"Fossies" - the Fresh Open Source Software Archive

Member "keystone-17.0.0/keystone/credential/backends/sql.py" (13 May 2020, 4819 Bytes) of package /linux/misc/openstack/keystone-17.0.0.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Python source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. For more information about "sql.py" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report: 16.0.1_vs_17.0.0.

    1 # Copyright 2013 OpenStack Foundation
    2 #
    3 # Licensed under the Apache License, Version 2.0 (the "License"); you may
    4 # not use this file except in compliance with the License. You may obtain
    5 # a copy of the License at
    6 #
    7 #      http://www.apache.org/licenses/LICENSE-2.0
    8 #
    9 # Unless required by applicable law or agreed to in writing, software
   10 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
   11 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
   12 # License for the specific language governing permissions and limitations
   13 # under the License.
   14 
   15 from oslo_db import api as oslo_db_api
   16 from sqlalchemy.ext.hybrid import hybrid_property
   17 
   18 from keystone.common import driver_hints
   19 from keystone.common import sql
   20 from keystone.credential.backends import base
   21 from keystone import exception
   22 
   23 
   24 class CredentialModel(sql.ModelBase, sql.ModelDictMixinWithExtras):
   25     __tablename__ = 'credential'
   26     attributes = [
   27         'id', 'user_id', 'project_id', 'encrypted_blob', 'type', 'key_hash'
   28     ]
   29     id = sql.Column(sql.String(64), primary_key=True)
   30     user_id = sql.Column(sql.String(64),
   31                          nullable=False)
   32     project_id = sql.Column(sql.String(64))
   33     _encrypted_blob = sql.Column('encrypted_blob', sql.Text(), nullable=True)
   34     type = sql.Column(sql.String(255), nullable=False)
   35     key_hash = sql.Column(sql.String(64), nullable=True)
   36     extra = sql.Column(sql.JsonBlob())
   37 
   38     @hybrid_property
   39     def encrypted_blob(self):
   40         return self._encrypted_blob
   41 
   42     @encrypted_blob.setter
   43     def encrypted_blob(self, encrypted_blob):
   44         # Make sure to hand over the encrypted credential as a string value
   45         # to the backend driver to avoid the sql drivers (esp. psycopg2)
   46         # treating this as binary data and e.g. hex-escape it.
   47         if isinstance(encrypted_blob, bytes):
   48             encrypted_blob = encrypted_blob.decode('utf-8')
   49         self._encrypted_blob = encrypted_blob
   50 
   51 
   52 class Credential(base.CredentialDriverBase):
   53 
   54     # credential crud
   55 
   56     @sql.handle_conflicts(conflict_type='credential')
   57     def create_credential(self, credential_id, credential):
   58         with sql.session_for_write() as session:
   59             ref = CredentialModel.from_dict(credential)
   60             session.add(ref)
   61             return ref.to_dict()
   62 
   63     @driver_hints.truncated
   64     def list_credentials(self, hints):
   65         with sql.session_for_read() as session:
   66             credentials = session.query(CredentialModel)
   67             credentials = sql.filter_limit_query(CredentialModel,
   68                                                  credentials, hints)
   69             return [s.to_dict() for s in credentials]
   70 
   71     def list_credentials_for_user(self, user_id, type=None):
   72         with sql.session_for_read() as session:
   73             query = session.query(CredentialModel)
   74             query = query.filter_by(user_id=user_id)
   75             if type:
   76                 query = query.filter_by(type=type)
   77             refs = query.all()
   78             return [ref.to_dict() for ref in refs]
   79 
   80     def _get_credential(self, session, credential_id):
   81         ref = session.query(CredentialModel).get(credential_id)
   82         if ref is None:
   83             raise exception.CredentialNotFound(credential_id=credential_id)
   84         return ref
   85 
   86     def get_credential(self, credential_id):
   87         with sql.session_for_read() as session:
   88             return self._get_credential(session, credential_id).to_dict()
   89 
   90     @sql.handle_conflicts(conflict_type='credential')
   91     def update_credential(self, credential_id, credential):
   92         with sql.session_for_write() as session:
   93             ref = self._get_credential(session, credential_id)
   94             old_dict = ref.to_dict()
   95             for k in credential:
   96                 old_dict[k] = credential[k]
   97             new_credential = CredentialModel.from_dict(old_dict)
   98             for attr in CredentialModel.attributes:
   99                 if attr != 'id':
  100                     setattr(ref, attr, getattr(new_credential, attr))
  101             ref.extra = new_credential.extra
  102             return ref.to_dict()
  103 
  104     def delete_credential(self, credential_id):
  105         with sql.session_for_write() as session:
  106             ref = self._get_credential(session, credential_id)
  107             session.delete(ref)
  108 
  109     def delete_credentials_for_project(self, project_id):
  110         with sql.session_for_write() as session:
  111             query = session.query(CredentialModel)
  112             query = query.filter_by(project_id=project_id)
  113             query.delete()
  114 
  115     @oslo_db_api.wrap_db_retry(retry_on_deadlock=True)
  116     def delete_credentials_for_user(self, user_id):
  117         with sql.session_for_write() as session:
  118             query = session.query(CredentialModel)
  119             query = query.filter_by(user_id=user_id)
  120             query.delete()