"Fossies" - the Fresh Open Source Software Archive

Member "keystone-17.0.0/keystone/models/receipt_model.py" (13 May 2020, 4867 Bytes) of package /linux/misc/openstack/keystone-17.0.0.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Python source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. For more information about "receipt_model.py" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report: 16.0.1_vs_17.0.0.

    1 # Licensed under the Apache License, Version 2.0 (the "License"); you may
    2 # not use this file except in compliance with the License. You may obtain
    3 # a copy of the License at
    4 #
    5 #      http://www.apache.org/licenses/LICENSE-2.0
    6 #
    7 # Unless required by applicable law or agreed to in writing, software
    8 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
    9 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
   10 # License for the specific language governing permissions and limitations
   11 # under the License.
   12 
   13 """Unified in-memory receipt model."""
   14 
   15 from oslo_log import log
   16 from oslo_serialization import msgpackutils
   17 from oslo_utils import reflection
   18 
   19 from keystone.auth import core
   20 from keystone.common import cache
   21 from keystone.common import provider_api
   22 from keystone import exception
   23 from keystone.identity.backends import resource_options as ro
   24 
   25 LOG = log.getLogger(__name__)
   26 PROVIDERS = provider_api.ProviderAPIs
   27 
   28 
   29 class ReceiptModel(object):
   30     """An object that represents a receipt emitted by keystone.
   31 
   32     This is a queryable object that other parts of keystone can use to reason
   33     about a user's receipt.
   34     """
   35 
   36     def __init__(self):
   37         self.user_id = None
   38         self.__user = None
   39         self.__user_domain = None
   40 
   41         self.methods = None
   42         self.__required_methods = None
   43 
   44         self.__expires_at = None
   45         self.__issued_at = None
   46 
   47     def __repr__(self):
   48         """Return string representation of KeystoneReceipt."""
   49         desc = ('<%(type)s at %(loc)s>')
   50         self_cls_name = reflection.get_class_name(self, fully_qualified=False)
   51         return desc % {'type': self_cls_name, 'loc': hex(id(self))}
   52 
   53     @property
   54     def expires_at(self):
   55         return self.__expires_at
   56 
   57     @expires_at.setter
   58     def expires_at(self, value):
   59         if not isinstance(value, str):
   60             raise ValueError('expires_at must be a string.')
   61         self.__expires_at = value
   62 
   63     @property
   64     def issued_at(self):
   65         return self.__issued_at
   66 
   67     @issued_at.setter
   68     def issued_at(self, value):
   69         if not isinstance(value, str):
   70             raise ValueError('issued_at must be a string.')
   71         self.__issued_at = value
   72 
   73     @property
   74     def user(self):
   75         if not self.__user:
   76             if self.user_id:
   77                 self.__user = PROVIDERS.identity_api.get_user(self.user_id)
   78         return self.__user
   79 
   80     @property
   81     def user_domain(self):
   82         if not self.__user_domain:
   83             if self.user:
   84                 self.__user_domain = PROVIDERS.resource_api.get_domain(
   85                     self.user['domain_id']
   86                 )
   87         return self.__user_domain
   88 
   89     @property
   90     def required_methods(self):
   91         if not self.__required_methods:
   92             mfa_rules = self.user['options'].get(
   93                 ro.MFA_RULES_OPT.option_name, [])
   94             rules = core.UserMFARulesValidator._parse_rule_structure(
   95                 mfa_rules, self.user_id)
   96             methods = set(self.methods)
   97             active_methods = set(core.AUTH_METHODS.keys())
   98 
   99             required_auth_methods = []
  100             for r in rules:
  101                 r_set = set(r).intersection(active_methods)
  102                 if r_set.intersection(methods):
  103                     required_auth_methods.append(list(r_set))
  104 
  105             self.__required_methods = required_auth_methods
  106 
  107         return self.__required_methods
  108 
  109     def mint(self, receipt_id, issued_at):
  110         """Set the ``id`` and ``issued_at`` attributes of a receipt.
  111 
  112         The process of building a Receipt requires setting attributes about the
  113         partial authentication context, like ``user_id`` and ``methods`` for
  114         example. Once a Receipt object accurately represents this information
  115         it should be "minted". Receipt are minted when they get an ``id``
  116         attribute and their creation time is recorded.
  117         """
  118         self.id = receipt_id
  119         self.issued_at = issued_at
  120 
  121 
  122 class _ReceiptModelHandler(object):
  123     identity = 125
  124     handles = (ReceiptModel,)
  125 
  126     def __init__(self, registry):
  127         self._registry = registry
  128 
  129     def serialize(self, obj):
  130         serialized = msgpackutils.dumps(obj.__dict__, registry=self._registry)
  131         return serialized
  132 
  133     def deserialize(self, data):
  134         receipt_data = msgpackutils.loads(data, registry=self._registry)
  135         try:
  136             receipt_model = ReceiptModel()
  137             for k, v in iter(receipt_data.items()):
  138                 setattr(receipt_model, k, v)
  139         except Exception:
  140             LOG.debug(
  141                 "Failed to deserialize ReceiptModel. Data is %s", receipt_data
  142             )
  143             raise exception.CacheDeserializationError(
  144                 ReceiptModel.__name__, receipt_data
  145             )
  146         return receipt_model
  147 
  148 
  149 cache.register_model_handler(_ReceiptModelHandler)