def delete_project_by_vo(self, project_vo):
project_group_id = project_vo.project_group_id
project_vo.delete()
if project_group_id:
cache.delete_pattern(f'project-path:*{project_group_id}*')
cache.delete_pattern(f'project-group-children:*{project_group_id}')
cache.delete_pattern(f'role-bindings:*{project_group_id}*')
cache.delete_pattern(f'role-bindings:*:')
cache.delete_pattern(f'user-scopes:*{project_group_id}*')
self._delete_parent_project_group_cache(project_vo.project_group)
def enable_user(self, user_id, domain_id):
def _rollback(old_data):
_LOGGER.info(f'[enable_user._rollback] Revert Data : {old_data}')
user_vo.update(old_data)
user_vo: User = self.get_user(user_id, domain_id)
if user_vo.state != 'ENABLED':
self.transaction.add_rollback(_rollback, user_vo.to_dict())
user_vo.update({'state': 'ENABLED'})
cache.delete_pattern(f'user-state:{domain_id}:{user_id}')
return user_vo
def update_role(self, params):
def _rollback(old_data):
_LOGGER.info(
f'[update_role._rollback] Revert Data : {old_data["name"], ({old_data["role_id"]})}'
)
role_vo.update(old_data)
role_vo: Role = self.get_role(params['role_id'], params['domain_id'])
self.transaction.add_rollback(_rollback, role_vo.to_dict())
cache.delete_pattern(f'role-permissions:*{params["role_id"]}')
cache.delete_pattern(f'user-permissions:*{params["role_id"]}*')
return role_vo.update(params)
def delete_user(self, user_id, domain_id):
user_vo = self.get_user(user_id, domain_id)
user_vo.delete()
cache.delete_pattern(f'user-state:{domain_id}:{user_id}')
cache.delete_pattern(f'role-bindings:{domain_id}:{user_id}*')
cache.delete_pattern(f'user-permissions:{domain_id}:{user_id}*')
cache.delete_pattern(f'user-scopes:{domain_id}:{user_id}*')
def disable_domain(self, domain_id):
def _rollback(old_data):
_LOGGER.info(
f'[disable_domain._rollback] Revert Data : {old_data["name"]} ({old_data["domain_id"]})'
)
domain_vo.update(old_data)
domain_vo: Domain = self.get_domain(domain_id)
if domain_vo.state != 'DISABLED':
self.transaction.add_rollback(_rollback, domain_vo.to_dict())
domain_vo.update({'state': 'DISABLED'})
cache.delete_pattern(f'domain-state:{domain_id}')
return domain_vo
def delete_project_group_by_vo(self, project_group_vo):
project_group_vo.delete()
cache.delete_pattern(
f'project-path:*{project_group_vo.project_group_id}*')
cache.delete_pattern(
f'role-bindings:*{project_group_vo.project_group_id}*')
cache.delete_pattern(f'role-bindings:*:')
cache.delete_pattern(
f'user-scopes:*{project_group_vo.project_group_id}*')
self._delete_parent_project_group_cache(project_group_vo)
def delete_role_binding_by_vo(self, role_binding_vo):
resource_id = role_binding_vo.resource_id
domain_id = role_binding_vo.domain_id
role_binding_vo.delete()
cache.delete_pattern(f'role-bindings:{domain_id}:{resource_id}*')
cache.delete_pattern(f'user-permissions:{domain_id}:{resource_id}*')
cache.delete_pattern(f'user-scopes:{domain_id}:{resource_id}*')
def create_project(self, params):
def _rollback(project_vo):
_LOGGER.info(
f'[create_project._rollback] Delete project : {project_vo.name} ({project_vo.project_id})'
)
project_vo.delete()
project_vo: Project = self.project_model.create(params)
self.transaction.add_rollback(_rollback, project_vo)
project_group_id = params['project_group_id']
cache.delete_pattern(f'project-path:*{project_group_id}*')
cache.delete_pattern(f'role-bindings:*{project_group_id}*')
cache.delete_pattern(f'user-scopes:*{project_group_id}*')
self._delete_parent_project_group_cache(params['project_group'])
return project_vo
def update_project_group_by_vo(self, params, project_group_vo):
def _rollback(old_data):
_LOGGER.info(
f'[update_project_group._rollback] Revert Data : {old_data["name"]} ({old_data["project_group_id"]})'
)
project_group_vo.update(old_data)
self.transaction.add_rollback(_rollback, project_group_vo.to_dict())
if params.get('parent_project_group') is not None:
parent_project_group_id = params['parent_project_group_id']
project_group_id = project_group_vo.project_group_id
if parent_project_group_id is not None:
cache.delete_pattern(
f'project-path:*{parent_project_group_id}*')
cache.delete_pattern(
f'role-bindings:*{parent_project_group_id}*')
cache.delete_pattern(
f'user-scopes:*{parent_project_group_id}*')
self._delete_parent_project_group_cache(
params['parent_project_group'])
cache.delete_pattern(f'project-path:*{project_group_id}*')
cache.delete_pattern(f'role-bindings:*{project_group_id}*')
cache.delete_pattern(f'user-scopes:*{project_group_id}*')
self._delete_parent_project_group_cache(project_group_vo)
return project_group_vo.update(params)
def _delete_parent_project_group_cache(self, project_group_vo):
cache.delete_pattern(
f'project-group-children:*{project_group_vo.project_group_id}')
if project_group_vo.parent_project_group:
self._delete_parent_project_group_cache(
project_group_vo.parent_project_group)
def delete_domain(self, domain_id):
domain_vo: Domain = self.get_domain(domain_id)
domain_vo.delete()
cache.delete_pattern(f'domain-state:{domain_id}')
def update_project_by_vo(self, params, project_vo):
def _rollback(old_data):
_LOGGER.info(
f'[update_project._rollback] Revert Data : {old_data["name"]} ({old_data["project_id"]})'
)
project_vo.update(old_data)
self.transaction.add_rollback(_rollback, project_vo.to_dict())
if 'project_group' in params:
new_project_group_id = params['project_group_id']
old_project_group_id = project_vo.project_group.project_group_id
cache.delete_pattern(f'project-path:*{new_project_group_id}*')
cache.delete_pattern(f'project-path:*{old_project_group_id}*')
cache.delete_pattern(f'role-bindings:*{new_project_group_id}*')
cache.delete_pattern(f'role-bindings:*{old_project_group_id}*')
cache.delete_pattern(f'user-scopes:*{new_project_group_id}*')
cache.delete_pattern(f'user-scopes:*{old_project_group_id}*')
self._delete_parent_project_group_cache(params['project_group'])
self._delete_parent_project_group_cache(project_vo.project_group)
return project_vo.update(params)
def _delete_role_cache(self, policy_vo):
role_vos = self._get_roles_using_policy(policy_vo)
for role_vo in role_vos:
cache.delete_pattern(f'role-permissions:*{role_vo.role_id}')
cache.delete_pattern(f'user-permissions:*{role_vo.role_id}*')
def delete_role(self, role_id, domain_id):
role_vo = self.get_role(role_id, domain_id)
role_vo.delete()
cache.delete_pattern(f'role-permissions:*{role_id}')
cache.delete_pattern(f'user-permissions:*{role_id}*')
def create_role_binding(self, params):
def _rollback(role_binding_vo):
_LOGGER.info(
f'[create_role_binding._rollback] Delete role binding : {role_binding_vo.name} ({role_binding_vo.role_binding_id})'
)
role_binding_vo.delete()
resource_type = params['resource_type']
resource_id = params['resource_id']
role_id = params['role_id']
project_id = params.get('project_id')
project_group_id = params.get('project_group_id')
domain_id = params['domain_id']
role_mgr: RoleManager = self.locator.get_manager('RoleManager')
project_mgr: ProjectManager = self.locator.get_manager(
'ProjectManager')
project_group_mgr: ProjectGroupManager = self.locator.get_manager(
'ProjectGroupManager')
user_mgr: UserManager = self.locator.get_manager('UserManager')
self._check_resource_type(resource_type)
if resource_type == 'identity.User':
params['user'] = user_mgr.get_user(resource_id, domain_id)
role_vo = role_mgr.get_role(role_id, domain_id)
self._check_role_type(role_vo.role_type, resource_type, resource_id,
domain_id)
params['role'] = role_vo
if role_vo.role_type == 'PROJECT':
if project_id:
project_vo = project_mgr.get_project(project_id, domain_id)
self._check_duplicate_project_role(resource_type, resource_id,
project_vo, project_id)
params['project'] = project_vo
elif project_group_id:
project_group_vo = project_group_mgr.get_project_group(
project_group_id, domain_id)
self._check_duplicate_project_group_role(
resource_type, resource_id, project_group_vo,
project_group_id)
params['project_group'] = project_group_vo
else:
raise ERROR_REQUIRED_PROJECT_OR_PROJECT_GROUP()
else:
self._check_duplicate_domain_or_system_role(
resource_type, resource_id, role_vo, role_id)
if project_id:
raise ERROR_NOT_ALLOWED_PROJECT_ID()
elif project_group_id:
raise ERROR_NOT_ALLOWED_PROJECT_GROUP_ID()
role_binding_vo = self.role_binding_model.create(params)
self.transaction.add_rollback(_rollback, role_binding_vo)
cache.delete_pattern(f'role-bindings:{domain_id}:{resource_id}*')
cache.delete_pattern(f'user-permissions:{domain_id}:{resource_id}*')
cache.delete_pattern(f'user-scopes:{domain_id}:{resource_id}*')
return role_binding_vo
