def test_token_revocation_list_uses_right_columns(self): # This query used to be heavy with too many columns. We want # to make sure it is only running with the minimum columns # necessary. fixture = self.useFixture(moxstubout.MoxStubout()) self.mox = fixture.mox tok = token_sql.Token() session = sql.get_session() q = session.query(token_sql.TokenModel.id, token_sql.TokenModel.expires) self.mox.StubOutWithMock(session, "query") session.query(token_sql.TokenModel.id, token_sql.TokenModel.expires).AndReturn(q) self.mox.StubOutWithMock(sql, "get_session") sql.get_session().AndReturn(session) self.mox.ReplayAll() tok.list_revoked_tokens()
def get_v3_catalog(self, user_id, tenant_id, metadata=None): d = dict(six.iteritems(CONF)) d.update({'tenant_id': tenant_id, 'user_id': user_id}) session = sql.get_session() services = (session.query(Service).filter(Service.enabled == true()). options(sql.joinedload(Service.endpoints)). all()) def make_v3_endpoints(endpoints): for endpoint in (ep.to_dict() for ep in endpoints if ep.enabled): del endpoint['service_id'] del endpoint['legacy_endpoint_id'] del endpoint['enabled'] endpoint['region'] = endpoint['region_id'] try: endpoint['url'] = core.format_url(endpoint['url'], d) except exception.MalformedEndpoint: continue # this failure is already logged in format_url() yield endpoint def make_v3_service(svc): eps = list(make_v3_endpoints(svc.endpoints)) service = {'endpoints': eps, 'id': svc.id, 'type': svc.type} service['name'] = svc.extra.get('name', '') return service return [make_v3_service(svc) for svc in services]
def get_catalog(self, user_id, tenant_id, metadata=None): substitutions = dict(six.iteritems(CONF)) substitutions.update({'tenant_id': tenant_id, 'user_id': user_id}) session = sql.get_session() endpoints = (session.query(Endpoint). options(sql.joinedload(Endpoint.service)). filter(Endpoint.enabled == true()).all()) catalog = {} for endpoint in endpoints: if not endpoint.service['enabled']: continue try: url = core.format_url(endpoint['url'], substitutions) except exception.MalformedEndpoint: continue # this failure is already logged in format_url() region = endpoint['region_id'] service_type = endpoint.service['type'] default_service = { 'id': endpoint['id'], 'name': endpoint.service.extra.get('name', ''), 'publicURL': '' } catalog.setdefault(region, {}) catalog[region].setdefault(service_type, default_service) interface_url = '%sURL' % endpoint['interface'] catalog[region][service_type][interface_url] = url return catalog
def delete_credentials_for_user(self, user_id): session = sql.get_session() with session.begin(): query = session.query(CredentialModel) query = query.filter_by(user_id=user_id) query.delete()
def list_users_in_group(self, group_id, hints): session = sql.get_session() self.get_group(group_id) query = session.query(User).join(UserGroupMembership) query = query.filter(UserGroupMembership.group_id == group_id) query = sql.filter_limit_query(User, query, hints) return [identity.filter_user(u.to_dict()) for u in query]
def list_credentials(self, **filters): session = sql.get_session() query = session.query(CredentialModel) if 'user_id' in filters: query = query.filter_by(user_id=filters.get('user_id')) refs = query.all() return [ref.to_dict() for ref in refs]
def delete_token(self, token_id): session = sql.get_session() with session.begin(): token_ref = session.query(TokenModel).get(token_id) if not token_ref or not token_ref.valid: raise exception.TokenNotFound(token_id=token_id) token_ref.valid = False
def create_user(self, user_id, user): user = utils.hash_user_password(user) session = sql.get_session() with session.begin(): user_ref = User.from_dict(user) session.add(user_ref) return identity.filter_user(user_ref.to_dict())
def remove_endpoint_group_from_project(self, endpoint_group_id, project_id): session = sql.get_session() endpoint_group_project_ref = self._get_endpoint_group_in_project( session, endpoint_group_id, project_id) with session.begin(): session.delete(endpoint_group_project_ref)
def get_catalog(self, user_id, tenant_id, metadata=None): substitutions = dict(six.iteritems(CONF)) substitutions.update({"tenant_id": tenant_id, "user_id": user_id}) session = sql.get_session() t = True # variable for singleton for PEP8, E712. endpoints = ( session.query(Endpoint).options(sql.joinedload(Endpoint.service)).filter(Endpoint.enabled == t).all() ) catalog = {} for endpoint in endpoints: if not endpoint.service["enabled"]: continue try: url = core.format_url(endpoint["url"], substitutions) except exception.MalformedEndpoint: continue # this failure is already logged in format_url() region = endpoint["region"] service_type = endpoint.service["type"] default_service = {"id": endpoint["id"], "name": endpoint.service["name"], "publicURL": ""} catalog.setdefault(region, {}) catalog[region].setdefault(service_type, default_service) interface_url = "%sURL" % endpoint["interface"] catalog[region][service_type][interface_url] = url return catalog
def get_v3_catalog(self, user_id, tenant_id, metadata=None): d = dict(six.iteritems(CONF)) d.update({"tenant_id": tenant_id, "user_id": user_id}) session = sql.get_session() t = True # variable for singleton for PEP8, E712. services = session.query(Service).filter(Service.enabled == t).options(sql.joinedload(Service.endpoints)).all() def make_v3_endpoints(endpoints): for endpoint in (ep.to_dict() for ep in endpoints if ep.enabled): del endpoint["service_id"] del endpoint["legacy_endpoint_id"] del endpoint["enabled"] try: endpoint["url"] = core.format_url(endpoint["url"], d) except exception.MalformedEndpoint: continue # this failure is already logged in format_url() yield endpoint def make_v3_service(svc): eps = list(make_v3_endpoints(svc.endpoints)) service = {"endpoints": eps, "id": svc.id, "type": svc.type} name = svc.extra.get("name") if name: service["name"] = name return service return [make_v3_service(svc) for svc in services]
def create_region(self, region_ref): session = sql.get_session() with session.begin(): self._check_parent_region(session, region_ref) region = Region.from_dict(region_ref) session.add(region) return region.to_dict()
def create_endpoint(self, endpoint_id, endpoint_ref): session = sql.get_session() self.get_service(endpoint_ref["service_id"]) new_endpoint = Endpoint.from_dict(endpoint_ref) with session.begin(): session.add(new_endpoint) return new_endpoint.to_dict()
def delete_tokens(self, user_id, tenant_id=None, trust_id=None, consumer_id=None): """Deletes all tokens in one session The user_id will be ignored if the trust_id is specified. user_id will always be specified. If using a trust, the token's user_id is set to the trustee's user ID or the trustor's user ID, so will use trust_id to query the tokens. """ session = sql.get_session() token_list = [] with session.begin(): now = timeutils.utcnow() query = session.query(TokenModel) query = query.filter_by(valid=True) query = query.filter(TokenModel.expires > now) if trust_id: query = query.filter(TokenModel.trust_id == trust_id) else: query = query.filter(TokenModel.user_id == user_id) for token_ref in query.all(): if tenant_id: token_ref_dict = token_ref.to_dict() if not self._tenant_matches(tenant_id, token_ref_dict): continue if consumer_id: token_ref_dict = token_ref.to_dict() if not self._consumer_matches(consumer_id, token_ref_dict): continue token_ref.valid = False token_list.append(token_ref.id) return token_list
def remove_user(self, user_id): session = sql.get_session() LOG.info('removing user %s from spassword' % user_id) spassword_ref = session.query(SPasswordModel).get(user_id) if spassword_ref: with session.begin(): session.delete(spassword_ref)
def store_new_activation_key(self, profile_id, new_ref): session = sql.get_session() with session.begin(): profile_ref = session.query(ActivationProfile).get(profile_id) profile_ref.activation_key = new_ref['activation_key'] profile_ref.expires_at = new_ref['expires_at'] return profile_ref.to_dict()
def delete_user_profiles(self, user_id): session = sql.get_session() with session.begin(): for profile_class in (ResetProfile, ActivationProfile): q = session.query(profile_class) q = q.filter_by(user_id=user_id) q.delete(False)
def create_access_token(self, request_token_id, token_duration, access_token_id=None, access_token_secret=None): if access_token_id is None: access_token_id = uuid.uuid4().hex if access_token_secret is None: access_token_secret = uuid.uuid4().hex session = sql.get_session() with session.begin(): req_token_ref = self._get_request_token(session, request_token_id) token_dict = req_token_ref.to_dict() expiry_date = None if token_duration: now = timeutils.utcnow() future = now + datetime.timedelta(seconds=token_duration) expiry_date = timeutils.isotime(future, subsecond=True) # add Access Token ref = {} ref['id'] = access_token_id ref['access_secret'] = access_token_secret ref['authorizing_user_id'] = token_dict['authorizing_user_id'] ref['project_id'] = token_dict['requested_project_id'] ref['role_ids'] = token_dict['role_ids'] ref['consumer_id'] = token_dict['consumer_id'] ref['expires_at'] = expiry_date token_ref = AccessToken.from_dict(ref) session.add(token_ref) # remove request token, it's been used session.delete(req_token_ref) return token_ref.to_dict()
def get_two_factor_info(self, user_id): session = sql.get_session() twofactor = session.query(TwoFactor).get(user_id) if twofactor is None: raise exception.NotFound(_('Two Factor Authentication is not enabled for user %s.' %user_id)) else: return twofactor
def list_groups_for_user(self, user_id, hints): session = sql.get_session() self.get_user(user_id) query = session.query(Group).join(UserGroupMembership) query = query.filter(UserGroupMembership.user_id == user_id) query = sql.filter_limit_query(Group, query, hints) return [g.to_dict() for g in query]
def create_request_token(self, consumer_id, project_id, token_duration, request_token_id=None, request_token_secret=None): if request_token_id is None: request_token_id = uuid.uuid4().hex if request_token_secret is None: request_token_secret = uuid.uuid4().hex expiry_date = None if token_duration: now = timeutils.utcnow() future = now + datetime.timedelta(seconds=token_duration) expiry_date = timeutils.isotime(future, subsecond=True) ref = {} ref['id'] = request_token_id ref['request_secret'] = request_token_secret ref['verifier'] = None ref['authorizing_user_id'] = None ref['requested_project_id'] = project_id ref['role_ids'] = None ref['consumer_id'] = consumer_id ref['expires_at'] = expiry_date session = sql.get_session() with session.begin(): token_ref = RequestToken.from_dict(ref) session.add(token_ref) return token_ref.to_dict()
def create_idp(self, idp_id, idp): session = sql.get_session() with session.begin(): idp['id'] = idp_id idp_ref = IdentityProviderModel.from_dict(idp) session.add(idp_ref) return idp_ref.to_dict()
def delete_all_devices(self, user_id): session = sql.get_session() devices = session.query(TwoFactorDevice).filter_by(user_id=user_id) for device in devices: with session.begin(): session.delete(device)
def get_v3_catalog(self, user_id, tenant_id, metadata=None): d = dict(six.iteritems(CONF)) d.update({'tenant_id': tenant_id, 'user_id': user_id}) session = sql.get_session() t = True # variable for singleton for PEP8, E712. services = (session.query(Service).filter(Service.enabled == t). options(sql.joinedload(Service.endpoints)). all()) def make_v3_endpoint(endpoint): endpoint = endpoint.to_dict() del endpoint['service_id'] endpoint['url'] = core.format_url(endpoint['url'], d) return endpoint def make_v3_service(svc): eps = [make_v3_endpoint(ep) for ep in svc.endpoints if ep.enabled] service = {'endpoints': eps, 'id': svc.id, 'type': svc.type} name = svc.extra.get('name') if name: service['name'] = name return service return [make_v3_service(svc) for svc in services]
def delete_region(self, region_id): session = sql.get_session() with session.begin(): ref = self._get_region(session, region_id) self._delete_child_regions(session, region_id) session.query(Region).filter_by(id=region_id).delete() session.delete(ref)
def get_catalog(self, user_id, tenant_id, metadata=None): d = dict(six.iteritems(CONF)) d.update({'tenant_id': tenant_id, 'user_id': user_id}) session = sql.get_session() t = True # variable for singleton for PEP8, E712. endpoints = (session.query(Endpoint). options(sql.joinedload(Endpoint.service)). filter(Endpoint.enabled == t).all()) catalog = {} for endpoint in endpoints: if not endpoint.service['enabled']: continue region = endpoint['region'] service_type = endpoint.service['type'] default_service = { 'id': endpoint['id'], 'name': endpoint.service['name'], 'publicURL': '' } catalog.setdefault(region, {}) catalog[region].setdefault(service_type, default_service) url = core.format_url(endpoint['url'], d) interface_url = '%sURL' % endpoint['interface'] catalog[region][service_type][interface_url] = url return catalog
def _get_metadata(self, user_id=None, tenant_id=None, domain_id=None, group_id=None, session=None): # TODO(henry-nash): This method represents the last vestiges of the old # metadata concept in this driver. Although we no longer need it here, # since the Manager layer uses the metadata concept across all # assignment drivers, we need to remove it from all of them in order to # finally remove this method. # We aren't given a session when called by the manager directly. if session is None: session = sql.get_session() q = session.query(RoleAssignment) q = q.filter_by(actor_id=user_id or group_id) q = q.filter_by(target_id=tenant_id or domain_id) refs = q.all() if not refs: raise exception.MetadataNotFound() metadata_ref = {} metadata_ref['roles'] = [] for assignment in refs: role_ref = {} role_ref['id'] = assignment.role_id if assignment.inherited and ( assignment.type == AssignmentType.USER_DOMAIN or assignment.type == AssignmentType.GROUP_DOMAIN): role_ref['inherited_to'] = 'projects' metadata_ref['roles'].append(role_ref) return metadata_ref
def get_v3_catalog(self, user_id, tenant_id, metadata=None): d = dict(itertools.chain(six.iteritems(CONF), six.iteritems(CONF.eventlet_server))) d.update({"tenant_id": tenant_id, "user_id": user_id}) session = sql.get_session() services = ( session.query(Service).filter(Service.enabled == true()).options(sql.joinedload(Service.endpoints)).all() ) def make_v3_endpoints(endpoints): for endpoint in (ep.to_dict() for ep in endpoints if ep.enabled): del endpoint["service_id"] del endpoint["legacy_endpoint_id"] del endpoint["enabled"] endpoint["region"] = endpoint["region_id"] try: endpoint["url"] = core.format_url(endpoint["url"], d) except exception.MalformedEndpoint: continue # this failure is already logged in format_url() yield endpoint def make_v3_service(svc): eps = list(make_v3_endpoints(svc.endpoints)) service = {"endpoints": eps, "id": svc.id, "type": svc.type} service["name"] = svc.extra.get("name", "") return service return [make_v3_service(svc) for svc in services]
def get_mapping_from_idp_and_protocol(self, idp_id, protocol_id): session = sql.get_session() with session.begin(): protocol_ref = self._get_protocol(session, idp_id, protocol_id) mapping_id = protocol_ref.mapping_id mapping_ref = self._get_mapping(session, mapping_id) return mapping_ref.to_dict()
def delete_credentials_for_project(self, project_id): session = sql.get_session() with session.begin(): query = session.query(CredentialModel) query = query.filter_by(project_id=project_id) query.delete()
def get_endpoint_group_in_project(self, endpoint_group_id, project_id): session = sql.get_session() ref = self._get_endpoint_group_in_project(session, endpoint_group_id, project_id) return ref.to_dict()
def delete_credential(self, credential_id): session = sql.get_session() with session.begin(): ref = self._get_credential(session, credential_id) session.delete(ref)
def delete_service(self, service_id): session = sql.get_session() with session.begin(): ref = self._get_service(session, service_id) session.query(Endpoint).filter_by(service_id=service_id).delete() session.delete(ref)
def list_endpoint_groups_for_project(self, project_id): session = sql.get_session() query = session.query(ProjectEndpointGroupMembership) query = query.filter_by(project_id=project_id) endpoint_group_refs = query.all() return [ref.to_dict() for ref in endpoint_group_refs]
def test_password_hashed(self): session = sql.get_session() user_ref = self.identity_api._get_user(session, self.user_foo['id']) self.assertNotEqual(self.user_foo['password'], user_ref['password'])
def list_trusts_for_trustor(self, trustor_user_id): session = sql.get_session() trusts = (session.query(TrustModel).filter_by( deleted_at=None).filter_by(trustor_user_id=trustor_user_id)) return [trust_ref.to_dict() for trust_ref in trusts]
def list_trusts(self): session = sql.get_session() trusts = session.query(TrustModel).filter_by(deleted_at=None) return [trust_ref.to_dict() for trust_ref in trusts]
def list_regions(self, hints): session = sql.get_session() regions = session.query(Region) regions = sql.filter_limit_query(Region, regions, hints) return [s.to_dict() for s in list(regions)]
def delete_endpoint_group_association_by_project(self, project_id): session = sql.get_session() with session.begin(): query = session.query(ProjectEndpointGroupMembership) query = query.filter_by(project_id=project_id) query.delete()
def list_projects_associated_with_endpoint_group(self, endpoint_group_id): session = sql.get_session() query = session.query(ProjectEndpointGroupMembership) query = query.filter_by(endpoint_group_id=endpoint_group_id) endpoint_group_refs = query.all() return [ref.to_dict() for ref in endpoint_group_refs]
def create_endpoint_group(self, endpoint_group_id, endpoint_group): session = sql.get_session() with session.begin(): endpoint_group_ref = EndpointGroup.from_dict(endpoint_group) session.add(endpoint_group_ref) return endpoint_group_ref.to_dict()
def list_endpoint_groups(self): session = sql.get_session() query = session.query(EndpointGroup) endpoint_group_refs = query.all() return [e.to_dict() for e in endpoint_group_refs]
def list_services(self, hints): session = sql.get_session() services = session.query(Service) services = sql.filter_limit_query(Service, services, hints) return [s.to_dict() for s in list(services)]
def get_endpoint_group(self, endpoint_group_id): session = sql.get_session() endpoint_group_ref = self._get_endpoint_group(session, endpoint_group_id) return endpoint_group_ref.to_dict()
def list_projects_for_endpoint(self, endpoint_id): session = sql.get_session() query = session.query(ProjectEndpoint) query = query.filter_by(endpoint_id=endpoint_id) endpoint_filter_refs = query.all() return [ref.to_dict() for ref in endpoint_filter_refs]
def delete_association_by_project(self, project_id): session = sql.get_session() with session.begin(): query = session.query(ProjectEndpoint) query = query.filter_by(project_id=project_id) query.delete(synchronize_session=False)
def check_endpoint_in_project(self, endpoint_id, project_id): session = sql.get_session() self._get_project_endpoint_ref(session, endpoint_id, project_id)
def remove_endpoint_from_project(self, endpoint_id, project_id): session = sql.get_session() endpoint_filter_ref = self._get_project_endpoint_ref( session, endpoint_id, project_id) with session.begin(): session.delete(endpoint_filter_ref)
def get_v3_catalog(self, user_id, tenant_id): """Retrieve and format the current V3 service catalog. :param user_id: The id of the user who has been authenticated for creating service catalog. :param tenant_id: The id of the project. 'tenant_id' will be None in the case this being called to create a catalog to go in a domain scoped token. In this case, any endpoint that requires a tenant_id as part of their URL will be skipped. :returns: A list representing the service catalog or an empty list """ d = dict(itertools.chain(CONF.items(), CONF.eventlet_server.items())) d.update({'user_id': user_id}) silent_keyerror_failures = [] if tenant_id: d.update({ 'tenant_id': tenant_id, 'project_id': tenant_id, }) else: silent_keyerror_failures = [ 'tenant_id', 'project_id', ] session = sql.get_session() services = (session.query(Service).filter( Service.enabled == true()).options( sql.joinedload(Service.endpoints)).all()) def make_v3_endpoints(endpoints): for endpoint in (ep.to_dict() for ep in endpoints if ep.enabled): del endpoint['service_id'] del endpoint['legacy_endpoint_id'] del endpoint['enabled'] endpoint['region'] = endpoint['region_id'] try: formatted_url = core.format_url( endpoint['url'], d, silent_keyerror_failures=silent_keyerror_failures) if formatted_url: endpoint['url'] = formatted_url else: continue except exception.MalformedEndpoint: continue # this failure is already logged in format_url() yield endpoint # TODO(davechen): If there is service with no endpoints, we should skip # the service instead of keeping it in the catalog, see bug #1436704. def make_v3_service(svc): eps = list(make_v3_endpoints(svc.endpoints)) service = {'endpoints': eps, 'id': svc.id, 'type': svc.type} service['name'] = svc.extra.get('name', '') return service return [make_v3_service(svc) for svc in services]
def add_endpoint_to_project(self, endpoint_id, project_id): session = sql.get_session() with session.begin(): endpoint_filter_ref = ProjectEndpoint(endpoint_id=endpoint_id, project_id=project_id) session.add(endpoint_filter_ref)
def list_endpoints(self, hints): session = sql.get_session() endpoints = session.query(Endpoint) endpoints = sql.filter_limit_query(Endpoint, endpoints, hints) return [e.to_dict() for e in list(endpoints)]
def get_catalog(self, user_id, tenant_id): """Retrieve and format the V2 service catalog. :param user_id: The id of the user who has been authenticated for creating service catalog. :param tenant_id: The id of the project. 'tenant_id' will be None in the case this being called to create a catalog to go in a domain scoped token. In this case, any endpoint that requires a tenant_id as part of their URL will be skipped (as would a whole service if, as a consequence, it has no valid endpoints). :returns: A nested dict representing the service catalog or an empty dict. """ substitutions = dict( itertools.chain(CONF.items(), CONF.eventlet_server.items())) substitutions.update({'user_id': user_id}) silent_keyerror_failures = [] if tenant_id: substitutions.update({ 'tenant_id': tenant_id, 'project_id': tenant_id }) else: silent_keyerror_failures = [ 'tenant_id', 'project_id', ] session = sql.get_session() endpoints = (session.query(Endpoint).options( sql.joinedload( Endpoint.service)).filter(Endpoint.enabled == true()).all()) catalog = {} for endpoint in endpoints: if not endpoint.service['enabled']: continue try: formatted_url = core.format_url( endpoint['url'], substitutions, silent_keyerror_failures=silent_keyerror_failures) if formatted_url is not None: url = formatted_url else: continue except exception.MalformedEndpoint: continue # this failure is already logged in format_url() region = endpoint['region_id'] service_type = endpoint.service['type'] default_service = { 'id': endpoint['id'], 'name': endpoint.service.extra.get('name', ''), 'publicURL': '' } catalog.setdefault(region, {}) catalog[region].setdefault(service_type, default_service) interface_url = '%sURL' % endpoint['interface'] catalog[region][service_type][interface_url] = url return catalog
def delete_endpoint(self, endpoint_id): session = sql.get_session() with session.begin(): ref = self._get_endpoint(session, endpoint_id) session.delete(ref)
def get_endpoint(self, endpoint_id): session = sql.get_session() return self._get_endpoint(session, endpoint_id).to_dict()
def list_credentials(self, hints): session = sql.get_session() credentials = session.query(CredentialModel) credentials = sql.filter_limit_query(CredentialModel, credentials, hints) return [s.to_dict() for s in credentials]
def create_service(self, service_id, service_ref): session = sql.get_session() with session.begin(): service = Service.from_dict(service_ref) session.add(service) return service.to_dict()
def list_credentials_for_user(self, user_id): session = sql.get_session() query = session.query(CredentialModel) refs = query.filter_by(user_id=user_id).all() return [ref.to_dict() for ref in refs]
def get_credential(self, credential_id): session = sql.get_session() return self._get_credential(session, credential_id).to_dict()
def create_credential(self, credential_id, credential): session = sql.get_session() with session.begin(): ref = CredentialModel.from_dict(credential) session.add(ref) return ref.to_dict()
def get_service(self, service_id): session = sql.get_session() return self._get_service(session, service_id).to_dict()