def _get_password_expires_at(self, created_at): expires_days = CONF.security_compliance.password_expires_days # NOTE(notmorgan): This option is deprecated and subject to removal # in a future release. ignore_list = CONF.security_compliance.password_expires_ignore_user_ids if ignore_list: versionutils.deprecated( what='[security_compliance]\password_expires_ignore_user_ids', as_of=versionutils.deprecated.OCATA, remove_in=+1, in_favor_of=('Using the `ignore_password_expiry` value set to ' '`True` in the `user["options"]` dictionary on ' 'User creation or update (via API call).')) # Get the IGNORE_PASSWORD_EXPIRY_OPT value from the user's # option_mapper. ignore_pw_expiry = getattr( self.get_resource_option(iro.IGNORE_PASSWORD_EXPIRY_OPT.option_id), 'option_value', False) if (self.id not in ignore_list) and not ignore_pw_expiry: if expires_days: expired_date = (created_at + datetime.timedelta(days=expires_days)) return expired_date.replace(microsecond=0) return None
def get_token_data(self, user_id, method_names, extras=None, domain_id=None, project_id=None, expires=None, trust=None, token=None, include_catalog=True, bind=None, access_token=None, issued_at=None, audit_info=None): if extras is None: extras = {} if extras: versionutils.deprecated( what='passing token data with "extras"', as_of=versionutils.deprecated.KILO, in_favor_of='well-defined APIs')(lambda: None)() token_data = {'methods': method_names, 'extras': extras} # We've probably already written these to the token if token: for x in ('roles', 'user', 'catalog', 'project', 'domain'): if x in token: token_data[x] = token[x] if CONF.trust.enabled and trust: if user_id != trust['trustee_user_id']: raise exception.Forbidden(_('User is not a trustee.')) if bind: token_data['bind'] = bind self._populate_scope(token_data, domain_id, project_id) self._populate_user(token_data, user_id, trust) self._populate_roles(token_data, user_id, domain_id, project_id, trust, access_token) self._populate_audit_info(token_data, audit_info) if include_catalog: self._populate_service_catalog(token_data, user_id, domain_id, project_id, trust) self._populate_service_providers(token_data) self._populate_token_dates(token_data, expires=expires, trust=trust, issued_at=issued_at) self._populate_oauth_section(token_data, access_token) return {'token': token_data}
def get_token_data( self, user_id, method_names, extras=None, domain_id=None, project_id=None, expires=None, trust=None, token=None, include_catalog=True, bind=None, access_token=None, issued_at=None, audit_info=None, ): if extras is None: extras = {} if extras: versionutils.deprecated( what='passing token data with "extras"', as_of=versionutils.deprecated.KILO, in_favor_of="well-defined APIs", )(lambda: None)() token_data = {"methods": method_names, "extras": extras} # We've probably already written these to the token if token: for x in ("roles", "user", "catalog", "project", "domain"): if x in token: token_data[x] = token[x] if CONF.trust.enabled and trust: if user_id != trust["trustee_user_id"]: raise exception.Forbidden(_("User is not a trustee.")) if bind: token_data["bind"] = bind self._populate_scope(token_data, domain_id, project_id) self._populate_user(token_data, user_id, trust) self._populate_roles(token_data, user_id, domain_id, project_id, trust, access_token) self._populate_audit_info(token_data, audit_info) if include_catalog: self._populate_service_catalog(token_data, user_id, domain_id, project_id, trust) self._populate_service_providers(token_data) self._populate_token_dates(token_data, expires=expires, trust=trust, issued_at=issued_at) self._populate_oauth_section(token_data, access_token) return {"token": token_data}
def wrapper(*args, **kwargs): x = versionutils.deprecated( what="assignment." + f.__name__ + "()", as_of=versionutils.deprecated.KILO, in_favor_of="resource." + f.__name__ + "()", ) return x(f)
def wrapper(*args, **kwargs): deprecated = versionutils.deprecated( what=f.__name__ + ' of the v2 Authentication APIs', as_of=versionutils.deprecated.MITAKA, in_favor_of=('a similar function in the v3 Authentication APIs'), remove_in=+7) return deprecated(f)
def wrapper(*args, **kwargs): deprecated = versionutils.deprecated( what=f.__name__ + ' of the v2 API', as_of=versionutils.deprecated.MITAKA, in_favor_of='a similar function in the v3 API', remove_in=+4) return deprecated(f)
def wrapper(*args, **kwargs): deprecated = versionutils.deprecated( what=f.__name__ + ' of the v2 Authentication APIs', as_of=versionutils.deprecated.MITAKA, in_favor_of=('a similar function in the v3 Authentication APIs'), remove_in=0) return deprecated(f)
def wrapper(*args, **kwargs): x = versionutils.deprecated( what='keystone.service.' + f.__name__ + '()', as_of=versionutils.deprecated.MITAKA, remove_in=+2, in_favor_of='keystone.version.service.' + f.__name__ + '()') return x(f)
# Copyright (C) 2013 eNovance SAS <*****@*****.**> # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. """Log helper functions.""" from oslo_log import helpers from oslo_log import versionutils log = versionutils.deprecated( as_of=versionutils.deprecated.LIBERTY, in_favor_of='oslo_log.helpers.log_method_call')(helpers.log_method_call)
def wrapper(*args, **kwargs): x = versionutils.deprecated( what='assignment.' + f.__name__ + '()', as_of=versionutils.deprecated.KILO, in_favor_of='resource.' + f.__name__ + '()') return x(f)
# Copyright (C) 2011 OpenStack Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. from oslo_log import versionutils versionutils.deprecated( what='keystone.common.ldap.models', as_of=versionutils.deprecated.NEWTON, remove_in=+2, in_favor_of='keystone.identity.backends.ldap.models') # NOTE(notmorgan): This is maintained for compatibility in case outside # developers are relying on this location. from keystone.identity.backends.ldap.models import * # noqa
def wrapper(*args, **kwargs): deprecated = versionutils.deprecated( what=f.__name__ + ' of the v3 Policy APIs', as_of=versionutils.deprecated.QUEENS) return deprecated(f)
# Copyright 2012 OpenStack Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. from oslo_log import versionutils versionutils.deprecated(what='keystone.common.ldap', as_of=versionutils.deprecated.NEWTON, remove_in=+2, in_favor_of='keystone.identity.backends.ldap.common') # NOTE(notmorgan): This is maintained for compatibility in case outside # developers are relying on this location. from keystone.identity.backends.ldap.common import * # noqa
def wrapper(wrapped_self, role_id, *args, **kwargs): """Send a notification if the wrapped callable is successful.""" """ NOTE(stevemar): The reason we go through checking kwargs and args for possible target and actor values is because the create_grant() (and delete_grant()) method are called differently in various tests. Using named arguments, i.e.: create_grant(user_id=user['id'], domain_id=domain['id'], role_id=role['id']) Or, using positional arguments, i.e.: create_grant(role_id['id'], user['id'], None, domain_id=domain['id'], None) Or, both, i.e.: create_grant(role_id['id'], user_id=user['id'], domain_id=domain['id']) Checking the values for kwargs is easy enough, since it comes in as a dictionary The actual method signature is create_grant(role_id, user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False) So, if the values of actor or target are still None after checking kwargs, we can check the positional arguments, based on the method signature. """ call_args = inspect.getcallargs( f, wrapped_self, role_id, *args, **kwargs) inherited = call_args['inherited_to_projects'] context = call_args['context'] initiator = _get_request_audit_info(context) target = resource.Resource(typeURI=taxonomy.ACCOUNT_USER) audit_kwargs = {} if call_args['project_id']: audit_kwargs['project'] = call_args['project_id'] elif call_args['domain_id']: audit_kwargs['domain'] = call_args['domain_id'] if call_args['user_id']: audit_kwargs['user'] = call_args['user_id'] elif call_args['group_id']: audit_kwargs['group'] = call_args['group_id'] audit_kwargs['inherited_to_projects'] = inherited audit_kwargs['role'] = role_id # For backward compatibility, send both old and new event_type. # Deprecate old format and remove it in the next release. event_types = [self.deprecated_event_type, self.event_type] versionutils.deprecated( as_of=versionutils.deprecated.KILO, remove_in=+1, what=('sending duplicate %s notification event type' % self.deprecated_event_type), in_favor_of='%s notification event type' % self.event_type) try: result = f(wrapped_self, role_id, *args, **kwargs) except Exception: for event_type in event_types: _send_audit_notification(self.action, initiator, taxonomy.OUTCOME_FAILURE, target, event_type, **audit_kwargs) raise else: for event_type in event_types: _send_audit_notification(self.action, initiator, taxonomy.OUTCOME_SUCCESS, target, event_type, **audit_kwargs) return result
def wrapper(*args, **kwargs): x = versionutils.deprecated(what='assignment.' + f.__name__ + '()', as_of=versionutils.deprecated.KILO, in_favor_of='resource.' + f.__name__ + '()') return x(f)
def wrapper(wrapped_self, role_id, *args, **kwargs): """Send a notification if the wrapped callable is successful.""" """ NOTE(stevemar): The reason we go through checking kwargs and args for possible target and actor values is because the create_grant() (and delete_grant()) method are called differently in various tests. Using named arguments, i.e.: create_grant(user_id=user['id'], domain_id=domain['id'], role_id=role['id']) Or, using positional arguments, i.e.: create_grant(role_id['id'], user['id'], None, domain_id=domain['id'], None) Or, both, i.e.: create_grant(role_id['id'], user_id=user['id'], domain_id=domain['id']) Checking the values for kwargs is easy enough, since it comes in as a dictionary The actual method signature is create_grant(role_id, user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False) So, if the values of actor or target are still None after checking kwargs, we can check the positional arguments, based on the method signature. """ call_args = inspect.getcallargs(f, wrapped_self, role_id, *args, **kwargs) inherited = call_args['inherited_to_projects'] context = call_args['context'] initiator = _get_request_audit_info(context) target = resource.Resource(typeURI=taxonomy.ACCOUNT_USER) audit_kwargs = {} if call_args['project_id']: audit_kwargs['project'] = call_args['project_id'] elif call_args['domain_id']: audit_kwargs['domain'] = call_args['domain_id'] if call_args['user_id']: audit_kwargs['user'] = call_args['user_id'] elif call_args['group_id']: audit_kwargs['group'] = call_args['group_id'] audit_kwargs['inherited_to_projects'] = inherited audit_kwargs['role'] = role_id # For backward compatibility, send both old and new event_type. # Deprecate old format and remove it in the next release. event_types = [self.deprecated_event_type, self.event_type] versionutils.deprecated( as_of=versionutils.deprecated.KILO, remove_in=+1, what=('sending duplicate %s notification event type' % self.deprecated_event_type), in_favor_of='%s notification event type' % self.event_type) try: result = f(wrapped_self, role_id, *args, **kwargs) except Exception: for event_type in event_types: _send_audit_notification(self.action, initiator, taxonomy.OUTCOME_FAILURE, target, event_type, **audit_kwargs) raise else: for event_type in event_types: _send_audit_notification(self.action, initiator, taxonomy.OUTCOME_SUCCESS, target, event_type, **audit_kwargs) return result
# Copyright (C) 2013 eNovance SAS <*****@*****.**> # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. """Log helper functions.""" from oslo_log import helpers from oslo_log import versionutils log = versionutils.deprecated(as_of=versionutils.deprecated.LIBERTY, in_favor_of='oslo_log.helpers.log_method_call')( helpers.log_method_call)