From 8b839938bca245fcb36988ce6dcd3f5d0d96cf3b Mon Sep 17 00:00:00 2001 From: Radomir Dopieralski Date: Wed, 1 Feb 2017 15:23:34 +0100 Subject: [PATCH] Disentangle domain context from effective domain Since the existence of a domain token was equivalent with having selected a domain context with Keystone V2, some code confuses the two. This is no longer true for Kestone V3, so we have to separate the two concepts and use domain context when we mean the domain context. Close-bug: #1661537 Change-Id: Ifa66d8c397e34d16a4534e7216eb11c752699505 --- .../dashboards/identity/domains/views.py | 3 +- .../dashboards/identity/groups/forms.py | 5 ++-- .../dashboards/identity/groups/tests.py | 8 ------ .../dashboards/identity/groups/views.py | 6 ++-- .../dashboards/identity/projects/tests.py | 3 -- .../dashboards/identity/projects/views.py | 5 ++-- .../dashboards/identity/projects/workflows.py | 3 +- .../dashboards/identity/users/tests.py | 8 ++++-- .../dashboards/identity/users/views.py | 5 ++-- openstack_dashboard/utils/identity.py | 28 +++++++++++++++++++ 10 files changed, 49 insertions(+), 25 deletions(-) create mode 100644 openstack_dashboard/utils/identity.py diff --git a/openstack_dashboard/dashboards/identity/domains/views.py b/openstack_dashboard/dashboards/identity/domains/views.py index 16ddec804c..b1301cf7b7 100644 --- a/openstack_dashboard/dashboards/identity/domains/views.py +++ b/openstack_dashboard/dashboards/identity/domains/views.py @@ -28,6 +28,7 @@ from openstack_dashboard.dashboards.identity.domains \ import tables as project_tables from openstack_dashboard.dashboards.identity.domains \ import workflows as project_workflows +from openstack_dashboard.utils import identity class IndexView(tables.DataTableView): @@ -37,7 +38,7 @@ class IndexView(tables.DataTableView): def get_data(self): domains = [] - domain_id = api.keystone.get_effective_domain_id(self.request) + domain_id = identity.get_domain_id_for_operation(self.request) if policy.check((("identity", "identity:list_domains"),), self.request): diff --git a/openstack_dashboard/dashboards/identity/groups/forms.py b/openstack_dashboard/dashboards/identity/groups/forms.py index e0041bee5e..379d83ff87 100644 --- a/openstack_dashboard/dashboards/identity/groups/forms.py +++ b/openstack_dashboard/dashboards/identity/groups/forms.py @@ -21,6 +21,7 @@ from horizon import forms from horizon import messages from openstack_dashboard import api +from openstack_dashboard.utils import identity as identity_utils LOG = logging.getLogger(__name__) @@ -36,10 +37,10 @@ class CreateGroupForm(forms.SelfHandlingForm): def handle(self, request, data): try: LOG.info('Creating group with name "%s"' % data['name']) - domain_context = api.keystone.get_effective_domain_id(request) api.keystone.group_create( request, - domain_id=domain_context, + domain_id=identity_utils.get_domain_id_for_operation( + self.request), name=data['name'], description=data['description']) messages.success(request, diff --git a/openstack_dashboard/dashboards/identity/groups/tests.py b/openstack_dashboard/dashboards/identity/groups/tests.py index f542681a55..0f9fb2c7c7 100644 --- a/openstack_dashboard/dashboards/identity/groups/tests.py +++ b/openstack_dashboard/dashboards/identity/groups/tests.py @@ -49,8 +49,6 @@ class GroupsViewTests(test.BaseAdminViewTests): domain_id = self._get_domain_id() groups = self._get_groups(domain_id) filters = {} - domain = self.domains.get(id="1") - api.keystone.domain_get(IsA(http.HttpRequest), '1').AndReturn(domain) api.keystone.group_list(IgnoreArg(), domain=domain_id, filters=filters) \ @@ -79,8 +77,6 @@ class GroupsViewTests(test.BaseAdminViewTests): domain_context_name=domain.name) groups = self._get_groups(domain.id) - api.keystone.get_effective_domain_id(IgnoreArg()).AndReturn(domain.id) - api.keystone.group_list(IsA(http.HttpRequest), domain=domain.id, filters=filters).AndReturn(groups) @@ -105,9 +101,7 @@ class GroupsViewTests(test.BaseAdminViewTests): def test_index_with_keystone_can_edit_group_false(self): domain_id = self._get_domain_id() groups = self._get_groups(domain_id) - domain = self.domains.get(id="1") filters = {} - api.keystone.domain_get(IsA(http.HttpRequest), '1').AndReturn(domain) api.keystone.group_list(IgnoreArg(), domain=domain_id, filters=filters) \ @@ -204,8 +198,6 @@ class GroupsViewTests(test.BaseAdminViewTests): filters = {} group = self.groups.get(id="2") - domain = self.domains.get(id="1") - api.keystone.domain_get(IsA(http.HttpRequest), '1').AndReturn(domain) api.keystone.group_list(IgnoreArg(), domain=domain_id, filters=filters) \ diff --git a/openstack_dashboard/dashboards/identity/groups/views.py b/openstack_dashboard/dashboards/identity/groups/views.py index 13332f4c62..1fb72cd1a1 100644 --- a/openstack_dashboard/dashboards/identity/groups/views.py +++ b/openstack_dashboard/dashboards/identity/groups/views.py @@ -31,6 +31,7 @@ from openstack_dashboard.dashboards.identity.groups \ import forms as project_forms from openstack_dashboard.dashboards.identity.groups \ import tables as project_tables +from openstack_dashboard.utils import identity class IndexView(tables.DataTableView): @@ -58,8 +59,7 @@ class IndexView(tables.DataTableView): self._needs_filter_first = True return groups - domain_id = api.keystone.get_effective_domain_id(self.request) - + domain_id = identity.get_domain_id_for_operation(self.request) try: groups = api.keystone.group_list(self.request, domain=domain_id, @@ -125,7 +125,7 @@ class GroupManageMixin(object): @memoized.memoized_method def _get_group_members(self): group_id = self.kwargs['group_id'] - domain_id = api.keystone.get_effective_domain_id(self.request) + domain_id = identity.get_domain_id_for_operation(self.request) return api.keystone.user_list(self.request, domain=domain_id, group=group_id) diff --git a/openstack_dashboard/dashboards/identity/projects/tests.py b/openstack_dashboard/dashboards/identity/projects/tests.py index 08c476ef09..d3d52a3b73 100644 --- a/openstack_dashboard/dashboards/identity/projects/tests.py +++ b/openstack_dashboard/dashboards/identity/projects/tests.py @@ -49,7 +49,6 @@ class TenantsViewTests(test.BaseAdminViewTests): def test_index(self): domain = self.domains.get(id="1") filters = {} - api.keystone.domain_get(IsA(http.HttpRequest), '1').AndReturn(domain) api.keystone.tenant_list(IsA(http.HttpRequest), domain=None, paginate=True, @@ -79,8 +78,6 @@ class TenantsViewTests(test.BaseAdminViewTests): domain_tenants = [tenant for tenant in self.tenants.list() if tenant.domain_id == domain.id] - api.keystone.get_effective_domain_id(IgnoreArg()).AndReturn(domain.id) - api.keystone.tenant_list(IsA(http.HttpRequest), domain=domain.id, paginate=True, diff --git a/openstack_dashboard/dashboards/identity/projects/views.py b/openstack_dashboard/dashboards/identity/projects/views.py index 405c546e46..95f66b1a3f 100644 --- a/openstack_dashboard/dashboards/identity/projects/views.py +++ b/openstack_dashboard/dashboards/identity/projects/views.py @@ -39,6 +39,7 @@ from openstack_dashboard.dashboards.identity.projects \ import workflows as project_workflows from openstack_dashboard.dashboards.project.overview \ import views as project_views +from openstack_dashboard.utils import identity PROJECT_INFO_FIELDS = ("domain_id", "domain_name", @@ -99,11 +100,11 @@ class IndexView(tables.DataTableView): self._more = False return tenants - domain_context = api.keystone.get_effective_domain_id(self.request) + domain_id = identity.get_domain_id_for_operation(self.request) try: tenants, self._more = api.keystone.tenant_list( self.request, - domain=domain_context, + domain=domain_id, paginate=True, filters=filters, marker=marker) diff --git a/openstack_dashboard/dashboards/identity/projects/workflows.py b/openstack_dashboard/dashboards/identity/projects/workflows.py index ad0521811b..d031db61b4 100644 --- a/openstack_dashboard/dashboards/identity/projects/workflows.py +++ b/openstack_dashboard/dashboards/identity/projects/workflows.py @@ -35,6 +35,7 @@ from openstack_dashboard.api import cinder from openstack_dashboard.api import keystone from openstack_dashboard.api import nova from openstack_dashboard.usage import quotas +from openstack_dashboard.utils import identity as identity LOG = logging.getLogger(__name__) @@ -677,7 +678,7 @@ class UpdateProject(CommonQuotaWorkflow): def _update_project(self, request, data): """Update project info""" - domain_id = api.keystone.get_effective_domain_id(self.request) + domain_id = identity.get_domain_id_for_operation(request) try: project_id = data['project_id'] diff --git a/openstack_dashboard/dashboards/identity/users/tests.py b/openstack_dashboard/dashboards/identity/users/tests.py index 1d5ecd1bea..10db5e8f92 100644 --- a/openstack_dashboard/dashboards/identity/users/tests.py +++ b/openstack_dashboard/dashboards/identity/users/tests.py @@ -57,13 +57,15 @@ class UsersViewTests(test.BaseAdminViewTests): @test.create_stubs({api.keystone: ('user_list', 'get_effective_domain_id', 'domain_lookup')}) - def test_index(self): + def test_index(self, with_domain=False): domain = self._get_default_domain() domain_id = domain.id filters = {} users = self._get_users(domain_id) - api.keystone.get_effective_domain_id(IgnoreArg()).AndReturn(domain_id) + if not with_domain: + api.keystone.get_effective_domain_id( + IgnoreArg()).AndReturn(domain_id) api.keystone.user_list(IgnoreArg(), domain=domain_id, @@ -84,7 +86,7 @@ class UsersViewTests(test.BaseAdminViewTests): domain = self.domains.get(id="1") self.setSessionValues(domain_context=domain.id, domain_context_name=domain.name) - self.test_index() + self.test_index(with_domain=True) @override_settings(USER_TABLE_EXTRA_INFO={'phone_num': 'Phone Number'}) @test.create_stubs({api.keystone: ('user_create', diff --git a/openstack_dashboard/dashboards/identity/users/views.py b/openstack_dashboard/dashboards/identity/users/views.py index ea7af63c39..bda08c9ec4 100644 --- a/openstack_dashboard/dashboards/identity/users/views.py +++ b/openstack_dashboard/dashboards/identity/users/views.py @@ -40,6 +40,7 @@ from openstack_dashboard.dashboards.identity.users \ import forms as project_forms from openstack_dashboard.dashboards.identity.users \ import tables as project_tables +from openstack_dashboard.utils import identity LOG = logging.getLogger(__name__) @@ -69,10 +70,10 @@ class IndexView(tables.DataTableView): self._needs_filter_first = True return users - domain_context = api.keystone.get_effective_domain_id(self.request) + domain_id = identity.get_domain_id_for_operation(self.request) try: users = api.keystone.user_list(self.request, - domain=domain_context, + domain=domain_id, filters=filters) except Exception: exceptions.handle(self.request, diff --git a/openstack_dashboard/utils/identity.py b/openstack_dashboard/utils/identity.py new file mode 100644 index 0000000000..cef1f0e316 --- /dev/null +++ b/openstack_dashboard/utils/identity.py @@ -0,0 +1,28 @@ +# Copyright 2017 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from openstack_dashboard import api + + +def get_domain_id_for_operation(request): + """Get the ID of the domain in which the current operation should happen. + + If the user has a domain context set, use that, otherwise use the user's + effective domain. + """ + + domain_context = request.session.get('domain_context') + if domain_context: + return domain_context + return api.keystone.get_effective_domain_id(request)