def delete_replica_schedule(context, replica_id, schedule_id, pre_delete_callable=None, post_delete_callable=None): # NOTE(gsamfira): we need to refactor the DB layer a bit to allow # two-phase transactions or at least allow running these functions # inside a single transaction block. q = _soft_delete_aware_query(context, models.ReplicaSchedule).filter( models.ReplicaSchedule.id == schedule_id, models.ReplicaSchedule.replica_id == replica_id) schedule = q.first() if not schedule: raise exception.NotFound("No such schedule") if is_user_context(context): if not q.join(models.Replica).filter( models.Replica.project_id == context.tenant).first(): raise exception.NotAuthorized() if pre_delete_callable: pre_delete_callable(context, schedule) count = q.soft_delete() if post_delete_callable: post_delete_callable(context, schedule) if count == 0: raise exception.NotFound("0 entries were soft deleted")
def delete_endpoint(self, ctxt, endpoint_id): q_replicas_count = db_api.get_endpoint_replicas_count( ctxt, endpoint_id) if q_replicas_count is not 0: raise exception.NotAuthorized("%s replicas would be orphaned!" % q_replicas_count) db_api.delete_endpoint(ctxt, endpoint_id)
def add_replica_schedule(context, schedule, post_create_callable=None): # NOTE(gsamfira): we need to refactor the DB layer a bit to allow # two-phase transactions or at least allow running these functions # inside a single transaction block. if schedule.replica.project_id != context.tenant: raise exception.NotAuthorized() context.session.add(schedule) if post_create_callable: post_create_callable(context, schedule)
def delete_replica_tasks_execution(context, execution_id): q = _soft_delete_aware_query(context, models.TasksExecution).filter( models.TasksExecution.id == execution_id) if is_user_context(context): if not q.join(models.Replica).filter( models.Replica.project_id == context.tenant).first(): raise exception.NotAuthorized() count = q.soft_delete() if count == 0: raise exception.NotFound("0 entries were soft deleted")
def delete_minion_pool_lifecycle_execution(context, execution_id): q = _soft_delete_aware_query(context, models.TasksExecution).filter( models.TasksExecution.id == execution_id) if is_user_context(context): if not q.join(models.MinionPoolLifecycle).filter( models.MinionPoolLifecycle.project_id == ( context.tenant)).first(): raise exception.NotAuthorized() count = q.soft_delete() if count == 0: raise exception.NotFound("0 entries were soft deleted")
def add_replica_tasks_execution(context, execution): if is_user_context(context): if execution.action.project_id != context.tenant: raise exception.NotAuthorized() # include deleted records max_number = _model_query(context, func.max( models.TasksExecution.number)).filter_by( action_id=execution.action.id).first()[0] or 0 execution.number = max_number + 1 context.session.add(execution)
def create_trust(ctxt): if ctxt.trust_id: return LOG.debug("Creating Keystone trust") trusts_auth_plugin = _get_trusts_auth_plugin() loader = loading.get_plugin_loader("v3token") auth = loader.load_from_options( auth_url=trusts_auth_plugin.auth_url, token=ctxt.auth_token, project_name=ctxt.project_name, project_domain_name=ctxt.project_domain_name) session = ks_session.Session(auth=auth, verify=not CONF.keystone.allow_untrusted) try: trustee_user_id = trusts_auth_plugin.get_user_id(session) except ks_exceptions.Unauthorized as ex: LOG.exception(ex) raise exception.NotAuthorized("Trustee authentication failed") trustor_user_id = ctxt.user trustor_proj_id = ctxt.tenant roles = ctxt.roles LOG.debug( "Granting Keystone trust. Trustor: %(trustor_user_id)s, trustee:" " %(trustee_user_id)s, project: %(trustor_proj_id)s, roles:" " %(roles)s", { "trustor_user_id": trustor_user_id, "trustee_user_id": trustee_user_id, "trustor_proj_id": trustor_proj_id, "roles": roles }) # Trusts are not supported before Keystone v3 client = kc_v3.Client(session=session) trust = client.trusts.create(trustor_user=trustor_user_id, trustee_user=trustee_user_id, project=trustor_proj_id, impersonation=True, role_names=roles) LOG.debug("Trust id: %s" % trust.id) ctxt.trust_id = trust.id