"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "keystone/models/token_model.py" between
keystone-15.0.0.tar.gz and keystone-15.0.1.tar.gz

About: OpenStack Keystone (Core Service: Identity) provides an authentication and authorization service for other OpenStack services. Provides a catalog of endpoints for all OpenStack services.
The "Stein" series (maintained release).

token_model.py  (keystone-15.0.0):token_model.py  (keystone-15.0.1)
skipping to change at line 16 skipping to change at line 16
# #
# Unless required by applicable law or agreed to in writing, software # Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations # License for the specific language governing permissions and limitations
# under the License. # under the License.
"""Unified in-memory token model.""" """Unified in-memory token model."""
from oslo_log import log from oslo_log import log
from oslo_serialization import jsonutils
from oslo_serialization import msgpackutils from oslo_serialization import msgpackutils
from oslo_utils import reflection from oslo_utils import reflection
import six import six
from keystone.common import cache from keystone.common import cache
from keystone.common import provider_api from keystone.common import provider_api
from keystone import exception from keystone import exception
from keystone.i18n import _ from keystone.i18n import _
LOG = log.getLogger(__name__) LOG = log.getLogger(__name__)
skipping to change at line 327 skipping to change at line 328
if trust_role_id in current_effective_trustor_roles: if trust_role_id in current_effective_trustor_roles:
role = PROVIDERS.role_api.get_role(trust_role_id) role = PROVIDERS.role_api.get_role(trust_role_id)
if role['domain_id'] is None: if role['domain_id'] is None:
roles.append(role) roles.append(role)
else: else:
raise exception.Forbidden( raise exception.Forbidden(
_('Trustee has no delegated roles.')) _('Trustee has no delegated roles.'))
return roles return roles
def _get_oauth_roles(self):
roles = []
access_token_roles = self.access_token['role_ids']
access_token_roles = [
{'role_id': r} for r in jsonutils.loads(access_token_roles)]
effective_access_token_roles = (
PROVIDERS.assignment_api.add_implied_roles(access_token_roles)
)
user_roles = [r['id'] for r in self._get_project_roles()]
for role in effective_access_token_roles:
if role['role_id'] in user_roles:
role = PROVIDERS.role_api.get_role(role['role_id'])
roles.append({'id': role['id'], 'name': role['name']})
return roles
def _get_federated_roles(self): def _get_federated_roles(self):
roles = [] roles = []
group_ids = [group['id'] for group in self.federated_groups] group_ids = [group['id'] for group in self.federated_groups]
federated_roles = PROVIDERS.assignment_api.get_roles_for_groups( federated_roles = PROVIDERS.assignment_api.get_roles_for_groups(
group_ids, self.project_id, self.domain_id group_ids, self.project_id, self.domain_id
) )
for group_id in group_ids: for group_id in group_ids:
group_roles = ( group_roles = (
PROVIDERS.assignment_api.list_system_grants_for_group( PROVIDERS.assignment_api.list_system_grants_for_group(
group_id group_id
skipping to change at line 411 skipping to change at line 427
) )
for role_id in project_roles: for role_id in project_roles:
r = PROVIDERS.role_api.get_role(role_id) r = PROVIDERS.role_api.get_role(role_id)
roles.append({'id': r['id'], 'name': r['name']}) roles.append({'id': r['id'], 'name': r['name']})
return roles return roles
def _get_application_credential_roles(self): def _get_application_credential_roles(self):
roles = [] roles = []
app_cred_roles = self.application_credential['roles'] app_cred_roles = self.application_credential['roles']
assignment_list = PROVIDERS.assignment_api.list_role_assignments(
user_id=self.user_id,
project_id=self.project_id,
domain_id=self.domain_id,
effective=True)
user_roles = list(set([x['role_id'] for x in assignment_list]))
for role in app_cred_roles: for role in app_cred_roles:
try: if role['id'] in user_roles:
r = PROVIDERS.assignment_api.get_grant( roles.append({'id': role['id'], 'name': role['name']})
role['id'], user_id=self.user_id,
domain_id=self.domain_id, project_id=self.project_id)
roles.append({'id': r['id'], 'name': r['name']})
except exception.RoleAssignmentNotFound:
pass
return roles return roles
@property @property
def roles(self): def roles(self):
if self.system_scoped: if self.system_scoped:
roles = self._get_system_roles() roles = self._get_system_roles()
elif self.trust_scoped: elif self.trust_scoped:
roles = self._get_trust_roles() roles = self._get_trust_roles()
elif self.oauth_scoped:
roles = self._get_oauth_roles()
elif self.is_federated and not self.unscoped: elif self.is_federated and not self.unscoped:
roles = self._get_federated_roles() roles = self._get_federated_roles()
elif self.domain_scoped: elif self.domain_scoped:
roles = self._get_domain_roles() roles = self._get_domain_roles()
elif self.application_credential_id and self.project_id: elif self.application_credential_id and self.project_id:
roles = self._get_application_credential_roles() roles = self._get_application_credential_roles()
elif self.project_scoped: elif self.project_scoped:
roles = self._get_project_roles() roles = self._get_project_roles()
else: else:
roles = [] roles = []
 End of changes. 5 change blocks. 
7 lines changed or deleted 27 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)