diff --git a/keystone/identity/backends/ldap.py b/keystone/identity/backends/ldap.py index c06737c8e2..1bdec3a3a3 100644 --- a/keystone/identity/backends/ldap.py +++ b/keystone/identity/backends/ldap.py @@ -55,10 +55,10 @@ def default_assignment_driver(self): # Identity interface def create_project(self, project_id, project): - return self.assignment.create_project(project_id, project) + return self.assignment_api.create_project(project_id, project) def get_project(self, project_id): - return self.assignment.get_project(project_id) + return self.assignment_api.get_project(project_id) def authenticate(self, user_id=None, password=None): try: @@ -74,7 +74,7 @@ def authenticate(self, user_id=None, password=None): raise AssertionError('Invalid user / password') except Exception: raise AssertionError('Invalid user / password') - return self.assignment._set_default_domain( + return self.assignment_api._set_default_domain( identity.filter_user(user_ref)) def _get_user(self, user_id): @@ -82,28 +82,28 @@ def _get_user(self, user_id): def get_user(self, user_id): ref = identity.filter_user(self._get_user(user_id)) - return self.assignment._set_default_domain(ref) + return self.assignment_api._set_default_domain(ref) def list_users(self): - return self.assignment._set_default_domain(self.user.get_all()) + return self.assignment_api._set_default_domain(self.user.get_all()) def get_user_by_name(self, user_name, domain_id): - self.assignment._validate_default_domain_id(domain_id) + self.assignment_api._validate_default_domain_id(domain_id) ref = identity.filter_user(self.user.get_by_name(user_name)) - return self.assignment._set_default_domain(ref) + return self.assignment_api._set_default_domain(ref) # CRUD def create_user(self, user_id, user): - user = self.assignment._validate_default_domain(user) + user = self.assignment_api._validate_default_domain(user) user_ref = self.user.create(user) tenant_id = user.get('tenant_id') if tenant_id is not None: - self.assignment.add_user_to_project(tenant_id, user_id) - return (self.assignment._set_default_domain + self.assignment_api.add_user_to_project(tenant_id, user_id) + return (self.assignment_api._set_default_domain (identity.filter_user(user_ref))) def update_user(self, user_id, user): - user = self.assignment._validate_default_domain(user) + user = self.assignment_api._validate_default_domain(user) if 'id' in user and user['id'] != user_id: raise exception.ValidationError('Cannot change user ID') old_obj = self.user.get(user_id) @@ -126,11 +126,11 @@ def update_user(self, user_id, user): user['enabled_nomask'] = old_obj['enabled_nomask'] self.user.mask_enabled_attribute(user) self.user.update(user_id, user, old_obj) - return (self.assignment._set_default_domain + return (self.assignment_api._set_default_domain (self.user.get_filtered(user_id))) def delete_user(self, user_id): - self.assignment.delete_user(user_id) + self.assignment_api.delete_user(user_id) user_dn = self.user._id_to_dn(user_id) groups = self.group.list_user_groups(user_dn) for group in groups: @@ -143,18 +143,20 @@ def delete_user(self, user_id): self.user.delete(user_id) def create_group(self, group_id, group): - group = self.assignment._validate_default_domain(group) + group = self.assignment_api._validate_default_domain(group) group['name'] = clean.group_name(group['name']) - return self.assignment._set_default_domain(self.group.create(group)) + return self.assignment_api._set_default_domain( + self.group.create(group)) def get_group(self, group_id): - return self.assignment._set_default_domain(self.group.get(group_id)) + return self.assignment_api._set_default_domain( + self.group.get(group_id)) def update_group(self, group_id, group): - group = self.assignment._validate_default_domain(group) + group = self.assignment_api._validate_default_domain(group) if 'name' in group: group['name'] = clean.group_name(group['name']) - return (self.assignment._set_default_domain + return (self.assignment_api._set_default_domain (self.group.update(group_id, group))) def delete_group(self, group_id): @@ -175,11 +177,11 @@ def remove_user_from_group(self, user_id, group_id): def list_groups_for_user(self, user_id): self.get_user(user_id) user_dn = self.user._id_to_dn(user_id) - return (self.assignment._set_default_domain + return (self.assignment_api._set_default_domain (self.group.list_user_groups(user_dn))) def list_groups(self): - return self.assignment._set_default_domain(self.group.get_all()) + return self.assignment_api._set_default_domain(self.group.get_all()) def list_users_in_group(self, group_id): self.get_group(group_id) @@ -193,7 +195,7 @@ def list_users_in_group(self, group_id): " '%(group_id)s'. The user should be removed" " from the group. The user will be ignored.") % dict(user_dn=user_dn, group_id=group_id)) - return self.assignment._set_default_domain(users) + return self.assignment_api._set_default_domain(users) def check_user_in_group(self, user_id, group_id): self.get_user(user_id) diff --git a/keystone/identity/backends/sql.py b/keystone/identity/backends/sql.py index f82c34f82d..2c00088e9d 100644 --- a/keystone/identity/backends/sql.py +++ b/keystone/identity/backends/sql.py @@ -221,7 +221,7 @@ def delete_user(self, user_id): session.delete(ref) session.flush() - self.assignment.delete_user(user_id) + self.assignment_api.delete_user(user_id) # group crud @@ -278,4 +278,4 @@ def delete_group(self, group_id): session.delete(ref) session.flush() - self.assignment.delete_group(group_id) + self.assignment_api.delete_group(group_id) diff --git a/keystone/identity/core.py b/keystone/identity/core.py index d04902aef5..b3efc0a7cc 100644 --- a/keystone/identity/core.py +++ b/keystone/identity/core.py @@ -65,8 +65,8 @@ def __init__(self, assignment_api=None): super(Manager, self).__init__(CONF.identity.driver) if assignment_api is None: assignment_api = assignment.Manager(self) - self.assignment = assignment_api - self.driver.assignment = assignment_api + self.assignment_api = assignment_api + self.driver.assignment_api = assignment_api def create_user(self, user_id, user_ref): user = user_ref.copy() @@ -102,36 +102,36 @@ def update_project(self, tenant_id, tenant_ref): return self.assignment_api.update_project(tenant_id, tenant) def get_project_by_name(self, tenant_name, domain_id): - return self.assignment.get_project_by_name(tenant_name, domain_id) + return self.assignment_api.get_project_by_name(tenant_name, domain_id) def get_project(self, tenant_id): - return self.assignment.get_project(tenant_id) + return self.assignment_api.get_project(tenant_id) def list_projects(self, domain_id=None): - return self.assignment.list_projects(domain_id) + return self.assignment_api.list_projects(domain_id) def get_role(self, role_id): - return self.assignment.get_role(role_id) + return self.assignment_api.get_role(role_id) def list_roles(self): - return self.assignment.list_roles() + return self.assignment_api.list_roles() def get_projects_for_user(self, user_id): - return self.assignment.get_projects_for_user(user_id) + return self.assignment_api.get_projects_for_user(user_id) def get_project_users(self, tenant_id): - return self.assignment.get_project_users(tenant_id) + return self.assignment_api.get_project_users(tenant_id) def get_roles_for_user_and_project(self, user_id, tenant_id): - return self.assignment.get_roles_for_user_and_project(user_id, - tenant_id) + return self.assignment_api.get_roles_for_user_and_project( + user_id, tenant_id) def get_roles_for_user_and_domain(self, user_id, domain_id): - return (self.assignment.get_roles_for_user_and_domain + return (self.assignment_api.get_roles_for_user_and_domain (user_id, domain_id)) def _subrole_id_to_dn(self, role_id, tenant_id): - return self.assignment._subrole_id_to_dn(role_id, tenant_id) + return self.assignment_api._subrole_id_to_dn(role_id, tenant_id) def add_role_to_user_and_project(self, user_id, tenant_id, role_id): @@ -139,13 +139,13 @@ def add_role_to_user_and_project(self, user_id, (user_id, tenant_id, role_id)) def create_role(self, role_id, role): - return self.assignment.create_role(role_id, role) + return self.assignment_api.create_role(role_id, role) def delete_role(self, role_id): - return self.assignment.delete_role(role_id) + return self.assignment_api.delete_role(role_id) def delete_project(self, tenant_id): - return self.assignment.delete_project(tenant_id) + return self.assignment_api.delete_project(tenant_id) def remove_role_from_user_and_project(self, user_id, tenant_id, role_id): @@ -153,62 +153,62 @@ def remove_role_from_user_and_project(self, user_id, (user_id, tenant_id, role_id)) def update_role(self, role_id, role): - return self.assignment.update_role(role_id, role) + return self.assignment_api.update_role(role_id, role) def create_grant(self, role_id, user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False): - return (self.assignment.create_grant + return (self.assignment_api.create_grant (role_id, user_id, group_id, domain_id, project_id, inherited_to_projects)) def list_grants(self, user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False): - return (self.assignment.list_grants + return (self.assignment_api.list_grants (user_id, group_id, domain_id, project_id, inherited_to_projects)) def get_grant(self, role_id, user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False): - return (self.assignment.get_grant + return (self.assignment_api.get_grant (role_id, user_id, group_id, domain_id, project_id, inherited_to_projects)) def delete_grant(self, role_id, user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False): - return (self.assignment.delete_grant + return (self.assignment_api.delete_grant (role_id, user_id, group_id, domain_id, project_id, inherited_to_projects)) def create_domain(self, domain_id, domain): - return self.assignment.create_domain(domain_id, domain) + return self.assignment_api.create_domain(domain_id, domain) def get_domain_by_name(self, domain_name): - return self.assignment.get_domain_by_name(domain_name) + return self.assignment_api.get_domain_by_name(domain_name) def get_domain(self, domain_id): - return self.assignment.get_domain(domain_id) + return self.assignment_api.get_domain(domain_id) def update_domain(self, domain_id, domain): - return self.assignment.update_domain(domain_id, domain) + return self.assignment_api.update_domain(domain_id, domain) def delete_domain(self, domain_id): - return self.assignment.delete_domain(domain_id) + return self.assignment_api.delete_domain(domain_id) def list_domains(self): - return self.assignment.list_domains() + return self.assignment_api.list_domains() def list_user_projects(self, user_id): - return self.assignment.list_user_projects(user_id) + return self.assignment_api.list_user_projects(user_id) def add_user_to_project(self, tenant_id, user_id): - return self.assignment.add_user_to_project(tenant_id, user_id) + return self.assignment_api.add_user_to_project(tenant_id, user_id) def remove_user_from_project(self, tenant_id, user_id): - return self.assignment.remove_user_from_project(tenant_id, user_id) + return self.assignment_api.remove_user_from_project(tenant_id, user_id) def list_role_assignments(self): return self.assignment_api.list_role_assignments()