def __init__(self, container): self.container = container self.container_id = container.id self.acl_repo = repo.get_container_acl_repository() self.container_repo = repo.get_container_repository() self.validator = validators.ACLValidator() self.container_project_id = container.project.external_id
def __init__(self, container_id): self.container_id = container_id self.container = None self.acl_repo = repo.get_container_acl_repository() self.container_repo = repo.get_container_repository() self.validator = validators.ACLValidator() self.container_project_id = None
def _get_acl_map(entity_id, is_secret=True): """Provides map of operation: acl_entity for given entity id.""" if is_secret: acl_repo = repositories.get_secret_acl_repository() acl_map = {acl.operation: acl for acl in acl_repo.get_by_secret_id(entity_id)} else: acl_repo = repositories.get_container_acl_repository() acl_map = {acl.operation: acl for acl in acl_repo.get_by_container_id(entity_id)} return acl_map
class ContainerACL(base.BarbicanObject, base.BarbicanPersistentObject, object_base.VersionedObjectDictCompat): fields = { 'container_id': fields.StringField(), 'operation': fields.StringField(), 'project_access': fields.BooleanField(default=True), 'acl_users': fields.ListOfObjectsField('ContainerACLUser', default=list()), 'status': fields.StringField(nullable=True, default=base.States.ACTIVE) } db_model = models.ContainerACL db_repo = repo.get_container_acl_repository() synthetic_fields = ['acl_users'] def _validate_fields(self, change_fields): msg = u._("Must supply non-None {0} argument for ContainerACL entry.") if change_fields.get('container_id') is None: raise exception.MissingArgumentError(msg.format("container_id")) if change_fields.get('operation') is None: raise exception.MissingArgumentError(msg.format("operation")) def _get_db_entity(self, user_ids=None): return self.db_model(user_ids=user_ids, check_exc=False) def create(self, session=None, user_ids=None): change_fields = self._get_changed_persistent_fields() self._validate_fields(change_fields) db_entity = self._get_db_entity(user_ids=user_ids) db_entity.update(change_fields) db_entity = self.db_repo.create_from(db_entity, session=session) self._from_db_object(db_entity) def delete(self, session): entity_id = self.id self.db_repo.delete_entity_by_id(entity_id=entity_id, external_project_id=None, session=session) @classmethod def get_by_container_id(cls, container_id, session=None): entities_db = cls.db_repo.get_by_container_id(container_id, session) entities = [ cls()._from_db_object(entity_db) for entity_db in entities_db ] return entities @classmethod def create_or_replace_from(cls, container, container_acl, user_ids=None, session=None): """Create or replace Secret and SecretACL :param container: an instance of Container object :param container_acl: an instance of ContainerACL object :param user_ids: :param session: a session to connect with database """ session = cls.get_session(session) container.updated_at = timeutils.utcnow() container.save(session=session) container_acl.updated_at = timeutils.utcnow() if container_acl.id is None: container_acl.create(session=session, user_ids=user_ids) else: container_acl.save(session=session) cls._create_or_replace_acl_users(container_acl=container_acl, user_ids=user_ids, session=session) @classmethod def create_or_replace_from_model(cls, container, container_acl, user_ids=None, session=None): """Create or replace Secret and SecretACL :param container: an instance of Container model :param container_acl: an instance of ContainerACL object :param user_ids: :param session: a session to connect with database It is used during converting from model to OVO. It will be removed after Container resource is implemented OVO. """ session = cls.get_session(session) container.updated_at = timeutils.utcnow() container.save(session=session) now = timeutils.utcnow() container_acl.updated_at = now if container_acl.id is None: container_acl.create(session=session, user_ids=user_ids) else: container_acl.save(session=session) cls._create_or_replace_acl_users(container_acl=container_acl, user_ids=user_ids, session=session) @classmethod def _create_or_replace_acl_users(cls, container_acl, user_ids, session=None): if user_ids is None: return user_ids = set(user_ids) now = timeutils.utcnow() session = session or cls.get_session(session) container_acl.updated_at = now for acl_user in container_acl.acl_users: if acl_user.user_id in user_ids: # input user_id already exists acl_user.updated_at = now acl_user.save(session=session) user_ids.remove(acl_user.user_id) else: acl_user.delete(session=session) for user_id in user_ids: acl_user = container_acl_user.ContainerACLUser( acl_id=container_acl.id, user_id=user_id) acl_user.create(session=session) if container_acl.id: container_acl.save(session=session) else: container_acl.create(session=session) @classmethod def get_count(cls, container_id, session=None): query = cls.db_repo.get_count(container_id, session) return query @classmethod def delete_acls_for_container(cls, container, session=None): # TODO(namnh) # After Container resource is implemented, This function # will be updated source code being used. session = cls.get_session(session=session) for entity in container.container_acls: entity.delete(session=session) @classmethod def delete_acls_for_container_model(cls, container, session=None): """Delete ACLs in Container Used during converting Model to OVO, it will be removed in near future. :param container: instance of Container model :param session: connection to database """ cls.db_repo.delete_acls_for_container(container, session)
def setUp(self): super(WhenTestingContainerACLRepository, self).setUp() self.acl_repo = repositories.get_container_acl_repository()