def delete_project_by_vo(self, project_vo): project_group_id = project_vo.project_group_id project_vo.delete() if project_group_id: cache.delete_pattern(f'project-path:*{project_group_id}*') cache.delete_pattern(f'project-group-children:*{project_group_id}') cache.delete_pattern(f'role-bindings:*{project_group_id}*') cache.delete_pattern(f'role-bindings:*:') cache.delete_pattern(f'user-scopes:*{project_group_id}*') self._delete_parent_project_group_cache(project_vo.project_group)
def enable_user(self, user_id, domain_id): def _rollback(old_data): _LOGGER.info(f'[enable_user._rollback] Revert Data : {old_data}') user_vo.update(old_data) user_vo: User = self.get_user(user_id, domain_id) if user_vo.state != 'ENABLED': self.transaction.add_rollback(_rollback, user_vo.to_dict()) user_vo.update({'state': 'ENABLED'}) cache.delete_pattern(f'user-state:{domain_id}:{user_id}') return user_vo
def update_role(self, params): def _rollback(old_data): _LOGGER.info( f'[update_role._rollback] Revert Data : {old_data["name"], ({old_data["role_id"]})}' ) role_vo.update(old_data) role_vo: Role = self.get_role(params['role_id'], params['domain_id']) self.transaction.add_rollback(_rollback, role_vo.to_dict()) cache.delete_pattern(f'role-permissions:*{params["role_id"]}') cache.delete_pattern(f'user-permissions:*{params["role_id"]}*') return role_vo.update(params)
def delete_user(self, user_id, domain_id): user_vo = self.get_user(user_id, domain_id) user_vo.delete() cache.delete_pattern(f'user-state:{domain_id}:{user_id}') cache.delete_pattern(f'role-bindings:{domain_id}:{user_id}*') cache.delete_pattern(f'user-permissions:{domain_id}:{user_id}*') cache.delete_pattern(f'user-scopes:{domain_id}:{user_id}*')
def disable_domain(self, domain_id): def _rollback(old_data): _LOGGER.info( f'[disable_domain._rollback] Revert Data : {old_data["name"]} ({old_data["domain_id"]})' ) domain_vo.update(old_data) domain_vo: Domain = self.get_domain(domain_id) if domain_vo.state != 'DISABLED': self.transaction.add_rollback(_rollback, domain_vo.to_dict()) domain_vo.update({'state': 'DISABLED'}) cache.delete_pattern(f'domain-state:{domain_id}') return domain_vo
def delete_project_group_by_vo(self, project_group_vo): project_group_vo.delete() cache.delete_pattern( f'project-path:*{project_group_vo.project_group_id}*') cache.delete_pattern( f'role-bindings:*{project_group_vo.project_group_id}*') cache.delete_pattern(f'role-bindings:*:') cache.delete_pattern( f'user-scopes:*{project_group_vo.project_group_id}*') self._delete_parent_project_group_cache(project_group_vo)
def delete_role_binding_by_vo(self, role_binding_vo): resource_id = role_binding_vo.resource_id domain_id = role_binding_vo.domain_id role_binding_vo.delete() cache.delete_pattern(f'role-bindings:{domain_id}:{resource_id}*') cache.delete_pattern(f'user-permissions:{domain_id}:{resource_id}*') cache.delete_pattern(f'user-scopes:{domain_id}:{resource_id}*')
def create_project(self, params): def _rollback(project_vo): _LOGGER.info( f'[create_project._rollback] Delete project : {project_vo.name} ({project_vo.project_id})' ) project_vo.delete() project_vo: Project = self.project_model.create(params) self.transaction.add_rollback(_rollback, project_vo) project_group_id = params['project_group_id'] cache.delete_pattern(f'project-path:*{project_group_id}*') cache.delete_pattern(f'role-bindings:*{project_group_id}*') cache.delete_pattern(f'user-scopes:*{project_group_id}*') self._delete_parent_project_group_cache(params['project_group']) return project_vo
def update_project_group_by_vo(self, params, project_group_vo): def _rollback(old_data): _LOGGER.info( f'[update_project_group._rollback] Revert Data : {old_data["name"]} ({old_data["project_group_id"]})' ) project_group_vo.update(old_data) self.transaction.add_rollback(_rollback, project_group_vo.to_dict()) if params.get('parent_project_group') is not None: parent_project_group_id = params['parent_project_group_id'] project_group_id = project_group_vo.project_group_id if parent_project_group_id is not None: cache.delete_pattern( f'project-path:*{parent_project_group_id}*') cache.delete_pattern( f'role-bindings:*{parent_project_group_id}*') cache.delete_pattern( f'user-scopes:*{parent_project_group_id}*') self._delete_parent_project_group_cache( params['parent_project_group']) cache.delete_pattern(f'project-path:*{project_group_id}*') cache.delete_pattern(f'role-bindings:*{project_group_id}*') cache.delete_pattern(f'user-scopes:*{project_group_id}*') self._delete_parent_project_group_cache(project_group_vo) return project_group_vo.update(params)
def _delete_parent_project_group_cache(self, project_group_vo): cache.delete_pattern( f'project-group-children:*{project_group_vo.project_group_id}') if project_group_vo.parent_project_group: self._delete_parent_project_group_cache( project_group_vo.parent_project_group)
def delete_domain(self, domain_id): domain_vo: Domain = self.get_domain(domain_id) domain_vo.delete() cache.delete_pattern(f'domain-state:{domain_id}')
def update_project_by_vo(self, params, project_vo): def _rollback(old_data): _LOGGER.info( f'[update_project._rollback] Revert Data : {old_data["name"]} ({old_data["project_id"]})' ) project_vo.update(old_data) self.transaction.add_rollback(_rollback, project_vo.to_dict()) if 'project_group' in params: new_project_group_id = params['project_group_id'] old_project_group_id = project_vo.project_group.project_group_id cache.delete_pattern(f'project-path:*{new_project_group_id}*') cache.delete_pattern(f'project-path:*{old_project_group_id}*') cache.delete_pattern(f'role-bindings:*{new_project_group_id}*') cache.delete_pattern(f'role-bindings:*{old_project_group_id}*') cache.delete_pattern(f'user-scopes:*{new_project_group_id}*') cache.delete_pattern(f'user-scopes:*{old_project_group_id}*') self._delete_parent_project_group_cache(params['project_group']) self._delete_parent_project_group_cache(project_vo.project_group) return project_vo.update(params)
def _delete_role_cache(self, policy_vo): role_vos = self._get_roles_using_policy(policy_vo) for role_vo in role_vos: cache.delete_pattern(f'role-permissions:*{role_vo.role_id}') cache.delete_pattern(f'user-permissions:*{role_vo.role_id}*')
def delete_role(self, role_id, domain_id): role_vo = self.get_role(role_id, domain_id) role_vo.delete() cache.delete_pattern(f'role-permissions:*{role_id}') cache.delete_pattern(f'user-permissions:*{role_id}*')
def create_role_binding(self, params): def _rollback(role_binding_vo): _LOGGER.info( f'[create_role_binding._rollback] Delete role binding : {role_binding_vo.name} ({role_binding_vo.role_binding_id})' ) role_binding_vo.delete() resource_type = params['resource_type'] resource_id = params['resource_id'] role_id = params['role_id'] project_id = params.get('project_id') project_group_id = params.get('project_group_id') domain_id = params['domain_id'] role_mgr: RoleManager = self.locator.get_manager('RoleManager') project_mgr: ProjectManager = self.locator.get_manager( 'ProjectManager') project_group_mgr: ProjectGroupManager = self.locator.get_manager( 'ProjectGroupManager') user_mgr: UserManager = self.locator.get_manager('UserManager') self._check_resource_type(resource_type) if resource_type == 'identity.User': params['user'] = user_mgr.get_user(resource_id, domain_id) role_vo = role_mgr.get_role(role_id, domain_id) self._check_role_type(role_vo.role_type, resource_type, resource_id, domain_id) params['role'] = role_vo if role_vo.role_type == 'PROJECT': if project_id: project_vo = project_mgr.get_project(project_id, domain_id) self._check_duplicate_project_role(resource_type, resource_id, project_vo, project_id) params['project'] = project_vo elif project_group_id: project_group_vo = project_group_mgr.get_project_group( project_group_id, domain_id) self._check_duplicate_project_group_role( resource_type, resource_id, project_group_vo, project_group_id) params['project_group'] = project_group_vo else: raise ERROR_REQUIRED_PROJECT_OR_PROJECT_GROUP() else: self._check_duplicate_domain_or_system_role( resource_type, resource_id, role_vo, role_id) if project_id: raise ERROR_NOT_ALLOWED_PROJECT_ID() elif project_group_id: raise ERROR_NOT_ALLOWED_PROJECT_GROUP_ID() role_binding_vo = self.role_binding_model.create(params) self.transaction.add_rollback(_rollback, role_binding_vo) cache.delete_pattern(f'role-bindings:{domain_id}:{resource_id}*') cache.delete_pattern(f'user-permissions:{domain_id}:{resource_id}*') cache.delete_pattern(f'user-scopes:{domain_id}:{resource_id}*') return role_binding_vo