From 312746c6bbdd9e961d16d5cb31b062b45216d4e2 Mon Sep 17 00:00:00 2001 From: Biswajit Mandal Date: Wed, 6 May 2015 16:40:54 +0530 Subject: [PATCH] Related-Bug: #1451313 1. After login, while getting the project-list request from client, get the project list from keystone, if any project is not listed in req.session.tokenObjs, then send token/role request for this project to keystone, save the token and role information, if the role is admin, then add this to the project list to be sent to UI. 2. Corrected the tokenid POST data in case keystone v3 Change-Id: I18a517636a90f80f9c2de939d7d222b56c91d7ef --- .../plugins/openstack/keystone.api.js | 219 ++++++++++++------ .../orchestration/plugins/plugins.api.js | 49 +++- 2 files changed, 195 insertions(+), 73 deletions(-) diff --git a/src/serverroot/orchestration/plugins/openstack/keystone.api.js b/src/serverroot/orchestration/plugins/openstack/keystone.api.js index b0027fae2..08af00ea2 100644 --- a/src/serverroot/orchestration/plugins/openstack/keystone.api.js +++ b/src/serverroot/orchestration/plugins/openstack/keystone.api.js @@ -349,10 +349,18 @@ function formatV3AuthTokenData (authObj, isUnscoped) var v3data = {}; if (null != tokenId) { - v3data['methods'] = ['token']; - v3data['token'] = {} - v3data['token']['id'] = tokenId; - v3data['auth'] = {}; + v3data = { + "auth": { + "identity": { + "methods": [ + "token" + ], + "token": { + "id": tokenId + } + } + } + } } else { v3data = { "auth": { @@ -429,7 +437,8 @@ function getLastIdTokenUsed (req) function getV3Token (authObj, callback) { - if ((null == authObj['username']) || (null == authObj['password'])) { + if ((null != authObj['req']) && + ((null == authObj['username']) || (null == authObj['password']))) { var token = getLastIdTokenUsed(authObj['req']); if (null != authObj['tenant']) { try { @@ -1469,7 +1478,7 @@ function buildAdminProjectListByReqObj (req) { var adminRolesCnt = adminRoles.length; var tokenObjs = req.session.tokenObjs; - var domProjects = {}; + var domProjects = []; for (key in tokenObjs) { try { var roles = tokenObjs[key]['user']['roles']; @@ -1489,41 +1498,44 @@ function buildAdminProjectListByReqObj (req) if (j == rolesCnt) { continue; } - try { - var tenant = tokenObjs[key]['token']['tenant']; - var domain = tenant['domain']; - } catch(e) { - logutils.logger.error("Did not find tenant:" + e); - } - if (null == domain) { - domain = getDefaultDomain(req); - } else if (isDefaultDomain(domain)) { - domain = getDefaultDomain(req); - } else { - domain = commonUtils.convertUUIDToString(domain); - } - if (null == domProjects[domain]) { - domProjects[domain] = []; - } - domProjects[domain].push(key); + var domain = getDomainByTokenObjKey(tokenObjs[key], req); + domProjects.push([domain, key]); } return domProjects; } +function getDomainByTokenObjKey (tokenObjKey, req) +{ + var domain = null; + try { + var tenant = tokenObjKey['token']['tenant']; + domain = tenant['domain']['id']; + } catch(e) { + domain = null; + } + if (null == domain) { + domain = getDefaultDomain(req); + } else if (isDefaultDomain(req, domain)) { + domain = getDefaultDomain(req); + } else { + domain = commonUtils.convertUUIDToString(domain); + } + return domain; +} + function filterProjectList (req, projectList) { var filtProjects = {'projects': []}; - var domProjects = buildAdminProjectListByReqObj(req); + var adminProjs = buildAdminProjectListByReqObj(req); var projects = projectList['projects']; var projCnt = projects.length; + var adminProjCnt = adminProjs.length; for (var i = 0; i < projCnt; i++) { - var domain = domProjects[projects[i]['fq_name'][0]]; - var project = domProjects[projects[i]['fq_name'][1]]; - if (null == domProjects[domain]) { - continue; - } - if (-1 != domProjects[domain].indexOf(project)) { - filtProjects['projects'].push(projects[i]); + for (var j = 0; j < adminProjCnt; j++) { + if (projects[i]['fq_name'].join(':') == adminProjs[j].join(':')) { + filtProjects['projects'].push(projects[i]); + break; + } } } return filtProjects; @@ -1531,6 +1543,7 @@ function filterProjectList (req, projectList) function getProjectList (req, appData, callback) { + var tenantObjArr = []; var filtProjects; var multiTenancyEnabled = commonUtils.isMultiTenancyEnabled(); var isProjectListFromApiServer = config.getDomainProjectsFromApiServer; @@ -1548,19 +1561,77 @@ function getProjectList (req, appData, callback) callback(error, filtProjects); }); } else { - /* - getAdminProjectList(req, appData, - function(adminProjectObjs, domainObjs, tenantList, - domList, formattedAllTenantList, - adminProjectList) { - if (true == multiTenancyEnabled) { - callback(null, adminProjectList); - } else { - callback(null, formattedAllTenantList); - } - */ getProjectsFromKeystone(req, appData, function(error, keystoneProjs) { - callback(error, keystoneProjs); + /* Check if we have all the projects listed in req.session.tokenObjs + */ + if ((null != error) || (null == keystoneProjs) || + (null == keystoneProjs['projects']) || + (!keystoneProjs['projects'].length)) { + callback(error, keystoneProjs); + return; + } + var filtProjects = filterProjectList(req, keystoneProjs); + var projects = keystoneProjs['projects']; + var projCnt = projects.length; + var tokenObjs = req.session.tokenObjs; + var found = false; + for (var i = 0; i < projCnt; i++) { + found = false; + for (project in tokenObjs) { + var domain = getDomainByTokenObjKey(tokenObjs[project], req); + if ((projects[i]['fq_name'][0] == domain) && + (projects[i]['fq_name'][1] == project)) { + found = true; + break; + } + } + if (false == found) { + /* We did not find the project in our tokenObj, so get the + * token/role for this and update the tokenObjs + */ + tenantObjArr.push({'tenant': projects[i]['fq_name'][1], + 'domain': projects[i]['fq_name'][0], + 'req': req, + 'tokenid': + req.session.tokenObjs[filtProjects['projects'][0]['fq_name'][1]].token.id}); + } + } + if (!tenantObjArr.length) { + callback(error, filtProjects); + return; + } + async.map(tenantObjArr, getUserRoleByTenant, function(err, data) { + var dataLen = data.length; + for (var i = 0; i < dataLen; i++) { + if (null == data[i]) { + continue; + } + var project = + data[i]['tokenObj']['token']['tenant']['name']; + var projectUUID = + data[i]['tokenObj']['token']['tenant']['id']; + req.session.tokenObjs[project] = data[i]['tokenObj']; + var userRoles = getUserRoleByAuthResponse(data[i]['roles']); + var rolesCnt = data[i]['roles'].length; + var tmpRoleList = []; + for (var j = 0; j < rolesCnt; j++) { + tmpRoleList.push(data[i]['roles'][j]['name']); + } + var domain = + getDomainByTokenObjKey(req.session.tokenObjs[project], req); + var adminUserRolesCnt = adminRoles.length; + for (var j = 0; j < adminUserRolesCnt; j++) { + if (-1 != tmpRoleList.indexOf(adminRoles[j])) { + filtProjects['projects'].push({"fq_name": [domain, + project], + "uuid": + commonUtils.convertUUIDToString(projectUUID)}); + break; + } + } + } + callback(error, filtProjects); + }); }); } } @@ -1612,7 +1683,8 @@ function getDefaultDomain (req) * 1. Formats the project list got from Identity Manager equivalent to API * Server project list */ -function formatIdentityMgrProjects (error, request, projectLists, domList, callback) +function formatIdentityMgrProjects (error, request, projectLists, domList, + callback) { var uuid = null; var domain = null; @@ -1650,22 +1722,6 @@ function formatIdentityMgrProjects (error, request, projectLists, domList, callb } var adminRoles = ['admin']; -function getDomainFqnByDomainUUID (domUUID, domainObjs) -{ - var domCnt = 0; - try { - var domains = domainObjs['domains']; - domCnt = domains.length; - } catch(e) { - domCnt = 0; - } - for (var i = 0; i < domCnt; i++) { - if (domains[i]['uuid'] == domUUID) { - return domains[i]['fq_name'][0]; - } - } - return null; -} function getAdminProjectList (req, appData, callback) { @@ -1696,7 +1752,7 @@ function getAdminProjectList (req, appData, callback) if (authApi.isDefaultDomain(req, domain)) { domain = getDefaultDomain(req); } else { - domain = getDomainFqnByDomainUUID(domain, domainObjs); + domain = plugins.getDomainFqnByDomainUUID(domain, domainObjs); } } var roles = tokenObjs[key]['user']['roles']; @@ -1732,6 +1788,23 @@ function getAdminProjectList (req, appData, callback) }); } +function isAdminRoleProject (project, req) +{ + var tokenObjs = req.session.tokenObjs; + for (var key in tokenObjs) { + if (key == project) { + var roles = tokenObjs[key]['user']['roles']; + var rolesCnt = roles.length; + for (var i = 0; i < rolesCnt; i++) { + if (-1 != adminRoles.indexOf(roles[i]['name'])) { + return true; + } + } + } + } + return false; +} + function getCookieObjs (req, appData, callback) { var cookieObjs = {}; @@ -1761,8 +1834,15 @@ function getCookieObjs (req, appData, callback) return; } else { defDomainId = tenantList['tenants'][tenLen - 1]['domain_id']; - if (null == defDomainId) { - defDomainId = global.KEYSTONE_V2_DEFAULT_DOMAIN; + if (null != defDomainId) { + if (authApi.isDefaultDomain(req, defDomainId)) { + defDomainId = getDefaultDomain(req); + } else { + var domainID = commonUtils.convertUUIDToString(defDomainId); + defDomainId = plugins.getDomainFqnByDomainUUID(domainID, domainObjs); + } + } else { + defDomainId = getDefaultDomain(req); } } var defProj = tenantList['tenants'][tenLen - 1]['name']; @@ -1777,7 +1857,8 @@ function getCookieObjs (req, appData, callback) cookieObjs['domain'] = defDomainId; } else { /* First check if we have this domain now or not */ - if (false == plugins.doDomainExist(req.cookies.domain, tenantList)) { + if (false == plugins.doDomainExist(req.cookies.domain, + domainObjs)) { cookieObjs['domain'] = defDomainId; } else { cookieObjs['domain'] = req.cookies.domain; @@ -1803,8 +1884,14 @@ function getCookieObjs (req, appData, callback) cookieObjs['project'] = defProj; } } else { - var domList = formatDomainList(tenantList); - var projList = domList[domCookie]; + var domList = + plugins.formatDomainList(req, tenantList, domainObjs); + var projList = domList[cookieObjs['domain']]; + if (null == projList) { + cookieObjs['project'] = defProj; + callback(cookieObjs); + return; + } var projCnt = projList.length; for (var i = 0; i < projCnt; i++) { if (projList[i] == req.cookies.project) { diff --git a/src/serverroot/orchestration/plugins/plugins.api.js b/src/serverroot/orchestration/plugins/plugins.api.js index f671f72a0..2cbad6534 100644 --- a/src/serverroot/orchestration/plugins/plugins.api.js +++ b/src/serverroot/orchestration/plugins/plugins.api.js @@ -44,7 +44,6 @@ function getApiServerRequestedByData (appData,reqBy) function getApiServerRequestedByApp (loggedInOrchestrationMode, appData, reqBy) { - // console.log("reqBy a:S", reqBy, loggedInOrchestrationMode); switch (reqBy) { case global.label.API_SERVER: return getApiServerRequestedByApiServer(loggedInOrchestrationMode, @@ -111,29 +110,62 @@ function getOrchestrationPluginModel () function doDomainExist (domain, domainList) { - var data = domainList['tenants']; + var data = domainList['domains']; var cnt = data.length; for (var i = 0; i < cnt; i++) { - if (domain == data[i]['domain_id']) { + if (domain == data[i]['fq_name'][0]) { return true; } } return false; } -function formatDomainList (tenantList) +function getDomainFqnByDomainUUID (domUUID, domainObjs) +{ + var domCnt = 0; + try { + var domains = domainObjs['domains']; + domCnt = domains.length; + } catch(e) { + domCnt = 0; + } + for (var i = 0; i < domCnt; i++) { + if (domains[i]['uuid'] == domUUID) { + return domains[i]['fq_name'][0]; + } + } + return null; +} + +function formatDomainList (req, tenantList, domainListObjs) { var domainObjs = {}; var data = tenantList['tenants']; var len = data.length; + var domain = null; + var tmpDomainMap = {}; for (var i = 0; i < len; i++) { - if (null == domainObjs[data[i]['domain_id']]) { - domainObjs[data[i]['domain_id']] = []; + if (null == tmpDomainMap[data[i]['domain_id']]) { + if (authApi.isDefaultDomain(req, data[i]['domain_id'])) { + domain = getDefaultDomain(req); + } else { + domain = commonUtils.convertUUIDToString(data[i]['domain_id']); + domain = getDomainFqnByDomainUUID(domain, domainListObjs); + } + if (null == domain) { + logutils.logger.error('Not found the domain ' + + data[i]['domain_id']); + continue; + } + tmpDomainMap[data[i]['domain_id']] = domain; + domainObjs[domain] = []; } - domainObjs[data[i]['domain_id']].push(data[i]['name']); + domain = tmpDomainMap[data[i]['domain_id']]; + domainObjs[domain].push(data[i]['name']); } return domainObjs; } + var adminProjects = ['admin']; function getAdminProjectList (req) { @@ -210,3 +242,6 @@ exports.getApiServerRequestedByData = getApiServerRequestedByData; exports.getOrchestrationPluginModel = getOrchestrationPluginModel; exports.setAllCookies = setAllCookies; exports.doDomainExist = doDomainExist; +exports.formatDomainList = formatDomainList; +exports.getDomainFqnByDomainUUID = getDomainFqnByDomainUUID; +