¡@
OpenStack Study: controllers.py**** CubicPower OpenStack Study ****
# Copyright 2013 OpenStack Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. import hashlib import json from keystone.common import controller from keystone.common import dependency from keystone.common import driver_hints from keystone import exception from keystone.openstack.common.gettextutils import _ @dependency.requires('credential_api')
**** CubicPower OpenStack Study **** class CredentialV3(controller.V3Controller): collection_name = 'credentials' member_name = 'credential'
**** CubicPower OpenStack Study **** def __init__(self): super(CredentialV3, self).__init__() self.get_member_from_driver = self.credential_api.get_credential
**** CubicPower OpenStack Study **** def _assign_unique_id(self, ref, trust_id=None): # Generates and assigns a unique identifer to # a credential reference. if ref.get('type', '').lower() == 'ec2': try: blob = json.loads(ref.get('blob')) except (ValueError, TypeError): raise exception.ValidationError( message=_('Invalid blob in credential')) if not blob or not isinstance(blob, dict): raise exception.ValidationError(attribute='blob', target='credential') if blob.get('access') is None: raise exception.ValidationError(attribute='access', target='blob') ret_ref = ref.copy() ret_ref['id'] = hashlib.sha256(blob['access']).hexdigest() # Update the blob with the trust_id, so credentials created # with a trust scoped token will result in trust scoped # tokens when authentication via ec2tokens happens if trust_id is not None: blob['trust_id'] = trust_id ret_ref['blob'] = json.dumps(blob) return ret_ref else: return super(CredentialV3, self)._assign_unique_id(ref) @controller.protected()
**** CubicPower OpenStack Study **** def create_credential(self, context, credential): trust_id = self._get_trust_id_for_request(context) ref = self._assign_unique_id(self._normalize_dict(credential), trust_id) ref = self.credential_api.create_credential(ref['id'], ref) return CredentialV3.wrap_member(context, ref) @staticmethod
**** CubicPower OpenStack Study **** def _blob_to_json(ref): # credentials stored via ec2tokens before the fix for #1259584 # need json serializing, as that's the documented API format blob = ref.get('blob') if isinstance(blob, dict): new_ref = ref.copy() new_ref['blob'] = json.dumps(blob) return new_ref else: return ref @controller.protected()
**** CubicPower OpenStack Study **** def list_credentials(self, context): # NOTE(henry-nash): Since there are no filters for credentials, we # shouldn't limit the output, hence we don't pass a hints list into # the driver. refs = self.credential_api.list_credentials() ret_refs = [self._blob_to_json(r) for r in refs] return CredentialV3.wrap_collection(context, ret_refs, driver_hints.Hints()) @controller.protected()
**** CubicPower OpenStack Study **** def get_credential(self, context, credential_id): ref = self.credential_api.get_credential(credential_id) ret_ref = self._blob_to_json(ref) return CredentialV3.wrap_member(context, ret_ref) @controller.protected()
**** CubicPower OpenStack Study **** def update_credential(self, context, credential_id, credential): self._require_matching_id(credential_id, credential) ref = self.credential_api.update_credential(credential_id, credential) return CredentialV3.wrap_member(context, ref) @controller.protected()
**** CubicPower OpenStack Study **** def delete_credential(self, context, credential_id): return self.credential_api.delete_credential(credential_id)
|