def test_token_revocation_list_uses_right_columns(self):
# This query used to be heavy with too many columns. We want
# to make sure it is only running with the minimum columns
# necessary.
fixture = self.useFixture(moxstubout.MoxStubout())
self.mox = fixture.mox
tok = token_sql.Token()
session = sql.get_session()
q = session.query(token_sql.TokenModel.id, token_sql.TokenModel.expires)
self.mox.StubOutWithMock(session, "query")
session.query(token_sql.TokenModel.id, token_sql.TokenModel.expires).AndReturn(q)
self.mox.StubOutWithMock(sql, "get_session")
sql.get_session().AndReturn(session)
self.mox.ReplayAll()
tok.list_revoked_tokens()
def get_v3_catalog(self, user_id, tenant_id, metadata=None):
d = dict(six.iteritems(CONF))
d.update({'tenant_id': tenant_id,
'user_id': user_id})
session = sql.get_session()
services = (session.query(Service).filter(Service.enabled == true()).
options(sql.joinedload(Service.endpoints)).
all())
def make_v3_endpoints(endpoints):
for endpoint in (ep.to_dict() for ep in endpoints if ep.enabled):
del endpoint['service_id']
del endpoint['legacy_endpoint_id']
del endpoint['enabled']
endpoint['region'] = endpoint['region_id']
try:
endpoint['url'] = core.format_url(endpoint['url'], d)
except exception.MalformedEndpoint:
continue # this failure is already logged in format_url()
yield endpoint
def make_v3_service(svc):
eps = list(make_v3_endpoints(svc.endpoints))
service = {'endpoints': eps, 'id': svc.id, 'type': svc.type}
service['name'] = svc.extra.get('name', '')
return service
return [make_v3_service(svc) for svc in services]
def get_catalog(self, user_id, tenant_id, metadata=None):
substitutions = dict(six.iteritems(CONF))
substitutions.update({'tenant_id': tenant_id, 'user_id': user_id})
session = sql.get_session()
endpoints = (session.query(Endpoint).
options(sql.joinedload(Endpoint.service)).
filter(Endpoint.enabled == true()).all())
catalog = {}
for endpoint in endpoints:
if not endpoint.service['enabled']:
continue
try:
url = core.format_url(endpoint['url'], substitutions)
except exception.MalformedEndpoint:
continue # this failure is already logged in format_url()
region = endpoint['region_id']
service_type = endpoint.service['type']
default_service = {
'id': endpoint['id'],
'name': endpoint.service.extra.get('name', ''),
'publicURL': ''
}
catalog.setdefault(region, {})
catalog[region].setdefault(service_type, default_service)
interface_url = '%sURL' % endpoint['interface']
catalog[region][service_type][interface_url] = url
return catalog
def delete_credentials_for_user(self, user_id):
session = sql.get_session()
with session.begin():
query = session.query(CredentialModel)
query = query.filter_by(user_id=user_id)
query.delete()
def list_users_in_group(self, group_id, hints):
session = sql.get_session()
self.get_group(group_id)
query = session.query(User).join(UserGroupMembership)
query = query.filter(UserGroupMembership.group_id == group_id)
query = sql.filter_limit_query(User, query, hints)
return [identity.filter_user(u.to_dict()) for u in query]
def list_credentials(self, **filters):
session = sql.get_session()
query = session.query(CredentialModel)
if 'user_id' in filters:
query = query.filter_by(user_id=filters.get('user_id'))
refs = query.all()
return [ref.to_dict() for ref in refs]
def delete_token(self, token_id):
session = sql.get_session()
with session.begin():
token_ref = session.query(TokenModel).get(token_id)
if not token_ref or not token_ref.valid:
raise exception.TokenNotFound(token_id=token_id)
token_ref.valid = False
def create_user(self, user_id, user):
user = utils.hash_user_password(user)
session = sql.get_session()
with session.begin():
user_ref = User.from_dict(user)
session.add(user_ref)
return identity.filter_user(user_ref.to_dict())
def remove_endpoint_group_from_project(self, endpoint_group_id,
project_id):
session = sql.get_session()
endpoint_group_project_ref = self._get_endpoint_group_in_project(
session, endpoint_group_id, project_id)
with session.begin():
session.delete(endpoint_group_project_ref)
def get_catalog(self, user_id, tenant_id, metadata=None):
substitutions = dict(six.iteritems(CONF))
substitutions.update({"tenant_id": tenant_id, "user_id": user_id})
session = sql.get_session()
t = True # variable for singleton for PEP8, E712.
endpoints = (
session.query(Endpoint).options(sql.joinedload(Endpoint.service)).filter(Endpoint.enabled == t).all()
)
catalog = {}
for endpoint in endpoints:
if not endpoint.service["enabled"]:
continue
try:
url = core.format_url(endpoint["url"], substitutions)
except exception.MalformedEndpoint:
continue # this failure is already logged in format_url()
region = endpoint["region"]
service_type = endpoint.service["type"]
default_service = {"id": endpoint["id"], "name": endpoint.service["name"], "publicURL": ""}
catalog.setdefault(region, {})
catalog[region].setdefault(service_type, default_service)
interface_url = "%sURL" % endpoint["interface"]
catalog[region][service_type][interface_url] = url
return catalog
def get_v3_catalog(self, user_id, tenant_id, metadata=None):
d = dict(six.iteritems(CONF))
d.update({"tenant_id": tenant_id, "user_id": user_id})
session = sql.get_session()
t = True # variable for singleton for PEP8, E712.
services = session.query(Service).filter(Service.enabled == t).options(sql.joinedload(Service.endpoints)).all()
def make_v3_endpoints(endpoints):
for endpoint in (ep.to_dict() for ep in endpoints if ep.enabled):
del endpoint["service_id"]
del endpoint["legacy_endpoint_id"]
del endpoint["enabled"]
try:
endpoint["url"] = core.format_url(endpoint["url"], d)
except exception.MalformedEndpoint:
continue # this failure is already logged in format_url()
yield endpoint
def make_v3_service(svc):
eps = list(make_v3_endpoints(svc.endpoints))
service = {"endpoints": eps, "id": svc.id, "type": svc.type}
name = svc.extra.get("name")
if name:
service["name"] = name
return service
return [make_v3_service(svc) for svc in services]
def create_region(self, region_ref):
session = sql.get_session()
with session.begin():
self._check_parent_region(session, region_ref)
region = Region.from_dict(region_ref)
session.add(region)
return region.to_dict()
def create_endpoint(self, endpoint_id, endpoint_ref):
session = sql.get_session()
self.get_service(endpoint_ref["service_id"])
new_endpoint = Endpoint.from_dict(endpoint_ref)
with session.begin():
session.add(new_endpoint)
return new_endpoint.to_dict()
def delete_tokens(self, user_id, tenant_id=None, trust_id=None, consumer_id=None):
"""Deletes all tokens in one session
The user_id will be ignored if the trust_id is specified. user_id
will always be specified.
If using a trust, the token's user_id is set to the trustee's user ID
or the trustor's user ID, so will use trust_id to query the tokens.
"""
session = sql.get_session()
token_list = []
with session.begin():
now = timeutils.utcnow()
query = session.query(TokenModel)
query = query.filter_by(valid=True)
query = query.filter(TokenModel.expires > now)
if trust_id:
query = query.filter(TokenModel.trust_id == trust_id)
else:
query = query.filter(TokenModel.user_id == user_id)
for token_ref in query.all():
if tenant_id:
token_ref_dict = token_ref.to_dict()
if not self._tenant_matches(tenant_id, token_ref_dict):
continue
if consumer_id:
token_ref_dict = token_ref.to_dict()
if not self._consumer_matches(consumer_id, token_ref_dict):
continue
token_ref.valid = False
token_list.append(token_ref.id)
return token_list
def remove_user(self, user_id):
session = sql.get_session()
LOG.info('removing user %s from spassword' % user_id)
spassword_ref = session.query(SPasswordModel).get(user_id)
if spassword_ref:
with session.begin():
session.delete(spassword_ref)
def store_new_activation_key(self, profile_id, new_ref):
session = sql.get_session()
with session.begin():
profile_ref = session.query(ActivationProfile).get(profile_id)
profile_ref.activation_key = new_ref['activation_key']
profile_ref.expires_at = new_ref['expires_at']
return profile_ref.to_dict()
def delete_user_profiles(self, user_id):
session = sql.get_session()
with session.begin():
for profile_class in (ResetProfile, ActivationProfile):
q = session.query(profile_class)
q = q.filter_by(user_id=user_id)
q.delete(False)
def create_access_token(self, request_token_id, token_duration,
access_token_id=None, access_token_secret=None):
if access_token_id is None:
access_token_id = uuid.uuid4().hex
if access_token_secret is None:
access_token_secret = uuid.uuid4().hex
session = sql.get_session()
with session.begin():
req_token_ref = self._get_request_token(session, request_token_id)
token_dict = req_token_ref.to_dict()
expiry_date = None
if token_duration:
now = timeutils.utcnow()
future = now + datetime.timedelta(seconds=token_duration)
expiry_date = timeutils.isotime(future, subsecond=True)
# add Access Token
ref = {}
ref['id'] = access_token_id
ref['access_secret'] = access_token_secret
ref['authorizing_user_id'] = token_dict['authorizing_user_id']
ref['project_id'] = token_dict['requested_project_id']
ref['role_ids'] = token_dict['role_ids']
ref['consumer_id'] = token_dict['consumer_id']
ref['expires_at'] = expiry_date
token_ref = AccessToken.from_dict(ref)
session.add(token_ref)
# remove request token, it's been used
session.delete(req_token_ref)
return token_ref.to_dict()
def get_two_factor_info(self, user_id):
session = sql.get_session()
twofactor = session.query(TwoFactor).get(user_id)
if twofactor is None:
raise exception.NotFound(_('Two Factor Authentication is not enabled for user %s.' %user_id))
else:
return twofactor
def list_groups_for_user(self, user_id, hints):
session = sql.get_session()
self.get_user(user_id)
query = session.query(Group).join(UserGroupMembership)
query = query.filter(UserGroupMembership.user_id == user_id)
query = sql.filter_limit_query(Group, query, hints)
return [g.to_dict() for g in query]
def create_request_token(self, consumer_id, project_id, token_duration,
request_token_id=None, request_token_secret=None):
if request_token_id is None:
request_token_id = uuid.uuid4().hex
if request_token_secret is None:
request_token_secret = uuid.uuid4().hex
expiry_date = None
if token_duration:
now = timeutils.utcnow()
future = now + datetime.timedelta(seconds=token_duration)
expiry_date = timeutils.isotime(future, subsecond=True)
ref = {}
ref['id'] = request_token_id
ref['request_secret'] = request_token_secret
ref['verifier'] = None
ref['authorizing_user_id'] = None
ref['requested_project_id'] = project_id
ref['role_ids'] = None
ref['consumer_id'] = consumer_id
ref['expires_at'] = expiry_date
session = sql.get_session()
with session.begin():
token_ref = RequestToken.from_dict(ref)
session.add(token_ref)
return token_ref.to_dict()
def create_idp(self, idp_id, idp):
session = sql.get_session()
with session.begin():
idp['id'] = idp_id
idp_ref = IdentityProviderModel.from_dict(idp)
session.add(idp_ref)
return idp_ref.to_dict()
def delete_all_devices(self, user_id):
session = sql.get_session()
devices = session.query(TwoFactorDevice).filter_by(user_id=user_id)
for device in devices:
with session.begin():
session.delete(device)
def get_v3_catalog(self, user_id, tenant_id, metadata=None):
d = dict(six.iteritems(CONF))
d.update({'tenant_id': tenant_id,
'user_id': user_id})
session = sql.get_session()
t = True # variable for singleton for PEP8, E712.
services = (session.query(Service).filter(Service.enabled == t).
options(sql.joinedload(Service.endpoints)).
all())
def make_v3_endpoint(endpoint):
endpoint = endpoint.to_dict()
del endpoint['service_id']
endpoint['url'] = core.format_url(endpoint['url'], d)
return endpoint
def make_v3_service(svc):
eps = [make_v3_endpoint(ep) for ep in svc.endpoints if ep.enabled]
service = {'endpoints': eps, 'id': svc.id, 'type': svc.type}
name = svc.extra.get('name')
if name:
service['name'] = name
return service
return [make_v3_service(svc) for svc in services]
def delete_region(self, region_id):
session = sql.get_session()
with session.begin():
ref = self._get_region(session, region_id)
self._delete_child_regions(session, region_id)
session.query(Region).filter_by(id=region_id).delete()
session.delete(ref)
def get_catalog(self, user_id, tenant_id, metadata=None):
d = dict(six.iteritems(CONF))
d.update({'tenant_id': tenant_id,
'user_id': user_id})
session = sql.get_session()
t = True # variable for singleton for PEP8, E712.
endpoints = (session.query(Endpoint).
options(sql.joinedload(Endpoint.service)).
filter(Endpoint.enabled == t).all())
catalog = {}
for endpoint in endpoints:
if not endpoint.service['enabled']:
continue
region = endpoint['region']
service_type = endpoint.service['type']
default_service = {
'id': endpoint['id'],
'name': endpoint.service['name'],
'publicURL': ''
}
catalog.setdefault(region, {})
catalog[region].setdefault(service_type, default_service)
url = core.format_url(endpoint['url'], d)
interface_url = '%sURL' % endpoint['interface']
catalog[region][service_type][interface_url] = url
return catalog
def _get_metadata(self, user_id=None, tenant_id=None,
domain_id=None, group_id=None, session=None):
# TODO(henry-nash): This method represents the last vestiges of the old
# metadata concept in this driver. Although we no longer need it here,
# since the Manager layer uses the metadata concept across all
# assignment drivers, we need to remove it from all of them in order to
# finally remove this method.
# We aren't given a session when called by the manager directly.
if session is None:
session = sql.get_session()
q = session.query(RoleAssignment)
q = q.filter_by(actor_id=user_id or group_id)
q = q.filter_by(target_id=tenant_id or domain_id)
refs = q.all()
if not refs:
raise exception.MetadataNotFound()
metadata_ref = {}
metadata_ref['roles'] = []
for assignment in refs:
role_ref = {}
role_ref['id'] = assignment.role_id
if assignment.inherited and (
assignment.type == AssignmentType.USER_DOMAIN or
assignment.type == AssignmentType.GROUP_DOMAIN):
role_ref['inherited_to'] = 'projects'
metadata_ref['roles'].append(role_ref)
return metadata_ref
def get_v3_catalog(self, user_id, tenant_id, metadata=None):
d = dict(itertools.chain(six.iteritems(CONF), six.iteritems(CONF.eventlet_server)))
d.update({"tenant_id": tenant_id, "user_id": user_id})
session = sql.get_session()
services = (
session.query(Service).filter(Service.enabled == true()).options(sql.joinedload(Service.endpoints)).all()
)
def make_v3_endpoints(endpoints):
for endpoint in (ep.to_dict() for ep in endpoints if ep.enabled):
del endpoint["service_id"]
del endpoint["legacy_endpoint_id"]
del endpoint["enabled"]
endpoint["region"] = endpoint["region_id"]
try:
endpoint["url"] = core.format_url(endpoint["url"], d)
except exception.MalformedEndpoint:
continue # this failure is already logged in format_url()
yield endpoint
def make_v3_service(svc):
eps = list(make_v3_endpoints(svc.endpoints))
service = {"endpoints": eps, "id": svc.id, "type": svc.type}
service["name"] = svc.extra.get("name", "")
return service
return [make_v3_service(svc) for svc in services]
def get_mapping_from_idp_and_protocol(self, idp_id, protocol_id):
session = sql.get_session()
with session.begin():
protocol_ref = self._get_protocol(session, idp_id, protocol_id)
mapping_id = protocol_ref.mapping_id
mapping_ref = self._get_mapping(session, mapping_id)
return mapping_ref.to_dict()
def delete_credentials_for_project(self, project_id):
session = sql.get_session()
with session.begin():
query = session.query(CredentialModel)
query = query.filter_by(project_id=project_id)
query.delete()
def get_endpoint_group_in_project(self, endpoint_group_id, project_id):
session = sql.get_session()
ref = self._get_endpoint_group_in_project(session, endpoint_group_id,
project_id)
return ref.to_dict()
def delete_credential(self, credential_id):
session = sql.get_session()
with session.begin():
ref = self._get_credential(session, credential_id)
session.delete(ref)
def delete_service(self, service_id):
session = sql.get_session()
with session.begin():
ref = self._get_service(session, service_id)
session.query(Endpoint).filter_by(service_id=service_id).delete()
session.delete(ref)
def list_endpoint_groups_for_project(self, project_id):
session = sql.get_session()
query = session.query(ProjectEndpointGroupMembership)
query = query.filter_by(project_id=project_id)
endpoint_group_refs = query.all()
return [ref.to_dict() for ref in endpoint_group_refs]
def test_password_hashed(self):
session = sql.get_session()
user_ref = self.identity_api._get_user(session, self.user_foo['id'])
self.assertNotEqual(self.user_foo['password'], user_ref['password'])
def list_trusts_for_trustor(self, trustor_user_id):
session = sql.get_session()
trusts = (session.query(TrustModel).filter_by(
deleted_at=None).filter_by(trustor_user_id=trustor_user_id))
return [trust_ref.to_dict() for trust_ref in trusts]
def list_trusts(self):
session = sql.get_session()
trusts = session.query(TrustModel).filter_by(deleted_at=None)
return [trust_ref.to_dict() for trust_ref in trusts]
def list_regions(self, hints):
session = sql.get_session()
regions = session.query(Region)
regions = sql.filter_limit_query(Region, regions, hints)
return [s.to_dict() for s in list(regions)]
def delete_endpoint_group_association_by_project(self, project_id):
session = sql.get_session()
with session.begin():
query = session.query(ProjectEndpointGroupMembership)
query = query.filter_by(project_id=project_id)
query.delete()
def list_projects_associated_with_endpoint_group(self, endpoint_group_id):
session = sql.get_session()
query = session.query(ProjectEndpointGroupMembership)
query = query.filter_by(endpoint_group_id=endpoint_group_id)
endpoint_group_refs = query.all()
return [ref.to_dict() for ref in endpoint_group_refs]
def create_endpoint_group(self, endpoint_group_id, endpoint_group):
session = sql.get_session()
with session.begin():
endpoint_group_ref = EndpointGroup.from_dict(endpoint_group)
session.add(endpoint_group_ref)
return endpoint_group_ref.to_dict()
def list_endpoint_groups(self):
session = sql.get_session()
query = session.query(EndpointGroup)
endpoint_group_refs = query.all()
return [e.to_dict() for e in endpoint_group_refs]
def list_services(self, hints):
session = sql.get_session()
services = session.query(Service)
services = sql.filter_limit_query(Service, services, hints)
return [s.to_dict() for s in list(services)]
def get_endpoint_group(self, endpoint_group_id):
session = sql.get_session()
endpoint_group_ref = self._get_endpoint_group(session,
endpoint_group_id)
return endpoint_group_ref.to_dict()
def list_projects_for_endpoint(self, endpoint_id):
session = sql.get_session()
query = session.query(ProjectEndpoint)
query = query.filter_by(endpoint_id=endpoint_id)
endpoint_filter_refs = query.all()
return [ref.to_dict() for ref in endpoint_filter_refs]
def delete_association_by_project(self, project_id):
session = sql.get_session()
with session.begin():
query = session.query(ProjectEndpoint)
query = query.filter_by(project_id=project_id)
query.delete(synchronize_session=False)
def check_endpoint_in_project(self, endpoint_id, project_id):
session = sql.get_session()
self._get_project_endpoint_ref(session, endpoint_id, project_id)
def remove_endpoint_from_project(self, endpoint_id, project_id):
session = sql.get_session()
endpoint_filter_ref = self._get_project_endpoint_ref(
session, endpoint_id, project_id)
with session.begin():
session.delete(endpoint_filter_ref)
def get_v3_catalog(self, user_id, tenant_id):
"""Retrieve and format the current V3 service catalog.
:param user_id: The id of the user who has been authenticated for
creating service catalog.
:param tenant_id: The id of the project. 'tenant_id' will be None in
the case this being called to create a catalog to go in a domain
scoped token. In this case, any endpoint that requires a
tenant_id as part of their URL will be skipped.
:returns: A list representing the service catalog or an empty list
"""
d = dict(itertools.chain(CONF.items(), CONF.eventlet_server.items()))
d.update({'user_id': user_id})
silent_keyerror_failures = []
if tenant_id:
d.update({
'tenant_id': tenant_id,
'project_id': tenant_id,
})
else:
silent_keyerror_failures = [
'tenant_id',
'project_id',
]
session = sql.get_session()
services = (session.query(Service).filter(
Service.enabled == true()).options(
sql.joinedload(Service.endpoints)).all())
def make_v3_endpoints(endpoints):
for endpoint in (ep.to_dict() for ep in endpoints if ep.enabled):
del endpoint['service_id']
del endpoint['legacy_endpoint_id']
del endpoint['enabled']
endpoint['region'] = endpoint['region_id']
try:
formatted_url = core.format_url(
endpoint['url'],
d,
silent_keyerror_failures=silent_keyerror_failures)
if formatted_url:
endpoint['url'] = formatted_url
else:
continue
except exception.MalformedEndpoint:
continue # this failure is already logged in format_url()
yield endpoint
# TODO(davechen): If there is service with no endpoints, we should skip
# the service instead of keeping it in the catalog, see bug #1436704.
def make_v3_service(svc):
eps = list(make_v3_endpoints(svc.endpoints))
service = {'endpoints': eps, 'id': svc.id, 'type': svc.type}
service['name'] = svc.extra.get('name', '')
return service
return [make_v3_service(svc) for svc in services]
def add_endpoint_to_project(self, endpoint_id, project_id):
session = sql.get_session()
with session.begin():
endpoint_filter_ref = ProjectEndpoint(endpoint_id=endpoint_id,
project_id=project_id)
session.add(endpoint_filter_ref)
def list_endpoints(self, hints):
session = sql.get_session()
endpoints = session.query(Endpoint)
endpoints = sql.filter_limit_query(Endpoint, endpoints, hints)
return [e.to_dict() for e in list(endpoints)]
def get_catalog(self, user_id, tenant_id):
"""Retrieve and format the V2 service catalog.
:param user_id: The id of the user who has been authenticated for
creating service catalog.
:param tenant_id: The id of the project. 'tenant_id' will be None
in the case this being called to create a catalog to go in a
domain scoped token. In this case, any endpoint that requires
a tenant_id as part of their URL will be skipped (as would a whole
service if, as a consequence, it has no valid endpoints).
:returns: A nested dict representing the service catalog or an
empty dict.
"""
substitutions = dict(
itertools.chain(CONF.items(), CONF.eventlet_server.items()))
substitutions.update({'user_id': user_id})
silent_keyerror_failures = []
if tenant_id:
substitutions.update({
'tenant_id': tenant_id,
'project_id': tenant_id
})
else:
silent_keyerror_failures = [
'tenant_id',
'project_id',
]
session = sql.get_session()
endpoints = (session.query(Endpoint).options(
sql.joinedload(
Endpoint.service)).filter(Endpoint.enabled == true()).all())
catalog = {}
for endpoint in endpoints:
if not endpoint.service['enabled']:
continue
try:
formatted_url = core.format_url(
endpoint['url'],
substitutions,
silent_keyerror_failures=silent_keyerror_failures)
if formatted_url is not None:
url = formatted_url
else:
continue
except exception.MalformedEndpoint:
continue # this failure is already logged in format_url()
region = endpoint['region_id']
service_type = endpoint.service['type']
default_service = {
'id': endpoint['id'],
'name': endpoint.service.extra.get('name', ''),
'publicURL': ''
}
catalog.setdefault(region, {})
catalog[region].setdefault(service_type, default_service)
interface_url = '%sURL' % endpoint['interface']
catalog[region][service_type][interface_url] = url
return catalog
def delete_endpoint(self, endpoint_id):
session = sql.get_session()
with session.begin():
ref = self._get_endpoint(session, endpoint_id)
session.delete(ref)
def get_endpoint(self, endpoint_id):
session = sql.get_session()
return self._get_endpoint(session, endpoint_id).to_dict()
def list_credentials(self, hints):
session = sql.get_session()
credentials = session.query(CredentialModel)
credentials = sql.filter_limit_query(CredentialModel, credentials,
hints)
return [s.to_dict() for s in credentials]
def create_service(self, service_id, service_ref):
session = sql.get_session()
with session.begin():
service = Service.from_dict(service_ref)
session.add(service)
return service.to_dict()
def list_credentials_for_user(self, user_id):
session = sql.get_session()
query = session.query(CredentialModel)
refs = query.filter_by(user_id=user_id).all()
return [ref.to_dict() for ref in refs]
def get_credential(self, credential_id):
session = sql.get_session()
return self._get_credential(session, credential_id).to_dict()
def create_credential(self, credential_id, credential):
session = sql.get_session()
with session.begin():
ref = CredentialModel.from_dict(credential)
session.add(ref)
return ref.to_dict()
def get_service(self, service_id):
session = sql.get_session()
return self._get_service(session, service_id).to_dict()
