← Back to branch summary

~ubuntu-branches/ubuntu/wily/keystone/wily

« back to all changes in this revision

Viewing changes to keystone/common/sql/migrate_repo/versions/033_migrate_ec2credentials_table_credentials.py

  • Committer: Package Import Robot
  • Author(s): Chuck Short, Chuck Short, James Page, Adam Gandelman
  • Date: 2013-09-09 18:02:41 UTC
  • mfrom: (1.1.36)
  • Revision ID: package-import@ubuntu.com-20130909180241-5pizm6rcauhg4x93
Tags: 1:2013.2~b3-0ubuntu1
[ Chuck Short ]
* New upstream release. 
* debian/control: Add python-oslo.sphinx as a build dependency.
* debian/control: Add python-babel as a build dependency.
* debian/control: Add python-dogpile.cache as a build dependency.
* debian/control: Add python-oauth2 as a build dependency. 
* debian/patches/sql_connection.patch: Refreshed

[ James Page ]
* d/patches/fix-ubuntu-tests.patch: Fixup for new tests location.
* d/patches/ubuntu-test-overrides.patch: Override testing defaults
  using patches.
* d/rules: Rework for patching approach for test_overrides.conf.
* d/tests/test_overrides.conf: Dropped - no longer required.
* d/control: Add python-netaddr to BD's.

[ Adam Gandelman ]
* debian/control: Add python-testtools to Build-Depends.

Show diffs side-by-side

added added

removed removed

Lines of Context:
keystone/common/sql/migrate_repo/versions/033_migrate_ec2credentials_table_credentials.py
 
1
# vim: tabstop=4 shiftwidth=4 softtabstop=4
 
2
 
 
3
# Copyright 2013 OpenStack LLC
 
4
#
 
5
# Licensed under the Apache License, Version 2.0 (the "License"); you may
 
6
# not use this file except in compliance with the License. You may obtain
 
7
# a copy of the License at
 
8
#
 
9
#      http://www.apache.org/licenses/LICENSE-2.0
 
10
#
 
11
# Unless required by applicable law or agreed to in writing, software
 
12
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 
13
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 
14
# License for the specific language governing permissions and limitations
 
15
# under the License.
 
16
 
 
17
import sqlalchemy as sql
 
18
 
 
19
from keystone.common import utils
 
20
from keystone import exception
 
21
 
 
22
 
 
23
def upgrade(migrate_engine):
 
24
    meta = sql.MetaData()
 
25
    meta.bind = migrate_engine
 
26
 
 
27
    credential_table = sql.Table('credential',
 
28
                                 meta,
 
29
                                 autoload=True)
 
30
 
 
31
    ec2_cred_table = sql.Table('ec2_credential',
 
32
                               meta,
 
33
                               autoload=True)
 
34
 
 
35
    session = sql.orm.sessionmaker(bind=migrate_engine)()
 
36
    insert = credential_table.insert()
 
37
    for ec2credential in session.query(ec2_cred_table):
 
38
        cred_exist = check_credential_exists(ec2credential,
 
39
                                             credential_table, session)
 
40
 
 
41
        if not cred_exist:
 
42
            credential = utils.convert_ec2_to_v3_credential(ec2credential)
 
43
            insert.execute(credential)
 
44
 
 
45
    session.commit()
 
46
    session.close()
 
47
 
 
48
    ec2_cred_table.drop()
 
49
 
 
50
 
 
51
def check_credential_exists(ec2credential, credential_table, session):
 
52
    credential = session.query(credential_table).filter_by(
 
53
        id=utils.hash_access_key(ec2credential.access)).first()
 
54
    if credential is None:
 
55
        return False
 
56
    blob = utils.get_blob_from_credential(credential)
 
57
    # check if credential with same access key but different
 
58
    # secret key already exists in credential table.
 
59
    # If exists raise an exception
 
60
    if blob['secret'] != ec2credential.secret:
 
61
        msg = _('Credential %(access)s already exists with different secret'
 
62
                ' in %(table)s table')
 
63
        message = msg % {'access': ec2credential.access,
 
64
                         'table': credential_table.name}
 
65
        raise exception.Conflict(type='credential', details=message)
 
66
    # check if credential with same access and secret key but
 
67
    # associated with a different project exists. If exists raise
 
68
    # an exception
 
69
    elif credential.project_id is not None and (
 
70
            credential.project_id != ec2credential.tenant_id):
 
71
        msg = _('Credential %(access)s already exists with different project'
 
72
                ' in %(table)s table')
 
73
        message = msg % {'access': ec2credential.access,
 
74
                         'table': credential_table.name}
 
75
        raise exception.Conflict(type='credential', details=message)
 
76
    # if credential with same access and secret key and not associated
 
77
    # with any projects already exists in the credential table, then
 
78
    # return true.
 
79
    else:
 
80
        return True
 
81
 
 
82
 
 
83
def downgrade(migrate_engine):
 
84
    meta = sql.MetaData()
 
85
    meta.bind = migrate_engine
 
86
 
 
87
    session = sql.orm.sessionmaker(bind=migrate_engine)()
 
88
 
 
89
    ec2_credential_table = sql.Table(
 
90
        'ec2_credential',
 
91
        meta,
 
92
        sql.Column('access', sql.String(64), primary_key=True),
 
93
        sql.Column('secret', sql.String(64)),
 
94
        sql.Column('user_id', sql.String(64)),
 
95
        sql.Column('tenant_id', sql.String(64)),
 
96
        mysql_engine='InnoDB',
 
97
        mysql_charset='utf8')
 
98
 
 
99
    ec2_credential_table.create(migrate_engine, checkfirst=True)
 
100
    credential_table = sql.Table('credential',
 
101
                                 meta,
 
102
                                 autoload=True)
 
103
    insert = ec2_credential_table.insert()
 
104
    for credential in session.query(credential_table).filter(
 
105
            sql.and_(credential_table.c.type == 'ec2',
 
106
                     credential_table.c.project_id is not None)).all():
 
107
        ec2_credential = utils.convert_v3_to_ec2_credential(credential)
 
108
        insert.execute(ec2_credential)
 
109
 
 
110
    session.commit()
 
111
    session.close()