def test_class_is_properly_deprecated(self, mock_reporter):
Driver = manager.create_legacy_driver(catalog.CatalogDriverV8)
# NOTE(dstanek): I want to subvert the requirement for this
# class to implement all of the abstractmethods.
Driver.__abstractmethods__ = set()
impl = Driver()
details = {
'as_of': 'Liberty',
'what': 'keystone.catalog.core.Driver',
'in_favor_of': 'keystone.catalog.core.CatalogDriverV8',
'remove_in': 'N',
}
mock_reporter.assert_called_with(mock.ANY, mock.ANY, details)
self.assertIsInstance(impl, catalog.CatalogDriverV8)
def test_class_is_properly_deprecated(self, mock_reporter):
Driver = manager.create_legacy_driver(catalog.CatalogDriverV8)
# NOTE(dstanek): I want to subvert the requirement for this
# class to implement all of the abstract methods.
Driver.__abstractmethods__ = set()
impl = Driver()
details = {
'as_of': 'Liberty',
'what': 'keystone.catalog.core.Driver',
'in_favor_of': 'keystone.catalog.core.CatalogDriverV8',
'remove_in': 'N',
}
mock_reporter.assert_called_with(mock.ANY, mock.ANY, details)
self.assertIsInstance(impl, catalog.CatalogDriverV8)
@abc.abstractmethod
def remove_endpoint_group_from_project(self, endpoint_group_id,
project_id):
"""Remove an endpoint to project association.
:param endpoint_group_id: identity of endpoint to associate
:type endpoint_group_id: string
:param project_id: identity of project to associate
:type project_id: string
:raises keystone.exception.NotFound: If endpoint group project
association was not found.
:returns: None.
"""
raise exception.NotImplemented() # pragma: no cover
@abc.abstractmethod
def delete_endpoint_group_association_by_project(self, project_id):
"""Remove endpoint group to project associations.
:param project_id: identity of the project to check
:type project_id: string
:returns: None
"""
raise exception.NotImplemented() # pragma: no cover
Driver = manager.create_legacy_driver(CatalogDriverV8)
service_v3 = {
'type': service_type,
'endpoints': []
}
for attr, value in service.items():
# Attributes that end in URL are interfaces. In the V2
# catalog, these are internalURL, publicURL, and adminURL.
# For example, <region_name>.publicURL=<URL> in the V2
# catalog becomes the V3 interface for the service:
# { 'interface': 'public', 'url': '<URL>', 'region':
# 'region: '<region_name>' }
if attr.endswith('URL'):
v3_interface = attr[:-len('URL')]
service_v3['endpoints'].append({
'interface': v3_interface,
'region': region_name,
'url': value,
})
continue
# Other attributes are copied to the service.
service_v3[attr] = value
v3_catalog.append(service_v3)
return v3_catalog
Driver = manager.create_legacy_driver(CatalogDriverV8)
:type service_id: string
:returns: None
"""
raise exception.NotImplemented() # pragma: no cover
@abc.abstractmethod
def delete_association_by_region(self, region_id):
"""Removes all the policy associations with the specific region.
:param region_id: identity of endpoint to check
:type region_id: string
:returns: None
"""
raise exception.NotImplemented() # pragma: no cover
@abc.abstractmethod
def delete_association_by_policy(self, policy_id):
"""Removes all the policy associations with the specific policy.
:param policy_id: identity of endpoint to check
:type policy_id: string
:returns: None
"""
raise exception.NotImplemented() # pragma: no cover
Driver = manager.create_legacy_driver(EndpointPolicyDriverV8)
:type sp: dict
:returns: sp_ref
:rtype: dict
:raises keystone.exception.ServiceProviderNotFound: If the service
provider doesn't exist.
"""
raise exception.NotImplemented() # pragma: no cover
def get_enabled_service_providers(self):
"""List enabled service providers for Service Catalog
Service Provider in a catalog contains three attributes: ``id``,
``auth_url``, ``sp_url``, where:
- id is a unique, user defined identifier for service provider object
- auth_url is an authentication URL of remote Keystone
- sp_url a URL accessible at the remote service provider where SAML
assertion is transmitted.
:returns: list of dictionaries with enabled service providers
:rtype: list of dicts
"""
raise exception.NotImplemented() # pragma: no cover
Driver = manager.create_legacy_driver(FederationDriverV8)
:param user_id: identity of the user
:type user_id: string
:param tenant_id: identity of the tenant
:type tenant_id: string
:param trust_id: identity of the trust
:type trust_id: string
:param consumer_id: identity of the consumer
:type consumer_id: string
:returns: list of token_id's
"""
raise exception.NotImplemented() # pragma: no cover
@abc.abstractmethod
def list_revoked_tokens(self):
"""Returns a list of all revoked tokens
:returns: list of token_id's
"""
raise exception.NotImplemented() # pragma: no cover
@abc.abstractmethod
def flush_expired_tokens(self):
"""Archive or delete tokens that have expired.
"""
raise exception.NotImplemented() # pragma: no cover
Driver = manager.create_legacy_driver(TokenDriverV8)
raise exception.NotImplemented() # pragma: no cover
@abc.abstractmethod
def list_trusts(self):
raise exception.NotImplemented() # pragma: no cover
@abc.abstractmethod
def list_trusts_for_trustee(self, trustee):
raise exception.NotImplemented() # pragma: no cover
@abc.abstractmethod
def list_trusts_for_trustor(self, trustor):
raise exception.NotImplemented() # pragma: no cover
@abc.abstractmethod
def delete_trust(self, trust_id):
raise exception.NotImplemented() # pragma: no cover
@abc.abstractmethod
def consume_use(self, trust_id):
"""Consume one use when a trust was created with a limitation on its
uses, provided there are still uses available.
:raises: keystone.exception.TrustUseLimitReached,
keystone.exception.TrustNotFound
"""
raise exception.NotImplemented() # pragma: no cover
Driver = manager.create_legacy_driver(TrustDriverV8)
@abc.abstractmethod
def authorize_request_token(self, request_token_id, user_id, role_ids):
"""Authorize request token.
:param request_token_id: the id of the request token, to be authorized
:type request_token_id: string
:param user_id: the id of the authorizing user
:type user_id: string
:param role_ids: list of role ids to authorize
:type role_ids: list
:returns: verifier
"""
raise exception.NotImplemented() # pragma: no cover
@abc.abstractmethod
def create_access_token(self, request_id, access_token_duration):
"""Create access token.
:param request_id: the id of the request token, to be deleted
:type request_id: string
:param access_token_duration: duration of an access token
:type access_token_duration: string
:returns: access_token_ref
"""
raise exception.NotImplemented() # pragma: no cover
Driver = manager.create_legacy_driver(Oauth1DriverV8)
@versionutils.deprecated(
versionutils.deprecated.NEWTON,
what='keystone.federation.FederationDriverV8',
in_favor_of='keystone.federation.backends.base.FederationDriverV8',
remove_in=+1)
class FederationDriverV8(base.FederationDriverV8):
pass
@versionutils.deprecated(
versionutils.deprecated.NEWTON,
what='keystone.federation.FederationDriverV9',
in_favor_of='keystone.federation.backends.base.FederationDriverV9',
remove_in=+1)
class FederationDriverV9(base.FederationDriverV9):
pass
@versionutils.deprecated(
versionutils.deprecated.NEWTON,
what='keystone.federation.V9FederationWrapperForV8Driver',
in_favor_of=(
'keystone.federation.backends.base.V9FederationWrapperForV8Driver'),
remove_in=+1)
class V9FederationWrapperForV8Driver(base.V9FederationWrapperForV8Driver):
pass
Driver = manager.create_legacy_driver(base.FederationDriverV8)
:raises: keystone.exception.RoleNotFound
"""
raise exception.NotImplemented() # pragma: no cover
@abc.abstractmethod
def delete_group_assignments(self, group_id):
"""Deletes all assignments for a group.
:raises: keystone.exception.RoleNotFound
"""
raise exception.NotImplemented() # pragma: no cover
Driver = manager.create_legacy_driver(AssignmentDriverV8)
@dependency.provider('role_api')
@dependency.requires('assignment_api')
class RoleManager(manager.Manager):
"""Default pivot point for the Role backend."""
driver_namespace = 'keystone.role'
_ROLE = 'role'
def __init__(self):
# If there is a specific driver specified for role, then use it.
# Otherwise retrieve the driver type from the assignment driver.
role_driver = CONF.role.driver
raise exception.NotImplemented() # pragma: no cover
@abc.abstractmethod
def remove_endpoint_group_from_project(self, endpoint_group_id,
project_id):
"""Remove an endpoint to project association.
:param endpoint_group_id: identity of endpoint to associate
:type endpoint_group_id: string
:param project_id: identity of project to associate
:type project_id: string
:raises: exception.NotFound
:returns: None.
"""
raise exception.NotImplemented() # pragma: no cover
@abc.abstractmethod
def delete_endpoint_group_association_by_project(self, project_id):
"""Remove endpoint group to project associations.
:param project_id: identity of the project to check
:type project_id: string
:returns: None
"""
raise exception.NotImplemented() # pragma: no cover
Driver = manager.create_legacy_driver(EndpointFilterDriverV8)
@abc.abstractmethod
def authorize_request_token(self, request_token_id, user_id, role_ids):
"""Authorize request token.
:param request_token_id: the id of the request token, to be authorized
:type request_token_id: string
:param user_id: the id of the authorizing user
:type user_id: string
:param role_ids: list of role ids to authorize
:type role_ids: list
:returns: verifier
"""
raise exception.NotImplemented() # pragma: no cover
@abc.abstractmethod
def create_access_token(self, request_id, access_token_duration):
"""Create access token.
:param request_id: the id of the request token, to be deleted
:type request_id: string
:param access_token_duration: duration of an access token
:type access_token_duration: string
:returns: access_token_ref
"""
raise exception.NotImplemented() # pragma: no cover
Driver = manager.create_legacy_driver(Oauth1DriverV8)
raise exception.NotImplemented() # pragma: no cover
@abc.abstractmethod
def remove_endpoint_group_from_project(self, endpoint_group_id,
project_id):
"""Remove an endpoint to project association.
:param endpoint_group_id: identity of endpoint to associate
:type endpoint_group_id: string
:param project_id: identity of project to associate
:type project_id: string
:raises: exception.NotFound
:returns: None.
"""
raise exception.NotImplemented() # pragma: no cover
@abc.abstractmethod
def delete_endpoint_group_association_by_project(self, project_id):
"""Remove endpoint group to project associations.
:param project_id: identity of the project to check
:type project_id: string
:returns: None
"""
raise exception.NotImplemented() # pragma: no cover
Driver = manager.create_legacy_driver(EndpointFilterDriverV8)
return self.driver.create_credential(credential_id, credential)
def _validate_credential_update(self, credential_id, credential):
# ec2 credentials require a "project_id" to be functional. Before we
# update, check the case where a non-ec2 credential changes its type
# to be "ec2", but has no associated "project_id", either in the
# request or already set in the database
if (credential.get('type', '').lower() == 'ec2'
and not credential.get('project_id')):
existing_cred = self.get_credential(credential_id)
if not existing_cred['project_id']:
raise exception.ValidationError(attribute='project_id',
target='credential')
def update_credential(self, credential_id, credential):
"""Update an existing credential."""
self._validate_credential_update(credential_id, credential)
return self.driver.update_credential(credential_id, credential)
@versionutils.deprecated(
versionutils.deprecated.NEWTON,
what='keystone.credential.CredentialDriverV8',
in_favor_of='keystone.credential.backends.base.CredentialDriverV8',
remove_in=+1)
class AuthMethodHandler(base.CredentialDriverV8):
pass
Driver = manager.create_legacy_driver(base.CredentialDriverV8)
:param user_id: identity of the user
:type user_id: string
:param tenant_id: identity of the tenant
:type tenant_id: string
:param trust_id: identity of the trust
:type trust_id: string
:param consumer_id: identity of the consumer
:type consumer_id: string
:returns: list of token_id's
"""
raise exception.NotImplemented() # pragma: no cover
@abc.abstractmethod
def list_revoked_tokens(self):
"""Returns a list of all revoked tokens
:returns: list of token_id's
"""
raise exception.NotImplemented() # pragma: no cover
@abc.abstractmethod
def flush_expired_tokens(self):
"""Archive or delete tokens that have expired."""
raise exception.NotImplemented() # pragma: no cover
Driver = manager.create_legacy_driver(TokenDriverV8)
:type service_id: string
:returns: None
"""
raise exception.NotImplemented() # pragma: no cover
@abc.abstractmethod
def delete_association_by_region(self, region_id):
"""Remove all the policy associations with the specific region.
:param region_id: identity of endpoint to check
:type region_id: string
:returns: None
"""
raise exception.NotImplemented() # pragma: no cover
@abc.abstractmethod
def delete_association_by_policy(self, policy_id):
"""Remove all the policy associations with the specific policy.
:param policy_id: identity of endpoint to check
:type policy_id: string
:returns: None
"""
raise exception.NotImplemented() # pragma: no cover
Driver = manager.create_legacy_driver(EndpointPolicyDriverV8)
@six.add_metaclass(abc.ABCMeta)
class RevokeDriverV8(object):
"""Interface for recording and reporting revocation events."""
@abc.abstractmethod
def list_events(self, last_fetch=None):
"""return the revocation events, as a list of objects
:param last_fetch: Time of last fetch. Return all events newer.
:returns: A list of keystone.revoke.model.RevokeEvent
newer than `last_fetch.`
If no last_fetch is specified, returns all events
for tokens issued after the expiration cutoff.
"""
raise exception.NotImplemented() # pragma: no cover
@abc.abstractmethod
def revoke(self, event):
"""register a revocation event
:param event: An instance of
keystone.revoke.model.RevocationEvent
"""
raise exception.NotImplemented() # pragma: no cover
Driver = manager.create_legacy_driver(RevokeDriverV8)
"""
raise exception.NotImplemented() # pragma: no cover
@abc.abstractmethod
def delete_credentials_for_project(self, project_id):
"""Deletes all credentials for a project."""
self._delete_credentials(lambda cr: cr["project_id"] == project_id)
@abc.abstractmethod
def delete_credentials_for_user(self, user_id):
"""Deletes all credentials for a user."""
self._delete_credentials(lambda cr: cr["user_id"] == user_id)
def _delete_credentials(self, match_fn):
"""Do the actual credential deletion work (default implementation).
:param match_fn: function that takes a credential dict as the
parameter and returns true or false if the
identifier matches the credential dict.
"""
for cr in self.list_credentials():
if match_fn(cr):
try:
self.credential_api.delete_credential(cr["id"])
except exception.CredentialNotFound:
LOG.debug("Deletion of credential is not required: %s", cr["id"])
Driver = manager.create_legacy_driver(CredentialDriverV8)
role_id=role_id))
def check_token(self, token_values):
"""Check the values from a token against the revocation list.
:param token_values: dictionary of values from a token, normalized for
differences between v2 and v3. The checked values
are a subset of the attributes of model.TokenEvent
:raises keystone.exception.TokenNotFound: If the token is invalid.
"""
if revoke_model.is_revoked(self.list_events(), token_values):
raise exception.TokenNotFound(_('Failed to validate token'))
def revoke(self, event):
self.driver.revoke(event)
REVOKE_REGION.invalidate()
@versionutils.deprecated(
versionutils.deprecated.NEWTON,
what='keystone.revoke.RevokeDriverV8',
in_favor_of='keystone.revoke.backends.base.RevokeDriverV8',
remove_in=+1)
class RevokeDriverV8(base.RevokeDriverV8):
pass
Driver = manager.create_legacy_driver(base.RevokeDriverV8)
def list_trusts(self):
raise exception.NotImplemented() # pragma: no cover
@abc.abstractmethod
def list_trusts_for_trustee(self, trustee):
raise exception.NotImplemented() # pragma: no cover
@abc.abstractmethod
def list_trusts_for_trustor(self, trustor):
raise exception.NotImplemented() # pragma: no cover
@abc.abstractmethod
def delete_trust(self, trust_id):
raise exception.NotImplemented() # pragma: no cover
@abc.abstractmethod
def consume_use(self, trust_id):
"""Consume one use of a trust.
One use of a trust is consumed when the trust was created with a
limitation on its uses, provided there are still uses available.
:raises keystone.exception.TrustUseLimitReached: If no remaining uses
for trust.
:raises keystone.exception.TrustNotFound: If the trust doesn't exist.
"""
raise exception.NotImplemented() # pragma: no cover
Driver = manager.create_legacy_driver(TrustDriverV8)
raise exception.PolicyNotFound(policy_id=policy_id)
notifications.Audit.updated(self._POLICY, policy_id, initiator)
return ref
@manager.response_truncated
def list_policies(self, hints=None):
# NOTE(henry-nash): Since the advantage of filtering or list limiting
# of policies at the driver level is minimal, we leave this to the
# caller.
return self.driver.list_policies()
def delete_policy(self, policy_id, initiator=None):
try:
ret = self.driver.delete_policy(policy_id)
except exception.NotFound:
raise exception.PolicyNotFound(policy_id=policy_id)
notifications.Audit.deleted(self._POLICY, policy_id, initiator)
return ret
@versionutils.deprecated(
versionutils.deprecated.NEWTON,
what='keystone.policy.PolicyDriverV8',
in_favor_of='keystone.policy.backends.base.PolicyDriverV8',
remove_in=+1)
class PolicyDriverV8(base.PolicyDriverV8):
pass
Driver = manager.create_legacy_driver(base.PolicyDriverV8)
@abc.abstractmethod
def get_policy(self, policy_id):
"""Retrieve a specific policy blob.
:raises: keystone.exception.PolicyNotFound
"""
raise exception.NotImplemented() # pragma: no cover
@abc.abstractmethod
def update_policy(self, policy_id, policy):
"""Update a policy blob.
:raises: keystone.exception.PolicyNotFound
"""
raise exception.NotImplemented() # pragma: no cover
@abc.abstractmethod
def delete_policy(self, policy_id):
"""Remove a policy blob.
:raises: keystone.exception.PolicyNotFound
"""
raise exception.NotImplemented() # pragma: no cover
Driver = manager.create_legacy_driver(PolicyDriverV8)
