def delete_credentials_for_user(self, user_id): session = db_session.get_session() with session.begin(): query = session.query(CredentialModel) query = query.filter_by(user_id=user_id) query.delete()
def create_user(self, user_id, user): user = utils.hash_user_password(user) session = db_session.get_session() with session.begin(): user_ref = User.from_dict(user) session.add(user_ref) return identity.filter_user(user_ref.to_dict())
def create_idp(self, idp_id, idp): session = db_session.get_session() with session.begin(): idp['id'] = idp_id idp_ref = IdentityProviderModel.from_dict(idp) session.add(idp_ref) return idp_ref.to_dict()
def get_key(self, name, generation=None, group=None): session = db_session.get_session() query = session.query(models.Host, models.Key) query = query.filter(models.Host.id == models.Key.host_id) query = query.filter(models.Host.name == name) if group is not None: query = query.filter(models.Host.group == group) if generation is not None: query = query.filter(models.Key.generation == generation) else: query = query.filter(models.Host.latest_generation == models.Key.generation) try: result = query.one() except exc.NoResultFound: return None return {'name': result.Host.name, 'group': result.Host.group, 'key': result.Key.enc_key, 'signature': result.Key.signature, 'generation': result.Key.generation, 'expiration': result.Key.expiration}
def _get_metadata(self, user_id=None, tenant_id=None, domain_id=None, group_id=None, session=None): # We aren't given a session when called by the manager directly. if session is None: session = db_session.get_session() if user_id: if tenant_id: q = session.query(UserProjectGrant) q = q.filter_by(project_id=tenant_id) elif domain_id: q = session.query(UserDomainGrant) q = q.filter_by(domain_id=domain_id) q = q.filter_by(user_id=user_id) elif group_id: if tenant_id: q = session.query(GroupProjectGrant) q = q.filter_by(project_id=tenant_id) elif domain_id: q = session.query(GroupDomainGrant) q = q.filter_by(domain_id=domain_id) q = q.filter_by(group_id=group_id) try: return q.one().data except sql.NotFound: raise exception.MetadataNotFound()
def set_key(self, name, key, signature, group, expiration=None): session = db_session.get_session() with session.begin(): q = session.query(models.Host) q = q.filter(models.Host.name == name) try: host = q.one() except exc.NoResultFound: host = models.Host(name=name, latest_generation=0, group=group) else: if host.group != group: raise exception.GroupStatusChanged(name=name) host.latest_generation += 1 host.keys.append(models.Key(signature=signature, enc_key=key, generation=host.latest_generation, expiration=expiration)) session.add(host) return host.latest_generation
def _get_metadata(self, user_id=None, tenant_id=None, domain_id=None, group_id=None, session=None): # We aren't given a session when called by the manager directly. if session is None: session = db_session.get_session() if user_id: if tenant_id: q = session.query(UserProjectGrant) q = q.filter_by(project_id=tenant_id) elif domain_id: q = session.query(UserDomainGrant) q = q.filter_by(domain_id=domain_id) q = q.filter_by(user_id=user_id) elif group_id: if tenant_id: q = session.query(GroupProjectGrant) q = q.filter_by(project_id=tenant_id) elif domain_id: q = session.query(GroupDomainGrant) q = q.filter_by(domain_id=domain_id) q = q.filter_by(group_id=group_id) try: return q.one().data except sql.NotFound: raise exception.MetadataNotFound()
def delete_tokens(self, user_id, tenant_id=None, trust_id=None, consumer_id=None): """Deletes all tokens in one session The user_id will be ignored if the trust_id is specified. user_id will always be specified. If using a trust, the token's user_id is set to the trustee's user ID or the trustor's user ID, so will use trust_id to query the tokens. """ session = db_session.get_session() with session.begin(): now = timeutils.utcnow() query = session.query(TokenModel) query = query.filter_by(valid=True) query = query.filter(TokenModel.expires > now) if trust_id: query = query.filter(TokenModel.trust_id == trust_id) else: query = query.filter(TokenModel.user_id == user_id) for token_ref in query.all(): if tenant_id: token_ref_dict = token_ref.to_dict() if not self._tenant_matches(tenant_id, token_ref_dict): continue if consumer_id: token_ref_dict = token_ref.to_dict() if not self._consumer_matches(consumer_id, token_ref_dict): continue token_ref.valid = False
def create_request_token(self, consumer_id, project_id, token_duration, request_token_id=None, request_token_secret=None): if request_token_id is None: request_token_id = uuid.uuid4().hex if request_token_secret is None: request_token_secret = uuid.uuid4().hex expiry_date = None if token_duration: now = timeutils.utcnow() future = now + datetime.timedelta(seconds=token_duration) expiry_date = timeutils.isotime(future, subsecond=True) ref = {} ref['id'] = request_token_id ref['request_secret'] = request_token_secret ref['verifier'] = None ref['authorizing_user_id'] = None ref['requested_project_id'] = project_id ref['role_ids'] = None ref['consumer_id'] = consumer_id ref['expires_at'] = expiry_date session = db_session.get_session() with session.begin(): token_ref = RequestToken.from_dict(ref) session.add(token_ref) return token_ref.to_dict()
def _get_metadata(self, user_id=None, tenant_id=None, domain_id=None, group_id=None, session=None): # TODO(henry-nash): This method represents the last vestiges of the old # metadata concept in this driver. Although we no longer need it here, # since the Manager layer uses the metadata concept across all # assignment drivers, we need to remove it from all of them in order to # finally remove this method. # We aren't given a session when called by the manager directly. if session is None: session = db_session.get_session() q = session.query(RoleAssignment) q = q.filter_by(actor_id=user_id or group_id) q = q.filter_by(target_id=tenant_id or domain_id) refs = q.all() if not refs: raise exception.MetadataNotFound() metadata_ref = {} metadata_ref['roles'] = [] for assignment in refs: role_ref = {} role_ref['id'] = assignment.role_id if assignment.inherited and ( assignment.type == AssignmentType.USER_DOMAIN or assignment.type == AssignmentType.GROUP_DOMAIN): role_ref['inherited_to'] = 'projects' metadata_ref['roles'].append(role_ref) return metadata_ref
def create_user(self, user_id, user): user = utils.hash_user_password(user) session = db_session.get_session() with session.begin(): user_ref = User.from_dict(user) session.add(user_ref) return identity.filter_user(user_ref.to_dict())
def get_catalog(self, user_id, tenant_id, metadata=None): d = dict(six.iteritems(CONF)) d.update({'tenant_id': tenant_id, 'user_id': user_id}) session = db_session.get_session() endpoints = (session.query(Endpoint). options(sql.joinedload(Endpoint.service)). all()) catalog = {} for endpoint in endpoints: region = endpoint['region'] service_type = endpoint.service['type'] default_service = { 'id': endpoint['id'], 'name': endpoint.service['name'], 'publicURL': '' } catalog.setdefault(region, {}) catalog[region].setdefault(service_type, default_service) url = core.format_url(endpoint['url'], d) interface_url = '%sURL' % endpoint['interface'] catalog[region][service_type][interface_url] = url return catalog
def delete_trust(self, trust_id): session = db_session.get_session() with session.begin(): trust_ref = session.query(TrustModel).get(trust_id) if not trust_ref: raise exception.TrustNotFound(trust_id=trust_id) trust_ref.deleted_at = timeutils.utcnow()
def create_endpoint(self, endpoint_id, endpoint_ref): session = db_session.get_session() self.get_service(endpoint_ref['service_id']) new_endpoint = Endpoint.from_dict(endpoint_ref) with session.begin(): session.add(new_endpoint) return new_endpoint.to_dict()
def delete_credentials_for_user(self, user_id): session = db_session.get_session() with session.begin(): query = session.query(CredentialModel) query = query.filter_by(user_id=user_id) query.delete()
def create_endpoint(self, endpoint_id, endpoint_ref): session = db_session.get_session() self.get_service(endpoint_ref['service_id']) new_endpoint = Endpoint.from_dict(endpoint_ref) with session.begin(): session.add(new_endpoint) return new_endpoint.to_dict()
def delete_tokens(self, user_id, tenant_id=None, trust_id=None, consumer_id=None): """Deletes all tokens in one session The user_id will be ignored if the trust_id is specified. user_id will always be specified. If using a trust, the token's user_id is set to the trustee's user ID or the trustor's user ID, so will use trust_id to query the tokens. """ session = db_session.get_session() with session.begin(): now = timeutils.utcnow() query = session.query(TokenModel) query = query.filter_by(valid=True) query = query.filter(TokenModel.expires > now) if trust_id: query = query.filter(TokenModel.trust_id == trust_id) else: query = query.filter(TokenModel.user_id == user_id) for token_ref in query.all(): if tenant_id: token_ref_dict = token_ref.to_dict() if not self._tenant_matches(tenant_id, token_ref_dict): continue if consumer_id: token_ref_dict = token_ref.to_dict() if not self._consumer_matches(consumer_id, token_ref_dict): continue token_ref.valid = False
def delete_token(self, token_id): session = db_session.get_session() with session.begin(): token_ref = session.query(TokenModel).get(token_id) if not token_ref or not token_ref.valid: raise exception.TokenNotFound(token_id=token_id) token_ref.valid = False
def get_key(self, name, generation=None, group=None): session = db_session.get_session() query = session.query(models.Host, models.Key) query = query.filter(models.Host.id == models.Key.host_id) query = query.filter(models.Host.name == name) if group is not None: query = query.filter(models.Host.group == group) if generation is not None: query = query.filter(models.Key.generation == generation) else: query = query.filter( models.Host.latest_generation == models.Key.generation) try: result = query.one() except exc.NoResultFound: return None return { 'name': result.Host.name, 'group': result.Host.group, 'key': result.Key.enc_key, 'signature': result.Key.signature, 'generation': result.Key.generation, 'expiration': result.Key.expiration }
def _get_metadata(self, user_id=None, tenant_id=None, domain_id=None, group_id=None, session=None): # TODO(henry-nash): This method represents the last vestiges of the old # metadata concept in this driver. Although we no longer need it here, # since the Manager layer uses the metadata concept across all # assignment drivers, we need to remove it from all of them in order to # finally remove this method. # We aren't given a session when called by the manager directly. if session is None: session = db_session.get_session() q = session.query(RoleAssignment) q = q.filter_by(actor_id=user_id or group_id) q = q.filter_by(target_id=tenant_id or domain_id) refs = q.all() if not refs: raise exception.MetadataNotFound() metadata_ref = {} metadata_ref['roles'] = [] for assignment in refs: role_ref = {} role_ref['id'] = assignment.role_id if assignment.inherited and ( assignment.type == AssignmentType.USER_DOMAIN or assignment.type == AssignmentType.GROUP_DOMAIN): role_ref['inherited_to'] = 'projects' metadata_ref['roles'].append(role_ref) return metadata_ref
def set_key(self, name, key, signature, group, expiration=None): session = db_session.get_session() with session.begin(): q = session.query(models.Host) q = q.filter(models.Host.name == name) try: host = q.one() except exc.NoResultFound: host = models.Host(name=name, latest_generation=0, group=group) else: if host.group != group: raise exception.GroupStatusChanged(name=name) host.latest_generation += 1 host.keys.append( models.Key(signature=signature, enc_key=key, generation=host.latest_generation, expiration=expiration)) session.add(host) return host.latest_generation
def create_idp(self, idp_id, idp): session = db_session.get_session() with session.begin(): idp['id'] = idp_id idp_ref = IdentityProviderModel.from_dict(idp) session.add(idp_ref) return idp_ref.to_dict()
def get_mapping_from_idp_and_protocol(self, idp_id, protocol_id): session = db_session.get_session() with session.begin(): protocol_ref = self._get_protocol(session, idp_id, protocol_id) mapping_id = protocol_ref.mapping_id mapping_ref = self._get_mapping(session, mapping_id) return mapping_ref.to_dict()
def delete_trust(self, trust_id): session = db_session.get_session() with session.begin(): trust_ref = session.query(TrustModel).get(trust_id) if not trust_ref: raise exception.TrustNotFound(trust_id=trust_id) trust_ref.deleted_at = timeutils.utcnow()
def delete_token(self, token_id): session = db_session.get_session() with session.begin(): token_ref = session.query(TokenModel).get(token_id) if not token_ref or not token_ref.valid: raise exception.TokenNotFound(token_id=token_id) token_ref.valid = False
def list_credentials(self, **filters): session = db_session.get_session() query = session.query(CredentialModel) if "user_id" in filters: query = query.filter_by(user_id=filters.get("user_id")) refs = query.all() return [ref.to_dict() for ref in refs]
def delete_credentials_for_project(self, project_id): session = db_session.get_session() with session.begin(): query = session.query(CredentialModel) query = query.filter_by(project_id=project_id) query.delete()
def get_catalog(self, user_id, tenant_id, metadata=None): d = dict(six.iteritems(CONF)) d.update({'tenant_id': tenant_id, 'user_id': user_id}) session = db_session.get_session() endpoints = (session.query(Endpoint).options( sql.joinedload(Endpoint.service)).all()) catalog = {} for endpoint in endpoints: region = endpoint['region'] service_type = endpoint.service['type'] default_service = { 'id': endpoint['id'], 'name': endpoint.service['name'], 'publicURL': '' } catalog.setdefault(region, {}) catalog[region].setdefault(service_type, default_service) url = core.format_url(endpoint['url'], d) interface_url = '%sURL' % endpoint['interface'] catalog[region][service_type][interface_url] = url return catalog
def create_request_token(self, consumer_id, project_id, token_duration, request_token_id=None, request_token_secret=None): if request_token_id is None: request_token_id = uuid.uuid4().hex if request_token_secret is None: request_token_secret = uuid.uuid4().hex expiry_date = None if token_duration: now = timeutils.utcnow() future = now + datetime.timedelta(seconds=token_duration) expiry_date = timeutils.isotime(future, subsecond=True) ref = {} ref['id'] = request_token_id ref['request_secret'] = request_token_secret ref['verifier'] = None ref['authorizing_user_id'] = None ref['requested_project_id'] = project_id ref['role_ids'] = None ref['consumer_id'] = consumer_id ref['expires_at'] = expiry_date session = db_session.get_session() with session.begin(): token_ref = RequestToken.from_dict(ref) session.add(token_ref) return token_ref.to_dict()
def delete_credentials_for_project(self, project_id): session = db_session.get_session() with session.begin(): query = session.query(CredentialModel) query = query.filter_by(project_id=project_id) query.delete()
def list_credentials(self, **filters): session = db_session.get_session() query = session.query(CredentialModel) if 'user_id' in filters: query = query.filter_by(user_id=filters.get('user_id')) refs = query.all() return [ref.to_dict() for ref in refs]
def get_token(self, token_id): if token_id is None: raise exception.TokenNotFound(token_id=token_id) session = db_session.get_session() token_ref = session.query(TokenModel).get(token_id) if not token_ref or not token_ref.valid: raise exception.TokenNotFound(token_id=token_id) return token_ref.to_dict()
def create_region(self, region_ref): session = db_session.get_session() with session.begin(): self._check_parent_region(session, region_ref) region = Region.from_dict(region_ref) session.add(region) session.flush() return region.to_dict()
def create_region(self, region_id, region_ref): session = db_session.get_session() with session.begin(): self._check_parent_region(session, region_ref) region = Region.from_dict(region_ref) session.add(region) session.flush() return region.to_dict()
def create_policy(self, policy_id, policy): session = db_session.get_session() with session.begin(): ref = PolicyModel.from_dict(policy) session.add(ref) return ref.to_dict()
def test_token_revocation_list_uses_right_columns(self): # This query used to be heavy with too many columns. We want # to make sure it is only running with the minimum columns # necessary. fixture = self.useFixture(moxstubout.MoxStubout()) self.mox = fixture.mox tok = token_sql.Token() session = db_session.get_session() q = session.query(token_sql.TokenModel.id, token_sql.TokenModel.expires) self.mox.StubOutWithMock(session, 'query') session.query(token_sql.TokenModel.id, token_sql.TokenModel.expires).AndReturn(q) self.mox.StubOutWithMock(db_session, 'get_session') db_session.get_session().AndReturn(session) self.mox.ReplayAll() tok.list_revoked_tokens()
def delete_region(self, region_id): session = db_session.get_session() with session.begin(): ref = self._get_region(session, region_id) self._delete_child_regions(session, region_id) session.query(Region).filter_by(id=region_id).delete() session.delete(ref) session.flush()
def delete_region(self, region_id): session = db_session.get_session() with session.begin(): ref = self._get_region(session, region_id) self._delete_child_regions(session, region_id) session.query(Region).filter_by(id=region_id).delete() session.delete(ref) session.flush()
def test_token_revocation_list_uses_right_columns(self): # This query used to be heavy with too many columns. We want # to make sure it is only running with the minimum columns # necessary. fixture = self.useFixture(moxstubout.MoxStubout()) self.mox = fixture.mox tok = token_sql.Token() session = db_session.get_session() q = session.query(token_sql.TokenModel.id, token_sql.TokenModel.expires) self.mox.StubOutWithMock(session, 'query') session.query(token_sql.TokenModel.id, token_sql.TokenModel.expires).AndReturn(q) self.mox.StubOutWithMock(db_session, 'get_session') db_session.get_session().AndReturn(session) self.mox.ReplayAll() tok.list_revoked_tokens()
def delete_idp(self, idp_id): session = db_session.get_session() with session.begin(): idp_ref = self._get_idp(session, idp_id) q = session.query(IdentityProviderModel) q = q.filter_by(id=idp_id) q.delete(synchronize_session=False) session.delete(idp_ref)
def delete_protocol(self, idp_id, protocol_id): session = db_session.get_session() with session.begin(): key_ref = self._get_protocol(session, idp_id, protocol_id) q = session.query(FederationProtocolModel) q = q.filter_by(id=protocol_id, idp_id=idp_id) q.delete(synchronize_session=False) session.delete(key_ref)
def delete_protocol(self, idp_id, protocol_id): session = db_session.get_session() with session.begin(): key_ref = self._get_protocol(session, idp_id, protocol_id) q = session.query(FederationProtocolModel) q = q.filter_by(id=protocol_id, idp_id=idp_id) q.delete(synchronize_session=False) session.delete(key_ref)
def delete_idp(self, idp_id): session = db_session.get_session() with session.begin(): idp_ref = self._get_idp(session, idp_id) q = session.query(IdentityProviderModel) q = q.filter_by(id=idp_id) q.delete(synchronize_session=False) session.delete(idp_ref)
def get_token(self, token_id): if token_id is None: raise exception.TokenNotFound(token_id=token_id) session = db_session.get_session() token_ref = session.query(TokenModel).get(token_id) if not token_ref or not token_ref.valid: raise exception.TokenNotFound(token_id=token_id) return token_ref.to_dict()
def create_mapping(self, mapping_id, mapping): session = db_session.get_session() ref = {} ref['id'] = mapping_id ref['rules'] = jsonutils.dumps(mapping.get('rules')) with session.begin(): mapping_ref = MappingModel.from_dict(ref) session.add(mapping_ref) return mapping_ref.to_dict()
def create_protocol(self, idp_id, protocol_id, protocol): session = db_session.get_session() with session.begin(): self._get_idp(session, idp_id) protocol['id'] = protocol_id protocol['idp_id'] = idp_id protocol_ref = FederationProtocolModel.from_dict(protocol) session.add(protocol_ref) return protocol_ref.to_dict()
def check_user_in_group(self, user_id, group_id): session = db_session.get_session() self.get_group(group_id) self.get_user(user_id) query = session.query(UserGroupMembership) query = query.filter_by(user_id=user_id) query = query.filter_by(group_id=group_id) if not query.first(): raise exception.NotFound(_('User not found in group'))
def check_user_in_group(self, user_id, group_id): session = db_session.get_session() self.get_group(group_id) self.get_user(user_id) query = session.query(UserGroupMembership) query = query.filter_by(user_id=user_id) query = query.filter_by(group_id=group_id) if not query.first(): raise exception.NotFound(_('User not found in group'))
def create_consumer(self, consumer): consumer['secret'] = uuid.uuid4().hex if not consumer.get('description'): consumer['description'] = None session = db_session.get_session() with session.begin(): consumer_ref = Consumer.from_dict(consumer) session.add(consumer_ref) return consumer_ref.to_dict()
def create_mapping(self, mapping_id, mapping): session = db_session.get_session() ref = {} ref['id'] = mapping_id ref['rules'] = jsonutils.dumps(mapping.get('rules')) with session.begin(): mapping_ref = MappingModel.from_dict(ref) session.add(mapping_ref) return mapping_ref.to_dict()
def create_protocol(self, idp_id, protocol_id, protocol): session = db_session.get_session() with session.begin(): self._get_idp(session, idp_id) protocol['id'] = protocol_id protocol['idp_id'] = idp_id protocol_ref = FederationProtocolModel.from_dict(protocol) session.add(protocol_ref) return protocol_ref.to_dict()
def create_consumer(self, consumer): consumer['secret'] = uuid.uuid4().hex if not consumer.get('description'): consumer['description'] = None session = db_session.get_session() with session.begin(): consumer_ref = Consumer.from_dict(consumer) session.add(consumer_ref) return consumer_ref.to_dict()
def update_consumer(self, consumer_id, consumer): session = db_session.get_session() with session.begin(): consumer_ref = self._get_consumer(session, consumer_id) old_consumer_dict = consumer_ref.to_dict() old_consumer_dict.update(consumer) new_consumer = Consumer.from_dict(old_consumer_dict) consumer_ref.description = new_consumer.description consumer_ref.extra = new_consumer.extra return core.filter_consumer(consumer_ref.to_dict())
def update_consumer(self, consumer_id, consumer): session = db_session.get_session() with session.begin(): consumer_ref = self._get_consumer(session, consumer_id) old_consumer_dict = consumer_ref.to_dict() old_consumer_dict.update(consumer) new_consumer = Consumer.from_dict(old_consumer_dict) consumer_ref.description = new_consumer.description consumer_ref.extra = new_consumer.extra return core.filter_consumer(consumer_ref.to_dict())
def update_idp(self, idp_id, idp): session = db_session.get_session() with session.begin(): idp_ref = self._get_idp(session, idp_id) old_idp = idp_ref.to_dict() old_idp.update(idp) new_idp = IdentityProviderModel.from_dict(old_idp) for attr in IdentityProviderModel.mutable_attributes: setattr(idp_ref, attr, getattr(new_idp, attr)) return idp_ref.to_dict()
def update_protocol(self, idp_id, protocol_id, protocol): session = db_session.get_session() with session.begin(): proto_ref = self._get_protocol(session, idp_id, protocol_id) old_proto = proto_ref.to_dict() old_proto.update(protocol) new_proto = FederationProtocolModel.from_dict(old_proto) for attr in FederationProtocolModel.mutable_attributes: setattr(proto_ref, attr, getattr(new_proto, attr)) return proto_ref.to_dict()
def update_idp(self, idp_id, idp): session = db_session.get_session() with session.begin(): idp_ref = self._get_idp(session, idp_id) old_idp = idp_ref.to_dict() old_idp.update(idp) new_idp = IdentityProviderModel.from_dict(old_idp) for attr in IdentityProviderModel.mutable_attributes: setattr(idp_ref, attr, getattr(new_idp, attr)) return idp_ref.to_dict()
def update_protocol(self, idp_id, protocol_id, protocol): session = db_session.get_session() with session.begin(): proto_ref = self._get_protocol(session, idp_id, protocol_id) old_proto = proto_ref.to_dict() old_proto.update(protocol) new_proto = FederationProtocolModel.from_dict(old_proto) for attr in FederationProtocolModel.mutable_attributes: setattr(proto_ref, attr, getattr(new_proto, attr)) return proto_ref.to_dict()
def get_user_by_name(self, user_name, domain_id): session = db_session.get_session() query = session.query(User) query = query.filter_by(name=user_name) query = query.filter_by(domain_id=domain_id) try: user_ref = query.one() except sql.NotFound: raise exception.UserNotFound(user_id=user_name) return identity.filter_user(user_ref.to_dict())