def delete_credentials_for_user(self, user_id):
session = db_session.get_session()
with session.begin():
query = session.query(CredentialModel)
query = query.filter_by(user_id=user_id)
query.delete()
def create_user(self, user_id, user):
user = utils.hash_user_password(user)
session = db_session.get_session()
with session.begin():
user_ref = User.from_dict(user)
session.add(user_ref)
return identity.filter_user(user_ref.to_dict())
def create_idp(self, idp_id, idp):
session = db_session.get_session()
with session.begin():
idp['id'] = idp_id
idp_ref = IdentityProviderModel.from_dict(idp)
session.add(idp_ref)
return idp_ref.to_dict()
def get_key(self, name, generation=None, group=None):
session = db_session.get_session()
query = session.query(models.Host, models.Key)
query = query.filter(models.Host.id == models.Key.host_id)
query = query.filter(models.Host.name == name)
if group is not None:
query = query.filter(models.Host.group == group)
if generation is not None:
query = query.filter(models.Key.generation == generation)
else:
query = query.filter(models.Host.latest_generation ==
models.Key.generation)
try:
result = query.one()
except exc.NoResultFound:
return None
return {'name': result.Host.name,
'group': result.Host.group,
'key': result.Key.enc_key,
'signature': result.Key.signature,
'generation': result.Key.generation,
'expiration': result.Key.expiration}
def _get_metadata(self, user_id=None, tenant_id=None,
domain_id=None, group_id=None, session=None):
# We aren't given a session when called by the manager directly.
if session is None:
session = db_session.get_session()
if user_id:
if tenant_id:
q = session.query(UserProjectGrant)
q = q.filter_by(project_id=tenant_id)
elif domain_id:
q = session.query(UserDomainGrant)
q = q.filter_by(domain_id=domain_id)
q = q.filter_by(user_id=user_id)
elif group_id:
if tenant_id:
q = session.query(GroupProjectGrant)
q = q.filter_by(project_id=tenant_id)
elif domain_id:
q = session.query(GroupDomainGrant)
q = q.filter_by(domain_id=domain_id)
q = q.filter_by(group_id=group_id)
try:
return q.one().data
except sql.NotFound:
raise exception.MetadataNotFound()
def set_key(self, name, key, signature, group, expiration=None):
session = db_session.get_session()
with session.begin():
q = session.query(models.Host)
q = q.filter(models.Host.name == name)
try:
host = q.one()
except exc.NoResultFound:
host = models.Host(name=name,
latest_generation=0,
group=group)
else:
if host.group != group:
raise exception.GroupStatusChanged(name=name)
host.latest_generation += 1
host.keys.append(models.Key(signature=signature,
enc_key=key,
generation=host.latest_generation,
expiration=expiration))
session.add(host)
return host.latest_generation
def _get_metadata(self,
user_id=None,
tenant_id=None,
domain_id=None,
group_id=None,
session=None):
# We aren't given a session when called by the manager directly.
if session is None:
session = db_session.get_session()
if user_id:
if tenant_id:
q = session.query(UserProjectGrant)
q = q.filter_by(project_id=tenant_id)
elif domain_id:
q = session.query(UserDomainGrant)
q = q.filter_by(domain_id=domain_id)
q = q.filter_by(user_id=user_id)
elif group_id:
if tenant_id:
q = session.query(GroupProjectGrant)
q = q.filter_by(project_id=tenant_id)
elif domain_id:
q = session.query(GroupDomainGrant)
q = q.filter_by(domain_id=domain_id)
q = q.filter_by(group_id=group_id)
try:
return q.one().data
except sql.NotFound:
raise exception.MetadataNotFound()
def delete_tokens(self, user_id, tenant_id=None, trust_id=None,
consumer_id=None):
"""Deletes all tokens in one session
The user_id will be ignored if the trust_id is specified. user_id
will always be specified.
If using a trust, the token's user_id is set to the trustee's user ID
or the trustor's user ID, so will use trust_id to query the tokens.
"""
session = db_session.get_session()
with session.begin():
now = timeutils.utcnow()
query = session.query(TokenModel)
query = query.filter_by(valid=True)
query = query.filter(TokenModel.expires > now)
if trust_id:
query = query.filter(TokenModel.trust_id == trust_id)
else:
query = query.filter(TokenModel.user_id == user_id)
for token_ref in query.all():
if tenant_id:
token_ref_dict = token_ref.to_dict()
if not self._tenant_matches(tenant_id, token_ref_dict):
continue
if consumer_id:
token_ref_dict = token_ref.to_dict()
if not self._consumer_matches(consumer_id, token_ref_dict):
continue
token_ref.valid = False
def create_request_token(self,
consumer_id,
project_id,
token_duration,
request_token_id=None,
request_token_secret=None):
if request_token_id is None:
request_token_id = uuid.uuid4().hex
if request_token_secret is None:
request_token_secret = uuid.uuid4().hex
expiry_date = None
if token_duration:
now = timeutils.utcnow()
future = now + datetime.timedelta(seconds=token_duration)
expiry_date = timeutils.isotime(future, subsecond=True)
ref = {}
ref['id'] = request_token_id
ref['request_secret'] = request_token_secret
ref['verifier'] = None
ref['authorizing_user_id'] = None
ref['requested_project_id'] = project_id
ref['role_ids'] = None
ref['consumer_id'] = consumer_id
ref['expires_at'] = expiry_date
session = db_session.get_session()
with session.begin():
token_ref = RequestToken.from_dict(ref)
session.add(token_ref)
return token_ref.to_dict()
def _get_metadata(self,
user_id=None,
tenant_id=None,
domain_id=None,
group_id=None,
session=None):
# TODO(henry-nash): This method represents the last vestiges of the old
# metadata concept in this driver. Although we no longer need it here,
# since the Manager layer uses the metadata concept across all
# assignment drivers, we need to remove it from all of them in order to
# finally remove this method.
# We aren't given a session when called by the manager directly.
if session is None:
session = db_session.get_session()
q = session.query(RoleAssignment)
q = q.filter_by(actor_id=user_id or group_id)
q = q.filter_by(target_id=tenant_id or domain_id)
refs = q.all()
if not refs:
raise exception.MetadataNotFound()
metadata_ref = {}
metadata_ref['roles'] = []
for assignment in refs:
role_ref = {}
role_ref['id'] = assignment.role_id
if assignment.inherited and (
assignment.type == AssignmentType.USER_DOMAIN
or assignment.type == AssignmentType.GROUP_DOMAIN):
role_ref['inherited_to'] = 'projects'
metadata_ref['roles'].append(role_ref)
return metadata_ref
def create_user(self, user_id, user):
user = utils.hash_user_password(user)
session = db_session.get_session()
with session.begin():
user_ref = User.from_dict(user)
session.add(user_ref)
return identity.filter_user(user_ref.to_dict())
def get_catalog(self, user_id, tenant_id, metadata=None):
d = dict(six.iteritems(CONF))
d.update({'tenant_id': tenant_id,
'user_id': user_id})
session = db_session.get_session()
endpoints = (session.query(Endpoint).
options(sql.joinedload(Endpoint.service)).
all())
catalog = {}
for endpoint in endpoints:
region = endpoint['region']
service_type = endpoint.service['type']
default_service = {
'id': endpoint['id'],
'name': endpoint.service['name'],
'publicURL': ''
}
catalog.setdefault(region, {})
catalog[region].setdefault(service_type, default_service)
url = core.format_url(endpoint['url'], d)
interface_url = '%sURL' % endpoint['interface']
catalog[region][service_type][interface_url] = url
return catalog
def delete_trust(self, trust_id):
session = db_session.get_session()
with session.begin():
trust_ref = session.query(TrustModel).get(trust_id)
if not trust_ref:
raise exception.TrustNotFound(trust_id=trust_id)
trust_ref.deleted_at = timeutils.utcnow()
def create_endpoint(self, endpoint_id, endpoint_ref):
session = db_session.get_session()
self.get_service(endpoint_ref['service_id'])
new_endpoint = Endpoint.from_dict(endpoint_ref)
with session.begin():
session.add(new_endpoint)
return new_endpoint.to_dict()
def delete_credentials_for_user(self, user_id):
session = db_session.get_session()
with session.begin():
query = session.query(CredentialModel)
query = query.filter_by(user_id=user_id)
query.delete()
def create_endpoint(self, endpoint_id, endpoint_ref):
session = db_session.get_session()
self.get_service(endpoint_ref['service_id'])
new_endpoint = Endpoint.from_dict(endpoint_ref)
with session.begin():
session.add(new_endpoint)
return new_endpoint.to_dict()
def delete_tokens(self, user_id, tenant_id=None, trust_id=None,
consumer_id=None):
"""Deletes all tokens in one session
The user_id will be ignored if the trust_id is specified. user_id
will always be specified.
If using a trust, the token's user_id is set to the trustee's user ID
or the trustor's user ID, so will use trust_id to query the tokens.
"""
session = db_session.get_session()
with session.begin():
now = timeutils.utcnow()
query = session.query(TokenModel)
query = query.filter_by(valid=True)
query = query.filter(TokenModel.expires > now)
if trust_id:
query = query.filter(TokenModel.trust_id == trust_id)
else:
query = query.filter(TokenModel.user_id == user_id)
for token_ref in query.all():
if tenant_id:
token_ref_dict = token_ref.to_dict()
if not self._tenant_matches(tenant_id, token_ref_dict):
continue
if consumer_id:
token_ref_dict = token_ref.to_dict()
if not self._consumer_matches(consumer_id, token_ref_dict):
continue
token_ref.valid = False
def delete_token(self, token_id):
session = db_session.get_session()
with session.begin():
token_ref = session.query(TokenModel).get(token_id)
if not token_ref or not token_ref.valid:
raise exception.TokenNotFound(token_id=token_id)
token_ref.valid = False
def get_key(self, name, generation=None, group=None):
session = db_session.get_session()
query = session.query(models.Host, models.Key)
query = query.filter(models.Host.id == models.Key.host_id)
query = query.filter(models.Host.name == name)
if group is not None:
query = query.filter(models.Host.group == group)
if generation is not None:
query = query.filter(models.Key.generation == generation)
else:
query = query.filter(
models.Host.latest_generation == models.Key.generation)
try:
result = query.one()
except exc.NoResultFound:
return None
return {
'name': result.Host.name,
'group': result.Host.group,
'key': result.Key.enc_key,
'signature': result.Key.signature,
'generation': result.Key.generation,
'expiration': result.Key.expiration
}
def _get_metadata(self, user_id=None, tenant_id=None,
domain_id=None, group_id=None, session=None):
# TODO(henry-nash): This method represents the last vestiges of the old
# metadata concept in this driver. Although we no longer need it here,
# since the Manager layer uses the metadata concept across all
# assignment drivers, we need to remove it from all of them in order to
# finally remove this method.
# We aren't given a session when called by the manager directly.
if session is None:
session = db_session.get_session()
q = session.query(RoleAssignment)
q = q.filter_by(actor_id=user_id or group_id)
q = q.filter_by(target_id=tenant_id or domain_id)
refs = q.all()
if not refs:
raise exception.MetadataNotFound()
metadata_ref = {}
metadata_ref['roles'] = []
for assignment in refs:
role_ref = {}
role_ref['id'] = assignment.role_id
if assignment.inherited and (
assignment.type == AssignmentType.USER_DOMAIN or
assignment.type == AssignmentType.GROUP_DOMAIN):
role_ref['inherited_to'] = 'projects'
metadata_ref['roles'].append(role_ref)
return metadata_ref
def set_key(self, name, key, signature, group, expiration=None):
session = db_session.get_session()
with session.begin():
q = session.query(models.Host)
q = q.filter(models.Host.name == name)
try:
host = q.one()
except exc.NoResultFound:
host = models.Host(name=name, latest_generation=0, group=group)
else:
if host.group != group:
raise exception.GroupStatusChanged(name=name)
host.latest_generation += 1
host.keys.append(
models.Key(signature=signature,
enc_key=key,
generation=host.latest_generation,
expiration=expiration))
session.add(host)
return host.latest_generation
def create_idp(self, idp_id, idp):
session = db_session.get_session()
with session.begin():
idp['id'] = idp_id
idp_ref = IdentityProviderModel.from_dict(idp)
session.add(idp_ref)
return idp_ref.to_dict()
def get_mapping_from_idp_and_protocol(self, idp_id, protocol_id):
session = db_session.get_session()
with session.begin():
protocol_ref = self._get_protocol(session, idp_id, protocol_id)
mapping_id = protocol_ref.mapping_id
mapping_ref = self._get_mapping(session, mapping_id)
return mapping_ref.to_dict()
def delete_trust(self, trust_id):
session = db_session.get_session()
with session.begin():
trust_ref = session.query(TrustModel).get(trust_id)
if not trust_ref:
raise exception.TrustNotFound(trust_id=trust_id)
trust_ref.deleted_at = timeutils.utcnow()
def delete_token(self, token_id):
session = db_session.get_session()
with session.begin():
token_ref = session.query(TokenModel).get(token_id)
if not token_ref or not token_ref.valid:
raise exception.TokenNotFound(token_id=token_id)
token_ref.valid = False
def list_credentials(self, **filters):
session = db_session.get_session()
query = session.query(CredentialModel)
if "user_id" in filters:
query = query.filter_by(user_id=filters.get("user_id"))
refs = query.all()
return [ref.to_dict() for ref in refs]
def delete_credentials_for_project(self, project_id):
session = db_session.get_session()
with session.begin():
query = session.query(CredentialModel)
query = query.filter_by(project_id=project_id)
query.delete()
def get_catalog(self, user_id, tenant_id, metadata=None):
d = dict(six.iteritems(CONF))
d.update({'tenant_id': tenant_id, 'user_id': user_id})
session = db_session.get_session()
endpoints = (session.query(Endpoint).options(
sql.joinedload(Endpoint.service)).all())
catalog = {}
for endpoint in endpoints:
region = endpoint['region']
service_type = endpoint.service['type']
default_service = {
'id': endpoint['id'],
'name': endpoint.service['name'],
'publicURL': ''
}
catalog.setdefault(region, {})
catalog[region].setdefault(service_type, default_service)
url = core.format_url(endpoint['url'], d)
interface_url = '%sURL' % endpoint['interface']
catalog[region][service_type][interface_url] = url
return catalog
def create_request_token(self, consumer_id, project_id, token_duration,
request_token_id=None, request_token_secret=None):
if request_token_id is None:
request_token_id = uuid.uuid4().hex
if request_token_secret is None:
request_token_secret = uuid.uuid4().hex
expiry_date = None
if token_duration:
now = timeutils.utcnow()
future = now + datetime.timedelta(seconds=token_duration)
expiry_date = timeutils.isotime(future, subsecond=True)
ref = {}
ref['id'] = request_token_id
ref['request_secret'] = request_token_secret
ref['verifier'] = None
ref['authorizing_user_id'] = None
ref['requested_project_id'] = project_id
ref['role_ids'] = None
ref['consumer_id'] = consumer_id
ref['expires_at'] = expiry_date
session = db_session.get_session()
with session.begin():
token_ref = RequestToken.from_dict(ref)
session.add(token_ref)
return token_ref.to_dict()
def delete_credentials_for_project(self, project_id):
session = db_session.get_session()
with session.begin():
query = session.query(CredentialModel)
query = query.filter_by(project_id=project_id)
query.delete()
def list_credentials(self, **filters):
session = db_session.get_session()
query = session.query(CredentialModel)
if 'user_id' in filters:
query = query.filter_by(user_id=filters.get('user_id'))
refs = query.all()
return [ref.to_dict() for ref in refs]
def get_token(self, token_id):
if token_id is None:
raise exception.TokenNotFound(token_id=token_id)
session = db_session.get_session()
token_ref = session.query(TokenModel).get(token_id)
if not token_ref or not token_ref.valid:
raise exception.TokenNotFound(token_id=token_id)
return token_ref.to_dict()
def create_region(self, region_ref):
session = db_session.get_session()
with session.begin():
self._check_parent_region(session, region_ref)
region = Region.from_dict(region_ref)
session.add(region)
session.flush()
return region.to_dict()
def create_region(self, region_id, region_ref):
session = db_session.get_session()
with session.begin():
self._check_parent_region(session, region_ref)
region = Region.from_dict(region_ref)
session.add(region)
session.flush()
return region.to_dict()
def create_policy(self, policy_id, policy):
session = db_session.get_session()
with session.begin():
ref = PolicyModel.from_dict(policy)
session.add(ref)
return ref.to_dict()
def test_token_revocation_list_uses_right_columns(self):
# This query used to be heavy with too many columns. We want
# to make sure it is only running with the minimum columns
# necessary.
fixture = self.useFixture(moxstubout.MoxStubout())
self.mox = fixture.mox
tok = token_sql.Token()
session = db_session.get_session()
q = session.query(token_sql.TokenModel.id,
token_sql.TokenModel.expires)
self.mox.StubOutWithMock(session, 'query')
session.query(token_sql.TokenModel.id,
token_sql.TokenModel.expires).AndReturn(q)
self.mox.StubOutWithMock(db_session, 'get_session')
db_session.get_session().AndReturn(session)
self.mox.ReplayAll()
tok.list_revoked_tokens()
def delete_region(self, region_id):
session = db_session.get_session()
with session.begin():
ref = self._get_region(session, region_id)
self._delete_child_regions(session, region_id)
session.query(Region).filter_by(id=region_id).delete()
session.delete(ref)
session.flush()
def delete_region(self, region_id):
session = db_session.get_session()
with session.begin():
ref = self._get_region(session, region_id)
self._delete_child_regions(session, region_id)
session.query(Region).filter_by(id=region_id).delete()
session.delete(ref)
session.flush()
def test_token_revocation_list_uses_right_columns(self):
# This query used to be heavy with too many columns. We want
# to make sure it is only running with the minimum columns
# necessary.
fixture = self.useFixture(moxstubout.MoxStubout())
self.mox = fixture.mox
tok = token_sql.Token()
session = db_session.get_session()
q = session.query(token_sql.TokenModel.id,
token_sql.TokenModel.expires)
self.mox.StubOutWithMock(session, 'query')
session.query(token_sql.TokenModel.id,
token_sql.TokenModel.expires).AndReturn(q)
self.mox.StubOutWithMock(db_session, 'get_session')
db_session.get_session().AndReturn(session)
self.mox.ReplayAll()
tok.list_revoked_tokens()
def delete_idp(self, idp_id):
session = db_session.get_session()
with session.begin():
idp_ref = self._get_idp(session, idp_id)
q = session.query(IdentityProviderModel)
q = q.filter_by(id=idp_id)
q.delete(synchronize_session=False)
session.delete(idp_ref)
def delete_protocol(self, idp_id, protocol_id):
session = db_session.get_session()
with session.begin():
key_ref = self._get_protocol(session, idp_id, protocol_id)
q = session.query(FederationProtocolModel)
q = q.filter_by(id=protocol_id, idp_id=idp_id)
q.delete(synchronize_session=False)
session.delete(key_ref)
def delete_protocol(self, idp_id, protocol_id):
session = db_session.get_session()
with session.begin():
key_ref = self._get_protocol(session, idp_id, protocol_id)
q = session.query(FederationProtocolModel)
q = q.filter_by(id=protocol_id, idp_id=idp_id)
q.delete(synchronize_session=False)
session.delete(key_ref)
def delete_idp(self, idp_id):
session = db_session.get_session()
with session.begin():
idp_ref = self._get_idp(session, idp_id)
q = session.query(IdentityProviderModel)
q = q.filter_by(id=idp_id)
q.delete(synchronize_session=False)
session.delete(idp_ref)
def get_token(self, token_id):
if token_id is None:
raise exception.TokenNotFound(token_id=token_id)
session = db_session.get_session()
token_ref = session.query(TokenModel).get(token_id)
if not token_ref or not token_ref.valid:
raise exception.TokenNotFound(token_id=token_id)
return token_ref.to_dict()
def create_mapping(self, mapping_id, mapping):
session = db_session.get_session()
ref = {}
ref['id'] = mapping_id
ref['rules'] = jsonutils.dumps(mapping.get('rules'))
with session.begin():
mapping_ref = MappingModel.from_dict(ref)
session.add(mapping_ref)
return mapping_ref.to_dict()
def create_protocol(self, idp_id, protocol_id, protocol):
session = db_session.get_session()
with session.begin():
self._get_idp(session, idp_id)
protocol['id'] = protocol_id
protocol['idp_id'] = idp_id
protocol_ref = FederationProtocolModel.from_dict(protocol)
session.add(protocol_ref)
return protocol_ref.to_dict()
def check_user_in_group(self, user_id, group_id):
session = db_session.get_session()
self.get_group(group_id)
self.get_user(user_id)
query = session.query(UserGroupMembership)
query = query.filter_by(user_id=user_id)
query = query.filter_by(group_id=group_id)
if not query.first():
raise exception.NotFound(_('User not found in group'))
def check_user_in_group(self, user_id, group_id):
session = db_session.get_session()
self.get_group(group_id)
self.get_user(user_id)
query = session.query(UserGroupMembership)
query = query.filter_by(user_id=user_id)
query = query.filter_by(group_id=group_id)
if not query.first():
raise exception.NotFound(_('User not found in group'))
def create_consumer(self, consumer):
consumer['secret'] = uuid.uuid4().hex
if not consumer.get('description'):
consumer['description'] = None
session = db_session.get_session()
with session.begin():
consumer_ref = Consumer.from_dict(consumer)
session.add(consumer_ref)
return consumer_ref.to_dict()
def create_mapping(self, mapping_id, mapping):
session = db_session.get_session()
ref = {}
ref['id'] = mapping_id
ref['rules'] = jsonutils.dumps(mapping.get('rules'))
with session.begin():
mapping_ref = MappingModel.from_dict(ref)
session.add(mapping_ref)
return mapping_ref.to_dict()
def create_protocol(self, idp_id, protocol_id, protocol):
session = db_session.get_session()
with session.begin():
self._get_idp(session, idp_id)
protocol['id'] = protocol_id
protocol['idp_id'] = idp_id
protocol_ref = FederationProtocolModel.from_dict(protocol)
session.add(protocol_ref)
return protocol_ref.to_dict()
def create_consumer(self, consumer):
consumer['secret'] = uuid.uuid4().hex
if not consumer.get('description'):
consumer['description'] = None
session = db_session.get_session()
with session.begin():
consumer_ref = Consumer.from_dict(consumer)
session.add(consumer_ref)
return consumer_ref.to_dict()
def update_consumer(self, consumer_id, consumer):
session = db_session.get_session()
with session.begin():
consumer_ref = self._get_consumer(session, consumer_id)
old_consumer_dict = consumer_ref.to_dict()
old_consumer_dict.update(consumer)
new_consumer = Consumer.from_dict(old_consumer_dict)
consumer_ref.description = new_consumer.description
consumer_ref.extra = new_consumer.extra
return core.filter_consumer(consumer_ref.to_dict())
def update_consumer(self, consumer_id, consumer):
session = db_session.get_session()
with session.begin():
consumer_ref = self._get_consumer(session, consumer_id)
old_consumer_dict = consumer_ref.to_dict()
old_consumer_dict.update(consumer)
new_consumer = Consumer.from_dict(old_consumer_dict)
consumer_ref.description = new_consumer.description
consumer_ref.extra = new_consumer.extra
return core.filter_consumer(consumer_ref.to_dict())
def update_idp(self, idp_id, idp):
session = db_session.get_session()
with session.begin():
idp_ref = self._get_idp(session, idp_id)
old_idp = idp_ref.to_dict()
old_idp.update(idp)
new_idp = IdentityProviderModel.from_dict(old_idp)
for attr in IdentityProviderModel.mutable_attributes:
setattr(idp_ref, attr, getattr(new_idp, attr))
return idp_ref.to_dict()
def update_protocol(self, idp_id, protocol_id, protocol):
session = db_session.get_session()
with session.begin():
proto_ref = self._get_protocol(session, idp_id, protocol_id)
old_proto = proto_ref.to_dict()
old_proto.update(protocol)
new_proto = FederationProtocolModel.from_dict(old_proto)
for attr in FederationProtocolModel.mutable_attributes:
setattr(proto_ref, attr, getattr(new_proto, attr))
return proto_ref.to_dict()
def update_idp(self, idp_id, idp):
session = db_session.get_session()
with session.begin():
idp_ref = self._get_idp(session, idp_id)
old_idp = idp_ref.to_dict()
old_idp.update(idp)
new_idp = IdentityProviderModel.from_dict(old_idp)
for attr in IdentityProviderModel.mutable_attributes:
setattr(idp_ref, attr, getattr(new_idp, attr))
return idp_ref.to_dict()
def update_protocol(self, idp_id, protocol_id, protocol):
session = db_session.get_session()
with session.begin():
proto_ref = self._get_protocol(session, idp_id, protocol_id)
old_proto = proto_ref.to_dict()
old_proto.update(protocol)
new_proto = FederationProtocolModel.from_dict(old_proto)
for attr in FederationProtocolModel.mutable_attributes:
setattr(proto_ref, attr, getattr(new_proto, attr))
return proto_ref.to_dict()
def get_user_by_name(self, user_name, domain_id):
session = db_session.get_session()
query = session.query(User)
query = query.filter_by(name=user_name)
query = query.filter_by(domain_id=domain_id)
try:
user_ref = query.one()
except sql.NotFound:
raise exception.UserNotFound(user_id=user_name)
return identity.filter_user(user_ref.to_dict())
