class PolicyModel(sql.ModelBase, sql.DictBase): __tablename__ = 'policy' attributes = ['id', 'blob', 'type'] id = sql.Column(sql.String(64), primary_key=True) blob = sql.Column(sql.JsonBlob(), nullable=False) type = sql.Column(sql.String(255), nullable=False) extra = sql.Column(sql.JsonBlob())
class CredentialModel(sql.ModelBase, sql.DictBase): __tablename__ = 'credential' attributes = ['id', 'user_id', 'project_id', 'blob', 'type'] id = sql.Column(sql.String(64), primary_key=True) user_id = sql.Column(sql.String(64), nullable=False) project_id = sql.Column(sql.String(64)) blob = sql.Column(sql.JsonBlob(), nullable=False) type = sql.Column(sql.String(255), nullable=False) extra = sql.Column(sql.JsonBlob())
class Consumer(sql.ModelBase, sql.DictBase): __tablename__ = 'consumer_oauth2' attributes = ['id', 'name', 'description', 'secret', 'client_type', 'redirect_uris', 'grant_type', 'response_type', 'scopes', 'extra'] __table_args__ = {'extend_existing': True} id = sql.Column(sql.String(64), primary_key=True, nullable=False) name = sql.Column(sql.String(64), nullable=False) description = sql.Column(sql.Text(), nullable=True) secret = sql.Column(sql.String(128), nullable=False) client_type = sql.Column(VALID_CLIENT_TYPES, nullable=False) redirect_uris = sql.Column(sql.JsonBlob(), nullable=False) grant_type = sql.Column(VALID_GRANT_TYPES, nullable=False) response_type = sql.Column(VALID_RESPONSE_TYPES, nullable=False) # TODO(garcianavalon) better naming to reflect they are the allowed scopes for the client scopes = sql.Column(sql.JsonBlob(), nullable=True) extra = sql.Column(sql.JsonBlob(), nullable=True)
class Tenant(sql.ModelBase, sql.DictBase): # TODO(dolph): rename to project __tablename__ = 'tenant' attributes = ['id', 'name'] id = sql.Column(sql.String(64), primary_key=True) name = sql.Column(sql.String(64), unique=True, nullable=False) extra = sql.Column(sql.JsonBlob())
class GroupDomainGrant(sql.ModelBase, BaseGrant): __tablename__ = 'group_domain_metadata' group_id = sql.Column(sql.String(64), primary_key=True) domain_id = sql.Column(sql.String(64), sql.ForeignKey('domain.id'), primary_key=True) data = sql.Column(sql.JsonBlob())
class GroupProjectGrant(sql.ModelBase, BaseGrant): __tablename__ = 'group_project_metadata' group_id = sql.Column(sql.String(64), primary_key=True) project_id = sql.Column(sql.String(64), sql.ForeignKey('project.id'), primary_key=True) data = sql.Column(sql.JsonBlob())
class RoleTable(sql.ModelBase, sql.ModelDictMixinWithExtras): def to_dict(self, include_extra_dict=False): d = super(RoleTable, self).to_dict(include_extra_dict=include_extra_dict) if d['domain_id'] == NULL_DOMAIN_ID: d['domain_id'] = None return d @classmethod def from_dict(cls, role_dict): if 'domain_id' in role_dict and role_dict['domain_id'] is None: new_dict = role_dict.copy() new_dict['domain_id'] = NULL_DOMAIN_ID else: new_dict = role_dict return super(RoleTable, cls).from_dict(new_dict) __tablename__ = 'role' attributes = ['id', 'name', 'domain_id'] id = sql.Column(sql.String(64), primary_key=True) name = sql.Column(sql.String(255), nullable=False) domain_id = sql.Column(sql.String(64), nullable=False, server_default=NULL_DOMAIN_ID) extra = sql.Column(sql.JsonBlob()) __table_args__ = (sql.UniqueConstraint('name', 'domain_id'), )
class Region(sql.ModelBase, sql.DictBase): __tablename__ = 'region' attributes = ['id', 'description', 'parent_region_id', 'url'] id = sql.Column(sql.String(255), primary_key=True) description = sql.Column(sql.String(255), nullable=False) url = sql.Column(sql.String(255), nullable=True) # NOTE(jaypipes): Right now, using an adjacency list model for # storing the hierarchy of regions is fine, since # the API does not support any kind of querying for # more complex hierarchical queries such as "get me only # the regions that are subchildren of this region", etc. # If, in the future, such queries are needed, then it # would be possible to add in columns to this model for # "left" and "right" and provide support for a nested set # model. parent_region_id = sql.Column(sql.String(255), nullable=True) # TODO(jaypipes): I think it's absolutely stupid that every single model # is required to have an "extra" column because of the # DictBase in the keystone.common.sql.core module. Forcing # tables to have pointless columns in the database is just # bad. Remove all of this extra JSON blob stuff. # See: https://bugs.launchpad.net/keystone/+bug/1265071 extra = sql.Column(sql.JsonBlob()) endpoints = sqlalchemy.orm.relationship("Endpoint", backref="region")
class TrustModel(sql.ModelBase, sql.DictBase): __tablename__ = 'trust' attributes = [ 'id', 'trustor_user_id', 'trustee_user_id', 'project_id', 'impersonation', 'expires_at', 'remaining_uses', 'deleted_at' ] id = sql.Column(sql.String(64), primary_key=True) # user id of owner trustor_user_id = sql.Column( sql.String(64), nullable=False, ) # user_id of user allowed to consume this preauth trustee_user_id = sql.Column(sql.String(64), nullable=False) project_id = sql.Column(sql.String(64)) impersonation = sql.Column(sql.Boolean, nullable=False) deleted_at = sql.Column(sql.DateTime) expires_at = sql.Column(sql.DateTime) remaining_uses = sql.Column(sql.Integer, nullable=True) extra = sql.Column(sql.JsonBlob()) __table_args__ = (sql.UniqueConstraint( 'trustor_user_id', 'trustee_user_id', 'project_id', 'impersonation', 'expires_at', name='duplicate_trust_constraint'), )
class CredentialModel(sql.ModelBase, sql.ModelDictMixinWithExtras): __tablename__ = 'credential' attributes = [ 'id', 'user_id', 'project_id', 'encrypted_blob', 'type', 'key_hash' ] id = sql.Column(sql.String(64), primary_key=True) user_id = sql.Column(sql.String(64), nullable=False) project_id = sql.Column(sql.String(64)) _encrypted_blob = sql.Column('encrypted_blob', sql.Text(), nullable=True) type = sql.Column(sql.String(255), nullable=False) key_hash = sql.Column(sql.String(64), nullable=True) extra = sql.Column(sql.JsonBlob()) @hybrid_property def encrypted_blob(self): return self._encrypted_blob @encrypted_blob.setter def encrypted_blob(self, encrypted_blob): # Make sure to hand over the encrypted credential as a string value # to the backend driver to avoid the sql drivers (esp. psycopg2) # treating this as binary data and e.g. hex-escape it. if isinstance(encrypted_blob, bytes): encrypted_blob = encrypted_blob.decode('utf-8') self._encrypted_blob = encrypted_blob
class Consumer(sql.ModelBase, sql.DictBase): __tablename__ = 'consumer' attributes = ['id', 'description', 'secret'] id = sql.Column(sql.String(64), primary_key=True, nullable=False) description = sql.Column(sql.String(64), nullable=True) secret = sql.Column(sql.String(64), nullable=False) extra = sql.Column(sql.JsonBlob(), nullable=False)
class Role(sql.ModelBase, sql.DictBase): __tablename__ = 'role' attributes = ['id', 'name'] id = sql.Column(sql.String(64), primary_key=True) name = sql.Column(sql.String(255), unique=True, nullable=False) extra = sql.Column(sql.JsonBlob()) __table_args__ = (sql.UniqueConstraint('name'), {})
class Service(sql.ModelBase, sql.DictBase): __tablename__ = 'service' attributes = ['id', 'type'] id = sql.Column(sql.String(64), primary_key=True) type = sql.Column(sql.String(255)) extra = sql.Column(sql.JsonBlob()) endpoints = sql.relationship("Endpoint", backref="service")
class Domain(sql.ModelBase, sql.DictBase): __tablename__ = 'domain' attributes = ['id', 'name', 'enabled'] id = sql.Column(sql.String(64), primary_key=True) name = sql.Column(sql.String(64), unique=True, nullable=False) enabled = sql.Column(sql.Boolean, default=True) extra = sql.Column(sql.JsonBlob())
class UserProjectGrant(sql.ModelBase, BaseGrant): __tablename__ = 'user_project_metadata' user_id = sql.Column(sql.String(64), primary_key=True) project_id = sql.Column(sql.String(64), primary_key=True) data = sql.Column(sql.JsonBlob())
class Endpoint(sql.ModelBase, sql.ModelDictMixinWithExtras): __tablename__ = 'endpoint' attributes = [ 'id', 'interface', 'region_id', 'service_id', 'url', 'legacy_endpoint_id', 'enabled' ] id = sql.Column(sql.String(64), primary_key=True) legacy_endpoint_id = sql.Column(sql.String(64)) interface = sql.Column(sql.String(8), nullable=False) region_id = sql.Column(sql.String(255), sql.ForeignKey('region.id', ondelete='RESTRICT'), nullable=True, default=None) service_id = sql.Column(sql.String(64), sql.ForeignKey('service.id'), nullable=False) url = sql.Column(sql.Text(), nullable=False) enabled = sql.Column(sql.Boolean, nullable=False, default=True, server_default=sqlalchemy.sql.expression.true()) extra = sql.Column(sql.JsonBlob()) @classmethod def from_dict(cls, endpoint_dict): """Override from_dict to set enabled if missing.""" new_dict = endpoint_dict.copy() if new_dict.get('enabled') is None: new_dict['enabled'] = True return super(Endpoint, cls).from_dict(new_dict)
class TokenModel(sql.ModelBase, sql.DictBase): __tablename__ = 'token' attributes = ['id', 'expires'] id = sql.Column(sql.String(64), primary_key=True) expires = sql.Column(sql.DateTime(), default=None) extra = sql.Column(sql.JsonBlob()) valid = sql.Column(sql.Boolean(), default=True)
class TrustModel(sql.ModelBase, sql.ModelDictMixinWithExtras): __tablename__ = 'trust' attributes = ['id', 'trustor_user_id', 'trustee_user_id', 'project_id', 'impersonation', 'expires_at', 'remaining_uses', 'deleted_at'] id = sql.Column(sql.String(64), primary_key=True) # user id of owner trustor_user_id = sql.Column(sql.String(64), nullable=False,) # user_id of user allowed to consume this preauth trustee_user_id = sql.Column(sql.String(64), nullable=False) project_id = sql.Column(sql.String(64)) impersonation = sql.Column(sql.Boolean, nullable=False) deleted_at = sql.Column(sql.DateTime) _expires_at = sql.Column('expires_at', sql.DateTime) expires_at_int = sql.Column(sql.DateTimeInt(), nullable=True) remaining_uses = sql.Column(sql.Integer, nullable=True) extra = sql.Column(sql.JsonBlob()) __table_args__ = (sql.UniqueConstraint( 'trustor_user_id', 'trustee_user_id', 'project_id', 'impersonation', 'expires_at', name='duplicate_trust_constraint'),) @hybrid_property def expires_at(self): return self.expires_at_int or self._expires_at @expires_at.setter def expires_at(self, value): self._expires_at = value self.expires_at_int = value
class Project(sql.ModelBase, sql.ModelDictMixinWithExtras): # NOTE(henry-nash): From the manager and above perspective, the domain_id # is nullable. However, to ensure uniqueness in multi-process # configurations, it is better to still use the sql uniqueness constraint. # Since the support for a nullable component of a uniqueness constraint # across different sql databases is mixed, we instead store a special value # to represent null, as defined in NULL_DOMAIN_ID above. def to_dict(self, include_extra_dict=False): d = super(Project, self).to_dict( include_extra_dict=include_extra_dict) if d['domain_id'] == base.NULL_DOMAIN_ID: d['domain_id'] = None return d __tablename__ = 'project' attributes = ['id', 'name', 'domain_id', 'description', 'enabled', 'parent_id', 'is_domain'] id = sql.Column(sql.String(64), primary_key=True) name = sql.Column(sql.String(64), nullable=False) domain_id = sql.Column(sql.String(64), sql.ForeignKey('project.id'), nullable=False) description = sql.Column(sql.Text()) enabled = sql.Column(sql.Boolean) extra = sql.Column(sql.JsonBlob()) parent_id = sql.Column(sql.String(64), sql.ForeignKey('project.id')) is_domain = sql.Column(sql.Boolean, default=False, nullable=False, server_default='0') # Unique constraint across two columns to create the separation # rather than just only 'name' being unique __table_args__ = (sql.UniqueConstraint('domain_id', 'name'),)
class User(sql.ModelBase, sql.DictBase): __tablename__ = 'user' attributes = [ 'id', 'name', 'domain_id', 'password', 'enabled', 'default_project_id', 'username' ] id = sql.Column(sql.String(64), primary_key=True) name = sql.Column(sql.String(255), nullable=False) username = sql.Column(sql.String(255), nullable=True) domain_id = sql.Column(sql.String(64), sql.ForeignKey('domain.id'), nullable=False) password = sql.Column(sql.String(128)) enabled = sql.Column(sql.Boolean) extra = sql.Column(sql.JsonBlob()) default_project_id = sql.Column(sql.String(64)) # Unique constraint across two columns to create the separation # rather than just only 'name' being unique __table_args__ = (sql.UniqueConstraint('domain_id', 'name'), {}) def to_dict(self, include_extra_dict=False): d = super(User, self).to_dict(include_extra_dict=include_extra_dict) if 'default_project_id' in d and d['default_project_id'] is None: del d['default_project_id'] return d
class Project(sql.ModelBase, sql.ModelDictMixinWithExtras): # NOTE(henry-nash): From the manager and above perspective, the domain_id # is nullable. However, to ensure uniqueness in multi-process # configurations, it is better to still use the sql uniqueness constraint. # Since the support for a nullable component of a uniqueness constraint # across different sql databases is mixed, we instead store a special value # to represent null, as defined in NULL_DOMAIN_ID above. def to_dict(self, include_extra_dict=False): d = super(Project, self).to_dict(include_extra_dict=include_extra_dict) if d['domain_id'] == base.NULL_DOMAIN_ID: d['domain_id'] = None return d __tablename__ = 'project' attributes = [ 'id', 'name', 'domain_id', 'description', 'enabled', 'parent_id', 'is_domain', 'tags' ] id = sql.Column(sql.String(64), primary_key=True) name = sql.Column(sql.String(64), nullable=False) domain_id = sql.Column(sql.String(64), sql.ForeignKey('project.id'), nullable=False) description = sql.Column(sql.Text()) enabled = sql.Column(sql.Boolean) extra = sql.Column(sql.JsonBlob()) parent_id = sql.Column(sql.String(64), sql.ForeignKey('project.id')) is_domain = sql.Column(sql.Boolean, default=False, nullable=False, server_default='0') _tags = orm.relationship( 'ProjectTag', single_parent=True, lazy='subquery', cascade='all,delete-orphan', backref='project', primaryjoin='and_(ProjectTag.project_id==Project.id)') # Unique constraint across two columns to create the separation # rather than just only 'name' being unique __table_args__ = (sql.UniqueConstraint('domain_id', 'name'), ) @property def tags(self): if self._tags: return [tag.name for tag in self._tags] return [] @tags.setter def tags(self, values): new_tags = [] for tag in values: tag_ref = ProjectTag() tag_ref.project_id = self.id tag_ref.name = text_type(tag) new_tags.append(tag_ref) self._tags = new_tags
class AuthorizationCode(sql.ModelBase, sql.DictBase): __tablename__ = 'authorization_code_oauth2' attributes = ['code', 'consumer_id', 'authorizing_user_id', 'expires_at', 'scopes', 'state', 'redirect_uri', 'valid', 'extra'] code = sql.Column(sql.String(64), primary_key=True, nullable=False) consumer_id = sql.Column(sql.String(64), sql.ForeignKey('consumer_oauth2.id'), nullable=False, index=True) authorizing_user_id = sql.Column(sql.String(64), nullable=False) # TODO(garcianavalon) datetime type or similar? expires_at = sql.Column(sql.String(64), nullable=False) scopes = sql.Column(sql.JsonBlob(), nullable=True) state = sql.Column(sql.String(256), nullable=True) redirect_uri = sql.Column(sql.String(256), nullable=False) valid = sql.Column(sql.Boolean(), default=True, nullable=False) extra = sql.Column(sql.JsonBlob(), nullable=True)
class AccessToken(sql.ModelBase, sql.DictBase): __tablename__ = 'access_token_oauth2' attributes = ['id', 'consumer_id', 'authorizing_user_id', 'expires_at', 'scopes', 'refresh_token', 'valid', 'extra'] id = sql.Column(sql.String(64), primary_key=True, nullable=False) consumer_id = sql.Column(sql.String(64), sql.ForeignKey('consumer_oauth2.id'), nullable=False, index=True) # NOTE(garcianavalon) if the consumers uses the client credentials grant # there is no authorizing user, so it should be nullable. authorizing_user_id = sql.Column(sql.String(64), nullable=True) # TODO(garcianavalon) datetime type or similar? expires_at = sql.Column(sql.String(64), nullable=False) scopes = sql.Column(sql.JsonBlob(), nullable=True) refresh_token = sql.Column(sql.String(64), nullable=True) valid = sql.Column(sql.Boolean(), default=True, nullable=False) extra = sql.Column(sql.JsonBlob(), nullable=True)
class EndpointGroup(sql.ModelBase, sql.ModelDictMixin): """Endpoint Groups table.""" __tablename__ = 'endpoint_group' attributes = ['id', 'name', 'description', 'filters'] mutable_attributes = frozenset(['name', 'description', 'filters']) id = sql.Column(sql.String(64), primary_key=True) name = sql.Column(sql.String(255), nullable=False) description = sql.Column(sql.Text, nullable=True) filters = sql.Column(sql.JsonBlob(), nullable=False)
class Metadata(sql.ModelBase, sql.DictBase): __tablename__ = 'metadata' #__table_args__ = ( # sql.Index('idx_metadata_usertenant', 'user', 'tenant'), # ) user_id = sql.Column(sql.String(64), primary_key=True) tenant_id = sql.Column(sql.String(64), primary_key=True) data = sql.Column(sql.JsonBlob())
class AccessKey(sql.ModelBase, sql.DictBase): __tablename__ = 'access_key' attributes = ['id', 'user_id', 'password', 'enabled', 'default_project_id'] id = sql.Column(sql.String(64), primary_key=True) user_id = sql.Column(sql.String(64), sql.ForeignKey('user.id'), nullable=False) access_key_secret = sql.Column(sql.String(128)) extra = sql.Column(sql.JsonBlob())
class Service(sql.ModelBase, sql.DictBase): __tablename__ = 'service' attributes = ['id', 'type', 'enabled'] id = sql.Column(sql.String(64), primary_key=True) type = sql.Column(sql.String(255)) enabled = sql.Column(sql.Boolean, nullable=False, default=True, server_default=sqlalchemy.sql.expression.true()) extra = sql.Column(sql.JsonBlob()) endpoints = sqlalchemy.orm.relationship("Endpoint", backref="service")
class Endpoint(sql.ModelBase, sql.DictBase): __tablename__ = 'endpoint' attributes = ['id', 'region', 'service_id'] id = sql.Column(sql.String(64), primary_key=True) region = sql.Column('region', sql.String(255)) service_id = sql.Column(sql.String(64), sql.ForeignKey('service.id'), nullable=False) extra = sql.Column(sql.JsonBlob())
class SensitiveConfig(sql.ModelBase, sql.ModelDictMixin): __tablename__ = 'sensitive_config' domain_id = sql.Column(sql.String(64), primary_key=True) group = sql.Column(sql.String(255), primary_key=True) option = sql.Column(sql.String(255), primary_key=True) value = sql.Column(sql.JsonBlob(), nullable=False) def to_dict(self): d = super(SensitiveConfig, self).to_dict() d.pop('domain_id') return d
class Group(sql.ModelBase, sql.DictBase): __tablename__ = 'group' attributes = ['id', 'name', 'domain_id', 'description'] id = sql.Column(sql.String(64), primary_key=True) name = sql.Column(sql.String(64), nullable=False) domain_id = sql.Column(sql.String(64), nullable=False) description = sql.Column(sql.Text()) extra = sql.Column(sql.JsonBlob()) # Unique constraint across two columns to create the separation # rather than just only 'name' being unique __table_args__ = (sql.UniqueConstraint('domain_id', 'name'), {})