"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "keystone/credential/core.py" between
keystone-15.0.0.tar.gz and keystone-15.0.1.tar.gz

About: OpenStack Keystone (Core Service: Identity) provides an authentication and authorization service for other OpenStack services. Provides a catalog of endpoints for all OpenStack services.
The "Stein" series (maintained release).

core.py  (keystone-15.0.0):core.py  (keystone-15.0.1)
skipping to change at line 24 skipping to change at line 24
"""Main entry point into the Credential service.""" """Main entry point into the Credential service."""
import json import json
from keystone.common import driver_hints from keystone.common import driver_hints
from keystone.common import manager from keystone.common import manager
from keystone.common import provider_api from keystone.common import provider_api
import keystone.conf import keystone.conf
from keystone import exception from keystone import exception
from keystone import notifications
CONF = keystone.conf.CONF CONF = keystone.conf.CONF
PROVIDERS = provider_api.ProviderAPIs PROVIDERS = provider_api.ProviderAPIs
class Manager(manager.Manager): class Manager(manager.Manager):
"""Default pivot point for the Credential backend. """Default pivot point for the Credential backend.
See :mod:`keystone.common.manager.Manager` for more details on how this See :mod:`keystone.common.manager.Manager` for more details on how this
dynamically calls the backend. dynamically calls the backend.
""" """
driver_namespace = 'keystone.credential' driver_namespace = 'keystone.credential'
_provides_api = 'credential_api' _provides_api = 'credential_api'
_CRED = 'credential'
def __init__(self): def __init__(self):
super(Manager, self).__init__(CONF.credential.driver) super(Manager, self).__init__(CONF.credential.driver)
def _decrypt_credential(self, credential): def _decrypt_credential(self, credential):
"""Return a decrypted credential reference.""" """Return a decrypted credential reference."""
if credential['type'] == 'ec2': if credential['type'] == 'ec2':
decrypted_blob = json.loads( decrypted_blob = json.loads(
PROVIDERS.credential_provider_api.decrypt( PROVIDERS.credential_provider_api.decrypt(
credential['encrypted_blob'], credential['encrypted_blob'],
) )
skipping to change at line 103 skipping to change at line 106
credentials = self.driver.list_credentials_for_user(user_id, type=type) credentials = self.driver.list_credentials_for_user(user_id, type=type)
for credential in credentials: for credential in credentials:
credential = self._decrypt_credential(credential) credential = self._decrypt_credential(credential)
return credentials return credentials
def get_credential(self, credential_id): def get_credential(self, credential_id):
"""Return a credential reference.""" """Return a credential reference."""
credential = self.driver.get_credential(credential_id) credential = self.driver.get_credential(credential_id)
return self._decrypt_credential(credential) return self._decrypt_credential(credential)
def create_credential(self, credential_id, credential): def create_credential(self, credential_id, credential,
initiator=None):
"""Create a credential.""" """Create a credential."""
credential_copy = self._encrypt_credential(credential) credential_copy = self._encrypt_credential(credential)
ref = self.driver.create_credential(credential_id, credential_copy) ref = self.driver.create_credential(credential_id, credential_copy)
ref.pop('key_hash', None) ref.pop('key_hash', None)
ref.pop('encrypted_blob', None) ref.pop('encrypted_blob', None)
ref['blob'] = credential['blob'] ref['blob'] = credential['blob']
notifications.Audit.created(
self._CRED,
credential_id,
initiator)
return ref return ref
def _validate_credential_update(self, credential_id, credential): def _validate_credential_update(self, credential_id, credential):
# ec2 credentials require a "project_id" to be functional. Before we # ec2 credentials require a "project_id" to be functional. Before we
# update, check the case where a non-ec2 credential changes its type # update, check the case where a non-ec2 credential changes its type
# to be "ec2", but has no associated "project_id", either in the # to be "ec2", but has no associated "project_id", either in the
# request or already set in the database # request or already set in the database
if (credential.get('type', '').lower() == 'ec2' and if (credential.get('type', '').lower() == 'ec2' and
not credential.get('project_id')): not credential.get('project_id')):
existing_cred = self.get_credential(credential_id) existing_cred = self.get_credential(credential_id)
skipping to change at line 144 skipping to change at line 152
ref.pop('key_hash', None) ref.pop('key_hash', None)
ref.pop('encrypted_blob', None) ref.pop('encrypted_blob', None)
# If the update request contains a `blob` attribute - we should return # If the update request contains a `blob` attribute - we should return
# that in the update response. If not, then we should return the # that in the update response. If not, then we should return the
# existing `blob` attribute since it wasn't updated. # existing `blob` attribute since it wasn't updated.
if credential.get('blob'): if credential.get('blob'):
ref['blob'] = credential['blob'] ref['blob'] = credential['blob']
else: else:
ref['blob'] = existing_blob ref['blob'] = existing_blob
return ref return ref
def delete_credential(self, credential_id,
initiator=None):
"""Delete a credential."""
self.driver.delete_credential(credential_id)
notifications.Audit.deleted(
self._CRED, credential_id, initiator)
 End of changes. 5 change blocks. 
1 lines changed or deleted 9 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)