1
# vim: tabstop=4 shiftwidth=4 softtabstop=4
3
# Copyright 2012 OpenStack LLC
5
# Licensed under the Apache License, Version 2.0 (the "License"); you may
6
# not use this file except in compliance with the License. You may obtain
7
# a copy of the License at
9
# http://www.apache.org/licenses/LICENSE-2.0
11
# Unless required by applicable law or agreed to in writing, software
12
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
13
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
14
# License for the specific language governing permissions and limitations
17
from keystone.common import sql
18
from keystone import exception
19
from keystone.openstack.common import timeutils
20
from keystone import trust
23
class TrustModel(sql.ModelBase, sql.DictBase):
24
__tablename__ = 'trust'
25
attributes = ['id', 'trustor_user_id', 'trustee_user_id',
26
'project_id', 'impersonation', 'expires_at']
27
id = sql.Column(sql.String(64), primary_key=True)
29
trustor_user_id = sql.Column(sql.String(64), unique=False, nullable=False,)
30
#user_id of user allowed to consume this preauth
31
trustee_user_id = sql.Column(sql.String(64), unique=False, nullable=False)
32
project_id = sql.Column(sql.String(64), unique=False, nullable=True)
33
impersonation = sql.Column(sql.Boolean)
34
deleted_at = sql.Column(sql.DateTime)
35
expires_at = sql.Column(sql.DateTime)
36
extra = sql.Column(sql.JsonBlob())
39
class TrustRole(sql.ModelBase):
40
__tablename__ = 'trust_role'
41
attributes = ['trust_id', 'role_id']
42
trust_id = sql.Column(sql.String(64), primary_key=True, nullable=False)
43
role_id = sql.Column(sql.String(64), primary_key=True, nullable=False)
46
class Trust(sql.Base, trust.Driver):
47
@sql.handle_conflicts(type='trust')
48
def create_trust(self, trust_id, trust, roles):
49
session = self.get_session()
51
ref = TrustModel.from_dict(trust)
53
if ref.get('expires_at') and ref['expires_at'].tzinfo is not None:
54
ref['expires_at'] = timeutils.normalize_time(ref['expires_at'])
58
trust_role = TrustRole()
59
trust_role.trust_id = trust_id
60
trust_role.role_id = role['id']
61
added_roles.append({'id': role['id']})
62
session.add(trust_role)
64
trust_dict = ref.to_dict()
65
trust_dict['roles'] = added_roles
68
def _add_roles(self, trust_id, session, trust_dict):
70
for role in session.query(TrustRole).filter_by(trust_id=trust_id):
71
roles.append({'id': role.role_id})
72
trust_dict['roles'] = roles
74
@sql.handle_conflicts(type='trust')
75
def get_trust(self, trust_id):
76
session = self.get_session()
77
ref = (session.query(TrustModel).
78
filter_by(deleted_at=None).
79
filter_by(id=trust_id).first())
82
if ref.expires_at is not None:
83
now = timeutils.utcnow()
84
if now > ref.expires_at:
86
trust_dict = ref.to_dict()
88
self._add_roles(trust_id, session, trust_dict)
91
@sql.handle_conflicts(type='trust')
92
def list_trusts(self):
93
session = self.get_session()
94
trusts = session.query(TrustModel).filter_by(deleted_at=None)
95
return [trust_ref.to_dict() for trust_ref in trusts]
97
@sql.handle_conflicts(type='trust')
98
def list_trusts_for_trustee(self, trustee_user_id):
99
session = self.get_session()
100
trusts = (session.query(TrustModel).
101
filter_by(deleted_at=None).
102
filter_by(trustee_user_id=trustee_user_id))
103
return [trust_ref.to_dict() for trust_ref in trusts]
105
@sql.handle_conflicts(type='trust')
106
def list_trusts_for_trustor(self, trustor_user_id):
107
session = self.get_session()
108
trusts = (session.query(TrustModel).
109
filter_by(deleted_at=None).
110
filter_by(trustor_user_id=trustor_user_id))
111
return [trust_ref.to_dict() for trust_ref in trusts]
113
@sql.handle_conflicts(type='trust')
114
def delete_trust(self, trust_id):
115
session = self.get_session()
116
with session.begin():
118
trust_ref = (session.query(TrustModel).
119
filter_by(id=trust_id).one())
121
raise exception.TrustNotFound(trust_id=trust_id)
122
trust_ref.deleted_at = timeutils.utcnow()