def delete_replica_schedule(context,
replica_id,
schedule_id,
pre_delete_callable=None,
post_delete_callable=None):
# NOTE(gsamfira): we need to refactor the DB layer a bit to allow
# two-phase transactions or at least allow running these functions
# inside a single transaction block.
q = _soft_delete_aware_query(context, models.ReplicaSchedule).filter(
models.ReplicaSchedule.id == schedule_id,
models.ReplicaSchedule.replica_id == replica_id)
schedule = q.first()
if not schedule:
raise exception.NotFound("No such schedule")
if is_user_context(context):
if not q.join(models.Replica).filter(
models.Replica.project_id == context.tenant).first():
raise exception.NotAuthorized()
if pre_delete_callable:
pre_delete_callable(context, schedule)
count = q.soft_delete()
if post_delete_callable:
post_delete_callable(context, schedule)
if count == 0:
raise exception.NotFound("0 entries were soft deleted")
def delete_endpoint(self, ctxt, endpoint_id):
q_replicas_count = db_api.get_endpoint_replicas_count(
ctxt, endpoint_id)
if q_replicas_count is not 0:
raise exception.NotAuthorized("%s replicas would be orphaned!" %
q_replicas_count)
db_api.delete_endpoint(ctxt, endpoint_id)
def add_replica_schedule(context, schedule, post_create_callable=None):
# NOTE(gsamfira): we need to refactor the DB layer a bit to allow
# two-phase transactions or at least allow running these functions
# inside a single transaction block.
if schedule.replica.project_id != context.tenant:
raise exception.NotAuthorized()
context.session.add(schedule)
if post_create_callable:
post_create_callable(context, schedule)
def delete_replica_tasks_execution(context, execution_id):
q = _soft_delete_aware_query(context, models.TasksExecution).filter(
models.TasksExecution.id == execution_id)
if is_user_context(context):
if not q.join(models.Replica).filter(
models.Replica.project_id == context.tenant).first():
raise exception.NotAuthorized()
count = q.soft_delete()
if count == 0:
raise exception.NotFound("0 entries were soft deleted")
def delete_minion_pool_lifecycle_execution(context, execution_id):
q = _soft_delete_aware_query(context, models.TasksExecution).filter(
models.TasksExecution.id == execution_id)
if is_user_context(context):
if not q.join(models.MinionPoolLifecycle).filter(
models.MinionPoolLifecycle.project_id == (
context.tenant)).first():
raise exception.NotAuthorized()
count = q.soft_delete()
if count == 0:
raise exception.NotFound("0 entries were soft deleted")
def add_replica_tasks_execution(context, execution):
if is_user_context(context):
if execution.action.project_id != context.tenant:
raise exception.NotAuthorized()
# include deleted records
max_number = _model_query(context, func.max(
models.TasksExecution.number)).filter_by(
action_id=execution.action.id).first()[0] or 0
execution.number = max_number + 1
context.session.add(execution)
def create_trust(ctxt):
if ctxt.trust_id:
return
LOG.debug("Creating Keystone trust")
trusts_auth_plugin = _get_trusts_auth_plugin()
loader = loading.get_plugin_loader("v3token")
auth = loader.load_from_options(
auth_url=trusts_auth_plugin.auth_url,
token=ctxt.auth_token,
project_name=ctxt.project_name,
project_domain_name=ctxt.project_domain_name)
session = ks_session.Session(auth=auth,
verify=not CONF.keystone.allow_untrusted)
try:
trustee_user_id = trusts_auth_plugin.get_user_id(session)
except ks_exceptions.Unauthorized as ex:
LOG.exception(ex)
raise exception.NotAuthorized("Trustee authentication failed")
trustor_user_id = ctxt.user
trustor_proj_id = ctxt.tenant
roles = ctxt.roles
LOG.debug(
"Granting Keystone trust. Trustor: %(trustor_user_id)s, trustee:"
" %(trustee_user_id)s, project: %(trustor_proj_id)s, roles:"
" %(roles)s", {
"trustor_user_id": trustor_user_id,
"trustee_user_id": trustee_user_id,
"trustor_proj_id": trustor_proj_id,
"roles": roles
})
# Trusts are not supported before Keystone v3
client = kc_v3.Client(session=session)
trust = client.trusts.create(trustor_user=trustor_user_id,
trustee_user=trustee_user_id,
project=trustor_proj_id,
impersonation=True,
role_names=roles)
LOG.debug("Trust id: %s" % trust.id)
ctxt.trust_id = trust.id
