def create_project(self, tenant_id, tenant):
tenant = tenant.copy()
tenant.setdefault('enabled', True)
tenant['enabled'] = clean.project_enabled(tenant['enabled'])
tenant.setdefault('description', '')
tenant.setdefault('parent_id', None)
if tenant.get('parent_id') is not None:
parent_ref = self.get_project(tenant.get('parent_id'))
parents_list = self.list_project_parents(parent_ref['id'])
parents_list.append(parent_ref)
for ref in parents_list:
if ref.get('domain_id') != tenant.get('domain_id'):
raise exception.ForbiddenAction(
action=_('cannot create a project within a different '
'domain than its parents.'))
if not ref.get('enabled', True):
raise exception.ForbiddenAction(
action=_('cannot create a project in a '
'branch containing a disabled '
'project: %s') % ref['id'])
self._assert_max_hierarchy_depth(tenant.get('parent_id'),
parents_list)
ret = self.driver.create_project(tenant_id, tenant)
if SHOULD_CACHE(ret):
self.get_project.set(ret, self, tenant_id)
self.get_project_by_name.set(ret, self, ret['name'],
ret['domain_id'])
return ret
def update_project(self, project_id, project, initiator=None):
original_project = self.driver.get_project(project_id)
project = project.copy()
parent_id = original_project.get('parent_id')
if 'parent_id' in project and project.get('parent_id') != parent_id:
raise exception.ForbiddenAction(
action=_('Update of `parent_id` is not allowed.'))
if 'enabled' in project:
project['enabled'] = clean.project_enabled(project['enabled'])
# NOTE(rodrigods): for the current implementation we only allow to
# disable a project if all projects below it in the hierarchy are
# already disabled. This also means that we can not enable a
# project that has disabled parents.
original_project_enabled = original_project.get('enabled', True)
project_enabled = project.get('enabled', True)
if not original_project_enabled and project_enabled:
self._assert_all_parents_are_enabled(project_id)
if original_project_enabled and not project_enabled:
self._assert_whole_subtree_is_disabled(project_id)
self._disable_project(project_id)
ret = self.driver.update_project(project_id, project)
notifications.Audit.updated(self._PROJECT, project_id, initiator)
self.get_project.invalidate(self, project_id)
self.get_project_by_name.invalidate(self, original_project['name'],
original_project['domain_id'])
return ret
def create_project(self, tenant_id, tenant):
tenant = tenant.copy()
tenant.setdefault('enabled', True)
tenant['enabled'] = clean.project_enabled(tenant['enabled'])
tenant.setdefault('description', '')
tenant.setdefault('parent_id', None)
if tenant.get('parent_id') is not None:
parent_ref = self.get_project(tenant.get('parent_id'))
parents_list = self.list_project_parents(parent_ref['id'])
parents_list.append(parent_ref)
for ref in parents_list:
if ref.get('domain_id') != tenant.get('domain_id'):
raise exception.ForbiddenAction(
action=_('cannot create a project within a different '
'domain than its parents.'))
if not ref.get('enabled', True):
raise exception.ForbiddenAction(
action=_('cannot create a project in a '
'branch containing a disabled '
'project: %s') % ref['id'])
self._assert_max_hierarchy_depth(tenant.get('parent_id'),
parents_list)
ret = self.driver.create_project(tenant_id, tenant)
if SHOULD_CACHE(ret):
self.get_project.set(ret, self, tenant_id)
self.get_project_by_name.set(ret, self, ret['name'],
ret['domain_id'])
return ret
def update_project(self, tenant_id, tenant):
original_tenant = self.driver.get_project(tenant_id)
tenant = tenant.copy()
parent_id = original_tenant.get('parent_id')
if 'parent_id' in tenant and tenant.get('parent_id') != parent_id:
raise exception.ForbiddenAction(
action=_('Update of `parent_id` is not allowed.'))
if 'enabled' in tenant:
tenant['enabled'] = clean.project_enabled(tenant['enabled'])
# NOTE(rodrigods): for the current implementation we only allow to
# disable a project if all projects below it in the hierarchy are
# already disabled. This also means that we can not enable a
# project that has disabled parents.
original_tenant_enabled = original_tenant.get('enabled', True)
tenant_enabled = tenant.get('enabled', True)
if not original_tenant_enabled and tenant_enabled:
self._assert_all_parents_are_enabled(tenant_id)
if original_tenant_enabled and not tenant_enabled:
self._assert_whole_subtree_is_disabled(tenant_id)
self._disable_project(tenant_id)
ret = self.driver.update_project(tenant_id, tenant)
self.get_project.invalidate(self, tenant_id)
self.get_project_by_name.invalidate(self, original_tenant['name'],
original_tenant['domain_id'])
return ret
def create_project(self, project_id, project, initiator=None):
project = project.copy()
project.setdefault('enabled', True)
project['enabled'] = clean.project_enabled(project['enabled'])
project.setdefault('description', '')
project.setdefault('parent_id', None)
if project.get('parent_id') is not None:
parent_ref = self.get_project(project.get('parent_id'))
parents_list = self.list_project_parents(parent_ref['id'])
parents_list.append(parent_ref)
for ref in parents_list:
if ref.get('domain_id') != project.get('domain_id'):
raise exception.ForbiddenAction(
action=_('cannot create a project within a different '
'domain than its parents.'))
if not ref.get('enabled', True):
raise exception.ForbiddenAction(
action=_('cannot create a project in a '
'branch containing a disabled '
'project: %s') % ref['id'])
self._assert_max_hierarchy_depth(project.get('parent_id'),
parents_list)
ret = self.driver.create_project(project_id, project)
notifications.Audit.created(self._PROJECT, project_id, initiator)
if MEMOIZE.should_cache(ret):
self.get_project.set(ret, self, project_id)
self.get_project_by_name.set(ret, self, ret['name'],
ret['domain_id'])
return ret
def update_project(self, tenant_id, tenant_ref):
tenant = tenant_ref.copy()
if "enabled" in tenant:
tenant["enabled"] = clean.project_enabled(tenant["enabled"])
ret = self.driver.update_project(tenant_id, tenant_ref)
self.get_project.invalidate(self, tenant_id)
self.get_project_by_name.invalidate(self, ret["name"], ret["domain_id"])
return ret
def update_project(self, tenant_id, tenant_ref):
tenant = tenant_ref.copy()
if 'enabled' in tenant:
tenant['enabled'] = clean.project_enabled(tenant['enabled'])
ret = self.driver.update_project(tenant_id, tenant_ref)
self.get_project.invalidate(self, tenant_id)
self.get_project_by_name.invalidate(self, ret['name'],
ret['domain_id'])
return ret
def update_project(self, tenant_id, tenant_ref):
tenant = tenant_ref.copy()
if 'enabled' in tenant:
tenant['enabled'] = clean.project_enabled(tenant['enabled'])
ret = self.driver.update_project(tenant_id, tenant_ref)
self.get_project.invalidate(self, tenant_id)
self.get_project_by_name.invalidate(self, ret['name'],
ret['domain_id'])
return ret
def create_project(self, tenant_id, tenant_ref):
tenant = tenant_ref.copy()
tenant.setdefault("enabled", True)
tenant["enabled"] = clean.project_enabled(tenant["enabled"])
tenant.setdefault("description", "")
ret = self.driver.create_project(tenant_id, tenant_ref)
if SHOULD_CACHE(ret):
self.get_project.set(ret, self, tenant_id)
self.get_project_by_name.set(ret, self, ret["name"], ret["domain_id"])
return ret
def update_project(self, tenant_id, tenant):
tenant = tenant.copy()
if "enabled" in tenant:
tenant["enabled"] = clean.project_enabled(tenant["enabled"])
if not tenant.get("enabled", True):
self._disable_project(tenant_id)
ret = self.driver.update_project(tenant_id, tenant)
self.get_project.invalidate(self, tenant_id)
self.get_project_by_name.invalidate(self, ret["name"], ret["domain_id"])
return ret
def create_project(self, tenant_id, tenant):
tenant = tenant.copy()
tenant.setdefault('enabled', True)
tenant['enabled'] = clean.project_enabled(tenant['enabled'])
tenant.setdefault('description', '')
ret = self.driver.create_project(tenant_id, tenant)
if SHOULD_CACHE(ret):
self.get_project.set(ret, self, tenant_id)
self.get_project_by_name.set(ret, self, ret['name'],
ret['domain_id'])
return ret
def create_project(self, tenant_id, tenant):
tenant = tenant.copy()
tenant.setdefault('enabled', True)
tenant['enabled'] = clean.project_enabled(tenant['enabled'])
tenant.setdefault('description', '')
ret = self.driver.create_project(tenant_id, tenant)
if SHOULD_CACHE(ret):
self.get_project.set(ret, self, tenant_id)
self.get_project_by_name.set(ret, self, ret['name'],
ret['domain_id'])
return ret
def update_project(self, tenant_id, tenant):
tenant = tenant.copy()
if 'enabled' in tenant:
tenant['enabled'] = clean.project_enabled(tenant['enabled'])
if not tenant.get('enabled', True):
self._disable_project(tenant_id)
ret = self.driver.update_project(tenant_id, tenant)
self.get_project.invalidate(self, tenant_id)
self.get_project_by_name.invalidate(self, ret['name'],
ret['domain_id'])
return ret
def update_project(self, tenant_id, tenant):
tenant = tenant.copy()
if 'enabled' in tenant:
tenant['enabled'] = clean.project_enabled(tenant['enabled'])
if not tenant.get('enabled', True):
self._disable_project(tenant_id)
ret = self.driver.update_project(tenant_id, tenant)
self.get_project.invalidate(self, tenant_id)
self.get_project_by_name.invalidate(self, ret['name'],
ret['domain_id'])
return ret
def update_project(self, tenant_id, tenant):
tenant = tenant.copy()
if 'enabled' in tenant:
tenant['enabled'] = clean.project_enabled(tenant['enabled'])
if not tenant.get('enabled', True):
self.token_api.delete_tokens_for_users(
self.list_user_ids_for_project(tenant_id),
project_id=tenant_id)
ret = self.driver.update_project(tenant_id, tenant)
self.get_project.invalidate(self, tenant_id)
self.get_project_by_name.invalidate(self, ret['name'],
ret['domain_id'])
return ret
def update_project(self, tenant_id, tenant):
tenant = tenant.copy()
if 'enabled' in tenant:
tenant['enabled'] = clean.project_enabled(tenant['enabled'])
if not tenant.get('enabled', True):
self.token_api.delete_tokens_for_users(
self.list_user_ids_for_project(tenant_id),
project_id=tenant_id)
ret = self.driver.update_project(tenant_id, tenant)
self.get_project.invalidate(self, tenant_id)
self.get_project_by_name.invalidate(self, ret['name'],
ret['domain_id'])
return ret
def update_project(self, tenant_id, tenant):
original_tenant = self.driver.get_project(tenant_id)
tenant = tenant.copy()
parent_id = original_tenant['parent_id']
if ('parent_id' in tenant and tenant['parent_id'] != parent_id):
raise exception.ForbiddenAction(
action=_('Update of `parent_id` is not allowed.'))
if 'enabled' in tenant:
tenant['enabled'] = clean.project_enabled(tenant['enabled'])
if (original_tenant.get('enabled', True)
and not tenant.get('enabled', True)):
self._disable_project(tenant_id)
ret = self.driver.update_project(tenant_id, tenant)
self.get_project.invalidate(self, tenant_id)
self.get_project_by_name.invalidate(self, original_tenant['name'],
original_tenant['domain_id'])
return ret
def update_project(self, tenant_id, tenant):
original_tenant = self.driver.get_project(tenant_id)
tenant = tenant.copy()
parent_id = original_tenant['parent_id']
if ('parent_id' in tenant and
tenant['parent_id'] != parent_id):
raise exception.ForbiddenAction(
action=_('Update of `parent_id` is not allowed.'))
if 'enabled' in tenant:
tenant['enabled'] = clean.project_enabled(tenant['enabled'])
if (original_tenant.get('enabled', True) and
not tenant.get('enabled', True)):
self._disable_project(tenant_id)
ret = self.driver.update_project(tenant_id, tenant)
self.get_project.invalidate(self, tenant_id)
self.get_project_by_name.invalidate(self, original_tenant['name'],
original_tenant['domain_id'])
return ret
def create_project(self, tenant_id, tenant):
tenant = tenant.copy()
tenant.setdefault('enabled', True)
tenant['enabled'] = clean.project_enabled(tenant['enabled'])
tenant.setdefault('description', '')
tenant.setdefault('parent_id', None)
if ('parent_id' in tenant and tenant['parent_id'] is not None):
parent = self.driver.get_project(tenant['parent_id'])
if parent['domain_id'] != tenant['domain_id']:
raise exception.ForbiddenAction(
action=_('cannot create a project with a different '
'domain than its parent.'))
self._check_hierarchy_depth(tenant['parent_id'])
ret = self.driver.create_project(tenant_id, tenant)
if SHOULD_CACHE(ret):
self.get_project.set(ret, self, tenant_id)
self.get_project_by_name.set(ret, self, ret['name'],
ret['domain_id'])
return ret
def create_project(self, tenant_id, tenant):
tenant = tenant.copy()
tenant.setdefault('enabled', True)
tenant['enabled'] = clean.project_enabled(tenant['enabled'])
tenant.setdefault('description', '')
tenant.setdefault('parent_id', None)
if ('parent_id' in tenant and
tenant['parent_id'] is not None):
parent = self.driver.get_project(tenant['parent_id'])
if parent['domain_id'] != tenant['domain_id']:
raise exception.ForbiddenAction(
action=_('cannot create a project with a different '
'domain than its parent.'))
self._check_hierarchy_depth(tenant['parent_id'])
ret = self.driver.create_project(tenant_id, tenant)
if SHOULD_CACHE(ret):
self.get_project.set(ret, self, tenant_id)
self.get_project_by_name.set(ret, self, ret['name'],
ret['domain_id'])
return ret
def create_project(self, context, tenant_id, tenant_ref):
tenant = tenant_ref.copy()
tenant.setdefault('enabled', True)
tenant['enabled'] = clean.project_enabled(tenant['enabled'])
tenant.setdefault('description', '')
return self.driver.create_project(tenant_id, tenant)
def update_project(self, context, tenant_id, tenant_ref):
tenant = tenant_ref.copy()
if 'enabled' in tenant:
tenant['enabled'] = clean.project_enabled(tenant['enabled'])
return self.driver.update_project(tenant_id, tenant)
def update_project(self, tenant_id, tenant_ref):
tenant = tenant_ref.copy()
if 'enabled' in tenant:
tenant['enabled'] = clean.project_enabled(tenant['enabled'])
return self.assignment_api.update_project(tenant_id, tenant)
def create_project(self, tenant_id, tenant_ref):
tenant = tenant_ref.copy()
tenant.setdefault('enabled', True)
tenant['enabled'] = clean.project_enabled(tenant['enabled'])
tenant.setdefault('description', '')
return self.assignment_api.create_project(tenant_id, tenant)
