"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "keystone/identity/backends/sql.py" between
keystone-16.0.1.tar.gz and keystone-17.0.0.tar.gz

About: OpenStack Keystone (Core Service: Identity) provides an authentication and authorization service for other OpenStack services. Provides a catalog of endpoints for all OpenStack services.
The "Ussuri" series (latest release).

sql.py  (keystone-16.0.1):sql.py  (keystone-17.0.0)
skipping to change at line 161 skipping to change at line 161
filter_['comparator'](model.Password.expires_at, filter_['comparator'](model.Password.expires_at,
filter_['value']))) filter_['value'])))
# Removes the `password_expired_at` filters so there are no errors # Removes the `password_expired_at` filters so there are no errors
# if the call is filtered further. This is because the # if the call is filtered further. This is because the
# `password_expires_at` value is not stored in the `User` table but # `password_expires_at` value is not stored in the `User` table but
# derived from the `Password` table's value `expires_at`. # derived from the `Password` table's value `expires_at`.
hints.filters = [x for x in hints.filters if x['name'] != hints.filters = [x for x in hints.filters if x['name'] !=
'password_expires_at'] 'password_expires_at']
return query, hints return query, hints
@staticmethod
def _apply_limits_to_list(collection, hints):
if not hints.limit:
return collection
return collection[:hints.limit['limit']]
@driver_hints.truncated @driver_hints.truncated
def list_users(self, hints): def list_users(self, hints):
with sql.session_for_read() as session: with sql.session_for_read() as session:
query = session.query(model.User).outerjoin(model.LocalUser) query = session.query(model.User).outerjoin(model.LocalUser)
query, hints = self._create_password_expires_query(session, query, query, hints = self._create_password_expires_query(session, query,
hints) hints)
user_refs = sql.filter_limit_query(model.User, query, hints) user_refs = sql.filter_limit_query(model.User, query, hints)
return [base.filter_user(x.to_dict()) for x in user_refs] return [base.filter_user(x.to_dict()) for x in user_refs]
def unset_default_project_id(self, project_id): def unset_default_project_id(self, project_id):
skipping to change at line 282 skipping to change at line 289
if rv: if rv:
return return
session.add(model.UserGroupMembership(user_id=user_id, session.add(model.UserGroupMembership(user_id=user_id,
group_id=group_id)) group_id=group_id))
def check_user_in_group(self, user_id, group_id): def check_user_in_group(self, user_id, group_id):
with sql.session_for_read() as session: with sql.session_for_read() as session:
self.get_group(group_id) self.get_group(group_id)
self.get_user(user_id) self.get_user(user_id)
# Note(knikolla): Check for normal group membership
query = session.query(model.UserGroupMembership) query = session.query(model.UserGroupMembership)
query = query.filter_by(user_id=user_id) query = query.filter_by(user_id=user_id)
query = query.filter_by(group_id=group_id) query = query.filter_by(group_id=group_id)
if not query.first(): if query.first():
raise exception.NotFound(_("User '%(user_id)s' not found in" return
" group '%(group_id)s'") %
{'user_id': user_id, # Note(knikolla): Check for expiring group membership
'group_id': group_id}) query = session.query(model.ExpiringUserGroupMembership)
query = query.filter(
model.ExpiringUserGroupMembership.user_id == user_id)
query = query.filter(
model.ExpiringUserGroupMembership.group_id == group_id)
active = [q for q in query.all() if not q.expired]
if active:
return
raise exception.NotFound(_("User '%(user_id)s' not found in"
" group '%(group_id)s'") %
{'user_id': user_id,
'group_id': group_id})
def remove_user_from_group(self, user_id, group_id): def remove_user_from_group(self, user_id, group_id):
# We don't check if user or group are still valid and let the remove # We don't check if user or group are still valid and let the remove
# be tried anyway - in case this is some kind of clean-up operation # be tried anyway - in case this is some kind of clean-up operation
with sql.session_for_write() as session: with sql.session_for_write() as session:
query = session.query(model.UserGroupMembership) query = session.query(model.UserGroupMembership)
query = query.filter_by(user_id=user_id) query = query.filter_by(user_id=user_id)
query = query.filter_by(group_id=group_id) query = query.filter_by(group_id=group_id)
membership_ref = query.first() membership_ref = query.first()
if membership_ref is None: if membership_ref is None:
skipping to change at line 311 skipping to change at line 332
# exceptions. # exceptions.
self.get_group(group_id) self.get_group(group_id)
self.get_user(user_id) self.get_user(user_id)
raise exception.NotFound(_("User '%(user_id)s' not found in" raise exception.NotFound(_("User '%(user_id)s' not found in"
" group '%(group_id)s'") % " group '%(group_id)s'") %
{'user_id': user_id, {'user_id': user_id,
'group_id': group_id}) 'group_id': group_id})
session.delete(membership_ref) session.delete(membership_ref)
def list_groups_for_user(self, user_id, hints): def list_groups_for_user(self, user_id, hints):
def row_to_group_dict(row):
group = row.group.to_dict()
group['membership_expires_at'] = row.expires
return group
with sql.session_for_read() as session: with sql.session_for_read() as session:
self.get_user(user_id) self.get_user(user_id)
query = session.query(model.Group).join(model.UserGroupMembership) query = session.query(model.Group).join(model.UserGroupMembership)
query = query.filter(model.UserGroupMembership.user_id == user_id) query = query.filter(model.UserGroupMembership.user_id == user_id)
query = sql.filter_limit_query(model.Group, query, hints) query = sql.filter_limit_query(model.Group, query, hints)
return [g.to_dict() for g in query] groups = [g.to_dict() for g in query]
# Note(knikolla): We must use the ExpiringGroupMembership model
# so that we can access the expired property.
query = session.query(model.ExpiringUserGroupMembership)
query = query.filter(
model.ExpiringUserGroupMembership.user_id == user_id)
query = sql.filter_limit_query(
model.UserGroupMembership, query, hints)
expiring_groups = [row_to_group_dict(r) for r in query.all()
if not r.expired]
# Note(knikolla): I would have loved to be able to merge the two
# queries together and use filter_limit_query on the union, but
# I haven't found a generic way to express expiration in a SQL
# query, therefore we have to apply the limits here again.
return self._apply_limits_to_list(groups + expiring_groups, hints)
def list_users_in_group(self, group_id, hints): def list_users_in_group(self, group_id, hints):
with sql.session_for_read() as session: with sql.session_for_read() as session:
self.get_group(group_id) self.get_group(group_id)
query = session.query(model.User).outerjoin(model.LocalUser) query = session.query(model.User).outerjoin(model.LocalUser)
query = query.join(model.UserGroupMembership) query = query.join(model.UserGroupMembership)
query = query.filter( query = query.filter(
model.UserGroupMembership.group_id == group_id) model.UserGroupMembership.group_id == group_id)
query, hints = self._create_password_expires_query(session, query, query, hints = self._create_password_expires_query(session, query,
hints) hints)
 End of changes. 5 change blocks. 
6 lines changed or deleted 48 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)