OpenStack Study: authorization.py

**** CubicPower OpenStack Study ****

def flatten(d, parent_key=''):

    """Flatten a nested dictionary

    Converts a dictionary with nested values to a single level flat

    dictionary, with dotted notation for each key.

    """

    items = []

    for k, v in d.items():

        new_key = parent_key + '.' + k if parent_key else k

        if isinstance(v, collections.MutableMapping):

            items.extend(flatten(v, new_key).items())

        else:

            items.append((new_key, v))

    return dict(items)

**** CubicPower OpenStack Study ****

def is_v3_token(token):

    # V3 token data are encapsulated into "token" key while

    # V2 token data are encapsulated into "access" key.

    return 'token' in token

**** CubicPower OpenStack Study ****

def v3_token_to_auth_context(token):

    creds = {}

    token_data = token['token']

    try:

        creds['user_id'] = token_data['user']['id']

    except AttributeError:

        LOG.warning(_('RBAC: Invalid user data in v3 token'))

        raise exception.Unauthorized()

    if 'project' in token_data:

        creds['project_id'] = token_data['project']['id']

    else:

        LOG.debug(_('RBAC: Proceeding without project'))

    if 'domain' in token_data:

        creds['domain_id'] = token_data['domain']['id']

    if 'roles' in token_data:

        creds['roles'] = []

        for role in token_data['roles']:

            creds['roles'].append(role['name'])

    creds['group_ids'] = [

        g['id'] for g in token_data['user'].get(federation.FEDERATION, {}).get(

            'groups', [])]

    return creds

**** CubicPower OpenStack Study ****

def v2_token_to_auth_context(token):

    creds = {}

    token_data = token['access']

    try:

        creds['user_id'] = token_data['user']['id']

    except AttributeError:

        LOG.warning(_('RBAC: Invalid user data in v2 token'))

        raise exception.Unauthorized()

    if 'tenant' in token_data['token']:

        creds['project_id'] = token_data['token']['tenant']['id']

    else:

        LOG.debug(_('RBAC: Proceeding without tenant'))

    if 'roles' in token_data['user']:

        creds['roles'] = [role['name'] for

                          role in token_data['user']['roles']]

    return creds

**** CubicPower OpenStack Study ****

def token_to_auth_context(token):

    if is_v3_token(token):

        creds = v3_token_to_auth_context(token)

    else:

        creds = v2_token_to_auth_context(token)

    return creds