Move role normalization to normalize.py

Location has specific semantics for identity resources. Add a method to get a projectless location. Add domain_id to project since all of the identity resources have it already, but keep the parent-project semantics already in place for project. Change-Id: Ife37833baabf58d9e329071acb4187842815c7d2
2017-09-01 11:09:37 -05:00 · 2017-09-01 11:09:37 -05:00 · c39d98ccaf
commit c39d98ccaf
parent 835d6555c3
5 changed files with 91 additions and 50 deletions
--- a/doc/source/user/model.rst
+++ b/doc/source/user/model.rst
@ -65,6 +65,9 @@ If all of the project information is None, then
      domain_name=str() or None))
 Resources
 =========
 Flavor
 ------
@ -324,34 +327,6 @@ A Floating IP from Neutron or Nova
    revision_number=int() or None,
    properties=dict())
 Project
 -------
 A Project from Keystone (or a tenant if Keystone v2)
 Location information for Project has some specific semantics.
 If the project has a parent project, that will be in location.project.id,
 and if it doesn't that should be None. If the Project is associated with
 a domain that will be in location.project.domain_id regardless of the current
 user's token scope. location.project.name and location.project.domain_name
 will always be None. Finally, location.region_name will always be None as
 Projects are global to a cloud. If a deployer happens to deploy OpenStack
 in such a way that users and projects are not shared amongst regions, that
 necessitates treating each of those regions as separate clouds from shade's
 POV.
 .. code-block:: python
  Project = dict(
    location=Location(),
    id=str(),
    name=str(),
    description=str(),
    is_enabled=bool(),
    is_domain=bool(),
    properties=dict())
 Volume
 ------
@ -502,3 +477,56 @@ A Stack from Heat
    tempate_description=str(),
    timeout_mins=int(),
    properties=dict())
 Identity Resources
 ==================
 Identity Resources are slightly different.
 They are global to a cloud, so location.availability_zone and
 location.region_name and will always be None. If a deployer happens to deploy
 OpenStack in such a way that users and projects are not shared amongst regions,
 that necessitates treating each of those regions as separate clouds from
 shade's POV.
 The Identity Resources that are not Project do not exist within a Project,
 so all of the values in ``location.project`` will be None.
 Project
 -------
 A Project from Keystone (or a tenant if Keystone v2)
 Location information for Project has some additional specific semantics.
 If the project has a parent project, that will be in ``location.project.id``,
 and if it doesn't that should be ``None``.
 If the Project is associated with a domain that will be in
 ``location.project.domain_id`` in addition to the normal ``domain_id``
 regardless of the current user's token scope.
 .. code-block:: python
  Project = dict(
    location=Location(),
    id=str(),
    name=str(),
    description=str(),
    is_enabled=bool(),
    is_domain=bool(),
    domain_id=str(),
    properties=dict())
 Role
 ----
 A Role from Keystone
 .. code-block:: python
  Project = dict(
    location=Location(),
    id=str(),
    name=str(),
    domain_id=str(),
    properties=dict())
--- a/shade/_normalize.py
+++ b/shade/_normalize.py
@ -643,19 +643,14 @@ class Normalizer(object):
        description = project.pop('description', '')
        is_enabled = project.pop('enabled', True)
        # Projects are global - strip region
        location = self._get_current_location(project_id=project_id)
        location['region_name'] = None
        # v3 additions
        domain_id = project.pop('domain_id', 'default')
        parent_id = project.pop('parent_id', None)
        is_domain = project.pop('is_domain', False)
        # Projects have a special relationship with location
        location = self._get_identity_location()
        location['project']['domain_id'] = domain_id
        location['project']['domain_name'] = None
        location['project']['name'] = None
        location['project']['id'] = parent_id
        ret = munch.Munch(
@ -665,13 +660,13 @@ class Normalizer(object):
            description=description,
            is_enabled=is_enabled,
            is_domain=is_domain,
            domain_id=domain_id,
            properties=project.copy()
        )
        # Backwards compat
        if not self.strict_mode:
            ret['enabled'] = is_enabled
            ret['domain_id'] = domain_id
            ret['parent_id'] = parent_id
            for key, val in ret['properties'].items():
                ret.setdefault(key, val)
@ -1089,3 +1084,21 @@ class Normalizer(object):
        # TODO(mordred) Normalize this resource
        return machine
    def _normalize_roles(self, roles):
        """Normalize Keystone roles"""
        ret = []
        for role in roles:
            ret.append(self._normalize_role(role))
        return ret
    def _normalize_role(self, role):
        """Normalize Identity roles."""
        return munch.Munch(
            id=role.get('id'),
            name=role.get('name'),
            domain_id=role.get('domain_id'),
            location=self._get_identity_location(),
            properties={},
        )
--- a/shade/_utils.py
+++ b/shade/_utils.py
@ -374,18 +374,6 @@ def normalize_role_assignments(assignments):
    return new_assignments
 def normalize_roles(roles):
    """Normalize Identity roles."""
    ret = [
        dict(
            domain_id=role.get('domain_id'),
            id=role.get('id'),
            name=role.get('name'),
        ) for role in roles
    ]
    return meta.obj_list_to_munch(ret)
 def normalize_flavor_accesses(flavor_accesses):
    """Normalize Flavor access list."""
    return [munch.Munch(
--- a/shade/openstackcloud.py
+++ b/shade/openstackcloud.py
@ -670,6 +670,18 @@ class OpenStackCloud(
            project=self._get_project_info(project_id),
        )
    def _get_identity_location(self):
        '''Identity resources do not exist inside of projects.'''
        return munch.Munch(
            cloud=self.name,
            region_name=None,
            zone=None,
            project=munch.Munch(
                id=None,
                name=None,
                domain_id=None,
                domain_name=None))
    def _get_project_id_param_dict(self, name_or_id):
        if name_or_id:
            project = self.get_project(name_or_id)
--- a/shade/operatorcloud.py
+++ b/shade/operatorcloud.py
@ -1390,7 +1390,7 @@ class OperatorCloud(openstackcloud.OpenStackCloud):
        url = '/OS-KSADM/roles' if v2 else '/roles'
        data = self._identity_client.get(
            url, params=kwargs, error_message="Failed to list roles")
-        return _utils.normalize_roles(self._get_and_munchify('roles', data))
+        return self._normalize_roles(self._get_and_munchify('roles', data))
    @_utils.valid_kwargs('domain_id')
    def search_roles(self, name_or_id=None, filters=None, **kwargs):
@ -1711,7 +1711,7 @@ class OperatorCloud(openstackcloud.OpenStackCloud):
        data = self._identity_client.post(
            url, json={'role': kwargs}, error_message=msg)
        role = self._get_and_munchify('role', data)
-        return _utils.normalize_roles([role])[0]
+        return self._normalize_role(role)
    @_utils.valid_kwargs('domain_id')
    def update_role(self, name_or_id, name, **kwargs):
@ -1740,7 +1740,7 @@ class OperatorCloud(openstackcloud.OpenStackCloud):
        data = self._identity_client.patch('/roles', error_message=msg,
                                           json=json_kwargs)
        role = self._get_and_munchify('role', data)
-        return _utils.normalize_roles([role])[0]
+        return self._normalize_role(role)
    @_utils.valid_kwargs('domain_id')
    def delete_role(self, name_or_id, **kwargs):