def _get_trust(self, ctx):
'''List trusts with current user as the trustor.'''
# DB table is used as a cache for the trusts.
cred_exists = False
res = db_api.cred_get(ctx, ctx.user, ctx.project)
if res is not None:
try:
trust_id = res.cred['openstack']['trust']
return trust_id
except KeyError:
# Garbage in the store, ignore it
cred_exists = True
pass
params = {
'auth_url': ctx.auth_url,
'token': ctx.auth_token,
'project_id': ctx.project,
'user_id': ctx.user,
}
kc = driver_base.SenlinDriver().identity(params)
service_cred = context.get_service_context()
admin_id = kc.get_user_id(**service_cred)
try:
trust = kc.trust_get_by_trustor(ctx.user, admin_id, ctx.project)
except exception.InternalError as ex:
if ex.code == 400:
trust = None
else:
raise ex
if not trust:
# Create a trust if no existing one found
trust = kc.trust_create(ctx.user, admin_id, ctx.project, ctx.roles)
# update cache
if cred_exists:
db_api.cred_update(ctx.user, ctx.project,
{'cred': {'openstack': {'trust': trust.id}}})
else:
values = {
'user': ctx.user,
'project': ctx.project,
'cred': {'openstack': {'trust': trust.id}}
}
db_api.cred_create(ctx, values)
return trust.id
def _build_conn_params(self, user, project):
"""Build connection params for specific user and project.
:param user: The ID of the user for which a trust will be used.
:param project: The ID of the project for which a trust will be used.
:returns: A dict containing the required parameters for connection
creation.
"""
cred = db_api.cred_get(oslo_context.get_current(), user, project)
if cred is None:
raise exception.TrustNotFound(trustor=user)
trust_id = cred.cred['openstack']['trust']
# This is supposed to be trust-based authentication
params = copy.deepcopy(self.context)
params['trust_id'] = [trust_id]
return params
def _build_conn_params(self, user, project):
"""Build connection params for specific user and project.
:param user: The ID of the user for which a trust will be used.
:param project: The ID of the project for which a trust will be used.
:returns: A dict containing the required parameters for connection
creation.
"""
cred = db_api.cred_get(oslo_context.get_current(), user, project)
if cred is None:
raise exception.TrustNotFound(trustor=user)
trust_id = cred.cred['openstack']['trust']
# This is supposed to be trust-based authentication
params = copy.deepcopy(self.context)
params['trust_id'] = trust_id
return params
def _build_conn_params(self, cluster):
"""Build trust-based connection parameters.
:param cluster: the cluste for which the trust will be checked.
"""
service_creds = senlin_context.get_service_context()
params = {
'username': service_creds.get('username'),
'password': service_creds.get('password'),
'auth_url': service_creds.get('auth_url'),
'user_domain_name': service_creds.get('user_domain_name')
}
cred = db_api.cred_get(oslo_context.get_current(),
cluster.user, cluster.project)
if cred is None:
raise exception.TrustNotFound(trustor=cluster.user)
params['trust_id'] = [cred.cred['openstack']['trust']]
return params
def _build_conn_params(self, cluster):
"""Build trust-based connection parameters.
:param cluster: the cluste for which the trust will be checked.
"""
service_creds = senlin_context.get_service_context()
params = {
'username': service_creds.get('username'),
'password': service_creds.get('password'),
'auth_url': service_creds.get('auth_url'),
'user_domain_name': service_creds.get('user_domain_name')
}
cred = db_api.cred_get(oslo_context.get_current(), cluster.user,
cluster.project)
if cred is None:
raise exception.TrustNotFound(trustor=cluster.user)
params['trust_id'] = cred.cred['openstack']['trust']
return params
def create(cls, context, rtype, cluster, action, **kwargs):
cdata = dict()
if context.is_admin:
# use object owner if request is from admin
cred = db_api.cred_get(context, cluster.user, cluster.project)
trust_id = cred['cred']['openstack']['trust']
cdata['trust_id'] = trust_id
else:
# otherwise, use context user
cdata['trust_id'] = context.trusts
kwargs['id'] = uuidutils.generate_uuid()
kwargs['actor'] = cdata
kwargs['user'] = context.user
kwargs['project'] = context.project
kwargs['domain'] = context.domain
obj = cls(rtype, cluster.id, action, **kwargs)
obj.initialize_channel()
obj.store(context)
return obj
def create(cls, context, rtype, cluster, action, **kwargs):
cdata = dict()
if context.is_admin:
# use object owner if request is from admin
cred = db_api.cred_get(context, cluster.user, cluster.project)
trust_id = cred['cred']['openstack']['trust']
cdata['trust_id'] = [trust_id]
else:
# otherwise, use context user
cdata['trust_id'] = [context.trusts]
kwargs['id'] = uuidutils.generate_uuid()
kwargs['actor'] = cdata
kwargs['user'] = context.user
kwargs['project'] = context.project
kwargs['domain'] = context.domain
obj = cls(rtype, cluster.id, action, **kwargs)
obj.initialize_channel()
obj.store(context)
return obj
def get(cls, context, user, project):
obj = db_api.cred_get(context, user, project)
return cls._from_db_object(context, cls(), obj)
def get(cls, context, user, project):
obj = db_api.cred_get(context, user, project)
return cls._from_db_object(context, cls(), obj)