Skip to content

Instantly share code, notes, and snippets.

/-

Created September 4, 2017 10:54
Show Gist options
  • Save anonymous/20c1a2ceb74f3c51489cd925e24a71e8 to your computer and use it in GitHub Desktop.
Save anonymous/20c1a2ceb74f3c51489cd925e24a71e8 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
-
diff --git a/barbican/api/controllers/acls.py b/barbican/api/controllers/acls.py
index d65f87a..a586590 100644
--- a/barbican/api/controllers/acls.py
+++ b/barbican/api/controllers/acls.py
@@ -22,6 +22,7 @@ from barbican.common import validators
from barbican import i18n as u
from barbican.model import models
from barbican.model import repositories as repo
+from barbican import objects
LOG = utils.getLogger(__name__)
@@ -212,8 +213,6 @@ class ContainerACLsController(controllers.ACLMixin):
def __init__(self, container):
self.container = container
self.container_id = container.id
- self.acl_repo = repo.get_container_acl_repository()
- self.container_repo = repo.get_container_repository()
self.validator = validators.ACLValidator()
self.container_project_id = container.project.external_id
@@ -277,12 +276,12 @@ class ContainerACLsController(controllers.ACLMixin):
if project_access is not None:
c_acl.project_access = project_access
else:
- c_acl = models.ContainerACL(self.container.id,
- operation=operation,
- project_access=project_access)
- self.acl_repo.create_or_replace_from(self.container,
- container_acl=c_acl,
- user_ids=user_ids)
+ c_acl = objects.ContainerACL(container_id=self.container_id)
+ c_acl.create(container_id=self.container_id, operation=operation,
+ project_access=project_access, user_ids=user_ids)
+ objects.ContainerACL.create_or_replace(self.container,
+ c_acl,
+ user_ids=user_ids)
acl_ref = '{0}/acl'.format(
hrefs.convert_container_to_href(self.container.id))
@@ -340,16 +339,16 @@ class ContainerACLsController(controllers.ACLMixin):
c_acl = existing_acls_map.pop(operation)
c_acl.project_access = project_access
else:
- c_acl = models.ContainerACL(self.container.id,
- operation=operation,
- project_access=project_access)
- self.acl_repo.create_or_replace_from(self.container,
- container_acl=c_acl,
- user_ids=user_ids)
+ c_acl = objects.ContainerACL(container_id=self.container_id)
+ c_acl.create(container_id=self.container_id, operation=operation,
+ project_access=project_access, user_ids=user_ids)
+ objects.ContainerACL.create_or_replace(self.container,
+ c_acl,
+ user_ids=user_ids)
# delete remaining existing acls as they are not present in input.
for acl in existing_acls_map.values():
- self.acl_repo.delete_entity_by_id(entity_id=acl.id,
- external_project_id=None)
+ objects.ContainerACL.delete_entity_by_id(entity_id=acl.id,
+ external_project_id=None)
acl_ref = '{0}/acl'.format(
hrefs.convert_container_to_href(self.container.id))
return {'acl_ref': acl_ref}
@@ -358,12 +357,12 @@ class ContainerACLsController(controllers.ACLMixin):
@controllers.handle_exceptions(u._('ContainerACL(s) deletion'))
@controllers.enforce_rbac('container_acls:delete')
def on_delete(self, external_project_id, **kwargs):
- count = self.acl_repo.get_count(self.container_id)
+ count = objects.ContainerACL.get_count(self.container_id)
if count > 0:
- self.acl_repo.delete_acls_for_container(self.container)
+ objects.ContainerACL.delete_acls_for_container(self.container)
def _return_acl_list_response(self, container_id):
- result = self.acl_repo.get_by_container_id(container_id)
+ result = objects.ContainerACL.get_by_container_id(container_id)
acls_data = {}
if result:
diff --git a/barbican/api/controllers/consumers.py b/barbican/api/controllers/consumers.py
index a2432ea..8f27a6a 100644
--- a/barbican/api/controllers/consumers.py
+++ b/barbican/api/controllers/consumers.py
@@ -21,8 +21,7 @@ from barbican.common import resources as res
from barbican.common import utils
from barbican.common import validators
from barbican import i18n as u
-from barbican.model import models
-from barbican.model import repositories as repo
+from barbican import objects
LOG = utils.getLogger(__name__)
@@ -49,7 +48,6 @@ class ContainerConsumerController(controllers.ACLMixin):
def __init__(self, consumer_id):
self.consumer_id = consumer_id
- self.consumer_repo = repo.get_container_consumer_repository()
self.validator = validators.ContainerConsumerValidator()
@pecan.expose(generic=True)
@@ -60,7 +58,7 @@ class ContainerConsumerController(controllers.ACLMixin):
@controllers.handle_exceptions(u._('ContainerConsumer retrieval'))
@controllers.enforce_rbac('consumer:get')
def on_get(self, external_project_id):
- consumer = self.consumer_repo.get(
+ consumer = objects.ContainerConsumerMetadatum.get(
entity_id=self.consumer_id,
suppress_exception=True)
if not consumer:
@@ -81,12 +79,9 @@ class ContainerConsumersController(controllers.ACLMixin):
def __init__(self, container_id):
self.container_id = container_id
- self.consumer_repo = repo.get_container_consumer_repository()
- self.container_repo = repo.get_container_repository()
- self.project_repo = repo.get_project_repository()
self.validator = validators.ContainerConsumerValidator()
self.quota_enforcer = quota.QuotaEnforcer('consumers',
- self.consumer_repo)
+ objects.ContainerConsumerMetadatum)
@pecan.expose()
def _lookup(self, consumer_id, *remainder):
@@ -104,7 +99,7 @@ class ContainerConsumersController(controllers.ACLMixin):
def on_get(self, external_project_id, **kw):
LOG.debug('Start consumers on_get '
'for container-ID %s:', self.container_id)
- result = self.consumer_repo.get_by_container_id(
+ result = objects.ContainerConsumerMetadatum.get_by_container_id(
self.container_id,
offset_arg=kw.get('offset', 0),
limit_arg=kw.get('limit'),
@@ -150,11 +145,12 @@ class ContainerConsumersController(controllers.ACLMixin):
self.quota_enforcer.enforce(project)
- new_consumer = models.ContainerConsumerMetadatum(self.container_id,
- project.id,
- data)
- self.consumer_repo.create_or_update_from(new_consumer, container)
-
+ new_consumer = objects.ContainerConsumerMetadatum()
+ new_consumer.create(container_id=self.container_id,
+ project_id=project.id,
+ parsed_request=data)
+ container.consumers.append(new_consumer)
+ container.save()
url = hrefs.convert_consumer_to_href(new_consumer.container_id)
pecan.response.headers['Location'] = url
@@ -170,12 +166,12 @@ class ContainerConsumersController(controllers.ACLMixin):
def on_delete(self, external_project_id, **kwargs):
data = api.load_body(pecan.request, validator=self.validator)
LOG.debug('Start on_delete...%s', data)
- project = self.project_repo.find_by_external_project_id(
+ project = objects.Project.find_by_external_project_id(
external_project_id, suppress_exception=True)
if not project:
_consumer_not_found()
- consumer = self.consumer_repo.get_by_values(
+ consumer = objects.ContainerConsumerMetadatum.get_by_values(
self.container_id,
data["name"],
data["URL"],
@@ -188,13 +184,14 @@ class ContainerConsumersController(controllers.ACLMixin):
container = self._get_container(self.container_id)
owner_of_consumer = consumer.project_id == project.id
owner_of_container = container.project.external_id \
- == external_project_id
+ == external_project_id
if not owner_of_consumer and not owner_of_container:
_consumer_ownership_mismatch()
try:
- self.consumer_repo.delete_entity_by_id(consumer.id,
- external_project_id)
+ objects.ContainerConsumerMetadatum. \
+ delete_entity_by_id(consumer.id,
+ external_project_id)
except exception.NotFound:
LOG.exception('Problem deleting consumer')
_consumer_not_found()
@@ -205,7 +202,7 @@ class ContainerConsumersController(controllers.ACLMixin):
return ret_data
def _get_container(self, container_id):
- container = self.container_repo.get_container_by_id(
+ container = objects.Container.get_container_by_id(
container_id, suppress_exception=True)
if not container:
controllers.containers.container_not_found()
diff --git a/barbican/model/repositories.py b/barbican/model/repositories.py
index a971419..bea2cfe 100644
--- a/barbican/model/repositories.py
+++ b/barbican/model/repositories.py
@@ -423,10 +423,11 @@ class BaseRepo(object):
return entity
- def update(self, model_class, entity_id, values):
+ def update(self, model_class, entity_id,
+ values, session=None):
if 'id' in values:
raise Exception('Cannot update id')
- session = self.get_session()
+ session = self.get_session(session)
with session.begin(subtransactions=True):
query = model_query(model_class, session=session)
query = query.filter_by(id=entity_id)
diff --git a/barbican/objects/base.py b/barbican/objects/base.py
index e3130ca..e565d45 100644
--- a/barbican/objects/base.py
+++ b/barbican/objects/base.py
@@ -19,6 +19,7 @@ from oslo_utils import timeutils
from oslo_versionedobjects import base as object_base
from barbican.model import models
+from barbican.model import repositories
from barbican.objects import fields
@@ -95,7 +96,7 @@ class BarbicanObject(object_base.VersionedObject):
@staticmethod
def _get_db_entity_repo():
"""This method will be inherited by child classes"""
- return None
+ return repositories.BaseRepo()
def _get_db_entity(self, *args, **kwargs):
db_model_name = self.__class__.__name__
@@ -176,8 +177,18 @@ class BarbicanObject(object_base.VersionedObject):
suppress_exception=suppress_exception,
session=session)
- def save(self):
+ def save(self, session=None):
updates = self.obj_get_changes()
self.db_entity_repo.update(self._get_model_class(),
- self.id, updates)
+ self.id, updates,
+ session=session)
self.obj_reset_changes()
+
+ def delete(self, session=None):
+ if not isinstance(self.db_entity_repo, repositories.BaseRepo):
+ entity_db = self.db_entity_repo.get(entity_id=self.id)
+ else:
+ query = session.query(self._get_model_class())
+ query = query.filter_by(id=self.id)
+ entity_db = query.one()
+ entity_db.delete(session=session)
diff --git a/barbican/objects/container.py b/barbican/objects/container.py
index 50814e5..fe0db0d 100644
--- a/barbican/objects/container.py
+++ b/barbican/objects/container.py
@@ -30,7 +30,7 @@ class Container(base.BarbicanObject, base.BarbicanPersistentObject,
fields = {
'name': fields.StringField(nullable=True),
'type': fields.EnumField(valid_values=TYPE_VALUE, nullable=True),
- 'project_id': fields.StringField(),
+ 'project_id': fields.StringField(nullable=True),
'consumers': fields.ListOfObjectsField('ContainerConsumerMetadatum',
nullable=True),
'creator_id': fields.StringField(nullable=True),
diff --git a/barbican/objects/container_acl.py b/barbican/objects/container_acl.py
index 6fd6eac..503044a 100644
--- a/barbican/objects/container_acl.py
+++ b/barbican/objects/container_acl.py
@@ -11,6 +11,7 @@
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
+from oslo_utils import timeutils
from oslo_versionedobjects import base as object_base
from barbican.model import repositories as repo
@@ -22,7 +23,6 @@ from barbican.objects import fields
@object_base.VersionedObjectRegistry.register
class ContainerACL(base.BarbicanObject, base.BarbicanPersistentObject,
object_base.VersionedObjectDictCompat):
-
fields = {
'container_id': fields.StringField(),
'operation': fields.StringField(nullable=True),
@@ -54,12 +54,13 @@ class ContainerACL(base.BarbicanObject, base.BarbicanPersistentObject,
if raw_acl_user_list is not None:
raw_acl_user_list = \
[container_acl_user.ContainerACLUser.
- _from_db_object(
- container_acl_user.ContainerACLUser(),
- raw_acl_user
- ) for raw_acl_user in raw_acl_user_list]
+ _from_db_object(
+ container_acl_user.ContainerACLUser(),
+ raw_acl_user
+ ) for raw_acl_user in raw_acl_user_list]
+ con_acl[field] = raw_acl_user_list
else:
- con_acl[field] = con_acl_db[field]
+ con_acl[field] = con_acl_db.__dict__.get(field)
con_acl.obj_reset_changes()
return con_acl
@@ -70,16 +71,35 @@ class ContainerACL(base.BarbicanObject, base.BarbicanPersistentObject,
@classmethod
def get_by_container_id(cls, container_id, session=None):
acl_repo = cls._get_db_entity_repo()
- entity_db = acl_repo.get_by_container_id(container_id, session)
- entity = cls._from_db_object(cls(), entity_db)
- return entity
+ entity_db_list = acl_repo.get_by_container_id(container_id, session)
+ entities = [cls._from_db_object(cls(), entity_db)
+ for entity_db in entity_db_list]
+ return entities
@classmethod
- def create_or_replace_from(cls, container, container_acl,
- user_ids=None, session=None):
- acl_repo = cls._get_db_entity_repo()
- acl_repo.create_or_replace_from(container, container_acl, user_ids,
- session)
+ def create_or_replace(cls, container, container_acl,
+ user_ids=None, session=None):
+ session = cls._get_db_entity_repo().get_session(session)
+ container.container_acls.append(container_acl)
+ container.save(session=session)
+
+ if user_ids is None:
+ return
+
+ user_ids = set(user_ids)
+ for acl_user in container_acl.acl_users:
+ if acl_user.user_id in user_ids: # input user_id already exists
+ user_ids.remove(acl_user.user_id)
+ else:
+ acl_user.delete(session=session)
+
+ for user_id in user_ids:
+ acl_user = container_acl_user.ContainerACLUser()
+ acl_user.create(acl_id=container_acl.id,
+ user_id=user_id)
+ container_acl.acl_users.append(acl_user)
+
+ container_acl.save(session=session)
@classmethod
def get_count(cls, container_id, session=None):
@@ -90,4 +110,6 @@ class ContainerACL(base.BarbicanObject, base.BarbicanPersistentObject,
@classmethod
def delete_acls_for_container(cls, container, session=None):
acl_repo = cls._get_db_entity_repo()
- acl_repo.delete_acls_for_container(container, session)
+ container_db = repo.get_container_repository(). \
+ get(entity_id=container.id)
+ acl_repo.delete_acls_for_container(container_db, session)
diff --git a/barbican/objects/container_acl_user.py b/barbican/objects/container_acl_user.py
index 8122773..6a649f1 100644
--- a/barbican/objects/container_acl_user.py
+++ b/barbican/objects/container_acl_user.py
@@ -13,7 +13,6 @@
# under the License.
from oslo_versionedobjects import base as object_base
-from barbican.model import repositories as repos
from barbican.objects import base
from barbican.objects import fields
@@ -32,10 +31,3 @@ class ContainerACLUser(base.BarbicanObject, base.BarbicanPersistentObject,
con_acl_user[field] = con_acl_user_db[field]
con_acl_user.obj_reset_changes()
return con_acl_user
-
- @staticmethod
- def _get_db_entity_repo():
- # NOTE(kiennt): Because There is no need for ContainerACLUserRepo
- # as none of logic access ContainerACLUser (ACL user data) directly.
- # Its always derived from ContainerACL relationship.
- return repos.get_container_acl_repository()
diff --git a/barbican/objects/container_consumer_meta.py b/barbican/objects/container_consumer_meta.py
index 6fdda7b..333d35d 100644
--- a/barbican/objects/container_consumer_meta.py
+++ b/barbican/objects/container_consumer_meta.py
@@ -71,9 +71,3 @@ class ContainerConsumerMetadatum(base.BarbicanObject,
return cls._from_db_object(cls(), consumer_db)
else:
return None
-
- @classmethod
- def create_or_update_from(cls, new_consumer, container, session=None):
- cls._get_db_entity_repo().create_or_update_from(new_consumer,
- container,
- session)
diff --git a/barbican/tests/api/test_resources.py b/barbican/tests/api/test_resources.py
index f7d0b7a..09c1c30 100644
--- a/barbican/tests/api/test_resources.py
+++ b/barbican/tests/api/test_resources.py
@@ -950,7 +950,7 @@ class WhenGettingOrDeletingConsumersUsingConsumerResource(FunctionalTest):
), self.consumer_ref)
self.consumer_repo.delete_entity_by_id.assert_called_once_with(
- self.consumer.id, self.external_project_id)
+ self.consumer.id, self.external_project_id, session=None)
def test_should_fail_deleting_consumer_bad_json(self):
resp = self.app.delete(
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment