) - - -def user_create(values): - user_ref = models.User() - user_ref.update(values) - user_ref.save() - return user_ref - - -def user_get(id, session=None): - if not session: - session = get_session() - #TODO(Ziad): finish cleaning up model - # result = session.query(models.User).options(joinedload('groups')).\ - # options(joinedload('tenants')).filter_by(id=id).first() - result = session.query(models.User).filter_by(id=id).first() - return result - - -def user_get_page(marker, limit, session=None): - if not session: - session = get_session() - - if marker: - return session.query(models.User).filter("id>:marker").params(\ - marker='%s' % marker).order_by(\ - models.User.id.desc()).limit(limit).all() - else: - return session.query(models.User).order_by(\ - models.User.id.desc()).limit(limit).all() - - -def user_get_page_markers(marker, limit, session=None): - if not session: - session = get_session() - first = session.query(models.User).order_by(\ - models.User.id).first() - last = session.query(models.User).order_by(\ - models.User.id.desc()).first() - if first is None: - return (None, None) - if marker is None: - marker = first.id - next = session.query(models.User).filter("id > :marker").params(\ - marker='%s' % marker).order_by(\ - models.User.id).limit(limit).all() - prev = session.query(models.User).filter("id < :marker").params(\ - marker='%s' % marker).order_by(\ - models.User.id.desc()).limit(int(limit)).all() - if len(next) == 0: - next = last - else: - for t in next: - next = t - if len(prev) == 0: - prev = first - else: - for t in prev: - prev = t - if prev.id == marker: - prev = None - else: - prev = prev.id - if next.id == last.id: - next = None - else: - next = next.id - return (prev, next) - - -def user_get_email(email, session=None): - if not session: - session = get_session() - result = session.query(models.User).filter_by(email=email).first() - return result - - -def user_groups(id, session=None): - if not session: - session = get_session() - result = session.query(models.Group).filter_by(\ - user_id=id) - return result - - -def user_roles_by_tenant(user_id, tenant_id, session=None): - if not session: - session = get_session() - result = session.query(models.UserRoleAssociation).filter_by(\ - user_id=user_id, tenant_id=tenant_id).options(joinedload('roles')) - return result - - -def user_update(id, values, session=None): - if not session: - session = get_session() - with session.begin(): - user_ref = user_get(id, session) - user_ref.update(values) - user_ref.save(session=session) - - -def users_tenant_group_get_page(group_id, marker, limit, session=None): - if not session: - session = get_session() - uga = aliased(models.UserGroupAssociation) - user = aliased(models.User) - if marker: - return session.query(user, uga).join(\ - (uga, uga.user_id == user.id)).\ - filter(uga.group_id == group_id).\ - filter("id>=:marker").params(\ - marker='%s' % marker).order_by(\ - user.id).limit(limit).all() - else: - return session.query(user, uga).\ - join((uga, uga.user_id == user.id)).\ - filter(uga.group_id == group_id).order_by(\ - user.id).limit(limit).all() - - -def users_tenant_group_get_page_markers(group_id, marker, limit, session=None): - if not session: - session = get_session() - uga = aliased(models.UserGroupAssociation) - user = aliased(models.User) - first = session.query(models.User).order_by(\ - models.User.id).first() - last = session.query(models.User).order_by(\ - models.User.id.desc()).first() - if first is None: - return (None, None) - if marker is None: - marker = first.id - next = session.query(user).join( - (uga, uga.user_id == user.id)).\ - filter(uga.group_id == group_id).\ - filter("id > :marker").params(\ - marker='%s' % marker).order_by(\ - user.id).limit(limit).all() - prev = session.query(user).join(\ - (uga, uga.user_id == user.id)).\ - filter(uga.group_id == group_id).\ - filter("id < :marker").params(\ - marker='%s' % marker).order_by(\ - user.id.desc()).limit(int(limit)).all() - if len(next) == 0: - next = last - else: - for t in next: - next = t - if len(prev) == 0: - prev = first - else: - for t in prev: - prev = t - if prev.id == marker: - prev = None - else: - prev = prev.id - if next.id == last.id: - next = None - else: - next = next.id - return (prev, next) - - -def user_delete(id, session=None): - if not session: - session = get_session() - with session.begin(): - user_ref = user_get(id, session) - session.delete(user_ref) - - -def user_get_by_tenant(id, tenant_id, session=None): - if not session: - session = get_session() - # Most common use case: user lives in tenant - user = session.query(models.User).\ - filter_by(id=id, tenant_id=tenant_id).first() - if user: - return user - - # Find user through grants to this tenant - user_tenant = session.query(models.UserRoleAssociation).filter_by(\ - tenant_id=tenant_id, user_id=id).first() - if user_tenant: - return user_get(id, session) - else: - return None - - -def user_get_by_group(id, session=None): - if not session: - session = get_session() - user_group = session.query(models.Group).filter_by(tenant_id=id).all() - return user_group - - -def user_delete_tenant(id, tenant_id, session=None): - if not session: - session = get_session() - with session.begin(): - users_tenant_ref = users_get_by_tenant(id, tenant_id, session) - if users_tenant_ref is not None: - for user_tenant_ref in users_tenant_ref: - session.delete(user_tenant_ref) - - user_group_ref = user_get_by_group(tenant_id, session) - - if user_group_ref is not None: - for user_group in user_group_ref: - group_users = session.query(models.UserGroupAssociation)\ - .filter_by(user_id=id, - group_id=user_group.id).all() - for group_user in group_users: - session.delete(group_user) - - -def users_get_by_tenant(user_id, tenant_id, session=None): - if not session: - session = get_session() - result = session.query(models.User).filter_by(id=user_id, - tenant_id=tenant_id) - return result - - -# -# Group Operations -# -def group_get(id, session=None): - if not session: - session = get_session() - result = session.query(models.Group).filter_by(id=id).first() - return result - - -def group_users(id, session=None): - if not session: - session = get_session() - result = session.query(models.User).filter_by(\ - group_id=id) - return result - - -def group_get_all(session=None): - if not session: - session = get_session() - result = session.query(models.Group) - return result - - -def group_get_page(marker, limit, session=None): - if not session: - session = get_session() - - if marker: - return session.query(models.Group).filter("id>:marker").params(\ - marker='%s' % marker).order_by(\ - models.Group.id.desc()).limit(limit).all() - else: - return session.query(models.Group).order_by(\ - models.Group.id.desc()).limit(limit).all() - - -def group_get_page_markers(marker, limit, session=None): - if not session: - session = get_session() - first = session.query(models.Group).order_by(\ - models.Group.id).first() - last = session.query(models.Group).order_by(\ - models.Group.id.desc()).first() - if first is None: - return (None, None) - if marker is None: - marker = first.id - next = session.query(models.Group).filter("id > :marker").params(\ - marker='%s' % marker).order_by(\ - models.Group.id).limit(limit).all() - prev = session.query(models.Group).filter("id < :marker").params(\ - marker='%s' % marker).order_by(\ - models.Group.id.desc()).limit(int(limit)).all() - if len(next) == 0: - next = last - else: - for t in next: - next = t - if len(prev) == 0: - prev = first - else: - for t in prev: - prev = t - if prev.id == marker: - prev = None - else: - prev = prev.id - if next.id == last.id: - next = None - else: - next = next.id - return (prev, next) - - -def group_delete(id, session=None): - if not session: - session = get_session() - with session.begin(): - group_ref = group_get(id, session) - session.delete(group_ref) - - -# -# Token Operations -# -def token_create(values): - token_ref = models.Token() - token_ref.update(values) - token_ref.save() - return token_ref - - -def token_get(id, session=None): - if not session: - session = get_session() - result = session.query(models.Token).filter_by(token_id=id).first() - return result - - -def token_delete(id, session=None): - if not session: - session = get_session() - with session.begin(): - token_ref = token_get(id, session) - session.delete(token_ref) - - -def token_for_user(user_id, session=None): - if not session: - session = get_session() - result = session.query(models.Token).filter_by( - user_id=user_id, tenant_id=None).order_by("expires desc").first() - return result - - -def token_for_user_tenant(user_id, tenant_id, session=None): - if not session: - session = get_session() - result = session.query(models.Token).filter_by( - user_id=user_id, tenant_id=tenant_id).order_by("expires desc").first() - return result - - -def token_get_all(session=None): - if not session: - session = get_session() - return session.query(models.Token).all() - - -# -# Unsorted operations -# - -def user_role_add(values): - user_role_ref = models.UserRoleAssociation() - user_role_ref.update(values) - user_role_ref.save() - return user_role_ref - - -def user_get_update(id, session=None): - if not session: - session = get_session() - result = session.query(models.User).filter_by(id=id).first() - return result - - -def users_get_page(marker, limit, session=None): - if not session: - session = get_session() - user = aliased(models.User) - if marker: - return session.query(user).\ - filter("id>=:marker").params( - marker='%s' % marker).order_by( - "id").limit(limit).all() - else: - return session.query(user).\ - order_by("id").limit(limit).all() - -def users_get_page_markers(marker, limit, \ - session=None): - if not session: - session = get_session() - user = aliased(models.User) - first = session.query(user).\ - order_by(user.id).first() - last = session.query(user).\ - order_by(user.id.desc()).first() - if first is None: - return (None, None) - if marker is None: - marker = first.id - next = session.query(user).\ - filter("id > :marker").params(\ - marker='%s' % marker).order_by(user.id).\ - limit(int(limit)).all() - prev = session.query(user).\ - filter("id < :marker").params( - marker='%s' % marker).order_by( - user.id.desc()).limit(int(limit)).all() - next_len = len(next) - prev_len = len(prev) - - if next_len == 0: - next = last - else: - for t in next: - next = t - if prev_len == 0: - prev = first - else: - for t in prev: - prev = t - if first.id == marker: - prev = None - else: - prev = prev.id - if marker == last.id: - next = None - else: - next = next.id - return (prev, next) - - -def users_get_by_tenant_get_page(tenant_id, marker, limit, session=None): - if not session: - session = get_session() - user = aliased(models.User) - if marker: - return session.query(user).\ - filter("tenant_id = :tenant_id").\ - params(tenant_id='%s' % tenant_id).\ - filter("id>=:marker").params( - marker='%s' % marker).order_by( - "id").limit(limit).all() - else: - return session.query(user).\ - filter("tenant_id = :tenant_id").\ - params(tenant_id='%s' % tenant_id).order_by( - "id").limit(limit).all() - - -def users_get_by_tenant_get_page_markers(tenant_id, marker, limit, \ - session=None): - if not session: - session = get_session() - user = aliased(models.User) - first = session.query(user).\ - filter(user.tenant_id == tenant_id).\ - order_by(user.id).first() - last = session.query(user).\ - filter(user.tenant_id == tenant_id).\ - order_by(user.id.desc()).first() - if first is None: - return (None, None) - if marker is None: - marker = first.id - next = session.query(user).\ - filter(user.tenant_id == tenant_id).\ - filter("id > :marker").params(\ - marker='%s' % marker).order_by(user.id).\ - limit(int(limit)).all() - prev = session.query(user).\ - filter(user.tenant_id == tenant_id).\ - filter("id < :marker").params( - marker='%s' % marker).order_by( - user.id.desc()).limit(int(limit)).all() - next_len = len(next) - prev_len = len(prev) - - if next_len == 0: - next = last - else: - for t in next: - next = t - if prev_len == 0: - prev = first - else: - for t in prev: - prev = t - if first.id == marker: - prev = None - else: - prev = prev.id - if marker == last.id: - next = None - else: - next = next.id - return (prev, next) - - -def user_groups_get_all(user_id, session=None): - if not session: - session = get_session() - uga = aliased(models.UserGroupAssociation) - group = aliased(models.Group) - return session.query(group, uga).\ - join((uga, uga.group_id == group.id)).\ - filter(uga.user_id == user_id).order_by( - group.id).all() - - -def groups_get_by_user_get_page(user_id, marker, limit, session=None): - if not session: - session = get_session() - uga = aliased(models.UserGroupAssociation) - group = aliased(models.Group) - if marker: - return session.query(group, uga).join(\ - (uga, uga.group_id == group.id)).\ - filter(uga.user_id == user_id).\ - filter("id>=:marker").params( - marker='%s' % marker).order_by( - group.id).limit(limit).all() - else: - return session.query(group, uga).\ - join((uga, uga.group_id == group.id)).\ - filter(uga.user_id == user_id).order_by( - group.id).limit(limit).all() - - -def groups_get_by_user_get_page_markers(user_id, marker, limit, session=None): - if not session: - session = get_session() - uga = aliased(models.UserGroupAssociation) - group = aliased(models.Group) - first, _firstassoc = session.query(group, uga).\ - join((uga, uga.group_id == group.id)).\ - filter(uga.user_id == user_id).\ - order_by(group.id).first() - last, _lastassoc = session.query(group, uga).\ - join((uga, uga.group_id == group.id)).\ - filter(uga.user_id == user_id).\ - order_by(group.id.desc()).first() - if first is None: - return (None, None) - if marker is None: - marker = first.id - next = session.query(group, uga).join( - (uga, uga.group_id == group.id)).\ - filter(uga.user_id == user_id).\ - filter("id>=:marker").params( - marker='%s' % marker).order_by( - group.id).limit(int(limit)).all() - - prev = session.query(group, uga).join( - (uga, uga.group_id == group.id)).\ - filter(uga.user_id == user_id).\ - filter("id < :marker").params( - marker='%s' % marker).order_by( - group.id).limit(int(limit) + 1).all() - next_len = len(next) - prev_len = len(prev) - - if next_len == 0: - next = last - else: - for t, _a in next: - next = t - if prev_len == 0: - prev = first - else: - for t, _a in prev: - prev = t - if first.id == marker: - prev = None - else: - prev = prev.id - if marker == last.id: - next = None - else: - next = next.id - return (prev, next) - - -def role_get_page_markers(marker, limit, session=None): - if not session: - session = get_session() - first = session.query(models.Role).order_by(\ - models.Role.id).first() - last = session.query(models.Role).order_by(\ - models.Role.id.desc()).first() - if first is None: - return (None, None) - if marker is None: - marker = first.id - next = session.query(models.Role).filter("id > :marker").params(\ - marker='%s' % marker).order_by(\ - models.Role.id).limit(limit).all() - prev = session.query(models.Role).filter("id < :marker").params(\ - marker='%s' % marker).order_by(\ - models.Role.id.desc()).limit(int(limit)).all() - if len(next) == 0: - next = last - else: - for t in next: - next = t - if len(prev) == 0: - prev = first - else: - for t in prev: - prev = t - if prev.id == marker: - prev = None - else: - prev = prev.id - if next.id == last.id: - next = None - else: - next = next.id - return (prev, next) - - -def role_ref_get_page_markers(user_id, marker, limit, session=None): - if not session: - session = get_session() - first = session.query(models.UserRoleAssociation).filter_by(\ - user_id=user_id).order_by(\ - models.UserRoleAssociation.id).first() - last = session.query(models.UserRoleAssociation).filter_by(\ - user_id=user_id).order_by(\ - models.UserRoleAssociation.id.desc()).first() - if first is None: - return (None, None) - if marker is None: - marker = first.id - next = session.query(models.UserRoleAssociation).filter_by(\ - user_id=user_id).filter("id > :marker").params(\ - marker='%s' % marker).order_by(\ - models.UserRoleAssociation.id).limit(limit).all() - prev = session.query(models.UserRoleAssociation).filter_by(\ - user_id=user_id).filter("id < :marker").params(\ - marker='%s' % marker).order_by(\ - models.UserRoleAssociation.id.desc()).limit(int(limit)).\ - all() - if len(next) == 0: - next = last - else: - for t in next: - next = t - if len(prev) == 0: - prev = first - else: - for t in prev: - prev = t - if prev.id == marker: - prev = None - else: - prev = prev.id - if next.id == last.id: - next = None - else: - next = next.id - return (prev, next) - - -# -# BaseURL API operations -# -def baseurls_create(values): - baseurls_ref = models.BaseUrls() - baseurls_ref.update(values) - baseurls_ref.save() - return baseurls_ref - - -def baseurls_get(id, session=None): - if not session: - session = get_session() - result = session.query(models.BaseUrls).filter_by(id=id).first() - return result - - -def baseurls_get_all(session=None): - if not session: - session = get_session() - return session.query(models.BaseUrls).all() - - -def baseurls_get_page(marker, limit, session=None): - if not session: - session = get_session() - - if marker: - return session.query(models.BaseUrls).filter("id>:marker").params(\ - marker='%s' % marker).order_by(\ - models.BaseUrls.id.desc()).limit(limit).all() - else: - return session.query(models.BaseUrls).order_by(\ - models.BaseUrls.id.desc()).limit(limit).all() - - -def baseurls_get_page_markers(marker, limit, session=None): - if not session: - session = get_session() - first = session.query(models.BaseUrls).order_by(\ - models.BaseUrls.id).first() - last = session.query(models.BaseUrls).order_by(\ - models.BaseUrls.id.desc()).first() - if first is None: - return (None, None) - if marker is None: - marker = first.id - next = session.query(models.BaseUrls).filter("id > :marker").params(\ - marker='%s' % marker).order_by(\ - models.BaseUrls.id).limit(limit).all() - prev = session.query(models.BaseUrls).filter("id < :marker").params(\ - marker='%s' % marker).order_by(\ - models.BaseUrls.id.desc()).limit(int(limit)).all() - if len(next) == 0: - next = last - else: - for t in next: - next = t - if len(prev) == 0: - prev = first - else: - for t in prev: - prev = t - if prev.id == marker: - prev = None - else: - prev = prev.id - if next.id == last.id: - next = None - else: - next = next.id - return (prev, next) - - -def baseurls_ref_get_by_tenant_get_page(tenant_id, marker, limit, - session=None): - if not session: - session = get_session() - if marker: - return session.query(models.TenantBaseURLAssociation).\ - filter(models.TenantBaseURLAssociation.tenant_id == tenant_id).\ - filter("id >= :marker").params( - marker='%s' % marker).order_by( - models.TenantBaseURLAssociation.id).limit(limit).all() - else: - return session.query(models.TenantBaseURLAssociation).\ - filter(models.TenantBaseURLAssociation.tenant_id == tenant_id).\ - order_by(models.TenantBaseURLAssociation.id).limit(limit).all() - - -def baseurls_ref_get_by_tenant_get_page_markers(tenant_id, marker, limit, - session=None): - if not session: - session = get_session() - tba = aliased(models.TenantBaseURLAssociation) - first = session.query(tba).\ - filter(tba.tenant_id == tenant_id).\ - order_by(tba.id).first() - last = session.query(tba).\ - filter(tba.tenant_id == tenant_id).\ - order_by(tba.id.desc()).first() - if first is None: - return (None, None) - if marker is None: - marker = first.id - next = session.query(tba).\ - filter(tba.tenant_id == tenant_id).\ - filter("id>=:marker").params( - marker='%s' % marker).order_by( - tba.id).limit(int(limit)).all() - - prev = session.query(tba).\ - filter(tba.tenant_id == tenant_id).\ - filter("id < :marker").params( - marker='%s' % marker).order_by( - tba.id).limit(int(limit) + 1).all() - next_len = len(next) - prev_len = len(prev) - - if next_len == 0: - next = last - else: - for t in next: - next = t - if prev_len == 0: - prev = first - else: - for t in prev: - prev = t - if first.id == marker: - prev = None - else: - prev = prev.id - if marker == last.id: - next = None - else: - next = next.id - return (prev, next) - - -def baseurls_ref_add(values): - baseurls_ref = models.TenantBaseURLAssociation() - baseurls_ref.update(values) - baseurls_ref.save() - return baseurls_ref - - -def baseurls_ref_get(id, session=None): - if not session: - session = get_session() - result = session.query(models.TenantBaseURLAssociation).\ - filter_by(id=id).first() - return result - - -def baseurls_ref_get_by_tenant(tenant_id, session=None): - if not session: - session = get_session() - result = session.query(models.TenantBaseURLAssociation).\ - filter_by(tenant_id=tenant_id).first() - return result - - -def baseurls_ref_delete(id, session=None): - if not session: - session = get_session() - with session.begin(): - baseurls_ref = baseurls_ref_get(id, session) - session.delete(baseurls_ref) - - -def tenant_baseurls_get_all(tenant_id, session=None): - if not session: - session = get_session() - tba = aliased(models.TenantBaseURLAssociation) - baseUrls = aliased(models.BaseUrls) - return session.query(baseUrls).join((tba, - tba.baseURLs_id == baseUrls.id)).\ - filter(tba.tenant_id == tenant_id).all() diff --git a/keystone/db/sqlalchemy/api/__init__.py b/keystone/db/sqlalchemy/api/__init__.py new file mode 100644 index 00000000..7741861c --- /dev/null +++ b/keystone/db/sqlalchemy/api/__init__.py @@ -0,0 +1 @@ +import baseurl, group, role, tenant_group, tenant, token, user diff --git a/keystone/db/sqlalchemy/api/baseurl.py b/keystone/db/sqlalchemy/api/baseurl.py new file mode 100644 index 00000000..cec6e581 --- /dev/null +++ b/keystone/db/sqlalchemy/api/baseurl.py @@ -0,0 +1,185 @@ +# vim: tabstop=4 shiftwidth=4 softtabstop=4 + +# Copyright 2010 OpenStack LLC. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from keystone.db.sqlalchemy import get_session, models, aliased + +def baseurls_create(values): + baseurls_ref = models.BaseUrls() + baseurls_ref.update(values) + baseurls_ref.save() + return baseurls_ref + + +def baseurls_get(id, session=None): + if not session: + session = get_session() + result = session.query(models.BaseUrls).filter_by(id=id).first() + return result + + +def baseurls_get_all(session=None): + if not session: + session = get_session() + return session.query(models.BaseUrls).all() + + +def baseurls_get_page(marker, limit, session=None): + if not session: + session = get_session() + + if marker: + return session.query(models.BaseUrls).filter("id>:marker").params(\ + marker='%s' % marker).order_by(\ + models.BaseUrls.id.desc()).limit(limit).all() + else: + return session.query(models.BaseUrls).order_by(\ + models.BaseUrls.id.desc()).limit(limit).all() + + +def baseurls_get_page_markers(marker, limit, session=None): + if not session: + session = get_session() + first = session.query(models.BaseUrls).order_by(\ + models.BaseUrls.id).first() + last = session.query(models.BaseUrls).order_by(\ + models.BaseUrls.id.desc()).first() + if first is None: + return (None, None) + if marker is None: + marker = first.id + next = session.query(models.BaseUrls).filter("id > :marker").params(\ + marker='%s' % marker).order_by(\ + models.BaseUrls.id).limit(limit).all() + prev = session.query(models.BaseUrls).filter("id < :marker").params(\ + marker='%s' % marker).order_by(\ + models.BaseUrls.id.desc()).limit(int(limit)).all() + if len(next) == 0: + next = last + else: + for t in next: + next = t + if len(prev) == 0: + prev = first + else: + for t in prev: + prev = t + if prev.id == marker: + prev = None + else: + prev = prev.id + if next.id == last.id: + next = None + else: + next = next.id + return (prev, next) + + +def baseurls_ref_get_by_tenant_get_page(tenant_id, marker, limit, + session=None): + if not session: + session = get_session() + if marker: + return session.query(models.TenantBaseURLAssociation).\ + filter(models.TenantBaseURLAssociation.tenant_id == tenant_id).\ + filter("id >= :marker").params( + marker='%s' % marker).order_by( + models.TenantBaseURLAssociation.id).limit(limit).all() + else: + return session.query(models.TenantBaseURLAssociation).\ + filter(models.TenantBaseURLAssociation.tenant_id == tenant_id).\ + order_by(models.TenantBaseURLAssociation.id).limit(limit).all() + + +def baseurls_ref_get_by_tenant_get_page_markers(tenant_id, marker, limit, + session=None): + if not session: + session = get_session() + tba = aliased(models.TenantBaseURLAssociation) + first = session.query(tba).\ + filter(tba.tenant_id == tenant_id).\ + order_by(tba.id).first() + last = session.query(tba).\ + filter(tba.tenant_id == tenant_id).\ + order_by(tba.id.desc()).first() + if first is None: + return (None, None) + if marker is None: + marker = first.id + next = session.query(tba).\ + filter(tba.tenant_id == tenant_id).\ + filter("id>=:marker").params( + marker='%s' % marker).order_by( + tba.id).limit(int(limit)).all() + + prev = session.query(tba).\ + filter(tba.tenant_id == tenant_id).\ + filter("id < :marker").params( + marker='%s' % marker).order_by( + tba.id).limit(int(limit) + 1).all() + next_len = len(next) + prev_len = len(prev) + + if next_len == 0: + next = last + else: + for t in next: + next = t + if prev_len == 0: + prev = first + else: + for t in prev: + prev = t + if first.id == marker: + prev = None + else: + prev = prev.id + if marker == last.id: + next = None + else: + next = next.id + return (prev, next) + + +def baseurls_ref_add(values): + baseurls_ref = models.TenantBaseURLAssociation() + baseurls_ref.update(values) + baseurls_ref.save() + return baseurls_ref + + +def baseurls_ref_get(id, session=None): + if not session: + session = get_session() + result = session.query(models.TenantBaseURLAssociation).\ + filter_by(id=id).first() + return result + + +def baseurls_ref_get_by_tenant(tenant_id, session=None): + if not session: + session = get_session() + result = session.query(models.TenantBaseURLAssociation).\ + filter_by(tenant_id=tenant_id).first() + return result + + +def baseurls_ref_delete(id, session=None): + if not session: + session = get_session() + with session.begin(): + baseurls_ref = baseurls_ref_get(id, session) + session.delete(baseurls_ref) diff --git a/keystone/db/sqlalchemy/api/group.py b/keystone/db/sqlalchemy/api/group.py new file mode 100644 index 00000000..866073ac --- /dev/null +++ b/keystone/db/sqlalchemy/api/group.py @@ -0,0 +1,170 @@ +# vim: tabstop=4 shiftwidth=4 softtabstop=4 + +# Copyright 2010 OpenStack LLC. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from keystone.db.sqlalchemy import get_session, models, aliased + +def group_get(id, session=None): + if not session: + session = get_session() + result = session.query(models.Group).filter_by(id=id).first() + return result + + +def group_users(id, session=None): + if not session: + session = get_session() + result = session.query(models.User).filter_by(\ + group_id=id) + return result + + +def group_get_all(session=None): + if not session: + session = get_session() + result = session.query(models.Group) + return result + + +def group_get_page(marker, limit, session=None): + if not session: + session = get_session() + + if marker: + return session.query(models.Group).filter("id>:marker").params(\ + marker='%s' % marker).order_by(\ + models.Group.id.desc()).limit(limit).all() + else: + return session.query(models.Group).order_by(\ + models.Group.id.desc()).limit(limit).all() + + +def group_get_page_markers(marker, limit, session=None): + if not session: + session = get_session() + first = session.query(models.Group).order_by(\ + models.Group.id).first() + last = session.query(models.Group).order_by(\ + models.Group.id.desc()).first() + if first is None: + return (None, None) + if marker is None: + marker = first.id + next = session.query(models.Group).filter("id > :marker").params(\ + marker='%s' % marker).order_by(\ + models.Group.id).limit(limit).all() + prev = session.query(models.Group).filter("id < :marker").params(\ + marker='%s' % marker).order_by(\ + models.Group.id.desc()).limit(int(limit)).all() + if len(next) == 0: + next = last + else: + for t in next: + next = t + if len(prev) == 0: + prev = first + else: + for t in prev: + prev = t + if prev.id == marker: + prev = None + else: + prev = prev.id + if next.id == last.id: + next = None + else: + next = next.id + return (prev, next) + + +def group_delete(id, session=None): + if not session: + session = get_session() + with session.begin(): + group_ref = group_get(id, session) + session.delete(group_ref) + +def groups_get_by_user_get_page(user_id, marker, limit, session=None): + if not session: + session = get_session() + uga = aliased(models.UserGroupAssociation) + group = aliased(models.Group) + if marker: + return session.query(group, uga).join(\ + (uga, uga.group_id == group.id)).\ + filter(uga.user_id == user_id).\ + filter("id>=:marker").params( + marker='%s' % marker).order_by( + group.id).limit(limit).all() + else: + return session.query(group, uga).\ + join((uga, uga.group_id == group.id)).\ + filter(uga.user_id == user_id).order_by( + group.id).limit(limit).all() + + +def groups_get_by_user_get_page_markers(user_id, marker, limit, session=None): + if not session: + session = get_session() + uga = aliased(models.UserGroupAssociation) + group = aliased(models.Group) + first, _firstassoc = session.query(group, uga).\ + join((uga, uga.group_id == group.id)).\ + filter(uga.user_id == user_id).\ + order_by(group.id).first() + last, _lastassoc = session.query(group, uga).\ + join((uga, uga.group_id == group.id)).\ + filter(uga.user_id == user_id).\ + order_by(group.id.desc()).first() + if first is None: + return (None, None) + if marker is None: + marker = first.id + next = session.query(group, uga).join( + (uga, uga.group_id == group.id)).\ + filter(uga.user_id == user_id).\ + filter("id>=:marker").params( + marker='%s' % marker).order_by( + group.id).limit(int(limit)).all() + + prev = session.query(group, uga).join( + (uga, uga.group_id == group.id)).\ + filter(uga.user_id == user_id).\ + filter("id < :marker").params( + marker='%s' % marker).order_by( + group.id).limit(int(limit) + 1).all() + next_len = len(next) + prev_len = len(prev) + + if next_len == 0: + next = last + else: + for t, _a in next: + next = t + if prev_len == 0: + prev = first + else: + for t, _a in prev: + prev = t + if first.id == marker: + prev = None + else: + prev = prev.id + if marker == last.id: + next = None + else: + next = next.id + return (prev, next) diff --git a/keystone/db/sqlalchemy/api/role.py b/keystone/db/sqlalchemy/api/role.py new file mode 100644 index 00000000..e16d8e63 --- /dev/null +++ b/keystone/db/sqlalchemy/api/role.py @@ -0,0 +1,174 @@ +# vim: tabstop=4 shiftwidth=4 softtabstop=4 + +# Copyright 2010 OpenStack LLC. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from keystone.db.sqlalchemy import get_session, models + +def role_create(values): + role_ref = models.Role() + role_ref.update(values) + role_ref.save() + return role_ref + + +def role_get(id, session=None): + if not session: + session = get_session() + result = session.query(models.Role).filter_by(id=id).first() + return result + + +def role_get_all(session=None): + if not session: + session = get_session() + return session.query(models.Role).all() + + +def role_get_page(marker, limit, session=None): + if not session: + session = get_session() + + if marker: + return session.query(models.Role).filter("id>:marker").params(\ + marker='%s' % marker).order_by(\ + models.Role.id.desc()).limit(limit).all() + else: + return session.query(models.Role).order_by(\ + models.Role.id.desc()).limit(limit).all() + + +def role_ref_get_page(marker, limit, user_id, session=None): + if not session: + session = get_session() + + if marker: + return session.query(models.UserRoleAssociation).\ + filter("id>:marker").params(\ + marker='%s' % marker).filter_by(user_id=user_id).order_by(\ + models.UserRoleAssociation.id.desc()).limit(limit).all() + else: + return session.query(models.UserRoleAssociation).\ + filter_by(user_id=user_id).order_by(\ + models.UserRoleAssociation.id.desc()).limit(limit).all() + + +def role_ref_get_all_global_roles(user_id, session=None): + if not session: + session = get_session() + return session.query(models.UserRoleAssociation).\ + filter_by(user_id=user_id).filter("tenant_id is null").all() + + +def role_ref_get_all_tenant_roles(user_id, tenant_id, session=None): + if not session: + session = get_session() + return session.query(models.UserRoleAssociation).\ + filter_by(user_id=user_id).filter_by(tenant_id=tenant_id).all() + + +def role_ref_get(id, session=None): + if not session: + session = get_session() + result = session.query(models.UserRoleAssociation).filter_by(id=id).first() + return result + + +def role_ref_delete(id, session=None): + if not session: + session = get_session() + with session.begin(): + role_ref = role_ref_get(id, session) + session.delete(role_ref) + +def role_get_page_markers(marker, limit, session=None): + if not session: + session = get_session() + first = session.query(models.Role).order_by(\ + models.Role.id).first() + last = session.query(models.Role).order_by(\ + models.Role.id.desc()).first() + if first is None: + return (None, None) + if marker is None: + marker = first.id + next = session.query(models.Role).filter("id > :marker").params(\ + marker='%s' % marker).order_by(\ + models.Role.id).limit(limit).all() + prev = session.query(models.Role).filter("id < :marker").params(\ + marker='%s' % marker).order_by(\ + models.Role.id.desc()).limit(int(limit)).all() + if len(next) == 0: + next = last + else: + for t in next: + next = t + if len(prev) == 0: + prev = first + else: + for t in prev: + prev = t + if prev.id == marker: + prev = None + else: + prev = prev.id + if next.id == last.id: + next = None + else: + next = next.id + return (prev, next) + + +def role_ref_get_page_markers(user_id, marker, limit, session=None): + if not session: + session = get_session() + first = session.query(models.UserRoleAssociation).filter_by(\ + user_id=user_id).order_by(\ + models.UserRoleAssociation.id).first() + last = session.query(models.UserRoleAssociation).filter_by(\ + user_id=user_id).order_by(\ + models.UserRoleAssociation.id.desc()).first() + if first is None: + return (None, None) + if marker is None: + marker = first.id + next = session.query(models.UserRoleAssociation).filter_by(\ + user_id=user_id).filter("id > :marker").params(\ + marker='%s' % marker).order_by(\ + models.UserRoleAssociation.id).limit(limit).all() + prev = session.query(models.UserRoleAssociation).filter_by(\ + user_id=user_id).filter("id < :marker").params(\ + marker='%s' % marker).order_by(\ + models.UserRoleAssociation.id.desc()).limit(int(limit)).\ + all() + if len(next) == 0: + next = last + else: + for t in next: + next = t + if len(prev) == 0: + prev = first + else: + for t in prev: + prev = t + if prev.id == marker: + prev = None + else: + prev = prev.id + if next.id == last.id: + next = None + else: + next = next.id + return (prev, next) diff --git a/keystone/db/sqlalchemy/api/tenant.py b/keystone/db/sqlalchemy/api/tenant.py new file mode 100644 index 00000000..29646e15 --- /dev/null +++ b/keystone/db/sqlalchemy/api/tenant.py @@ -0,0 +1,192 @@ +# vim: tabstop=4 shiftwidth=4 softtabstop=4 + +# Copyright 2010 OpenStack LLC. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from keystone.db.sqlalchemy import get_session, models, aliased + +def tenant_create(values): + tenant_ref = models.Tenant() + tenant_ref.update(values) + tenant_ref.save() + return tenant_ref + + +def tenant_get(id, session=None): + if not session: + session = get_session() + result = session.query(models.Tenant).filter_by(id=id).first() + return result + + +def tenant_get_all(session=None): + if not session: + session = get_session() + return session.query(models.Tenant).all() + + +def tenants_for_user_get_page(user, marker, limit, session=None): + if not session: + session = get_session() + ura = aliased(models.UserRoleAssociation) + tenant = aliased(models.Tenant) + q1 = session.query(tenant).join((ura, ura.tenant_id == tenant.id)).\ + filter(ura.user_id == user.id) + q2 = session.query(tenant).filter(tenant.id == user.tenant_id) + q3 = q1.union(q2) + if marker: + return q3.filter("tenant.id>:marker").params(\ + marker='%s' % marker).order_by(\ + tenant.id.desc()).limit(limit).all() + else: + return q3.order_by(\ + tenant.id.desc()).limit(limit).all() + + +def tenants_for_user_get_page_markers(user, marker, limit, session=None): + if not session: + session = get_session() + ura = aliased(models.UserRoleAssociation) + tenant = aliased(models.Tenant) + q1 = session.query(tenant).join((ura, ura.tenant_id == tenant.id)).\ + filter(ura.user_id == user.id) + q2 = session.query(tenant).filter(tenant.id == user.tenant_id) + q3 = q1.union(q2) + + first = q3.order_by(\ + tenant.id).first() + last = q3.order_by(\ + tenant.id.desc()).first() + if first is None: + return (None, None) + if marker is None: + marker = first.id + next = q3.filter(tenant.id > marker).order_by(\ + tenant.id).limit(limit).all() + prev = q3.filter(tenant.id > marker).order_by(\ + tenant.id.desc()).limit(int(limit)).all() + if len(next) == 0: + next = last + else: + for t in next: + next = t + if len(prev) == 0: + prev = first + else: + for t in prev: + prev = t + if prev.id == marker: + prev = None + else: + prev = prev.id + if next.id == last.id: + next = None + else: + next = next.id + return (prev, next) + + +def tenant_get_page(marker, limit, session=None): + if not session: + session = get_session() + + if marker: + return session.query(models.Tenant).filter("id>:marker").params(\ + marker='%s' % marker).order_by(\ + models.Tenant.id.desc()).limit(limit).all() + else: + return session.query(models.Tenant).order_by(\ + models.Tenant.id.desc()).limit(limit).all() + + +def tenant_get_page_markers(marker, limit, session=None): + if not session: + session = get_session() + first = session.query(models.Tenant).order_by(\ + models.Tenant.id).first() + last = session.query(models.Tenant).order_by(\ + models.Tenant.id.desc()).first() + if first is None: + return (None, None) + if marker is None: + marker = first.id + next = session.query(models.Tenant).filter("id > :marker").params(\ + marker='%s' % marker).order_by(\ + models.Tenant.id).limit(limit).all() + prev = session.query(models.Tenant).filter("id < :marker").params(\ + marker='%s' % marker).order_by(\ + models.Tenant.id.desc()).limit(int(limit)).all() + if len(next) == 0: + next = last + else: + for t in next: + next = t + if len(prev) == 0: + prev = first + else: + for t in prev: + prev = t + if prev.id == marker: + prev = None + else: + prev = prev.id + if next.id == last.id: + next = None + else: + next = next.id + return (prev, next) + + +def tenant_is_empty(id, session=None): + if not session: + session = get_session() + a_user = session.query(models.UserRoleAssociation).filter_by(\ + tenant_id=id).first() + if a_user != None: + return False + a_group = session.query(models.Group).filter_by(tenant_id=id).first() + if a_group != None: + return False + a_user = session.query(models.User).filter_by(tenant_id=id).first() + if a_user != None: + return False + return True + + +def tenant_update(id, values, session=None): + if not session: + session = get_session() + with session.begin(): + tenant_ref = tenant_get(id, session) + tenant_ref.update(values) + tenant_ref.save(session=session) + + +def tenant_delete(id, session=None): + if not session: + session = get_session() + with session.begin(): + tenant_ref = tenant_get(id, session) + session.delete(tenant_ref) + + +def tenant_baseurls_get_all(tenant_id, session=None): + if not session: + session = get_session() + tba = aliased(models.TenantBaseURLAssociation) + baseUrls = aliased(models.BaseUrls) + return session.query(baseUrls).join((tba, + tba.baseURLs_id == baseUrls.id)).\ + filter(tba.tenant_id == tenant_id).all() diff --git a/keystone/db/sqlalchemy/api/tenant_group.py b/keystone/db/sqlalchemy/api/tenant_group.py new file mode 100644 index 00000000..232c939f --- /dev/null +++ b/keystone/db/sqlalchemy/api/tenant_group.py @@ -0,0 +1,125 @@ +# vim: tabstop=4 shiftwidth=4 softtabstop=4 + +# Copyright 2010 OpenStack LLC. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from keystone.db.sqlalchemy import get_session, models + +def tenant_group_create(values): + group_ref = models.Group() + group_ref.update(values) + group_ref.save() + return group_ref + + +def tenant_group_is_empty(id, session=None): + if not session: + session = get_session() + a_user = session.query(models.UserGroupAssociation).filter_by( + group_id=id).first() + if a_user != None: + return False + return True + + +def tenant_group_get(id, tenant, session=None): + if not session: + session = get_session() + result = session.query(models.Group).filter_by(id=id, \ + tenant_id=tenant).first() + + return result + + +def tenant_group_get_page(tenantId, marker, limit, session=None): + if not session: + session = get_session() + + if marker: + return session.query(models.Group).filter("id>:marker").params(\ + marker='%s' % marker).filter_by(\ + tenant_id=tenantId).order_by(\ + models.Group.id.desc()).limit(limit).all() + else: + return session.query(models.Group).filter_by(tenant_id=tenantId)\ + .order_by(models.Group.id.desc()).limit(limit).all() + #return session.query(models.Tenant).all() + + +def tenant_group_get_page_markers(tenantId, marker, limit, session=None): + if not session: + session = get_session() + first = session.query(models.Group).filter_by(\ + tenant_id=tenantId).order_by(\ + models.Group.id).first() + last = session.query(models.Group).filter_by(\ + tenant_id=tenantId).order_by(\ + models.Group.id.desc()).first() + + if first is None: + return (None, None) + if marker is None: + marker = first.id + next = session.query(models.Group).filter("id > :marker").params(\ + marker='%s' % marker).filter_by(\ + tenant_id=tenantId).order_by(\ + models.Group.id).limit(limit).all() + prev = session.query(models.Group).filter("id < :marker").params(\ + marker='%s' % marker).filter_by(\ + tenant_id=tenantId).order_by(\ + models.Group.id.desc()).limit(int(limit)).all() + if len(next) == 0: + next = last + else: + for t in next: + next = t + if len(prev) == 0: + prev = first + else: + for t in prev: + prev = t + if prev.id == marker: + prev = None + else: + prev = prev.id + if next.id == last.id: + next = None + else: + next = next.id + return (prev, next) + + +def tenant_group_update(id, tenant_id, values, session=None): + if not session: + session = get_session() + with session.begin(): + tenant_ref = tenant_group_get(id, tenant_id, session) + tenant_ref.update(values) + tenant_ref.save(session=session) + + +def delete(id, tenant_id, session=None): + if not session: + session = get_session() + with session.begin(): + tenantgroup_ref = tenant_group_get(id, tenant_id, session) + session.delete(tenantgroup_ref) + + +def tenant_role_assignments_get(tenant_id, session=None): + if not session: + session = get_session() + return session.query(models.UserRoleAssociation).\ + filter_by(tenant_id=tenant_id) diff --git a/keystone/db/sqlalchemy/api/token.py b/keystone/db/sqlalchemy/api/token.py new file mode 100644 index 00000000..847e668f --- /dev/null +++ b/keystone/db/sqlalchemy/api/token.py @@ -0,0 +1,61 @@ +# vim: tabstop=4 shiftwidth=4 softtabstop=4 + +# Copyright 2010 OpenStack LLC. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from keystone.db.sqlalchemy import get_session, models + +def token_create(values): + token_ref = models.Token() + token_ref.update(values) + token_ref.save() + return token_ref + + +def token_get(id, session=None): + if not session: + session = get_session() + result = session.query(models.Token).filter_by(token_id=id).first() + return result + + +def token_delete(id, session=None): + if not session: + session = get_session() + with session.begin(): + token_ref = token_get(id, session) + session.delete(token_ref) + + +def token_for_user(user_id, session=None): + if not session: + session = get_session() + result = session.query(models.Token).filter_by( + user_id=user_id, tenant_id=None).order_by("expires desc").first() + return result + + +def token_for_user_tenant(user_id, tenant_id, session=None): + if not session: + session = get_session() + result = session.query(models.Token).filter_by( + user_id=user_id, tenant_id=tenant_id).order_by("expires desc").first() + return result + + +def token_get_all(session=None): + if not session: + session = get_session() + return session.query(models.Token).all() diff --git a/keystone/db/sqlalchemy/api/user.py b/keystone/db/sqlalchemy/api/user.py new file mode 100644 index 00000000..af1d8d59 --- /dev/null +++ b/keystone/db/sqlalchemy/api/user.py @@ -0,0 +1,421 @@ +# vim: tabstop=4 shiftwidth=4 softtabstop=4 + +# Copyright 2010 OpenStack LLC. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from keystone.db.sqlalchemy import get_session, models, aliased, joinedload + +def user_get_all(session=None): + if not session: + session = get_session() + result = session.query(models.User) + return result + + +def get_user_by_group(user_id, group_id, session=None): + if not session: + session = get_session() + result = session.query(models.UserGroupAssociation).filter_by(\ + group_id=group_id, user_id=user_id).first() + return result + + +def user_tenant_group(values): + user_ref = models.UserGroupAssociation() + user_ref.update(values) + user_ref.save() + return user_ref + + +def user_tenant_group_delete(id, group_id, session=None): + if not session: + session = get_session() + with session.begin(): + usertenantgroup_ref = get_user_by_group(id, group_id, session) + session.delete(usertenantgroup_ref) + + +def user_create(values): + user_ref = models.User() + user_ref.update(values) + user_ref.save() + return user_ref + + +def user_get(id, session=None): + if not session: + session = get_session() + #TODO(Ziad): finish cleaning up model + # result = session.query(models.User).options(joinedload('groups')).\ + # options(joinedload('tenants')).filter_by(id=id).first() + result = session.query(models.User).filter_by(id=id).first() + return result + + +def user_get_page(marker, limit, session=None): + if not session: + session = get_session() + + if marker: + return session.query(models.User).filter("id>:marker").params(\ + marker='%s' % marker).order_by(\ + models.User.id.desc()).limit(limit).all() + else: + return session.query(models.User).order_by(\ + models.User.id.desc()).limit(limit).all() + + +def user_get_page_markers(marker, limit, session=None): + if not session: + session = get_session() + first = session.query(models.User).order_by(\ + models.User.id).first() + last = session.query(models.User).order_by(\ + models.User.id.desc()).first() + if first is None: + return (None, None) + if marker is None: + marker = first.id + next = session.query(models.User).filter("id > :marker").params(\ + marker='%s' % marker).order_by(\ + models.User.id).limit(limit).all() + prev = session.query(models.User).filter("id < :marker").params(\ + marker='%s' % marker).order_by(\ + models.User.id.desc()).limit(int(limit)).all() + if len(next) == 0: + next = last + else: + for t in next: + next = t + if len(prev) == 0: + prev = first + else: + for t in prev: + prev = t + if prev.id == marker: + prev = None + else: + prev = prev.id + if next.id == last.id: + next = None + else: + next = next.id + return (prev, next) + + +def user_get_email(email, session=None): + if not session: + session = get_session() + result = session.query(models.User).filter_by(email=email).first() + return result + + +def user_groups(id, session=None): + if not session: + session = get_session() + result = session.query(models.Group).filter_by(\ + user_id=id) + return result + + +def user_roles_by_tenant(user_id, tenant_id, session=None): + if not session: + session = get_session() + result = session.query(models.UserRoleAssociation).filter_by(\ + user_id=user_id, tenant_id=tenant_id).options(joinedload('roles')) + return result + + +def user_update(id, values, session=None): + if not session: + session = get_session() + with session.begin(): + user_ref = user_get(id, session) + user_ref.update(values) + user_ref.save(session=session) + + +def users_tenant_group_get_page(group_id, marker, limit, session=None): + if not session: + session = get_session() + uga = aliased(models.UserGroupAssociation) + user = aliased(models.User) + if marker: + return session.query(user, uga).join(\ + (uga, uga.user_id == user.id)).\ + filter(uga.group_id == group_id).\ + filter("id>=:marker").params(\ + marker='%s' % marker).order_by(\ + user.id).limit(limit).all() + else: + return session.query(user, uga).\ + join((uga, uga.user_id == user.id)).\ + filter(uga.group_id == group_id).order_by(\ + user.id).limit(limit).all() + + +def users_tenant_group_get_page_markers(group_id, marker, limit, session=None): + if not session: + session = get_session() + uga = aliased(models.UserGroupAssociation) + user = aliased(models.User) + first = session.query(models.User).order_by(\ + models.User.id).first() + last = session.query(models.User).order_by(\ + models.User.id.desc()).first() + if first is None: + return (None, None) + if marker is None: + marker = first.id + next = session.query(user).join( + (uga, uga.user_id == user.id)).\ + filter(uga.group_id == group_id).\ + filter("id > :marker").params(\ + marker='%s' % marker).order_by(\ + user.id).limit(limit).all() + prev = session.query(user).join(\ + (uga, uga.user_id == user.id)).\ + filter(uga.group_id == group_id).\ + filter("id < :marker").params(\ + marker='%s' % marker).order_by(\ + user.id.desc()).limit(int(limit)).all() + if len(next) == 0: + next = last + else: + for t in next: + next = t + if len(prev) == 0: + prev = first + else: + for t in prev: + prev = t + if prev.id == marker: + prev = None + else: + prev = prev.id + if next.id == last.id: + next = None + else: + next = next.id + return (prev, next) + + +def user_delete(id, session=None): + if not session: + session = get_session() + with session.begin(): + user_ref = user_get(id, session) + session.delete(user_ref) + + +def user_get_by_tenant(id, tenant_id, session=None): + if not session: + session = get_session() + # Most common use case: user lives in tenant + user = session.query(models.User).\ + filter_by(id=id, tenant_id=tenant_id).first() + if user: + return user + + # Find user through grants to this tenant + user_tenant = session.query(models.UserRoleAssociation).filter_by(\ + tenant_id=tenant_id, user_id=id).first() + if user_tenant: + return user_get(id, session) + else: + return None + + +def user_get_by_group(id, session=None): + if not session: + session = get_session() + user_group = session.query(models.Group).filter_by(tenant_id=id).all() + return user_group + + +def user_delete_tenant(id, tenant_id, session=None): + if not session: + session = get_session() + with session.begin(): + users_tenant_ref = users_get_by_tenant(id, tenant_id, session) + if users_tenant_ref is not None: + for user_tenant_ref in users_tenant_ref: + session.delete(user_tenant_ref) + + user_group_ref = user_get_by_group(tenant_id, session) + + if user_group_ref is not None: + for user_group in user_group_ref: + group_users = session.query(models.UserGroupAssociation)\ + .filter_by(user_id=id, + group_id=user_group.id).all() + for group_user in group_users: + session.delete(group_user) + + +def users_get_by_tenant(user_id, tenant_id, session=None): + if not session: + session = get_session() + result = session.query(models.User).filter_by(id=user_id, + tenant_id=tenant_id) + return result + +def user_role_add(values): + user_role_ref = models.UserRoleAssociation() + user_role_ref.update(values) + user_role_ref.save() + return user_role_ref + + +def user_get_update(id, session=None): + if not session: + session = get_session() + result = session.query(models.User).filter_by(id=id).first() + return result + + +def users_get_page(marker, limit, session=None): + if not session: + session = get_session() + user = aliased(models.User) + if marker: + return session.query(user).\ + filter("id>=:marker").params( + marker='%s' % marker).order_by( + "id").limit(limit).all() + else: + return session.query(user).\ + order_by("id").limit(limit).all() + +def users_get_page_markers(marker, limit, \ + session=None): + if not session: + session = get_session() + user = aliased(models.User) + first = session.query(user).\ + order_by(user.id).first() + last = session.query(user).\ + order_by(user.id.desc()).first() + if first is None: + return (None, None) + if marker is None: + marker = first.id + next = session.query(user).\ + filter("id > :marker").params(\ + marker='%s' % marker).order_by(user.id).\ + limit(int(limit)).all() + prev = session.query(user).\ + filter("id < :marker").params( + marker='%s' % marker).order_by( + user.id.desc()).limit(int(limit)).all() + next_len = len(next) + prev_len = len(prev) + + if next_len == 0: + next = last + else: + for t in next: + next = t + if prev_len == 0: + prev = first + else: + for t in prev: + prev = t + if first.id == marker: + prev = None + else: + prev = prev.id + if marker == last.id: + next = None + else: + next = next.id + return (prev, next) + + +def users_get_by_tenant_get_page(tenant_id, marker, limit, session=None): + if not session: + session = get_session() + user = aliased(models.User) + if marker: + return session.query(user).\ + filter("tenant_id = :tenant_id").\ + params(tenant_id='%s' % tenant_id).\ + filter("id>=:marker").params( + marker='%s' % marker).order_by( + "id").limit(limit).all() + else: + return session.query(user).\ + filter("tenant_id = :tenant_id").\ + params(tenant_id='%s' % tenant_id).order_by( + "id").limit(limit).all() + + +def users_get_by_tenant_get_page_markers(tenant_id, marker, limit, \ + session=None): + if not session: + session = get_session() + user = aliased(models.User) + first = session.query(user).\ + filter(user.tenant_id == tenant_id).\ + order_by(user.id).first() + last = session.query(user).\ + filter(user.tenant_id == tenant_id).\ + order_by(user.id.desc()).first() + if first is None: + return (None, None) + if marker is None: + marker = first.id + next = session.query(user).\ + filter(user.tenant_id == tenant_id).\ + filter("id > :marker").params(\ + marker='%s' % marker).order_by(user.id).\ + limit(int(limit)).all() + prev = session.query(user).\ + filter(user.tenant_id == tenant_id).\ + filter("id < :marker").params( + marker='%s' % marker).order_by( + user.id.desc()).limit(int(limit)).all() + next_len = len(next) + prev_len = len(prev) + + if next_len == 0: + next = last + else: + for t in next: + next = t + if prev_len == 0: + prev = first + else: + for t in prev: + prev = t + if first.id == marker: + prev = None + else: + prev = prev.id + if marker == last.id: + next = None + else: + next = next.id + return (prev, next) + +def user_groups_get_all(user_id, session=None): + if not session: + session = get_session() + uga = aliased(models.UserGroupAssociation) + group = aliased(models.Group) + return session.query(group, uga).\ + join((uga, uga.group_id == group.id)).\ + filter(uga.user_id == user_id).order_by( + group.id).all() diff --git a/keystone/db/sqlalchemy/models.py b/keystone/db/sqlalchemy/models.py index d9b3af63..5de12701 100644 --- a/keystone/db/sqlalchemy/models.py +++ b/keystone/db/sqlalchemy/models.py @@ -16,12 +16,11 @@ # Not Yet PEP8 standardized from sqlalchemy import Column, String, Integer, ForeignKey, \ - UniqueConstraint, Boolean -from sqlalchemy import DateTime + UniqueConstraint, Boolean, DateTime from sqlalchemy.exc import IntegrityError from sqlalchemy.ext.declarative import declarative_base from sqlalchemy.orm import relationship, object_mapper -import api as db_api + Base = declarative_base() @@ -30,8 +29,10 @@ class KeystoneBase(object): def save(self, session=None): """Save this object.""" + if not session: - session = db_api.get_session() + from keystone.db.sqlalchemy import get_session + session = get_session() session.add(self) try: session.flush() diff --git a/keystone/frontends/legacy_token_auth.py b/keystone/frontends/legacy_token_auth.py index dcd03477..647a5697 100644 --- a/keystone/frontends/legacy_token_auth.py +++ b/keystone/frontends/legacy_token_auth.py @@ -15,7 +15,7 @@ # implied. # See the License for the specific language governing permissions and # limitations under the License. -# Not Yet PEP8 standardized + """ RACKSPACE LEGACY AUTH - STUB @@ -25,16 +25,13 @@ and makes an authentication call on keystone.- transforms response it receives into custom headers defined in properties and returns the response. """ + import os import sys -import optparse -import httplib import json import ast -from webob.exc import Request, Response -from paste.deploy import loadapp -from webob.exc import HTTPUnauthorized, HTTPInternalServerError +from webob.exc import Request POSSIBLE_TOPDIR = os.path.normpath(os.path.join(os.path.abspath(sys.argv[0]), os.pardir, @@ -43,10 +40,7 @@ POSSIBLE_TOPDIR = os.path.normpath(os.path.join(os.path.abspath(sys.argv[0]), if os.path.exists(os.path.join(POSSIBLE_TOPDIR, 'keystone', '__init__.py')): sys.path.insert(0, POSSIBLE_TOPDIR) -import keystone import keystone.utils as utils -from keystone.common import wsgi -from keystone.common import config PROTOCOL_NAME = "Legacy Authentication" diff --git a/keystone/logic/service.py b/keystone/logic/service.py index 693a4e3b..b292d75f 100755 --- a/keystone/logic/service.py +++ b/keystone/logic/service.py @@ -19,6 +19,7 @@ import uuid import keystone.logic.types.auth as auth import keystone.logic.types.atom as atom +import keystone.db.sqlalchemy as db import keystone.db.sqlalchemy.api as db_api import keystone.db.sqlalchemy.models as db_models import keystone.logic.types.fault as fault @@ -41,11 +42,11 @@ class IdentityService(object): raise fault.BadRequestFault("Expecting Password Credentials!") if not credentials.tenant_id: - duser = db_api.user_get(credentials.username) + duser = db_api.user.user_get(credentials.username) if duser == None: raise fault.UnauthorizedFault("Unauthorized") else: - duser = db_api.user_get_by_tenant(credentials.username, + duser = db_api.user.user_get_by_tenant(credentials.username, credentials.tenant_id) if duser == None: raise fault.UnauthorizedFault("Unauthorized on this tenant") @@ -60,9 +61,9 @@ class IdentityService(object): # TODO: Handle tenant/token search # if not credentials.tenant_id: - dtoken = db_api.token_for_user(duser.id) + dtoken = db_api.token.token_for_user(duser.id) else: - dtoken = db_api.token_for_user_tenant(duser.id, + dtoken = db_api.token.token_for_user_tenant(duser.id, credentials.tenant_id) tenant_id = None if credentials.tenant_id: @@ -78,7 +79,7 @@ class IdentityService(object): if credentials.tenant_id: dtoken.tenant_id = credentials.tenant_id dtoken.expires = datetime.now() + timedelta(days=1) - db_api.token_create(dtoken) + db_api.token.token_create(dtoken) #if tenant_id is passed in the call that tenant_id is passed else #user's default tenant_id is used. return self.__get_auth_data(dtoken, tenant_id) @@ -101,11 +102,11 @@ class IdentityService(object): def revoke_token(self, admin_token, token_id): self.__validate_token(admin_token) - dtoken = db_api.token_get(token_id) + dtoken = db_api.token.token_get(token_id) if not dtoken: raise fault.ItemNotFoundFault("Token not found") - db_api.token_delete(token_id) + db_api.token.token_delete(token_id) # # Tenant Operations @@ -120,7 +121,7 @@ class IdentityService(object): if tenant.tenant_id == None: raise fault.BadRequestFault("Expecting a unique Tenant Id") - if db_api.tenant_get(tenant.tenant_id) != None: + if db_api.tenant.tenant_get(tenant.tenant_id) != None: raise fault.TenantConflictFault( "A tenant with that id already exists") @@ -129,7 +130,7 @@ class IdentityService(object): dtenant.desc = tenant.description dtenant.enabled = tenant.enabled - db_api.tenant_create(dtenant) + db_api.tenant.tenant_create(dtenant) return tenant ## @@ -140,11 +141,11 @@ class IdentityService(object): (token, user) = self.__validate_token(admin_token) # If Global admin return all tenants. ts = [] - dtenants = db_api.tenant_get_page(marker, limit) + dtenants = db_api.tenant.tenant_get_page(marker, limit) for dtenant in dtenants: ts.append(tenants.Tenant(dtenant.id, dtenant.desc, dtenant.enabled)) - prev, next = db_api.tenant_get_page_markers(marker, limit) + prev, next = db_api.tenant.tenant_get_page_markers(marker, limit) links = [] if prev: links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" \ @@ -157,11 +158,11 @@ class IdentityService(object): #If not global admin ,return tenants specific to user. (token, user) = self.__validate_token(admin_token, False) ts = [] - dtenants = db_api.tenants_for_user_get_page(user, marker, limit) + dtenants = db_api.tenant.tenants_for_user_get_page(user, marker, limit) for dtenant in dtenants: ts.append(tenants.Tenant(dtenant.id, dtenant.desc, dtenant.enabled)) - prev, next = db_api.tenants_for_user_get_page_markers(user, marker, + prev, next = db_api.tenant.tenants_for_user_get_page_markers(user, marker, limit) links = [] if prev: @@ -175,7 +176,7 @@ class IdentityService(object): def get_tenant(self, admin_token, tenant_id): self.__validate_token(admin_token) - dtenant = db_api.tenant_get(tenant_id) + dtenant = db_api.tenant.tenant_get(tenant_id) if not dtenant: raise fault.ItemNotFoundFault("The tenant could not be found") return tenants.Tenant(dtenant.id, dtenant.desc, dtenant.enabled) @@ -186,25 +187,25 @@ class IdentityService(object): if not isinstance(tenant, tenants.Tenant): raise fault.BadRequestFault("Expecting a Tenant") - dtenant = db_api.tenant_get(tenant_id) + dtenant = db_api.tenant.tenant_get(tenant_id) if dtenant == None: raise fault.ItemNotFoundFault("The tenant cloud not be found") values = {'desc': tenant.description, 'enabled': tenant.enabled} - db_api.tenant_update(tenant_id, values) + db_api.tenant.tenant_update(tenant_id, values) return tenants.Tenant(dtenant.id, tenant.description, tenant.enabled) def delete_tenant(self, admin_token, tenant_id): self.__validate_token(admin_token) - dtenant = db_api.tenant_get(tenant_id) + dtenant = db_api.tenant.tenant_get(tenant_id) if dtenant == None: raise fault.ItemNotFoundFault("The tenant cloud not be found") - if not db_api.tenant_is_empty(tenant_id): + if not db_api.tenant.tenant_is_empty(tenant_id): raise fault.ForbiddenFault("You may not delete a tenant that " "contains users or groups") - db_api.tenant_delete(dtenant.id) + db_api.tenant.tenant_delete(dtenant.id) return None # @@ -219,14 +220,14 @@ class IdentityService(object): if tenant == None: raise fault.BadRequestFault("Expecting a Tenant Id") - dtenant = db_api.tenant_get(tenant) + dtenant = db_api.tenant.tenant_get(tenant) if dtenant == None: raise fault.ItemNotFoundFault("The tenant not found") if group.group_id == None: raise fault.BadRequestFault("Expecting a Group Id") - if db_api.group_get(group.group_id) != None: + if db_api.group.group_get(group.group_id) != None: raise fault.TenantGroupConflictFault( "A tenant group with that id already exists") @@ -234,7 +235,7 @@ class IdentityService(object): dtenant.id = group.group_id dtenant.desc = group.description dtenant.tenant_id = tenant - db_api.tenant_group_create(dtenant) + db_api.tenant_group.tenant_group_create(dtenant) return tenants.Group(dtenant.id, dtenant.desc, dtenant.tenant_id) def get_tenant_groups(self, admin_token, tenant_id, marker, limit, url): @@ -242,18 +243,18 @@ class IdentityService(object): if tenant_id == None: raise fault.BadRequestFault("Expecting a Tenant Id") - dtenant = db_api.tenant_get(tenant_id) + dtenant = db_api.tenant.tenant_get(tenant_id) if dtenant == None: raise fault.ItemNotFoundFault("The tenant not found") ts = [] - dtenantgroups = db_api.tenant_group_get_page(tenant_id, marker, limit) + dtenantgroups = db_api.tenant_group.tenant_group_get_page(tenant_id, marker, limit) for dtenantgroup in dtenantgroups: ts.append(tenants.Group(dtenantgroup.id, dtenantgroup.desc, dtenantgroup.tenant_id)) - prev, next = db_api.tenant_group_get_page_markers(tenant_id, marker, + prev, next = db_api.tenant_group.tenant_group_get_page_markers(tenant_id, marker, limit) links = [] if prev: @@ -268,11 +269,11 @@ class IdentityService(object): def get_tenant_group(self, admin_token, tenant_id, group_id): self.__validate_token(admin_token) - dtenant = db_api.tenant_get(tenant_id) + dtenant = db_api.tenant.tenant_get(tenant_id) if dtenant == None: raise fault.ItemNotFoundFault("The tenant not found") - dtenant = db_api.tenant_group_get(group_id, tenant_id) + dtenant = db_api.tenant_group.tenant_group_get(group_id, tenant_id) if not dtenant: raise fault.ItemNotFoundFault("The tenant group not found") @@ -285,11 +286,11 @@ class IdentityService(object): raise fault.BadRequestFault("Expecting a Group") True - dtenant = db_api.tenant_get(tenant_id) + dtenant = db_api.tenant.tenant_get(tenant_id) if dtenant == None: raise fault.ItemNotFoundFault("The tenant not found") - dtenant = db_api.tenant_group_get(group_id, tenant_id) + dtenant = db_api.tenant_group.tenant_group_get(group_id, tenant_id) if not dtenant: raise fault.ItemNotFoundFault("The tenant group not found") @@ -303,27 +304,27 @@ class IdentityService(object): values = {'desc': group.description} - db_api.tenant_group_update(group_id, tenant_id, values) + db_api.tenant_group.tenant_group_update(group_id, tenant_id, values) return tenants.Group(group_id, group.description, tenant_id) def delete_tenant_group(self, admin_token, tenant_id, group_id): self.__validate_token(admin_token) - dtenant = db_api.tenant_get(tenant_id) + dtenant = db_api.tenant.tenant_get(tenant_id) if dtenant == None: raise fault.ItemNotFoundFault("The tenant not found") - dtenant = db_api.tenant_group_get(group_id, tenant_id) + dtenant = db_api.tenant_group.tenant_group_get(group_id, tenant_id) if not dtenant: raise fault.ItemNotFoundFault("The tenant group not found") - if not db_api.tenant_group_is_empty(group_id): + if not db_api.tenant_group.tenant_group_is_empty(group_id): raise fault.ForbiddenFault("You may not delete a tenant that " "contains users or groups") - db_api.tenant_group_delete(group_id, tenant_id) + db_api.tenant_group.delete(group_id, tenant_id) return None def get_users_tenant_group(self, admin_token, tenantId, groupId, marker, @@ -332,14 +333,14 @@ class IdentityService(object): if tenantId == None: raise fault.BadRequestFault("Expecting a Tenant Id") - if db_api.tenant_get(tenantId) == None: + if db_api.tenant.tenant_get(tenantId) == None: raise fault.ItemNotFoundFault("The tenant not found") - if db_api.tenant_group_get(groupId, tenantId) == None: + if db_api.tenant_group.tenant_group_get(groupId, tenantId) == None: raise fault.ItemNotFoundFault( "A tenant group with that id not found") ts = [] - dgroupusers = db_api.users_tenant_group_get_page(groupId, marker, + dgroupusers = db_api.user.users_tenant_group_get_page(groupId, marker, limit) for dgroupuser, dgroupuserAsso in dgroupusers: @@ -348,40 +349,40 @@ class IdentityService(object): tenantId, None)) links = [] if ts.__len__(): - prev, next = db_api.users_tenant_group_get_page_markers(groupId, + prev, next = db_api.user.users_tenant_group_get_page_markers(groupId, marker, limit) if prev: - links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" % + links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" % (url, prev, limit))) if next: - links.append(atom.Link('next', "%s?'marker=%s&limit=%s'" % + links.append(atom.Link('next', "%s?'marker=%s&limit=%s'" % (url, next, limit))) return tenants.Users(ts, links) def add_user_tenant_group(self, admin_token, tenant, group, user): self.__validate_token(admin_token) - if db_api.tenant_get(tenant) == None: + if db_api.tenant.tenant_get(tenant) == None: raise fault.ItemNotFoundFault("The Tenant not found") - if db_api.group_get(group) == None: + if db_api.group.group_get(group) == None: raise fault.ItemNotFoundFault("The Group not found") - duser = db_api.user_get(user) + duser = db_api.user.user_get(user) if duser == None: raise fault.ItemNotFoundFault("The User not found") - if db_api.tenant_group_get(group, tenant) == None: + if db_api.tenant_group.tenant_group_get(group, tenant) == None: raise fault.ItemNotFoundFault("A tenant group with" " that id not found") - if db_api.get_user_by_group(user, group) != None: + if db_api.user.get_user_by_group(user, group) != None: raise fault.UserGroupConflictFault( "A user with that id already exists in group") dusergroup = db_models.UserGroupAssociation() dusergroup.user_id = user dusergroup.group_id = group - db_api.user_tenant_group(dusergroup) + db_api.user.user_tenant_group(dusergroup) return tenants.User(duser.id, duser.email, duser.enabled, tenant, group) @@ -389,24 +390,24 @@ class IdentityService(object): def delete_user_tenant_group(self, admin_token, tenant, group, user): self.__validate_token(admin_token) - if db_api.tenant_get(tenant) == None: + if db_api.tenant.tenant_get(tenant) == None: raise fault.ItemNotFoundFault("The Tenant not found") - if db_api.group_get(group) == None: + if db_api.group.group_get(group) == None: raise fault.ItemNotFoundFault("The Group not found") - duser = db_api.user_get(user) + duser = db_api.user.user_get(user) if duser == None: raise fault.ItemNotFoundFault("The User not found") - if db_api.tenant_group_get(group, tenant) == None: + if db_api.tenant_group.tenant_group_get(group, tenant) == None: raise fault.ItemNotFoundFault("A tenant group with" " that id not found") - if db_api.get_user_by_group(user, group) == None: + if db_api.user.get_user_by_group(user, group) == None: raise fault.ItemNotFoundFault("A user with that id " "in a group not found") - db_api.user_tenant_group_delete(user, group) + db_api.user.user_tenant_group_delete(user, group) return None # @@ -418,9 +419,9 @@ class IdentityService(object): token = None user = None if token_id: - token = db_api.token_get(token_id) + token = db_api.token.token_get(token_id) if token: - user = db_api.user_get(token.user_id) + user = db_api.user.user_get(token.user_id) return (token, user) # @@ -429,7 +430,7 @@ class IdentityService(object): def create_user(self, admin_token, user): self.__validate_token(admin_token) - dtenant = db_api.tenant_get(user.tenant_id) + dtenant = db_api.tenant.tenant_get(user.tenant_id) if dtenant == None: raise fault.UnauthorizedFault("Unauthorized") @@ -442,11 +443,11 @@ class IdentityService(object): if user.user_id == None: raise fault.BadRequestFault("Expecting a unique User Id") - if db_api.user_get(user.user_id) != None: + if db_api.user.user_get(user.user_id) != None: raise fault.UserConflictFault( "An user with that id already exists") - if db_api.user_get_email(user.email) != None: + if db_api.user.user_get_email(user.email) != None: raise fault.EmailConflictFault( "Email already exists") @@ -456,7 +457,7 @@ class IdentityService(object): duser.email = user.email duser.enabled = user.enabled duser.tenant_id = user.tenant_id - db_api.user_create(duser) + db_api.user.user_create(duser) return user @@ -465,61 +466,61 @@ class IdentityService(object): if tenant_id == None: raise fault.BadRequestFault("Expecting a Tenant Id") - dtenant = db_api.tenant_get(tenant_id) + dtenant = db_api.tenant.tenant_get(tenant_id) if dtenant is None: raise fault.ItemNotFoundFault("The tenant not found") if not dtenant.enabled: raise fault.TenantDisabledFault("Your account has been disabled") ts = [] - dtenantusers = db_api.users_get_by_tenant_get_page(tenant_id, marker, + dtenantusers = db_api.user.users_get_by_tenant_get_page(tenant_id, marker, limit) for dtenantuser in dtenantusers: ts.append(users.User(None, dtenantuser.id, tenant_id, dtenantuser.email, dtenantuser.enabled)) links = [] if ts.__len__(): - prev, next = db_api.users_get_by_tenant_get_page_markers(tenant_id, + prev, next = db_api.user.users_get_by_tenant_get_page_markers(tenant_id, marker, limit) if prev: - links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" % + links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" % (url, prev, limit))) if next: - links.append(atom.Link('next', "%s?'marker=%s&limit=%s'" % + links.append(atom.Link('next', "%s?'marker=%s&limit=%s'" % (url, next, limit))) return users.Users(ts, links) def get_users(self, admin_token, marker, limit, url): self.__validate_token(admin_token) ts = [] - dusers = db_api.users_get_page(marker, limit) + dusers = db_api.user.users_get_page(marker, limit) for duser in dusers: ts.append(users.User(None, duser.id, duser.tenant_id, duser.email, duser.enabled)) links = [] if ts.__len__(): - prev, next = db_api.users_get_page_markers(marker, limit) + prev, next = db_api.user.users_get_page_markers(marker, limit) if prev: - links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" % + links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" % (url, prev, limit))) if next: - links.append(atom.Link('next', "%s?'marker=%s&limit=%s'" % + links.append(atom.Link('next', "%s?'marker=%s&limit=%s'" % (url, next, limit))) return users.Users(ts, links) def get_user(self, admin_token, user_id): self.__validate_token(admin_token) - duser = db_api.user_get(user_id) + duser = db_api.user.user_get(user_id) if not duser: raise fault.ItemNotFoundFault("The user could not be found") if not duser.enabled: raise fault.UserDisabledFault("User has been disabled") - dtenant = db_api.tenant_get(duser.tenant_id) + dtenant = db_api.tenant.tenant_get(duser.tenant_id) ts = [] - dusergroups = db_api.user_groups_get_all(user_id) + dusergroups = db_api.user.user_groups_get_all(user_id) for dusergroup, dusergroupAsso in dusergroups: ts.append(tenants.Group(dusergroup.id, dusergroup.tenant_id, None)) @@ -530,31 +531,11 @@ class IdentityService(object): ## ## GET Users with Pagination ## - def get_users(self, admin_token, marker, limit, url): - (token, user) = self.__validate_token(admin_token) - # If Global admin return all tenants. - us = [] - dusers = db_api.user_get_page(marker, limit) - for duser in dusers: - us.append(users.User(None, - duser.id, - duser.tenant_id, - duser.email, - duser.enabled)) - prev, next = db_api.user_get_page_markers(marker, limit) - links = [] - if prev: - links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" \ - % (url, prev, limit))) - if next: - links.append(atom.Link('next', "%s?'marker=%s&limit=%s'" \ - % (url, next, limit))) - return users.Users(us, links) def update_user(self, admin_token, user_id, user): self.__validate_token(admin_token) - duser = db_api.user_get(user_id) + duser = db_api.user.user_get(user_id) if not duser: raise fault.ItemNotFoundFault("The user could not be found") @@ -566,20 +547,20 @@ class IdentityService(object): raise fault.BadRequestFault("Expecting a User") if user.email != duser.email and \ - db_api.user_get_email(user.email) is not None: + db_api.user.user_get_email(user.email) is not None: raise fault.EmailConflictFault( "Email already exists") values = {'email': user.email} - db_api.user_update(user_id, values) - duser = db_api.user_get_update(user_id) + db_api.user.user_update(user_id, values) + duser = db_api.user.user_get_update(user_id) return users.User(duser.password, duser.id, duser.tenant_id, duser.email, duser.enabled) def set_user_password(self, admin_token, user_id, user): self.__validate_token(admin_token) - duser = db_api.user_get(user_id) + duser = db_api.user.user_get(user_id) if not duser: raise fault.ItemNotFoundFault("The user could not be found") @@ -589,48 +570,48 @@ class IdentityService(object): if not isinstance(user, users.User): raise fault.BadRequestFault("Expecting a User") - duser = db_api.user_get(user_id) + duser = db_api.user.user_get(user_id) if duser == None: raise fault.ItemNotFoundFault("The user could not be found") values = {'password': user.password} - db_api.user_update(user_id, values) + db_api.user.user_update(user_id, values) return users.User_Update(user.password, None, None, None, None, None) def enable_disable_user(self, admin_token, user_id, user): self.__validate_token(admin_token) - duser = db_api.user_get(user_id) + duser = db_api.user.user_get(user_id) if not duser: raise fault.ItemNotFoundFault("The user could not be found") if not isinstance(user, users.User): raise fault.BadRequestFault("Expecting a User") - duser = db_api.user_get(user_id) + duser = db_api.user.user_get(user_id) if duser == None: raise fault.ItemNotFoundFault("The user could not be found") values = {'enabled': user.enabled} - db_api.user_update(user_id, values) + db_api.user.user_update(user_id, values) return users.User_Update(None, None, None, None, user.enabled, None) def set_user_tenant(self, admin_token, user_id, user): self.__validate_token(admin_token) - duser = db_api.user_get(user_id) + duser = db_api.user.user_get(user_id) if not duser: raise fault.ItemNotFoundFault("The user could not be found") if not isinstance(user, users.User): raise fault.BadRequestFault("Expecting a User") - duser = db_api.user_get(user_id) + duser = db_api.user.user_get(user_id) if duser == None: raise fault.ItemNotFoundFault("The user could not be found") - dtenant = db_api.tenant_get(user.tenant_id) + dtenant = db_api.tenant.tenant_get(user.tenant_id) #Check if tenant exists.If user has passed a tenant that does not exist throw error. #If user is trying to update to a tenant that is disabled throw an error. @@ -640,24 +621,24 @@ class IdentityService(object): raise fault.TenantDisabledFault("Your account has been disabled") values = {'tenant_id': user.tenant_id} - db_api.user_update(user_id, values) + db_api.user.user_update(user_id, values) return users.User_Update(None, None, user.tenant_id, None, None, None) def delete_user(self, admin_token, user_id): self.__validate_token(admin_token) - duser = db_api.user_get(user_id) + duser = db_api.user.user_get(user_id) if not duser: raise fault.ItemNotFoundFault("The user could not be found") - dtenant = db_api.tenant_get(duser.tenant_id) - db_api.user_delete_tenant(user_id, dtenant.id) + dtenant = db_api.tenant.tenant_get(duser.tenant_id) + db_api.user.user_delete_tenant(user_id, dtenant.id) return None def get_user_groups(self, admin_token, user_id, marker, limit, url): self.__validate_token(admin_token) ts = [] - dusergroups = db_api.groups_get_by_user_get_page(user_id, marker, + dusergroups = db_api.group.groups_get_by_user_get_page(user_id, marker, limit) for dusergroup, dusergroupAsso in dusergroups: @@ -665,13 +646,13 @@ class IdentityService(object): dusergroup.tenant_id)) links = [] if ts.__len__(): - prev, next = db_api.groups_get_by_user_get_page_markers(user_id, + prev, next = db_api.group.groups_get_by_user_get_page_markers(user_id, marker, limit) if prev: - links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" % + links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" % (url, prev, limit))) if next: - links.append(atom.Link('next', "%s?'marker=%s&limit=%s'" % + links.append(atom.Link('next', "%s?'marker=%s&limit=%s'" % (url, next, limit))) return tenants.Groups(ts, links) @@ -682,14 +663,14 @@ class IdentityService(object): # with server.py def __check_create_global_tenant(self): - dtenant = db_api.tenant_get('GlobalTenant') + dtenant = db_api.tenant.tenant_get('GlobalTenant') if dtenant is None: dtenant = db_models.Tenant() dtenant.id = 'GlobalTenant' dtenant.desc = 'GlobalTenant is Default tenant for global groups' dtenant.enabled = True - db_api.tenant_create(dtenant) + db_api.tenant.tenant_create(dtenant) return dtenant def create_global_group(self, admin_token, group): @@ -701,7 +682,7 @@ class IdentityService(object): if group.group_id == None: raise fault.BadRequestFault("Expecting a Group Id") - if db_api.group_get(group.group_id) != None: + if db_api.group.group_get(group.group_id) != None: raise fault.TenantGroupConflictFault( "A tenant group with that id already exists") gtenant = self.__check_create_global_tenant() @@ -709,37 +690,37 @@ class IdentityService(object): dtenant.id = group.group_id dtenant.desc = group.description dtenant.tenant_id = gtenant.id - db_api.tenant_group_create(dtenant) + db_api.tenant_group.tenant_group_create(dtenant) return tenants.GlobalGroup(dtenant.id, dtenant.desc, None) def get_global_groups(self, admin_token, marker, limit, url): self.__validate_token(admin_token) gtenant = self.__check_create_global_tenant() ts = [] - dtenantgroups = db_api.tenant_group_get_page(gtenant.id, \ + dtenantgroups = db_api.tenant_group.tenant_group_get_page(gtenant.id, \ marker, limit) for dtenantgroup in dtenantgroups: ts.append(tenants.GlobalGroup(dtenantgroup.id, dtenantgroup.desc)) - prev, next = db_api.tenant_group_get_page_markers(gtenant.id, + prev, next = db_api.tenant_group.tenant_group_get_page_markers(gtenant.id, marker, limit) links = [] if prev: - links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" % + links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" % (url, prev, limit))) if next: - links.append(atom.Link('next', "%s?'marker=%s&limit=%s'" % + links.append(atom.Link('next', "%s?'marker=%s&limit=%s'" % (url, next, limit))) return tenants.GlobalGroups(ts, links) def get_global_group(self, admin_token, group_id): self.__validate_token(admin_token) gtenant = self.__check_create_global_tenant() - dtenant = db_api.tenant_get(gtenant.id) + dtenant = db_api.tenant.tenant_get(gtenant.id) if dtenant == None: raise fault.ItemNotFoundFault("The Global tenant not found") - dtenant = db_api.tenant_group_get(group_id, gtenant.id) + dtenant = db_api.tenant_group.tenant_group_get(group_id, gtenant.id) if not dtenant: raise fault.ItemNotFoundFault("The Global tenant group not found") @@ -751,11 +732,11 @@ class IdentityService(object): if not isinstance(group, tenants.GlobalGroup): raise fault.BadRequestFault("Expecting a Group") - dtenant = db_api.tenant_get(gtenant.id) + dtenant = db_api.tenant.tenant_get(gtenant.id) if dtenant == None: raise fault.ItemNotFoundFault("The global tenant not found") - dtenant = db_api.tenant_group_get(group_id, gtenant.id) + dtenant = db_api.tenant_group.tenant_group_get(group_id, gtenant.id) if not dtenant: raise fault.ItemNotFoundFault("The Global tenant group not found") if group_id != group.group_id: @@ -763,26 +744,26 @@ class IdentityService(object): "Group id not matching") values = {'desc': group.description} - db_api.tenant_group_update(group_id, gtenant.id, values) + db_api.tenant_group.tenant_group_update(group_id, gtenant.id, values) return tenants.GlobalGroup(group_id, group.description, gtenant.id) def delete_global_group(self, admin_token, group_id): self.__validate_token(admin_token) gtenant = self.__check_create_global_tenant() - dtenant = db_api.tenant_get(gtenant.id) + dtenant = db_api.tenant.tenant_get(gtenant.id) if dtenant == None: raise fault.ItemNotFoundFault("The global tenant not found") - dtenant = db_api.tenant_group_get(group_id, dtenant.id) + dtenant = db_api.tenant_group.tenant_group_get(group_id, dtenant.id) if not dtenant: raise fault.ItemNotFoundFault("The global tenant group not found") - if not db_api.tenant_group_is_empty(group_id): + if not db_api.tenant_group.tenant_group_is_empty(group_id): raise fault.ForbiddenFault("You may not delete a group that " "contains users") - db_api.tenant_group_delete(group_id, gtenant.id) + db_api.tenant_group.delete(group_id, gtenant.id) return None def get_users_global_group(self, admin_token, groupId, marker, limit, url): @@ -792,21 +773,21 @@ class IdentityService(object): if gtenant.id == None: raise fault.BadRequestFault("Expecting a global Tenant") - if db_api.tenant_get(gtenant.id) == None: + if db_api.tenant.tenant_get(gtenant.id) == None: raise fault.ItemNotFoundFault("The global tenant not found") - if db_api.tenant_group_get(groupId, gtenant.id) == None: + if db_api.tenant_group.tenant_group_get(groupId, gtenant.id) == None: raise fault.ItemNotFoundFault( "A global tenant group with that id not found") ts = [] - dgroupusers = db_api.users_tenant_group_get_page(groupId, marker, + dgroupusers = db_api.user.users_tenant_group_get_page(groupId, marker, limit) for dgroupuser, dgroupuserassoc in dgroupusers: ts.append(tenants.User(dgroupuser.id, dgroupuser.email, dgroupuser.enabled)) links = [] if ts.__len__(): - prev, next = db_api.users_tenant_group_get_page_markers(groupId, + prev, next = db_api.user.users_tenant_group_get_page_markers(groupId, marker, limit) if prev: links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" @@ -820,27 +801,27 @@ class IdentityService(object): self.__validate_token(admin_token) gtenant = self.__check_create_global_tenant() - if db_api.tenant_get(gtenant.id) == None: + if db_api.tenant.tenant_get(gtenant.id) == None: raise fault.ItemNotFoundFault("The Global Tenant not found") - if db_api.group_get(group) == None: + if db_api.group.group_get(group) == None: raise fault.ItemNotFoundFault("The Group not found") - duser = db_api.user_get(user) + duser = db_api.user.user_get(user) if duser == None: raise fault.ItemNotFoundFault("The User not found") - if db_api.tenant_group_get(group, gtenant.id) == None: + if db_api.tenant_group.tenant_group_get(group, gtenant.id) == None: raise fault.ItemNotFoundFault("A global tenant group with" " that id not found") - if db_api.get_user_by_group(user, group) != None: + if db_api.user.get_user_by_group(user, group) != None: raise fault.UserGroupConflictFault( "A user with that id already exists in group") dusergroup = db_models.UserGroupAssociation() dusergroup.user_id = user dusergroup.group_id = group - db_api.user_tenant_group(dusergroup) + db_api.user.user_tenant_group(dusergroup) return tenants.User(duser.id, duser.email, duser.enabled, group_id=group) @@ -849,24 +830,24 @@ class IdentityService(object): self.__validate_token(admin_token) gtenant = self.__check_create_global_tenant() - if db_api.tenant_get(gtenant.id) == None: + if db_api.tenant.tenant_get(gtenant.id) == None: raise fault.ItemNotFoundFault("The Global Tenant not found") - if db_api.group_get(group) == None: + if db_api.group.group_get(group) == None: raise fault.ItemNotFoundFault("The Group not found") - duser = db_api.user_get(user) + duser = db_api.user.user_get(user) if duser == None: raise fault.ItemNotFoundFault("The User not found") - if db_api.tenant_group_get(group, gtenant.id) == None: + if db_api.tenant_group.tenant_group_get(group, gtenant.id) == None: raise fault.ItemNotFoundFault("A global tenant group with " "that id not found") - if db_api.get_user_by_group(user, group) == None: + if db_api.user.get_user_by_group(user, group) == None: raise fault.ItemNotFoundFault("A user with that id in a " "group not found") - db_api.user_tenant_group_delete(user, group) + db_api.user.user_tenant_group_delete(user, group) return None # @@ -875,7 +856,7 @@ class IdentityService(object): """return AuthData object for a token""" base_urls = None if tenant_id != None: - base_urls = db_api.tenant_baseurls_get_all(tenant_id) + base_urls = db_api.tenant.tenant_baseurls_get_all(tenant_id) token = auth.Token(dtoken.expires, dtoken.token_id, tenant_id) return auth.AuthData(token, base_urls) @@ -885,12 +866,12 @@ class IdentityService(object): token = auth.Token(dtoken.expires, dtoken.token_id, dtoken.tenant_id) ts = [] if dtoken.tenant_id: - droleRefs = db_api.role_ref_get_all_tenant_roles(duser.id, + droleRefs = db_api.role.role_ref_get_all_tenant_roles(duser.id, dtoken.tenant_id) for droleRef in droleRefs: ts.append(roles.RoleRef(droleRef.id, droleRef.role_id, droleRef.tenant_id)) - droleRefs = db_api.role_ref_get_all_global_roles(duser.id) + droleRefs = db_api.role.role_ref_get_all_global_roles(duser.id) for droleRef in droleRefs: ts.append(roles.RoleRef(droleRef.id, droleRef.role_id, droleRef.tenant_id)) @@ -911,7 +892,7 @@ class IdentityService(object): raise fault.UserDisabledFault("The user %s has been disabled!" % user.id) if admin: - roleRefs = db_api.role_ref_get_all_global_roles(user.id) + roleRefs = db_api.role.role_ref_get_all_global_roles(user.id) for roleRef in roleRefs: if roleRef.role_id == "Admin" and roleRef.tenant_id is None: return (token, user) @@ -928,24 +909,24 @@ class IdentityService(object): if role.role_id == None: raise fault.BadRequestFault("Expecting a Role Id") - if db_api.role_get(role.role_id) != None: + if db_api.role.role_get(role.role_id) != None: raise fault.RoleConflictFault( "A role with that id already exists") drole = db_models.Role() drole.id = role.role_id drole.desc = role.desc - db_api.role_create(drole) + db_api.role.role_create(drole) return role def get_roles(self, admin_token, marker, limit, url): self.__validate_token(admin_token) ts = [] - droles = db_api.role_get_page(marker, limit) + droles = db_api.role.role_get_page(marker, limit) for drole in droles: ts.append(roles.Role(drole.id, drole.desc)) - prev, next = db_api.role_get_page_markers(marker, limit) + prev, next = db_api.role.role_get_page_markers(marker, limit) links = [] if prev: links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" \ @@ -958,14 +939,14 @@ class IdentityService(object): def get_role(self, admin_token, role_id): self.__validate_token(admin_token) - drole = db_api.role_get(role_id) + drole = db_api.role.role_get(role_id) if not drole: raise fault.ItemNotFoundFault("The role could not be found") return roles.Role(drole.id, drole.desc) def create_role_ref(self, admin_token, user_id, roleRef): self.__validate_token(admin_token) - duser = db_api.user_get(user_id) + duser = db_api.user.user_get(user_id) if not duser: raise fault.ItemNotFoundFault("The user could not be found") @@ -976,12 +957,12 @@ class IdentityService(object): if roleRef.role_id == None: raise fault.BadRequestFault("Expecting a Role Id") - drole = db_api.role_get(roleRef.role_id) + drole = db_api.role.role_get(roleRef.role_id) if drole == None: raise fault.ItemNotFoundFault("The role not found") if roleRef.tenant_id != None: - dtenant = db_api.tenant_get(roleRef.tenant_id) + dtenant = db_api.tenant.tenant_get(roleRef.tenant_id) if dtenant == None: raise fault.ItemNotFoundFault("The tenant not found") @@ -990,28 +971,28 @@ class IdentityService(object): drole_ref.role_id = drole.id if roleRef.tenant_id != None: drole_ref.tenant_id = dtenant.id - user_role_ref = db_api.user_role_add(drole_ref) + user_role_ref = db_api.user.user_role_add(drole_ref) roleRef.role_ref_id = user_role_ref.id return roleRef def delete_role_ref(self, admin_token, role_ref_id): self.__validate_token(admin_token) - db_api.role_ref_delete(role_ref_id) + db_api.role.role_ref_delete(role_ref_id) return None def get_user_roles(self, admin_token, marker, limit, url, user_id): self.__validate_token(admin_token) - duser = db_api.user_get(user_id) + duser = db_api.user.user_get(user_id) if not duser: raise fault.ItemNotFoundFault("The user could not be found") ts = [] - droleRefs = db_api.role_ref_get_page(marker, limit, user_id) + droleRefs = db_api.role.role_ref_get_page(marker, limit, user_id) for droleRef in droleRefs: ts.append(roles.RoleRef(droleRef.id, droleRef.role_id, droleRef.tenant_id)) - prev, next = db_api.role_ref_get_page_markers(user_id, marker, limit) + prev, next = db_api.role.role_ref_get_page_markers(user_id, marker, limit) links = [] if prev: links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" \ @@ -1025,14 +1006,14 @@ class IdentityService(object): self.__validate_token(admin_token) ts = [] - dbaseurls = db_api.baseurls_get_page(marker, limit) + dbaseurls = db_api.baseurl.baseurls_get_page(marker, limit) for dbaseurl in dbaseurls: ts.append(baseURLs.BaseURL(dbaseurl.id, dbaseurl.region, dbaseurl.service, dbaseurl.public_url, dbaseurl.admin_url, dbaseurl.internal_url, dbaseurl.enabled)) - prev, next = db_api.baseurls_get_page_markers(marker, limit) + prev, next = db_api.baseurl.baseurls_get_page_markers(marker, limit) links = [] if prev: links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" \ @@ -1045,7 +1026,7 @@ class IdentityService(object): def get_baseurl(self, admin_token, baseurl_id): self.__validate_token(admin_token) - dbaseurl = db_api.baseurls_get(baseurl_id) + dbaseurl = db_api.baseurl.baseurls_get(baseurl_id) if not dbaseurl: raise fault.ItemNotFoundFault("The base URL could not be found") return baseURLs.BaseURL(dbaseurl.id, dbaseurl.region, dbaseurl.service, @@ -1057,13 +1038,13 @@ class IdentityService(object): if tenant_id == None: raise fault.BadRequestFault("Expecting a Tenant Id") - if db_api.tenant_get(tenant_id) == None: + if db_api.tenant.tenant_get(tenant_id) == None: raise fault.ItemNotFoundFault("The tenant not found") ts = [] dtenantBaseURLAssociations = \ - db_api.baseurls_ref_get_by_tenant_get_page(tenant_id, marker, + db_api.baseurl.baseurls_ref_get_by_tenant_get_page(tenant_id, marker, limit) for dtenantBaseURLAssociation in dtenantBaseURLAssociations: ts.append(baseURLs.BaseURLRef(dtenantBaseURLAssociation.id, @@ -1072,13 +1053,13 @@ class IdentityService(object): links = [] if ts.__len__(): prev, next = \ - db_api.baseurls_ref_get_by_tenant_get_page_markers(tenant_id, + db_api.baseurl.baseurls_ref_get_by_tenant_get_page_markers(tenant_id, marker, limit) if prev: - links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" % + links.append(atom.Link('prev', "%s?'marker=%s&limit=%s'" % (url, prev, limit))) if next: - links.append(atom.Link('next', "%s?'marker=%s&limit=%s'" % + links.append(atom.Link('next', "%s?'marker=%s&limit=%s'" % (url, next, limit))) return baseURLs.BaseURLRefs(ts, links) @@ -1088,16 +1069,16 @@ class IdentityService(object): if tenant_id == None: raise fault.BadRequestFault("Expecting a Tenant Id") - if db_api.tenant_get(tenant_id) == None: + if db_api.tenant.tenant_get(tenant_id) == None: raise fault.ItemNotFoundFault("The tenant not found") - dbaseurl = db_api.baseurls_get(baseurl.id) + dbaseurl = db_api.baseurl.baseurls_get(baseurl.id) if not dbaseurl: raise fault.ItemNotFoundFault("The base URL could not be found") dbaseurl_ref = db_models.TenantBaseURLAssociation() dbaseurl_ref.tenant_id = tenant_id dbaseurl_ref.baseURLs_id = baseurl.id - dbaseurl_ref = db_api.baseurls_ref_add(dbaseurl_ref) + dbaseurl_ref = db_api.baseurl.baseurls_ref_add(dbaseurl_ref) baseurlRef = baseURLs.BaseURLRef(dbaseurl_ref.id, url + \ '/baseURLs/' + \ dbaseurl_ref.baseURLs_id) @@ -1105,5 +1086,5 @@ class IdentityService(object): def delete_baseurls_ref(self, admin_token, baseurls_id): self.__validate_token(admin_token) - db_api.baseurls_ref_delete(baseurls_id) + db_api.baseurl.baseurls_ref_delete(baseurls_id) return None diff --git a/keystone/server.py b/keystone/server.py index 1c1e6445..fc8b24d1 100755 --- a/keystone/server.py +++ b/keystone/server.py @@ -40,9 +40,6 @@ import os import routes import sys from webob import Response -from webob.exc import (HTTPNotFound, - HTTPConflict, - HTTPBadRequest) POSSIBLE_TOPDIR = os.path.normpath(os.path.join(os.path.abspath(sys.argv[0]), os.pardir, @@ -52,7 +49,7 @@ if os.path.exists(os.path.join(POSSIBLE_TOPDIR, 'keystone', '__init__.py')): from keystone.common import wsgi -from keystone.db.sqlalchemy import api as db_api +import keystone.db.sqlalchemy as db import keystone.logic.service as serv import keystone.logic.types.tenant as tenants import keystone.logic.types.role as roles @@ -538,7 +535,7 @@ class KeystoneAPI(wsgi.Router): self.options = options mapper = routes.Mapper() - db_api.configure_db(options) + db.configure_db(options) # Token Operations auth_controller = AuthController(options) @@ -589,7 +586,7 @@ class KeystoneAdminAPI(wsgi.Router): self.options = options mapper = routes.Mapper() - db_api.configure_db(options) + db.configure_db(options) # Token Operations auth_controller = AuthController(options) mapper.connect("/v2.0/tokens", controller=auth_controller, |