From 31660b119eb3ff3ec637a63813a0f0ca95ba34f9 Mon Sep 17 00:00:00 2001 From: Adam Young Date: Fri, 25 Jan 2013 14:03:13 -0500 Subject: Tenant to Project in Back ends A continuation of the process to convert the term tenant to project. These changes should only be visible in the error messages produced, but should otherwise be undetectable by calling programs. Removes the TenantNotFound exception which propagates changes through the code that calls the backends as well Change-Id: I998a44bfd6aa85f67d58904bd7af25a56c73d48a --- keystone/common/models.py | 4 +- keystone/contrib/ec2/core.py | 6 +-- keystone/exception.py | 6 +-- keystone/identity/backends/kvs.py | 14 +++--- keystone/identity/backends/ldap/core.py | 76 ++++++++++++++++----------------- keystone/identity/backends/sql.py | 61 +++++++++++++------------- keystone/identity/controllers.py | 2 +- keystone/identity/core.py | 19 +++++---- keystone/token/controllers.py | 4 +- keystone/token/core.py | 2 +- tests/test_backend.py | 24 +++++------ tests/test_backend_kvs.py | 2 +- tests/test_backend_ldap.py | 4 +- tests/test_backend_sql.py | 4 +- 14 files changed, 113 insertions(+), 115 deletions(-) diff --git a/keystone/common/models.py b/keystone/common/models.py index 6312e38c..72818111 100644 --- a/keystone/common/models.py +++ b/keystone/common/models.py @@ -116,8 +116,8 @@ class Group(Model): optional_keys = ('domain_id', 'description') -class Tenant(Model): - """Tenant object. +class Project(Model): + """Project object. Required keys: id diff --git a/keystone/contrib/ec2/core.py b/keystone/contrib/ec2/core.py index baef0bd9..94e51a22 100644 --- a/keystone/contrib/ec2/core.py +++ b/keystone/contrib/ec2/core.py @@ -334,12 +334,12 @@ class Ec2Controller(controller.V2Controller): """Ensure a valid tenant id. :param context: standard context - :param user_id: expected credential owner - :raises exception.UserNotFound: on failure + :param tenant_id: expected tenant + :raises exception.ProjectNotFound: on failure """ tenant_ref = self.identity_api.get_tenant( context=context, tenant_id=tenant_id) if not tenant_ref: - raise exception.TenantNotFound(tenant_id=tenant_id) + raise exception.ProjectNotFound(project_id=tenant_id) diff --git a/keystone/exception.py b/keystone/exception.py index 2787e064..fe978061 100644 --- a/keystone/exception.py +++ b/keystone/exception.py @@ -143,11 +143,7 @@ class DomainNotFound(NotFound): """Could not find domain: %(domain_id)s""" -class TenantNotFound(NotFound): - """Could not find tenant: %(tenant_id)s""" - - -class ProjectNotFound(TenantNotFound): +class ProjectNotFound(NotFound): """Could not find project: %(project_id)s""" diff --git a/keystone/identity/backends/kvs.py b/keystone/identity/backends/kvs.py index 3c0a0c40..674d24ca 100644 --- a/keystone/identity/backends/kvs.py +++ b/keystone/identity/backends/kvs.py @@ -49,7 +49,7 @@ class Identity(kvs.Base, identity.Driver): try: tenant_ref = self.get_tenant(tenant_id) metadata_ref = self.get_metadata(user_id, tenant_id) - except exception.TenantNotFound: + except exception.ProjectNotFound: tenant_ref = None metadata_ref = {} except exception.MetadataNotFound: @@ -61,7 +61,7 @@ class Identity(kvs.Base, identity.Driver): try: return self.db.get('tenant-%s' % tenant_id) except exception.NotFound: - raise exception.TenantNotFound(tenant_id=tenant_id) + raise exception.ProjectNotFound(project_id=tenant_id) def get_tenants(self): tenant_keys = filter(lambda x: x.startswith("tenant-"), self.db.keys()) @@ -71,7 +71,7 @@ class Identity(kvs.Base, identity.Driver): try: return self.db.get('tenant_name-%s' % tenant_name) except exception.NotFound: - raise exception.TenantNotFound(tenant_id=tenant_name) + raise exception.ProjectNotFound(project_id=tenant_name) def get_tenant_users(self, tenant_id): self.get_tenant(tenant_id) @@ -287,7 +287,7 @@ class Identity(kvs.Base, identity.Driver): tenant['name'] = clean.tenant_name(tenant['name']) try: self.get_tenant(tenant_id) - except exception.TenantNotFound: + except exception.ProjectNotFound: pass else: msg = 'Duplicate ID, %s.' % tenant_id @@ -295,7 +295,7 @@ class Identity(kvs.Base, identity.Driver): try: self.get_tenant_by_name(tenant['name']) - except exception.TenantNotFound: + except exception.ProjectNotFound: pass else: msg = 'Duplicate name, %s.' % tenant['name'] @@ -319,7 +319,7 @@ class Identity(kvs.Base, identity.Driver): try: old_tenant = self.db.get('tenant-%s' % tenant_id) except exception.NotFound: - raise exception.TenantNotFound(tenant_id=tenant_id) + raise exception.ProjectNotFound(project_id=tenant_id) new_tenant = old_tenant.copy() new_tenant.update(tenant) new_tenant['id'] = tenant_id @@ -332,7 +332,7 @@ class Identity(kvs.Base, identity.Driver): try: old_tenant = self.db.get('tenant-%s' % tenant_id) except exception.NotFound: - raise exception.TenantNotFound(tenant_id=tenant_id) + raise exception.ProjectNotFound(project_id=tenant_id) self.db.delete('tenant_name-%s' % old_tenant['name']) self.db.delete('tenant-%s' % tenant_id) diff --git a/keystone/identity/backends/ldap/core.py b/keystone/identity/backends/ldap/core.py index 175ff02c..0d4a54c1 100644 --- a/keystone/identity/backends/ldap/core.py +++ b/keystone/identity/backends/ldap/core.py @@ -41,7 +41,7 @@ class Identity(identity.Driver): self.suffix = CONF.ldap.suffix self.user = UserApi(CONF) - self.tenant = TenantApi(CONF) + self.tenant = ProjectApi(CONF) self.role = RoleApi(CONF) self.group = GroupApi(CONF) @@ -89,7 +89,7 @@ class Identity(identity.Driver): # TODO(termie): this should probably be made into a # get roles call metadata_ref = self.get_metadata(user_id, tenant_id) - except exception.TenantNotFound: + except exception.ProjectNotFound: tenant_ref = None metadata_ref = {} except exception.MetadataNotFound: @@ -101,7 +101,7 @@ class Identity(identity.Driver): try: return self.tenant.get(tenant_id) except exception.NotFound: - raise exception.TenantNotFound(tenant_id=tenant_id) + raise exception.ProjectNotFound(project_id=tenant_id) def get_tenants(self): return self.tenant.get_all() @@ -110,7 +110,7 @@ class Identity(identity.Driver): try: return self.tenant.get_by_name(tenant_name) except exception.NotFound: - raise exception.TenantNotFound(tenant_id=tenant_name) + raise exception.ProjectNotFound(project_id=tenant_name) def _get_user(self, user_id): try: @@ -240,7 +240,7 @@ class Identity(identity.Driver): try: return self.tenant.delete(tenant_id) except ldap.NO_SUCH_OBJECT: - raise exception.TenantNotFound(tenant_id=tenant_id) + raise exception.ProjectNotFound(project_id=tenant_id) def delete_user(self, user_id): try: @@ -307,7 +307,7 @@ class ApiShim(object): @property def tenant(self): if not self._tenant: - self._tenant = TenantApi(self.conf) + self._tenant = ProjectApi(self.conf) return self._tenant @property @@ -332,7 +332,7 @@ class ApiShimMixin(object): return self.api.role @property - def tenant_api(self): + def project_api(self): return self.api.tenant @property @@ -412,7 +412,7 @@ class UserApi(common_ldap.BaseLdap, ApiShimMixin): values = super(UserApi, self).create(values) tenant_id = values.get('tenant_id') if tenant_id is not None: - self.tenant_api.add_user(values['tenant_id'], values['id']) + self.project_api.add_user(values['tenant_id'], values['id']) return values def update(self, id, values): @@ -431,9 +431,9 @@ class UserApi(common_ldap.BaseLdap, ApiShimMixin): else: if old_obj.get('tenant_id') != new_tenant: if old_obj['tenant_id']: - self.tenant_api.remove_user(old_obj['tenant_id'], id) + self.project_api.remove_user(old_obj['tenant_id'], id) if new_tenant: - self.tenant_api.add_user(new_tenant, id) + self.project_api.add_user(new_tenant, id) values = utils.hash_ldap_user_password(values) if self.enabled_mask: @@ -444,7 +444,7 @@ class UserApi(common_ldap.BaseLdap, ApiShimMixin): def delete(self, id): user = self.get(id) if hasattr(user, 'tenant_id'): - self.tenant_api.remove_user(user.tenant_id, id) + self.project_api.remove_user(user.tenant_id, id) super(UserApi, self).delete(id) @@ -469,8 +469,8 @@ class UserApi(common_ldap.BaseLdap, ApiShimMixin): def get_by_tenant(self, user_id, tenant_id): user_dn = self._id_to_dn(user_id) user = self.get(user_id) - tenant = self.tenant_api._ldap_get(tenant_id, - '(member=%s)' % (user_dn,)) + tenant = self.project_api._ldap_get(tenant_id, + '(member=%s)' % (user_dn,)) if tenant is not None: return user else: @@ -491,12 +491,12 @@ class UserApi(common_ldap.BaseLdap, ApiShimMixin): def users_get_by_tenant_get_page(self, tenant_id, role_id, marker, limit): return self._get_page(marker, limit, - self.tenant_api.get_users(tenant_id, role_id)) + self.project_api.get_users(tenant_id, role_id)) def users_get_by_tenant_get_page_markers(self, tenant_id, role_id, marker, limit): return self._get_page_markers( - marker, limit, self.tenant_api.get_users(tenant_id, role_id)) + marker, limit, self.project_api.get_users(tenant_id, role_id)) def check_password(self, user_id, password): user = self.get(user_id) @@ -504,7 +504,7 @@ class UserApi(common_ldap.BaseLdap, ApiShimMixin): # TODO(termie): turn this into a data object and move logic to driver -class TenantApi(common_ldap.BaseLdap, ApiShimMixin): +class ProjectApi(common_ldap.BaseLdap, ApiShimMixin): DEFAULT_OU = 'ou=Groups' DEFAULT_STRUCTURAL_CLASSES = [] DEFAULT_OBJECTCLASS = 'groupOfNames' @@ -516,10 +516,10 @@ class TenantApi(common_ldap.BaseLdap, ApiShimMixin): 'description': 'desc', 'tenantId': 'cn', 'enabled': 'enabled'} - model = models.Tenant + model = models.Project def __init__(self, conf): - super(TenantApi, self).__init__(conf) + super(ProjectApi, self).__init__(conf) self.api = ApiShim(conf) self.attribute_mapping['name'] = conf.ldap.tenant_name_attribute self.attribute_mapping['description'] = conf.ldap.tenant_desc_attribute @@ -530,11 +530,11 @@ class TenantApi(common_ldap.BaseLdap, ApiShimMixin): or self.DEFAULT_ATTRIBUTE_IGNORE) def get(self, id, filter=None): - """Replaces exception.NotFound with exception.TenantNotFound.""" + """Replaces exception.NotFound with exception.ProjectNotFound.""" try: - return super(TenantApi, self).get(id, filter) + return super(ProjectApi, self).get(id, filter) except exception.NotFound: - raise exception.TenantNotFound(tenant_id=id) + raise exception.ProjectNotFound(project_id=id) def get_by_name(self, name, filter=None): # pylint: disable=W0221,W0613 search_filter = ('(%s=%s)' @@ -544,14 +544,14 @@ class TenantApi(common_ldap.BaseLdap, ApiShimMixin): try: return tenants[0] except IndexError: - raise exception.TenantNotFound(tenant_id=name) + raise exception.ProjectNotFound(project_id=name) def create(self, values): self.affirm_unique(values) data = values.copy() if data.get('id') is None: data['id'] = uuid.uuid4().hex - return super(TenantApi, self).create(data) + return super(ProjectApi, self).create(data) def get_user_tenants(self, user_id): """Returns list of tenants a user has access to @@ -625,20 +625,20 @@ class TenantApi(common_ldap.BaseLdap, ApiShimMixin): def delete(self, id): if self.subtree_delete_enabled: - super(TenantApi, self).deleteTree(id) + super(ProjectApi, self).deleteTree(id) else: self.role_api.roles_delete_subtree_by_tenant(id) - super(TenantApi, self).delete(id) + super(ProjectApi, self).delete(id) def update(self, id, values): try: old_obj = self.get(id) except exception.NotFound: - raise exception.TenantNotFound(tenant_id=id) + raise exception.ProjectNotFound(project_id=id) if old_obj['name'] != values['name']: msg = 'Changing Name not supported by LDAP' raise exception.NotImplemented(message=msg) - super(TenantApi, self).update(id, values, old_obj) + super(ProjectApi, self).update(id, values, old_obj) class UserRoleAssociation(object): @@ -672,7 +672,7 @@ class RoleApi(common_ldap.BaseLdap, ApiShimMixin): attribute_mapping = {'name': 'cn', #'serviceId': 'service_id', } - model = models.Tenant + model = models.Role def __init__(self, conf): super(RoleApi, self).__init__(conf) @@ -713,7 +713,7 @@ class RoleApi(common_ldap.BaseLdap, ApiShimMixin): else: return '%s=%s,%s' % (self.id_attr, ldap.dn.escape_dn_chars(role_id), - self.tenant_api._id_to_dn(tenant_id)) + self.project_api._id_to_dn(tenant_id)) def get(self, id, filter=None): model = super(RoleApi, self).get(id, filter) @@ -803,7 +803,7 @@ class RoleApi(common_ldap.BaseLdap, ApiShimMixin): def get_role_assignments(self, tenant_id): conn = self.get_connection() query = '(objectClass=%s)' % self.object_class - tenant_dn = self.tenant_api._id_to_dn(tenant_id) + tenant_dn = self.project_api._id_to_dn(tenant_id) try: roles = conn.search_s(tenant_dn, ldap.SCOPE_ONELEVEL, query) @@ -844,7 +844,7 @@ class RoleApi(common_ldap.BaseLdap, ApiShimMixin): self.member_attribute, user_dn) if tenant_id is not None: - tenant_dn = self.tenant_api._id_to_dn(tenant_id) + tenant_dn = self.project_api._id_to_dn(tenant_id) try: roles = conn.search_s(tenant_dn, ldap.SCOPE_ONELEVEL, query) except ldap.NO_SUCH_OBJECT: @@ -860,7 +860,7 @@ class RoleApi(common_ldap.BaseLdap, ApiShimMixin): tenant_id=tenant_id)) else: try: - roles = conn.search_s(self.tenant_api.tree_dn, + roles = conn.search_s(self.project_api.tree_dn, ldap.SCOPE_SUBTREE, query) except ldap.NO_SUCH_OBJECT: @@ -911,7 +911,7 @@ class RoleApi(common_ldap.BaseLdap, ApiShimMixin): if tenant_id is None: all_roles += self.list_global_roles_for_user(user_id) else: - for tenant in self.tenant_api.get_all(): + for tenant in self.project_api.get_all(): all_roles += self.list_tenant_roles_for_user(user_id, tenant['id']) return self._get_page(marker, limit, all_roles) @@ -921,7 +921,7 @@ class RoleApi(common_ldap.BaseLdap, ApiShimMixin): if tenant_id is None: all_roles = self.list_global_roles_for_user(user_id) else: - for tenant in self.tenant_api.get_all(): + for tenant in self.project_api.get_all(): all_roles += self.list_tenant_roles_for_user(user_id, tenant['id']) return self._get_page_markers(marker, limit, all_roles) @@ -956,7 +956,7 @@ class RoleApi(common_ldap.BaseLdap, ApiShimMixin): tenant_id = None if tenant_dns is not None: for tenant_dn in tenant_dns: - tenant_id = self.tenant_api._dn_to_id(tenant_dn) + tenant_id = self.project_api._dn_to_id(tenant_dn) role_id = self._dn_to_id(role_dn) res.append(UserRoleAssociation( id=self._create_ref(role_id, tenant_id, user_id), @@ -968,7 +968,7 @@ class RoleApi(common_ldap.BaseLdap, ApiShimMixin): def roles_delete_subtree_by_tenant(self, tenant_id): conn = self.get_connection() query = '(objectClass=%s)' % self.object_class - tenant_dn = self.tenant_api._id_to_dn(tenant_id) + tenant_dn = self.project_api._id_to_dn(tenant_id) try: roles = conn.search_s(tenant_dn, ldap.SCOPE_ONELEVEL, query) for role_dn, _ in roles: @@ -987,7 +987,7 @@ class RoleApi(common_ldap.BaseLdap, ApiShimMixin): user_dn) if tenant_id is not None: - tenant_dn = self.tenant_api._id_to_dn(tenant_id) + tenant_dn = self.project_api._id_to_dn(tenant_id) try: roles = conn.search_s(tenant_dn, ldap.SCOPE_ONELEVEL, query) except ldap.NO_SUCH_OBJECT: @@ -1040,7 +1040,7 @@ class RoleApi(common_ldap.BaseLdap, ApiShimMixin): conn = self.get_connection() query = '(&(objectClass=%s)(%s=%s))' % (self.object_class, self.id_attr, id) - tenant_dn = self.tenant_api.tree_dn + tenant_dn = self.project_api.tree_dn try: for role_dn, _ in conn.search_s(tenant_dn, ldap.SCOPE_SUBTREE, diff --git a/keystone/identity/backends/sql.py b/keystone/identity/backends/sql.py index da2c5a3d..6f4e9897 100644 --- a/keystone/identity/backends/sql.py +++ b/keystone/identity/backends/sql.py @@ -79,7 +79,7 @@ class Domain(sql.ModelBase, sql.DictBase): # TODO(dolph): rename to Project -class Tenant(sql.ModelBase, sql.DictBase): +class Project(sql.ModelBase, sql.DictBase): __tablename__ = 'project' attributes = ['id', 'name'] id = sql.Column(sql.String(64), primary_key=True) @@ -138,8 +138,8 @@ class GroupDomainGrant(sql.ModelBase, BaseGrant): # TODO(dolph): ... do we need this table? -class UserTenantMembership(sql.ModelBase, sql.DictBase): - """Tenant membership join table.""" +class UserProjectMembership(sql.ModelBase, sql.DictBase): + """Project membership join table.""" __tablename__ = 'user_project_membership' user_id = sql.Column(sql.String(64), sql.ForeignKey('user.id'), @@ -206,7 +206,7 @@ class Identity(sql.Base, identity.Driver): try: tenant_ref = self.get_tenant(tenant_id) metadata_ref = self.get_metadata(user_id, tenant_id) - except exception.TenantNotFound: + except exception.ProjectNotFound: tenant_ref = None metadata_ref = {} except exception.MetadataNotFound: @@ -216,24 +216,24 @@ class Identity(sql.Base, identity.Driver): def get_tenant(self, tenant_id): session = self.get_session() - tenant_ref = session.query(Tenant).filter_by(id=tenant_id).first() + tenant_ref = session.query(Project).filter_by(id=tenant_id).first() if tenant_ref is None: - raise exception.TenantNotFound(tenant_id=tenant_id) + raise exception.ProjectNotFound(project_id=tenant_id) return tenant_ref.to_dict() def get_tenant_by_name(self, tenant_name): session = self.get_session() - tenant_ref = session.query(Tenant).filter_by(name=tenant_name).first() + tenant_ref = session.query(Project).filter_by(name=tenant_name).first() if not tenant_ref: - raise exception.TenantNotFound(tenant_id=tenant_name) + raise exception.ProjectNotFound(project_id=tenant_name) return tenant_ref.to_dict() def get_tenant_users(self, tenant_id): session = self.get_session() self.get_tenant(tenant_id) query = session.query(User) - query = query.join(UserTenantMembership) - query = query.filter(UserTenantMembership.tenant_id == tenant_id) + query = query.join(UserProjectMembership) + query = query.filter(UserProjectMembership.tenant_id == tenant_id) user_refs = query.all() return [identity.filter_user(user_ref.to_dict()) for user_ref in user_refs] @@ -370,7 +370,7 @@ class Identity(sql.Base, identity.Driver): session = self.get_session() self.get_tenant(tenant_id) self.get_user(user_id) - query = session.query(UserTenantMembership) + query = session.query(UserProjectMembership) query = query.filter_by(user_id=user_id) query = query.filter_by(tenant_id=tenant_id) rv = query.first() @@ -378,15 +378,15 @@ class Identity(sql.Base, identity.Driver): return with session.begin(): - session.add(UserTenantMembership(user_id=user_id, - tenant_id=tenant_id)) + session.add(UserProjectMembership(user_id=user_id, + tenant_id=tenant_id)) session.flush() def remove_user_from_tenant(self, tenant_id, user_id): session = self.get_session() self.get_tenant(tenant_id) self.get_user(user_id) - query = session.query(UserTenantMembership) + query = session.query(UserProjectMembership) query = query.filter_by(user_id=user_id) query = query.filter_by(tenant_id=tenant_id) membership_ref = query.first() @@ -398,13 +398,13 @@ class Identity(sql.Base, identity.Driver): def get_tenants(self): session = self.get_session() - tenant_refs = session.query(Tenant).all() + tenant_refs = session.query(Project).all() return [tenant_ref.to_dict() for tenant_ref in tenant_refs] def get_tenants_for_user(self, user_id): session = self.get_session() self.get_user(user_id) - query = session.query(UserTenantMembership) + query = session.query(UserProjectMembership) query = query.filter_by(user_id=user_id) membership_refs = query.all() return [x.tenant_id for x in membership_refs] @@ -465,7 +465,7 @@ class Identity(sql.Base, identity.Driver): tenant['name'] = clean.tenant_name(tenant['name']) session = self.get_session() with session.begin(): - tenant_ref = Tenant.from_dict(tenant) + tenant_ref = Project.from_dict(tenant) session.add(tenant_ref) session.flush() return tenant_ref.to_dict() @@ -478,15 +478,15 @@ class Identity(sql.Base, identity.Driver): tenant['name'] = clean.tenant_name(tenant['name']) try: - tenant_ref = session.query(Tenant).filter_by(id=tenant_id).one() + tenant_ref = session.query(Project).filter_by(id=tenant_id).one() except sql.NotFound: - raise exception.TenantNotFound(tenant_id=tenant_id) + raise exception.ProjectNotFound(project_id=tenant_id) with session.begin(): old_tenant_dict = tenant_ref.to_dict() for k in tenant: old_tenant_dict[k] = tenant[k] - new_tenant = Tenant.from_dict(old_tenant_dict) + new_tenant = Project.from_dict(old_tenant_dict) tenant_ref.name = new_tenant.name tenant_ref.extra = new_tenant.extra session.flush() @@ -496,12 +496,12 @@ class Identity(sql.Base, identity.Driver): session = self.get_session() try: - tenant_ref = session.query(Tenant).filter_by(id=tenant_id).one() + tenant_ref = session.query(Project).filter_by(id=tenant_id).one() except sql.NotFound: - raise exception.TenantNotFound(tenant_id=tenant_id) + raise exception.ProjectNotFound(project_id=tenant_id) with session.begin(): - q = session.query(UserTenantMembership) + q = session.query(UserProjectMembership) q = q.filter_by(tenant_id=tenant_id) q.delete(False) @@ -513,8 +513,9 @@ class Identity(sql.Base, identity.Driver): q = q.filter_by(project_id=tenant_id) q.delete(False) - if not session.query(Tenant).filter_by(id=tenant_id).delete(False): - raise exception.TenantNotFound(tenant_id=tenant_id) + delete_query = session.query(Project).filter_by(id=tenant_id) + if not delete_query.delete(False): + raise exception.ProjectNotFound(project_id=tenant_id) session.delete(tenant_ref) session.flush() @@ -641,14 +642,14 @@ class Identity(sql.Base, identity.Driver): def update_project(self, project_id, project): session = self.get_session() with session.begin(): - ref = session.query(Tenant).filter_by(id=project_id).first() + ref = session.query(Project).filter_by(id=project_id).first() if ref is None: - raise exception.TenantNotFound(project_id=project_id) + raise exception.ProjectNotFound(project_id=project_id) old_dict = ref.to_dict() for k in project: old_dict[k] = project[k] - new_project = Tenant.from_dict(old_dict) - for attr in Tenant.attributes: + new_project = Project.from_dict(old_dict) + for attr in Project.attributes: if attr != 'id': setattr(ref, attr, getattr(new_project, attr)) ref.extra = new_project.extra @@ -803,7 +804,7 @@ class Identity(sql.Base, identity.Driver): raise exception.UserNotFound(user_id=user_id) with session.begin(): - q = session.query(UserTenantMembership) + q = session.query(UserProjectMembership) q = q.filter_by(user_id=user_id) q.delete(False) diff --git a/keystone/identity/controllers.py b/keystone/identity/controllers.py index 35c1cccf..70ab66cf 100644 --- a/keystone/identity/controllers.py +++ b/keystone/identity/controllers.py @@ -178,7 +178,7 @@ class User(controller.V2Controller): tenant_id = user.get('tenantId', None) if (tenant_id is not None and self.identity_api.get_tenant(context, tenant_id) is None): - raise exception.TenantNotFound(tenant_id=tenant_id) + raise exception.ProjectNotFound(project_id=tenant_id) user_id = uuid.uuid4().hex user_ref = user.copy() user_ref['id'] = user_id diff --git a/keystone/identity/core.py b/keystone/identity/core.py index fa9c089c..73541a9a 100644 --- a/keystone/identity/core.py +++ b/keystone/identity/core.py @@ -76,7 +76,7 @@ class Driver(object): """Get a tenant by id. :returns: tenant_ref - :raises: keystone.exception.TenantNotFound + :raises: keystone.exception.ProjectNotFound """ raise exception.NotImplemented() @@ -85,7 +85,7 @@ class Driver(object): """Get a tenant by name. :returns: tenant_ref - :raises: keystone.exception.TenantNotFound + :raises: keystone.exception.ProjectNotFound """ raise exception.NotImplemented() @@ -102,7 +102,7 @@ class Driver(object): def add_user_to_tenant(self, tenant_id, user_id): """Add user to a tenant without an explicit role relationship. - :raises: keystone.exception.TenantNotFound, + :raises: keystone.exception.ProjectNotFound, keystone.exception.UserNotFound """ @@ -111,7 +111,7 @@ class Driver(object): def remove_user_from_tenant(self, tenant_id, user_id): """Remove user from a tenant without an explicit role relationship. - :raises: keystone.exception.TenantNotFound, + :raises: keystone.exception.ProjectNotFound, keystone.exception.UserNotFound """ @@ -153,7 +153,7 @@ class Driver(object): :returns: a list of role ids. :raises: keystone.exception.UserNotFound, - keystone.exception.TenantNotFound + keystone.exception.ProjectNotFound """ raise exception.NotImplemented() @@ -162,7 +162,7 @@ class Driver(object): """Add a role to a user within given tenant. :raises: keystone.exception.UserNotFound, - keystone.exception.TenantNotFound, + keystone.exception.ProjectNotFound, keystone.exception.RoleNotFound """ raise exception.NotImplemented() @@ -171,7 +171,7 @@ class Driver(object): """Remove a role from a user within given tenant. :raises: keystone.exception.UserNotFound, - keystone.exception.TenantNotFound, + keystone.exception.ProjectNotFound, keystone.exception.RoleNotFound """ @@ -189,7 +189,8 @@ class Driver(object): def update_tenant(self, tenant_id, tenant): """Updates an existing tenant. - :raises: keystone.exception.TenantNotFound, keystone.exception.Conflict + :raises: keystone.exception.ProjectNotFound, + keystone.exception.Conflict """ raise exception.NotImplemented() @@ -197,7 +198,7 @@ class Driver(object): def delete_tenant(self, tenant_id): """Deletes an existing tenant. - :raises: keystone.exception.TenantNotFound + :raises: keystone.exception.ProjectNotFound """ raise exception.NotImplemented() diff --git a/keystone/token/controllers.py b/keystone/token/controllers.py index 70359869..312663d4 100644 --- a/keystone/token/controllers.py +++ b/keystone/token/controllers.py @@ -305,7 +305,7 @@ class Auth(controller.V2Controller): tenant_ref = self.identity_api.get_tenant_by_name( context=context, tenant_name=tenant_name) tenant_id = tenant_ref['id'] - except exception.TenantNotFound as e: + except exception.ProjectNotFound as e: raise exception.Unauthorized(e) return tenant_id @@ -323,7 +323,7 @@ class Auth(controller.V2Controller): try: tenant_ref = self.identity_api.get_tenant(context=context, tenant_id=tenant_id) - except exception.TenantNotFound as e: + except exception.ProjectNotFound as e: exception.Unauthorized(e) return tenant_ref diff --git a/keystone/token/core.py b/keystone/token/core.py index e8da9f1d..68bd94cd 100644 --- a/keystone/token/core.py +++ b/keystone/token/core.py @@ -147,6 +147,6 @@ class Driver(object): """Invalidates all tokens held by a user (optionally for a tenant). :raises: keystone.exception.UserNotFound, - keystone.exception.TenantNotFound + keystone.exception.ProjectNotFound """ raise exception.NotImplemented() diff --git a/tests/test_backend.py b/tests/test_backend.py index 9e0bffff..672a8ffc 100644 --- a/tests/test_backend.py +++ b/tests/test_backend.py @@ -111,7 +111,7 @@ class IdentityTests(object): self.assertDictEqual(tenant_ref, self.tenant_bar) def test_get_tenant_404(self): - self.assertRaises(exception.TenantNotFound, + self.assertRaises(exception.ProjectNotFound, self.identity_api.get_tenant, tenant_id=uuid.uuid4().hex) @@ -121,12 +121,12 @@ class IdentityTests(object): self.assertDictEqual(tenant_ref, self.tenant_bar) def test_get_tenant_by_name_404(self): - self.assertRaises(exception.TenantNotFound, + self.assertRaises(exception.ProjectNotFound, self.identity_api.get_tenant, tenant_id=uuid.uuid4().hex) def test_get_tenant_users_404(self): - self.assertRaises(exception.TenantNotFound, + self.assertRaises(exception.ProjectNotFound, self.identity_api.get_tenant_users, tenant_id=uuid.uuid4().hex) @@ -307,7 +307,7 @@ class IdentityTests(object): self.identity_api.update_tenant('fake1', tenant) tenant_ref = self.identity_api.get_tenant('fake1') self.assertEqual(tenant_ref['id'], 'fake1') - self.assertRaises(exception.TenantNotFound, + self.assertRaises(exception.ProjectNotFound, self.identity_api.get_tenant, 'fake2') @@ -347,7 +347,7 @@ class IdentityTests(object): uuid.uuid4().hex, self.tenant_bar['id']) - self.assertRaises(exception.TenantNotFound, + self.assertRaises(exception.ProjectNotFound, self.identity_api.get_roles_for_user_and_tenant, self.user_foo['id'], uuid.uuid4().hex) @@ -359,7 +359,7 @@ class IdentityTests(object): self.tenant_bar['id'], 'keystone_admin') - self.assertRaises(exception.TenantNotFound, + self.assertRaises(exception.ProjectNotFound, self.identity_api.add_role_to_user_and_tenant, self.user_foo['id'], uuid.uuid4().hex, @@ -417,7 +417,7 @@ class IdentityTests(object): user_id=uuid.uuid4().hex, project_id=self.tenant_bar['id']) - self.assertRaises(exception.TenantNotFound, + self.assertRaises(exception.ProjectNotFound, self.identity_api.list_grants, user_id=self.user_foo['id'], project_id=uuid.uuid4().hex) @@ -429,7 +429,7 @@ class IdentityTests(object): project_id=self.tenant_bar['id'], role_id='keystone_admin') - self.assertRaises(exception.TenantNotFound, + self.assertRaises(exception.ProjectNotFound, self.identity_api.create_grant, user_id=self.user_foo['id'], project_id=uuid.uuid4().hex, @@ -596,7 +596,7 @@ class IdentityTests(object): self.assertIn(self.tenant_bar['id'], tenants) def test_add_user_to_tenant_404(self): - self.assertRaises(exception.TenantNotFound, + self.assertRaises(exception.ProjectNotFound, self.identity_api.add_user_to_tenant, uuid.uuid4().hex, self.user_foo['id']) @@ -615,7 +615,7 @@ class IdentityTests(object): self.assertNotIn(self.tenant_bar['id'], tenants) def test_remove_user_from_tenant_404(self): - self.assertRaises(exception.TenantNotFound, + self.assertRaises(exception.ProjectNotFound, self.identity_api.remove_user_from_tenant, uuid.uuid4().hex, self.user_foo['id']) @@ -636,13 +636,13 @@ class IdentityTests(object): uuid.uuid4().hex) def test_update_tenant_404(self): - self.assertRaises(exception.TenantNotFound, + self.assertRaises(exception.ProjectNotFound, self.identity_api.update_tenant, uuid.uuid4().hex, dict()) def test_delete_tenant_404(self): - self.assertRaises(exception.TenantNotFound, + self.assertRaises(exception.ProjectNotFound, self.identity_api.delete_tenant, uuid.uuid4().hex) diff --git a/tests/test_backend_kvs.py b/tests/test_backend_kvs.py index d3c79e70..dd8a28a2 100644 --- a/tests/test_backend_kvs.py +++ b/tests/test_backend_kvs.py @@ -54,7 +54,7 @@ class KvsCatalog(test.TestCase, test_backend.CatalogTests): def test_get_catalog_404(self): # FIXME(dolph): this test should be moved up to test_backend - # FIXME(dolph): exceptions should be UserNotFound and TenantNotFound + # FIXME(dolph): exceptions should be UserNotFound and ProjectNotFound self.assertRaises(exception.NotFound, self.catalog_api.get_catalog, uuid.uuid4().hex, diff --git a/tests/test_backend_ldap.py b/tests/test_backend_ldap.py index b8c0fbe7..ca74a3e8 100644 --- a/tests/test_backend_ldap.py +++ b/tests/test_backend_ldap.py @@ -131,7 +131,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): self.identity_api.update_tenant('fake1', tenant) self.identity_api.delete_tenant('fake1') - self.assertRaises(exception.TenantNotFound, + self.assertRaises(exception.ProjectNotFound, self.identity_api.get_tenant, 'fake1') @@ -226,7 +226,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): CONF.ldap.tenant_filter = '(CN=DOES_NOT_MATCH)' self.identity_api = identity_ldap.Identity() - self.assertRaises(exception.TenantNotFound, + self.assertRaises(exception.ProjectNotFound, self.identity_api.get_tenant, self.tenant_bar['id']) diff --git a/tests/test_backend_sql.py b/tests/test_backend_sql.py index cff7788c..e8ccc98e 100644 --- a/tests/test_backend_sql.py +++ b/tests/test_backend_sql.py @@ -96,10 +96,10 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests): self.identity_api.create_tenant, tenant['id'], tenant) - self.assertRaises(exception.TenantNotFound, + self.assertRaises(exception.ProjectNotFound, self.identity_api.get_tenant, tenant['id']) - self.assertRaises(exception.TenantNotFound, + self.assertRaises(exception.ProjectNotFound, self.identity_api.get_tenant_by_name, tenant['name']) -- cgit