class PolicyModel(sql.ModelBase, sql.DictBase):
__tablename__ = 'policy'
attributes = ['id', 'blob', 'type']
id = sql.Column(sql.String(64), primary_key=True)
blob = sql.Column(sql.JsonBlob(), nullable=False)
type = sql.Column(sql.String(255), nullable=False)
extra = sql.Column(sql.JsonBlob())
class CredentialModel(sql.ModelBase, sql.DictBase):
__tablename__ = 'credential'
attributes = ['id', 'user_id', 'project_id', 'blob', 'type']
id = sql.Column(sql.String(64), primary_key=True)
user_id = sql.Column(sql.String(64), nullable=False)
project_id = sql.Column(sql.String(64))
blob = sql.Column(sql.JsonBlob(), nullable=False)
type = sql.Column(sql.String(255), nullable=False)
extra = sql.Column(sql.JsonBlob())
class Consumer(sql.ModelBase, sql.DictBase):
__tablename__ = 'consumer_oauth2'
attributes = ['id', 'name', 'description', 'secret', 'client_type', 'redirect_uris',
'grant_type', 'response_type', 'scopes', 'extra']
__table_args__ = {'extend_existing': True}
id = sql.Column(sql.String(64), primary_key=True, nullable=False)
name = sql.Column(sql.String(64), nullable=False)
description = sql.Column(sql.Text(), nullable=True)
secret = sql.Column(sql.String(128), nullable=False)
client_type = sql.Column(VALID_CLIENT_TYPES, nullable=False)
redirect_uris = sql.Column(sql.JsonBlob(), nullable=False)
grant_type = sql.Column(VALID_GRANT_TYPES, nullable=False)
response_type = sql.Column(VALID_RESPONSE_TYPES, nullable=False)
# TODO(garcianavalon) better naming to reflect they are the allowed scopes for the client
scopes = sql.Column(sql.JsonBlob(), nullable=True)
extra = sql.Column(sql.JsonBlob(), nullable=True)
class Tenant(sql.ModelBase, sql.DictBase):
# TODO(dolph): rename to project
__tablename__ = 'tenant'
attributes = ['id', 'name']
id = sql.Column(sql.String(64), primary_key=True)
name = sql.Column(sql.String(64), unique=True, nullable=False)
extra = sql.Column(sql.JsonBlob())
class GroupDomainGrant(sql.ModelBase, BaseGrant):
__tablename__ = 'group_domain_metadata'
group_id = sql.Column(sql.String(64), primary_key=True)
domain_id = sql.Column(sql.String(64),
sql.ForeignKey('domain.id'),
primary_key=True)
data = sql.Column(sql.JsonBlob())
class GroupProjectGrant(sql.ModelBase, BaseGrant):
__tablename__ = 'group_project_metadata'
group_id = sql.Column(sql.String(64), primary_key=True)
project_id = sql.Column(sql.String(64),
sql.ForeignKey('project.id'),
primary_key=True)
data = sql.Column(sql.JsonBlob())
class RoleTable(sql.ModelBase, sql.ModelDictMixinWithExtras):
def to_dict(self, include_extra_dict=False):
d = super(RoleTable,
self).to_dict(include_extra_dict=include_extra_dict)
if d['domain_id'] == NULL_DOMAIN_ID:
d['domain_id'] = None
return d
@classmethod
def from_dict(cls, role_dict):
if 'domain_id' in role_dict and role_dict['domain_id'] is None:
new_dict = role_dict.copy()
new_dict['domain_id'] = NULL_DOMAIN_ID
else:
new_dict = role_dict
return super(RoleTable, cls).from_dict(new_dict)
__tablename__ = 'role'
attributes = ['id', 'name', 'domain_id']
id = sql.Column(sql.String(64), primary_key=True)
name = sql.Column(sql.String(255), nullable=False)
domain_id = sql.Column(sql.String(64),
nullable=False,
server_default=NULL_DOMAIN_ID)
extra = sql.Column(sql.JsonBlob())
__table_args__ = (sql.UniqueConstraint('name', 'domain_id'), )
class Region(sql.ModelBase, sql.DictBase):
__tablename__ = 'region'
attributes = ['id', 'description', 'parent_region_id', 'url']
id = sql.Column(sql.String(255), primary_key=True)
description = sql.Column(sql.String(255), nullable=False)
url = sql.Column(sql.String(255), nullable=True)
# NOTE(jaypipes): Right now, using an adjacency list model for
# storing the hierarchy of regions is fine, since
# the API does not support any kind of querying for
# more complex hierarchical queries such as "get me only
# the regions that are subchildren of this region", etc.
# If, in the future, such queries are needed, then it
# would be possible to add in columns to this model for
# "left" and "right" and provide support for a nested set
# model.
parent_region_id = sql.Column(sql.String(255), nullable=True)
# TODO(jaypipes): I think it's absolutely stupid that every single model
# is required to have an "extra" column because of the
# DictBase in the keystone.common.sql.core module. Forcing
# tables to have pointless columns in the database is just
# bad. Remove all of this extra JSON blob stuff.
# See: https://bugs.launchpad.net/keystone/+bug/1265071
extra = sql.Column(sql.JsonBlob())
endpoints = sqlalchemy.orm.relationship("Endpoint", backref="region")
class TrustModel(sql.ModelBase, sql.DictBase):
__tablename__ = 'trust'
attributes = [
'id', 'trustor_user_id', 'trustee_user_id', 'project_id',
'impersonation', 'expires_at', 'remaining_uses', 'deleted_at'
]
id = sql.Column(sql.String(64), primary_key=True)
# user id of owner
trustor_user_id = sql.Column(
sql.String(64),
nullable=False,
)
# user_id of user allowed to consume this preauth
trustee_user_id = sql.Column(sql.String(64), nullable=False)
project_id = sql.Column(sql.String(64))
impersonation = sql.Column(sql.Boolean, nullable=False)
deleted_at = sql.Column(sql.DateTime)
expires_at = sql.Column(sql.DateTime)
remaining_uses = sql.Column(sql.Integer, nullable=True)
extra = sql.Column(sql.JsonBlob())
__table_args__ = (sql.UniqueConstraint(
'trustor_user_id',
'trustee_user_id',
'project_id',
'impersonation',
'expires_at',
name='duplicate_trust_constraint'), )
class CredentialModel(sql.ModelBase, sql.ModelDictMixinWithExtras):
__tablename__ = 'credential'
attributes = [
'id', 'user_id', 'project_id', 'encrypted_blob', 'type', 'key_hash'
]
id = sql.Column(sql.String(64), primary_key=True)
user_id = sql.Column(sql.String(64), nullable=False)
project_id = sql.Column(sql.String(64))
_encrypted_blob = sql.Column('encrypted_blob', sql.Text(), nullable=True)
type = sql.Column(sql.String(255), nullable=False)
key_hash = sql.Column(sql.String(64), nullable=True)
extra = sql.Column(sql.JsonBlob())
@hybrid_property
def encrypted_blob(self):
return self._encrypted_blob
@encrypted_blob.setter
def encrypted_blob(self, encrypted_blob):
# Make sure to hand over the encrypted credential as a string value
# to the backend driver to avoid the sql drivers (esp. psycopg2)
# treating this as binary data and e.g. hex-escape it.
if isinstance(encrypted_blob, bytes):
encrypted_blob = encrypted_blob.decode('utf-8')
self._encrypted_blob = encrypted_blob
class Consumer(sql.ModelBase, sql.DictBase):
__tablename__ = 'consumer'
attributes = ['id', 'description', 'secret']
id = sql.Column(sql.String(64), primary_key=True, nullable=False)
description = sql.Column(sql.String(64), nullable=True)
secret = sql.Column(sql.String(64), nullable=False)
extra = sql.Column(sql.JsonBlob(), nullable=False)
class Role(sql.ModelBase, sql.DictBase):
__tablename__ = 'role'
attributes = ['id', 'name']
id = sql.Column(sql.String(64), primary_key=True)
name = sql.Column(sql.String(255), unique=True, nullable=False)
extra = sql.Column(sql.JsonBlob())
__table_args__ = (sql.UniqueConstraint('name'), {})
class Service(sql.ModelBase, sql.DictBase):
__tablename__ = 'service'
attributes = ['id', 'type']
id = sql.Column(sql.String(64), primary_key=True)
type = sql.Column(sql.String(255))
extra = sql.Column(sql.JsonBlob())
endpoints = sql.relationship("Endpoint", backref="service")
class Domain(sql.ModelBase, sql.DictBase):
__tablename__ = 'domain'
attributes = ['id', 'name', 'enabled']
id = sql.Column(sql.String(64), primary_key=True)
name = sql.Column(sql.String(64), unique=True, nullable=False)
enabled = sql.Column(sql.Boolean, default=True)
extra = sql.Column(sql.JsonBlob())
class UserProjectGrant(sql.ModelBase, BaseGrant):
__tablename__ = 'user_project_metadata'
user_id = sql.Column(sql.String(64),
primary_key=True)
project_id = sql.Column(sql.String(64),
primary_key=True)
data = sql.Column(sql.JsonBlob())
class Endpoint(sql.ModelBase, sql.ModelDictMixinWithExtras):
__tablename__ = 'endpoint'
attributes = [
'id', 'interface', 'region_id', 'service_id', 'url',
'legacy_endpoint_id', 'enabled'
]
id = sql.Column(sql.String(64), primary_key=True)
legacy_endpoint_id = sql.Column(sql.String(64))
interface = sql.Column(sql.String(8), nullable=False)
region_id = sql.Column(sql.String(255),
sql.ForeignKey('region.id', ondelete='RESTRICT'),
nullable=True,
default=None)
service_id = sql.Column(sql.String(64),
sql.ForeignKey('service.id'),
nullable=False)
url = sql.Column(sql.Text(), nullable=False)
enabled = sql.Column(sql.Boolean,
nullable=False,
default=True,
server_default=sqlalchemy.sql.expression.true())
extra = sql.Column(sql.JsonBlob())
@classmethod
def from_dict(cls, endpoint_dict):
"""Override from_dict to set enabled if missing."""
new_dict = endpoint_dict.copy()
if new_dict.get('enabled') is None:
new_dict['enabled'] = True
return super(Endpoint, cls).from_dict(new_dict)
class TokenModel(sql.ModelBase, sql.DictBase):
__tablename__ = 'token'
attributes = ['id', 'expires']
id = sql.Column(sql.String(64), primary_key=True)
expires = sql.Column(sql.DateTime(), default=None)
extra = sql.Column(sql.JsonBlob())
valid = sql.Column(sql.Boolean(), default=True)
class TrustModel(sql.ModelBase, sql.ModelDictMixinWithExtras):
__tablename__ = 'trust'
attributes = ['id', 'trustor_user_id', 'trustee_user_id',
'project_id', 'impersonation', 'expires_at',
'remaining_uses', 'deleted_at']
id = sql.Column(sql.String(64), primary_key=True)
# user id of owner
trustor_user_id = sql.Column(sql.String(64), nullable=False,)
# user_id of user allowed to consume this preauth
trustee_user_id = sql.Column(sql.String(64), nullable=False)
project_id = sql.Column(sql.String(64))
impersonation = sql.Column(sql.Boolean, nullable=False)
deleted_at = sql.Column(sql.DateTime)
_expires_at = sql.Column('expires_at', sql.DateTime)
expires_at_int = sql.Column(sql.DateTimeInt(), nullable=True)
remaining_uses = sql.Column(sql.Integer, nullable=True)
extra = sql.Column(sql.JsonBlob())
__table_args__ = (sql.UniqueConstraint(
'trustor_user_id', 'trustee_user_id', 'project_id',
'impersonation', 'expires_at',
name='duplicate_trust_constraint'),)
@hybrid_property
def expires_at(self):
return self.expires_at_int or self._expires_at
@expires_at.setter
def expires_at(self, value):
self._expires_at = value
self.expires_at_int = value
class Project(sql.ModelBase, sql.ModelDictMixinWithExtras):
# NOTE(henry-nash): From the manager and above perspective, the domain_id
# is nullable. However, to ensure uniqueness in multi-process
# configurations, it is better to still use the sql uniqueness constraint.
# Since the support for a nullable component of a uniqueness constraint
# across different sql databases is mixed, we instead store a special value
# to represent null, as defined in NULL_DOMAIN_ID above.
def to_dict(self, include_extra_dict=False):
d = super(Project, self).to_dict(
include_extra_dict=include_extra_dict)
if d['domain_id'] == base.NULL_DOMAIN_ID:
d['domain_id'] = None
return d
__tablename__ = 'project'
attributes = ['id', 'name', 'domain_id', 'description', 'enabled',
'parent_id', 'is_domain']
id = sql.Column(sql.String(64), primary_key=True)
name = sql.Column(sql.String(64), nullable=False)
domain_id = sql.Column(sql.String(64), sql.ForeignKey('project.id'),
nullable=False)
description = sql.Column(sql.Text())
enabled = sql.Column(sql.Boolean)
extra = sql.Column(sql.JsonBlob())
parent_id = sql.Column(sql.String(64), sql.ForeignKey('project.id'))
is_domain = sql.Column(sql.Boolean, default=False, nullable=False,
server_default='0')
# Unique constraint across two columns to create the separation
# rather than just only 'name' being unique
__table_args__ = (sql.UniqueConstraint('domain_id', 'name'),)
class User(sql.ModelBase, sql.DictBase):
__tablename__ = 'user'
attributes = [
'id', 'name', 'domain_id', 'password', 'enabled', 'default_project_id',
'username'
]
id = sql.Column(sql.String(64), primary_key=True)
name = sql.Column(sql.String(255), nullable=False)
username = sql.Column(sql.String(255), nullable=True)
domain_id = sql.Column(sql.String(64),
sql.ForeignKey('domain.id'),
nullable=False)
password = sql.Column(sql.String(128))
enabled = sql.Column(sql.Boolean)
extra = sql.Column(sql.JsonBlob())
default_project_id = sql.Column(sql.String(64))
# Unique constraint across two columns to create the separation
# rather than just only 'name' being unique
__table_args__ = (sql.UniqueConstraint('domain_id', 'name'), {})
def to_dict(self, include_extra_dict=False):
d = super(User, self).to_dict(include_extra_dict=include_extra_dict)
if 'default_project_id' in d and d['default_project_id'] is None:
del d['default_project_id']
return d
class Project(sql.ModelBase, sql.ModelDictMixinWithExtras):
# NOTE(henry-nash): From the manager and above perspective, the domain_id
# is nullable. However, to ensure uniqueness in multi-process
# configurations, it is better to still use the sql uniqueness constraint.
# Since the support for a nullable component of a uniqueness constraint
# across different sql databases is mixed, we instead store a special value
# to represent null, as defined in NULL_DOMAIN_ID above.
def to_dict(self, include_extra_dict=False):
d = super(Project, self).to_dict(include_extra_dict=include_extra_dict)
if d['domain_id'] == base.NULL_DOMAIN_ID:
d['domain_id'] = None
return d
__tablename__ = 'project'
attributes = [
'id', 'name', 'domain_id', 'description', 'enabled', 'parent_id',
'is_domain', 'tags'
]
id = sql.Column(sql.String(64), primary_key=True)
name = sql.Column(sql.String(64), nullable=False)
domain_id = sql.Column(sql.String(64),
sql.ForeignKey('project.id'),
nullable=False)
description = sql.Column(sql.Text())
enabled = sql.Column(sql.Boolean)
extra = sql.Column(sql.JsonBlob())
parent_id = sql.Column(sql.String(64), sql.ForeignKey('project.id'))
is_domain = sql.Column(sql.Boolean,
default=False,
nullable=False,
server_default='0')
_tags = orm.relationship(
'ProjectTag',
single_parent=True,
lazy='subquery',
cascade='all,delete-orphan',
backref='project',
primaryjoin='and_(ProjectTag.project_id==Project.id)')
# Unique constraint across two columns to create the separation
# rather than just only 'name' being unique
__table_args__ = (sql.UniqueConstraint('domain_id', 'name'), )
@property
def tags(self):
if self._tags:
return [tag.name for tag in self._tags]
return []
@tags.setter
def tags(self, values):
new_tags = []
for tag in values:
tag_ref = ProjectTag()
tag_ref.project_id = self.id
tag_ref.name = text_type(tag)
new_tags.append(tag_ref)
self._tags = new_tags
class AuthorizationCode(sql.ModelBase, sql.DictBase):
__tablename__ = 'authorization_code_oauth2'
attributes = ['code', 'consumer_id', 'authorizing_user_id', 'expires_at', 'scopes',
'state', 'redirect_uri', 'valid', 'extra']
code = sql.Column(sql.String(64), primary_key=True, nullable=False)
consumer_id = sql.Column(sql.String(64), sql.ForeignKey('consumer_oauth2.id'),
nullable=False, index=True)
authorizing_user_id = sql.Column(sql.String(64), nullable=False)
# TODO(garcianavalon) datetime type or similar?
expires_at = sql.Column(sql.String(64), nullable=False)
scopes = sql.Column(sql.JsonBlob(), nullable=True)
state = sql.Column(sql.String(256), nullable=True)
redirect_uri = sql.Column(sql.String(256), nullable=False)
valid = sql.Column(sql.Boolean(), default=True, nullable=False)
extra = sql.Column(sql.JsonBlob(), nullable=True)
class AccessToken(sql.ModelBase, sql.DictBase):
__tablename__ = 'access_token_oauth2'
attributes = ['id', 'consumer_id', 'authorizing_user_id', 'expires_at',
'scopes', 'refresh_token', 'valid', 'extra']
id = sql.Column(sql.String(64), primary_key=True, nullable=False)
consumer_id = sql.Column(sql.String(64), sql.ForeignKey('consumer_oauth2.id'),
nullable=False, index=True)
# NOTE(garcianavalon) if the consumers uses the client credentials grant
# there is no authorizing user, so it should be nullable.
authorizing_user_id = sql.Column(sql.String(64), nullable=True)
# TODO(garcianavalon) datetime type or similar?
expires_at = sql.Column(sql.String(64), nullable=False)
scopes = sql.Column(sql.JsonBlob(), nullable=True)
refresh_token = sql.Column(sql.String(64), nullable=True)
valid = sql.Column(sql.Boolean(), default=True, nullable=False)
extra = sql.Column(sql.JsonBlob(), nullable=True)
class EndpointGroup(sql.ModelBase, sql.ModelDictMixin):
"""Endpoint Groups table."""
__tablename__ = 'endpoint_group'
attributes = ['id', 'name', 'description', 'filters']
mutable_attributes = frozenset(['name', 'description', 'filters'])
id = sql.Column(sql.String(64), primary_key=True)
name = sql.Column(sql.String(255), nullable=False)
description = sql.Column(sql.Text, nullable=True)
filters = sql.Column(sql.JsonBlob(), nullable=False)
class Metadata(sql.ModelBase, sql.DictBase):
__tablename__ = 'metadata'
#__table_args__ = (
# sql.Index('idx_metadata_usertenant', 'user', 'tenant'),
# )
user_id = sql.Column(sql.String(64), primary_key=True)
tenant_id = sql.Column(sql.String(64), primary_key=True)
data = sql.Column(sql.JsonBlob())
class AccessKey(sql.ModelBase, sql.DictBase):
__tablename__ = 'access_key'
attributes = ['id', 'user_id', 'password', 'enabled', 'default_project_id']
id = sql.Column(sql.String(64), primary_key=True)
user_id = sql.Column(sql.String(64),
sql.ForeignKey('user.id'),
nullable=False)
access_key_secret = sql.Column(sql.String(128))
extra = sql.Column(sql.JsonBlob())
class Service(sql.ModelBase, sql.DictBase):
__tablename__ = 'service'
attributes = ['id', 'type', 'enabled']
id = sql.Column(sql.String(64), primary_key=True)
type = sql.Column(sql.String(255))
enabled = sql.Column(sql.Boolean, nullable=False, default=True,
server_default=sqlalchemy.sql.expression.true())
extra = sql.Column(sql.JsonBlob())
endpoints = sqlalchemy.orm.relationship("Endpoint", backref="service")
class Endpoint(sql.ModelBase, sql.DictBase):
__tablename__ = 'endpoint'
attributes = ['id', 'region', 'service_id']
id = sql.Column(sql.String(64), primary_key=True)
region = sql.Column('region', sql.String(255))
service_id = sql.Column(sql.String(64),
sql.ForeignKey('service.id'),
nullable=False)
extra = sql.Column(sql.JsonBlob())
class SensitiveConfig(sql.ModelBase, sql.ModelDictMixin):
__tablename__ = 'sensitive_config'
domain_id = sql.Column(sql.String(64), primary_key=True)
group = sql.Column(sql.String(255), primary_key=True)
option = sql.Column(sql.String(255), primary_key=True)
value = sql.Column(sql.JsonBlob(), nullable=False)
def to_dict(self):
d = super(SensitiveConfig, self).to_dict()
d.pop('domain_id')
return d
class Group(sql.ModelBase, sql.DictBase):
__tablename__ = 'group'
attributes = ['id', 'name', 'domain_id', 'description']
id = sql.Column(sql.String(64), primary_key=True)
name = sql.Column(sql.String(64), nullable=False)
domain_id = sql.Column(sql.String(64), nullable=False)
description = sql.Column(sql.Text())
extra = sql.Column(sql.JsonBlob())
# Unique constraint across two columns to create the separation
# rather than just only 'name' being unique
__table_args__ = (sql.UniqueConstraint('domain_id', 'name'), {})
