"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "keystone/models/token_model.py" between
keystone-16.0.0.tar.gz and keystone-16.0.1.tar.gz

About: OpenStack Keystone (Core Service: Identity) provides an authentication and authorization service for other OpenStack services. Provides a catalog of endpoints for all OpenStack services.
The "Train" series (latest release).

token_model.py  (keystone-16.0.0):token_model.py  (keystone-16.0.1)
skipping to change at line 16 skipping to change at line 16
# #
# Unless required by applicable law or agreed to in writing, software # Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations # License for the specific language governing permissions and limitations
# under the License. # under the License.
"""Unified in-memory token model.""" """Unified in-memory token model."""
from oslo_log import log from oslo_log import log
from oslo_serialization import jsonutils
from oslo_serialization import msgpackutils from oslo_serialization import msgpackutils
from oslo_utils import reflection from oslo_utils import reflection
import six import six
from keystone.common import cache from keystone.common import cache
from keystone.common import provider_api from keystone.common import provider_api
from keystone import exception from keystone import exception
from keystone.i18n import _ from keystone.i18n import _
LOG = log.getLogger(__name__) LOG = log.getLogger(__name__)
skipping to change at line 330 skipping to change at line 331
if trust_role_id in current_effective_trustor_roles: if trust_role_id in current_effective_trustor_roles:
role = PROVIDERS.role_api.get_role(trust_role_id) role = PROVIDERS.role_api.get_role(trust_role_id)
if role['domain_id'] is None: if role['domain_id'] is None:
roles.append(role) roles.append(role)
else: else:
raise exception.Forbidden( raise exception.Forbidden(
_('Trustee has no delegated roles.')) _('Trustee has no delegated roles.'))
return roles return roles
def _get_oauth_roles(self):
roles = []
access_token_roles = self.access_token['role_ids']
access_token_roles = [
{'role_id': r} for r in jsonutils.loads(access_token_roles)]
effective_access_token_roles = (
PROVIDERS.assignment_api.add_implied_roles(access_token_roles)
)
user_roles = [r['id'] for r in self._get_project_roles()]
for role in effective_access_token_roles:
if role['role_id'] in user_roles:
role = PROVIDERS.role_api.get_role(role['role_id'])
roles.append({'id': role['id'], 'name': role['name']})
return roles
def _get_federated_roles(self): def _get_federated_roles(self):
roles = [] roles = []
group_ids = [group['id'] for group in self.federated_groups] group_ids = [group['id'] for group in self.federated_groups]
federated_roles = PROVIDERS.assignment_api.get_roles_for_groups( federated_roles = PROVIDERS.assignment_api.get_roles_for_groups(
group_ids, self.project_id, self.domain_id group_ids, self.project_id, self.domain_id
) )
for group_id in group_ids: for group_id in group_ids:
group_roles = ( group_roles = (
PROVIDERS.assignment_api.list_system_grants_for_group( PROVIDERS.assignment_api.list_system_grants_for_group(
group_id group_id
skipping to change at line 433 skipping to change at line 449
roles.append({'id': role['id'], 'name': role['name']}) roles.append({'id': role['id'], 'name': role['name']})
return roles return roles
@property @property
def roles(self): def roles(self):
if self.system_scoped: if self.system_scoped:
roles = self._get_system_roles() roles = self._get_system_roles()
elif self.trust_scoped: elif self.trust_scoped:
roles = self._get_trust_roles() roles = self._get_trust_roles()
elif self.oauth_scoped:
roles = self._get_oauth_roles()
elif self.is_federated and not self.unscoped: elif self.is_federated and not self.unscoped:
roles = self._get_federated_roles() roles = self._get_federated_roles()
elif self.domain_scoped: elif self.domain_scoped:
roles = self._get_domain_roles() roles = self._get_domain_roles()
elif self.application_credential_id and self.project_id: elif self.application_credential_id and self.project_id:
roles = self._get_application_credential_roles() roles = self._get_application_credential_roles()
elif self.project_scoped: elif self.project_scoped:
roles = self._get_project_roles() roles = self._get_project_roles()
else: else:
roles = [] roles = []
 End of changes. 3 change blocks. 
0 lines changed or deleted 18 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)