Skip to content

Commit

Permalink
Merge "Fixes bad performance when editing project members"
Browse files Browse the repository at this point in the history
  • Loading branch information
@openstack-gerrit
Jenkins authored and openstack-gerrit committed Jul 23, 2014
2 parents 8558fc0 + ed43be0 commit 8c9b86f
Show file tree
Hide file tree
Showing 4 changed files with 171 additions and 51 deletions.
34 changes: 34 additions & 0 deletions openstack_dashboard/api/keystone.py
View file
Expand Up @@ -457,6 +457,16 @@ def remove_group_user(request, group_id, user_id):
return manager.remove_from_group(group=group_id, user=user_id)


def role_assignments_list(request, project=None, user=None, role=None,
group=None, domain=None, effective=False):
if VERSIONS.active < 3:
raise exceptions.NotAvailable

manager = keystoneclient(request, admin=True).role_assignments
return manager.list(project=project, user=user, role=role, group=group,
domain=domain, effective=effective)


def role_create(request, name):
manager = keystoneclient(request, admin=True).roles
return manager.create(name)
Expand Down Expand Up @@ -490,6 +500,30 @@ def roles_for_user(request, user, project):
return manager.list(user=user, project=project)


def get_project_users_roles(request, project):
users_roles = {}
if VERSIONS.active < 3:
project_users = user_list(request, project=project)

for user in project_users:
roles = roles_for_user(request, user.id, project)
roles_ids = [role.id for role in roles]
users_roles[user.id] = roles_ids
else:
project_role_assignments = role_assignments_list(request,
project=project)
for role_assignment in project_role_assignments:
if not hasattr(role_assignment, 'user'):
continue
user_id = role_assignment.user['id']
role_id = role_assignment.role['id']
if user_id in users_roles:
users_roles[user_id].append(role_id)
else:
users_roles[user_id] = [role_id]
return users_roles


def add_tenant_user_role(request, project=None, user=None, role=None,
group=None, domain=None):
"""Adds a role for a user on a tenant."""
Expand Down
134 changes: 99 additions & 35 deletions openstack_dashboard/dashboards/admin/projects/tests.py
View file
Expand Up @@ -732,10 +732,13 @@ def _get_proj_groups(self, project_id):
'user_list',
'roles_for_group',
'group_list',
'role_list'),
'role_list',
'role_assignments_list'),
quotas: ('get_tenant_quota_data',
'get_disabled_quotas')})
def test_update_project_get(self):
keystone_api_version = api.keystone.VERSIONS.active

project = self.tenants.first()
quota = self.quotas.first()
default_role = self.roles.first()
Expand All @@ -744,6 +747,7 @@ def test_update_project_get(self):
groups = self._get_all_groups(domain_id)
roles = self.roles.list()
proj_users = self._get_proj_users(project.id)
role_assignments = self.role_assignments.list()

api.keystone.tenant_get(IsA(http.HttpRequest),
self.tenant.id, admin=True) \
Expand All @@ -764,12 +768,20 @@ def test_update_project_get(self):
.MultipleTimes().AndReturn(roles)
api.keystone.group_list(IsA(http.HttpRequest), domain=domain_id) \
.AndReturn(groups)
api.keystone.user_list(IsA(http.HttpRequest),
project=self.tenant.id).AndReturn(proj_users)
for user in proj_users:
api.keystone.roles_for_user(IsA(http.HttpRequest),
user.id,
self.tenant.id).AndReturn(roles)

if keystone_api_version >= 3:
api.keystone.role_assignments_list(IsA(http.HttpRequest),
project=self.tenant.id) \
.AndReturn(role_assignments)
else:
api.keystone.user_list(IsA(http.HttpRequest),
project=self.tenant.id) \
.AndReturn(proj_users)

for user in proj_users:
api.keystone.roles_for_user(IsA(http.HttpRequest),
user.id,
self.tenant.id).AndReturn(roles)

for group in groups:
api.keystone.roles_for_group(IsA(http.HttpRequest),
Expand Down Expand Up @@ -814,12 +826,16 @@ def test_update_project_get(self):
'remove_group_role',
'add_group_role',
'group_list',
'role_list'),
'role_list',
'role_assignments_list'),
api.nova: ('tenant_quota_update',),
api.cinder: ('tenant_quota_update',),
quotas: ('get_tenant_quota_data',
'get_disabled_quotas')})

def test_update_project_save(self, neutron=False):
keystone_api_version = api.keystone.VERSIONS.active

project = self.tenants.first()
quota = self.quotas.first()
default_role = self.roles.first()
Expand All @@ -829,6 +845,7 @@ def test_update_project_save(self, neutron=False):
groups = self._get_all_groups(domain_id)
proj_groups = self._get_proj_groups(project.id)
roles = self.roles.list()
role_assignments = self.role_assignments.list()

# get/init
api.keystone.tenant_get(IsA(http.HttpRequest),
Expand All @@ -853,13 +870,23 @@ def test_update_project_save(self, neutron=False):
.MultipleTimes().AndReturn(roles)
api.keystone.group_list(IsA(http.HttpRequest), domain=domain_id) \
.AndReturn(groups)
api.keystone.user_list(IsA(http.HttpRequest),
project=self.tenant.id).AndReturn(proj_users)

workflow_data = {}
for user in proj_users:
api.keystone.roles_for_user(IsA(http.HttpRequest),
user.id,
self.tenant.id).AndReturn(roles)

if keystone_api_version >= 3:
api.keystone.role_assignments_list(IsA(http.HttpRequest),
project=self.tenant.id) \
.AndReturn(role_assignments)
else:
api.keystone.user_list(IsA(http.HttpRequest),
project=self.tenant.id) \
.AndReturn(proj_users)

for user in proj_users:
api.keystone.roles_for_user(IsA(http.HttpRequest),
user.id,
self.tenant.id).AndReturn(roles)

for group in groups:
api.keystone.roles_for_group(IsA(http.HttpRequest),
group=group.id,
Expand Down Expand Up @@ -1051,11 +1078,14 @@ def test_update_project_get_error(self):
'remove_group_role',
'add_group_role',
'group_list',
'role_list'),
'role_list',
'role_assignments_list'),
quotas: ('get_tenant_quota_data',
'get_disabled_quotas'),
api.nova: ('tenant_quota_update',)})
def test_update_project_tenant_update_error(self):
keystone_api_version = api.keystone.VERSIONS.active

project = self.tenants.first()
quota = self.quotas.first()
default_role = self.roles.first()
Expand All @@ -1064,6 +1094,7 @@ def test_update_project_tenant_update_error(self):
groups = self._get_all_groups(domain_id)
roles = self.roles.list()
proj_users = self._get_proj_users(project.id)
role_assignments = self.role_assignments.list()

# get/init
api.keystone.tenant_get(IsA(http.HttpRequest), self.tenant.id,
Expand All @@ -1085,15 +1116,24 @@ def test_update_project_tenant_update_error(self):
.MultipleTimes().AndReturn(roles)
api.keystone.group_list(IsA(http.HttpRequest), domain=domain_id) \
.AndReturn(groups)
api.keystone.user_list(IsA(http.HttpRequest),
project=self.tenant.id).AndReturn(proj_users)

workflow_data = {}

if keystone_api_version >= 3:
api.keystone.role_assignments_list(IsA(http.HttpRequest),
project=self.tenant.id) \
.AndReturn(role_assignments)
else:
api.keystone.user_list(IsA(http.HttpRequest),
project=self.tenant.id) \
.AndReturn(proj_users)
for user in proj_users:
api.keystone.roles_for_user(IsA(http.HttpRequest),
user.id,
self.tenant.id).AndReturn(roles)

role_ids = [role.id for role in roles]
for user in proj_users:
api.keystone.roles_for_user(IsA(http.HttpRequest),
user.id,
self.tenant.id).AndReturn(roles)
role_ids = [role.id for role in roles]
if role_ids:
workflow_data.setdefault(USER_ROLE_PREFIX + role_ids[0], []) \
.append(user.id)
Expand Down Expand Up @@ -1155,11 +1195,14 @@ def test_update_project_tenant_update_error(self):
'remove_group_role',
'add_group_role',
'group_list',
'role_list'),
'role_list',
'role_assignments_list'),
quotas: ('get_tenant_quota_data',
'get_disabled_quotas'),
api.nova: ('tenant_quota_update',)})
def test_update_project_quota_update_error(self):
keystone_api_version = api.keystone.VERSIONS.active

project = self.tenants.first()
quota = self.quotas.first()
default_role = self.roles.first()
Expand All @@ -1169,6 +1212,7 @@ def test_update_project_quota_update_error(self):
groups = self._get_all_groups(domain_id)
proj_groups = self._get_proj_groups(project.id)
roles = self.roles.list()
role_assignments = self.role_assignments.list()

# get/init
api.keystone.tenant_get(IsA(http.HttpRequest), self.tenant.id,
Expand All @@ -1190,15 +1234,22 @@ def test_update_project_quota_update_error(self):
.MultipleTimes().AndReturn(roles)
api.keystone.group_list(IsA(http.HttpRequest), domain=domain_id) \
.AndReturn(groups)
api.keystone.user_list(IsA(http.HttpRequest),
project=self.tenant.id).AndReturn(proj_users)

workflow_data = {}

for user in proj_users:
api.keystone.roles_for_user(IsA(http.HttpRequest),
user.id,
self.tenant.id).AndReturn(roles)
if keystone_api_version >= 3:
api.keystone.role_assignments_list(IsA(http.HttpRequest),
project=self.tenant.id) \
.AndReturn(role_assignments)
else:
api.keystone.user_list(IsA(http.HttpRequest),
project=self.tenant.id) \
.AndReturn(proj_users)

for user in proj_users:
api.keystone.roles_for_user(IsA(http.HttpRequest),
user.id,
self.tenant.id).AndReturn(roles)

for group in groups:
api.keystone.roles_for_group(IsA(http.HttpRequest),
Expand Down Expand Up @@ -1319,10 +1370,13 @@ def test_update_project_quota_update_error(self):
'remove_group_role',
'add_group_role',
'group_list',
'role_list'),
'role_list',
'role_assignments_list'),
quotas: ('get_tenant_quota_data',
'get_disabled_quotas')})
def test_update_project_member_update_error(self):
keystone_api_version = api.keystone.VERSIONS.active

project = self.tenants.first()
quota = self.quotas.first()
default_role = self.roles.first()
Expand All @@ -1331,6 +1385,7 @@ def test_update_project_member_update_error(self):
proj_users = self._get_proj_users(project.id)
groups = self._get_all_groups(domain_id)
roles = self.roles.list()
role_assignments = self.role_assignments.list()

# get/init
api.keystone.tenant_get(IsA(http.HttpRequest), self.tenant.id,
Expand All @@ -1352,14 +1407,23 @@ def test_update_project_member_update_error(self):
.MultipleTimes().AndReturn(roles)
api.keystone.group_list(IsA(http.HttpRequest), domain=domain_id) \
.AndReturn(groups)
api.keystone.user_list(IsA(http.HttpRequest),
project=self.tenant.id).AndReturn(proj_users)

workflow_data = {}
for user in proj_users:
api.keystone.roles_for_user(IsA(http.HttpRequest),
user.id,
self.tenant.id).AndReturn(roles)

if keystone_api_version >= 3:
api.keystone.role_assignments_list(IsA(http.HttpRequest),
project=self.tenant.id) \
.AndReturn(role_assignments)
else:
api.keystone.user_list(IsA(http.HttpRequest),
project=self.tenant.id) \
.AndReturn(proj_users)

for user in proj_users:
api.keystone.roles_for_user(IsA(http.HttpRequest),
user.id,
self.tenant.id).AndReturn(roles)

for group in groups:
api.keystone.roles_for_group(IsA(http.HttpRequest),
group=group.id,
Expand Down
27 changes: 11 additions & 16 deletions openstack_dashboard/dashboards/admin/projects/workflows.py
View file
Expand Up @@ -197,23 +197,18 @@ def __init__(self, request, *args, **kwargs):
# Figure out users & roles
if project_id:
try:
project_members = api.keystone.user_list(request,
project=project_id)
users_roles = api.keystone.get_project_users_roles(request,
project_id)
except Exception:
exceptions.handle(request, err_msg)

for user in project_members:
try:
roles = api.keystone.roles_for_user(self.request,
user.id,
project_id)
except Exception:
exceptions.handle(request,
err_msg,
redirect=reverse(INDEX_URL))
for role in roles:
field_name = self.get_member_field_name(role.id)
self.fields[field_name].initial.append(user.id)
exceptions.handle(request,
err_msg,
redirect=reverse(INDEX_URL))

for user_id in users_roles:
roles_ids = users_roles[user_id]
for role_id in roles_ids:
field_name = self.get_member_field_name(role_id)
self.fields[field_name].initial.append(user_id)

class Meta:
name = _("Project Members")
Expand Down
27 changes: 27 additions & 0 deletions openstack_dashboard/test/test_data/keystone_data.py
View file
Expand Up @@ -25,6 +25,7 @@
from keystoneclient.v2_0 import users
from keystoneclient.v3 import domains
from keystoneclient.v3 import groups
from keystoneclient.v3 import role_assignments

from openstack_auth import user as auth_user

Expand Down Expand Up @@ -143,6 +144,7 @@ def data(TEST):
TEST.users = utils.TestDataContainer()
TEST.groups = utils.TestDataContainer()
TEST.tenants = utils.TestDataContainer()
TEST.role_assignments = utils.TestDataContainer()
TEST.roles = utils.TestDataContainer()
TEST.ec2 = utils.TestDataContainer()

Expand Down Expand Up @@ -244,6 +246,31 @@ def data(TEST):
group4 = groups.Group(groups.GroupManager(None), group_dict)
TEST.groups.add(group, group2, group3, group4)

role_assignments_dict = {'user': {'id': '1'},
'role': {'id': '1'},
'scope': {'project': {'id': '1'}}}
role_assignment1 = role_assignments.RoleAssignment(
role_assignments.RoleAssignmentManager, role_assignments_dict)
role_assignments_dict = {'user': {'id': '2'},
'role': {'id': '2'},
'scope': {'project': {'id': '1'}}}
role_assignment2 = role_assignments.RoleAssignment(
role_assignments.RoleAssignmentManager, role_assignments_dict)
role_assignments_dict = {'group': {'id': '1'},
'role': {'id': '2'},
'scope': {'project': {'id': '1'}}}
role_assignment3 = role_assignments.RoleAssignment(
role_assignments.RoleAssignmentManager, role_assignments_dict)
role_assignments_dict = {'user': {'id': '3'},
'role': {'id': '2'},
'scope': {'project': {'id': '1'}}}
role_assignment4 = role_assignments.RoleAssignment(
role_assignments.RoleAssignmentManager, role_assignments_dict)
TEST.role_assignments.add(role_assignment1,
role_assignment2,
role_assignment3,
role_assignment4)

tenant_dict = {'id': "1",
'name': 'test_tenant',
'description': "a test tenant.",
Expand Down

0 comments on commit 8c9b86f

Please sign in to comment.