1
# vim: tabstop=4 shiftwidth=4 softtabstop=4
3
# Copyright 2013 OpenStack LLC
5
# Licensed under the Apache License, Version 2.0 (the "License"); you may
6
# not use this file except in compliance with the License. You may obtain
7
# a copy of the License at
9
# http://www.apache.org/licenses/LICENSE-2.0
11
# Unless required by applicable law or agreed to in writing, software
12
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
13
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
14
# License for the specific language governing permissions and limitations
17
import sqlalchemy as sql
19
from keystone.common import utils
20
from keystone import exception
23
def upgrade(migrate_engine):
25
meta.bind = migrate_engine
27
credential_table = sql.Table('credential',
31
ec2_cred_table = sql.Table('ec2_credential',
35
session = sql.orm.sessionmaker(bind=migrate_engine)()
36
insert = credential_table.insert()
37
for ec2credential in session.query(ec2_cred_table):
38
cred_exist = check_credential_exists(ec2credential,
39
credential_table, session)
42
credential = utils.convert_ec2_to_v3_credential(ec2credential)
43
insert.execute(credential)
51
def check_credential_exists(ec2credential, credential_table, session):
52
credential = session.query(credential_table).filter_by(
53
id=utils.hash_access_key(ec2credential.access)).first()
54
if credential is None:
56
blob = utils.get_blob_from_credential(credential)
57
# check if credential with same access key but different
58
# secret key already exists in credential table.
59
# If exists raise an exception
60
if blob['secret'] != ec2credential.secret:
61
msg = _('Credential %(access)s already exists with different secret'
62
' in %(table)s table')
63
message = msg % {'access': ec2credential.access,
64
'table': credential_table.name}
65
raise exception.Conflict(type='credential', details=message)
66
# check if credential with same access and secret key but
67
# associated with a different project exists. If exists raise
69
elif credential.project_id is not None and (
70
credential.project_id != ec2credential.tenant_id):
71
msg = _('Credential %(access)s already exists with different project'
72
' in %(table)s table')
73
message = msg % {'access': ec2credential.access,
74
'table': credential_table.name}
75
raise exception.Conflict(type='credential', details=message)
76
# if credential with same access and secret key and not associated
77
# with any projects already exists in the credential table, then
83
def downgrade(migrate_engine):
85
meta.bind = migrate_engine
87
session = sql.orm.sessionmaker(bind=migrate_engine)()
89
ec2_credential_table = sql.Table(
92
sql.Column('access', sql.String(64), primary_key=True),
93
sql.Column('secret', sql.String(64)),
94
sql.Column('user_id', sql.String(64)),
95
sql.Column('tenant_id', sql.String(64)),
96
mysql_engine='InnoDB',
99
ec2_credential_table.create(migrate_engine, checkfirst=True)
100
credential_table = sql.Table('credential',
103
insert = ec2_credential_table.insert()
104
for credential in session.query(credential_table).filter(
105
sql.and_(credential_table.c.type == 'ec2',
106
credential_table.c.project_id is not None)).all():
107
ec2_credential = utils.convert_v3_to_ec2_credential(credential)
108
insert.execute(ec2_credential)