3

ÿn‚aÙ8ã@s.
dZd
dl
Z
d
dlmZ
d
dlmZ
d
dlmZ
d
dl	m
Z

d
dlmZ
d
dl
mZ
d
d	lmZ
d
dlZd
d
lmZ
d
dlmZ
d
dlmZ
d
d
lmZ
ejeƒ
ZeƒZeƒZGdd„dejƒZ ej!Gdd„de
j"ƒƒ
Z"dd„Z#d%dd„
Z$dd„Z%dd„Z&dd„Z'dd„Z(dd „Z)ia*d!d"„Z+ed#d$„ƒ
Z,dS)&zGRequestContext: context for requests that persist through all of dmapi.éN)
Úcontextmanager)
Úservice_catalog)
Úplugin)
Úcontext)
Úenginefacade)
Úlog)
Ú	timeutils)
Ú	exception)
Ú
_)
Úpolicy)
Úutilscs2eZ
dZd
Z‡f
dd„Zdd„Zd	dd„
Z‡ZS)
Ú_ContextAuthPluginzñA keystoneauth auth plugin that uses the values from the Context.

    Ideally we would use the plugin provided by auth_token middleware however
    this plugin isn't serialized yet so we construct one from the serialized
    auth data.
    cs$tt
|ƒjƒ
|
|_tj|ƒ
|_dS)
N)Úsuperr
Ú__init__Ú
auth_tokenÚksa_service_catalogZServiceCatalogV2r)ÚselfrZsc)
Ú	__class__©ú/usr/lib/python3.6/context.pyr)s

z_ContextAuthPlugin.__init__c

Os|jS)
N)
r)rÚargsÚkwargsrrrÚ	get_token/s
z_ContextAuthPlugin.get_tokenNcKs|jj
||||d
S)N)Úservice_typeÚservice_nameÚ	interfaceÚregion_name)rZurl_for)rZsessionrrrrrrrrÚget_endpoint2s


z_ContextAuthPlugin.get_endpoint)NNNN)Ú__name__Ú
__module__Ú__qualname__Ú__doc__rrrÚ
__classcell__rr)
rrr
!s

r
c
s’eZ
dZd
Zd‡f
dd„	Zdd„Zd	d
„Zdd„Zd
d„Ze	eeeƒZ
‡f
dd„Ze‡f
dd„ƒ
Z
ddd„
Zddd„
Z‡f
dd„Zdd„Z‡ZS)ÚRequestContextzpSecurity context and request information.

    Represents the user taking a given action within the system.
    NÚnoFcs®|
r|
|d
<|r||d<tt
|ƒjfd|i
|—Ž

||_||_|sJtjƒ}t|tj	ƒr`tj
|ƒ
}||_|r|dd„|Dƒ
|_ng|_|	|_
||_|
|_|jdkrªtj|ƒ
|_dS)aÉ
:param read_deleted: 'no' indicates deleted records are hidden,
                'yes' indicates deleted records are visible,
                'only' indicates that *only* deleted records are visible.

           :param overwrite: Set to False to ensure that the greenthread local
                copy of the index is not overwritten.

           :param user_auth_plugin: The auth plugin for the current request's
                authentication data.
        ÚuserZtenantÚis_adminc

Ssg|]}
|
jdƒ
dkr|
‘qS)	ÚtypeÚimageú
block-storageÚvolumev2Úvolumev3úkey-managerÚ	placementÚnetwork)r(r)r*r+r,r-r.)
Úget)Ú.0Ú
srrrú
<listcomp>cs


z+RequestContext.__init__.<locals>.<listcomp>N)rr#rÚread_deletedÚremote_addressrZutcnowÚ
isinstanceÚsixZstring_typesZ
parse_strtimeÚ	timestamprÚinstance_lock_checkedÚquota_classÚuser_auth_pluginr&rZcheck_is_admin)rÚuser_idÚ
project_idr&r3r4r7r9rr8r:r)
rrrr@s(












zRequestContext.__init__c

Cs|jr|jSt
|j|jƒSdS)
N)r:r
rr)
rrrrÚget_auth_pluginvs

zRequestContext.get_auth_pluginc


Cs|jS)
N)
Ú
_read_deleted)
rrrrÚ_get_read_deleted|s
z RequestContext._get_read_deletedcCs"|
dkrtt
dƒ
|
ƒ
‚
|
|_dS)Nr$ÚyesÚonlyz=read_deleted can only be one of 'no', 'yes' or 'only', not %r)r$r@rA)Ú
ValueErrorr
r>)rr3rrrÚ_set_read_deleteds



z RequestContext._set_read_deletedc


Cs|`dS)
N)
r>)
rrrrÚ_del_read_deleted…s
z RequestContext._del_read_deletedc
sºtt
|ƒjƒ}
|
jt|d
dƒt|ddƒt|ddƒt|ddƒt|ddƒt|dƒrZtj|jƒ
ndt|ddƒt|d	dƒt|d
dƒt|ddƒt|ddƒt|d
dƒdœƒ

|
jdt|ddƒi
ƒ

|
S)Nr;r<r&r3r$r4r7Ú
request_idr9Ú	user_namerÚproject_namer8F)r;r<r&r3r4r7rEr9rFrrGr8Zis_admin_projectT)	rr#Úto_dictÚupdateÚgetattrÚhasattrrZstrtimer7)rÚvalues)
rrrrH‹s&

























zRequestContext.to_dictcsVtt
|ƒj|
|
jd
ƒ
|
jdƒ
|
jddƒ|
jdƒ
|
jdƒ
|
jdƒ
|
jdƒ
|
jd	d
ƒd	S)Nr;r<r3r$r4r7r9rr8F)r;r<r3r4r7r9rr8)rr#Ú	from_dictr/)ÚclsrL)
rrrrM©s









zRequestContext.from_dictcCsFtj|ƒ
}tj
|jƒ
|_d
|_d|jkr4|jjdƒ

|
dk	rB|
|_|S)z5Return a version of this context with admin flag set.TZadminN)ÚcopyÚdeepcopyZrolesr&Úappendr3)rr3rrrrÚelevatedºs




zRequestContext.elevatedTcCsF|d
kr|j|j
dœ}ytj||
|ƒStjk
r@


|r<‚dSXd
S)aRVerifies that the given action is valid on the target in this context.

        :param action: string representing the action to be checked.
        :param target: dictionary representing the object of the action
            for object creation this should be a dictionary representing the
            location of the object e.g. ``{'project_id': context.project_id}``.
            If None, then this default target will be considered:
            {'project_id': self.project_id, 'user_id': self.user_id}
        :param fatal: if False, will return False when an exception.Forbidden
           occurs.

        :raises dmapi.exception.Forbidden: if verification fails and fatal is
            True.

        :return: returns a non-False value (not necessarily "True") if
            authorized and False if not authorized and fatal is False.
        N)r<r;F)r<r;rZ	authorizer	Ú	Forbidden)rÚactionÚtargetZfatalrrrÚcanÊs







zRequestContext.canc
stt
|ƒjƒ}
|j|
d
<|
S)Nr&)rr#Úto_policy_valuesr&)rr)
rrrrWçs



zRequestContext.to_policy_valuesc

Csd
|jƒS)Nz<Context %s>)
rH)
rrrrÚ__str__ìs
zRequestContext.__str__)
NNNr$NNNNFN)
N)NT)rrr r!rr=r?rCrDÚpropertyr3rHÚclassmethodrMrRrVrWrXr"rr)
rrr#:s"



3


r#cCstd
d
dddS)z·A helper method to get a blank context.

    Note that overwrite is False here so this context will not update the
    greenthread-local stored context that is used when logging.
    NF)r;r<r&Ú	overwrite)
r#rrrrÚget_contextðs


r\r$c

Cstddd
|ddS)NTF)r;r<r&r3r[)
r#)
r3rrrÚget_admin_contextüs




r]c


Cs*|sd
S|jrd
S|j
s"|jr&d
SdS)z2Indicates if the request context is a normal user.FT)r&r;r<)
rrrrÚis_user_context

s





r^c

Cs|jrt
|ƒ
rtjƒ‚
d
S)zRRaise exception.Forbidden() if context is not a user or an
    admin context.
    N)r&r^r	rS)
ZctxtrrrÚrequire_context
s
r_cCs.t|ƒ
r*|j
stjƒ‚
n|j
|
kr*tjƒ‚
d
S)z=Ensures a request has permission to access the given project.N)r^r<r	rS)rr<rrrÚauthorize_project_context
s






r`cCs.t|ƒ
r*|j
stjƒ‚
n|j
|
kr*tjƒ‚
d
S)z:Ensures a request has permission to access the given user.N)r^r;r	rS)rr;rrrÚauthorize_user_context&
s






racCs.t|ƒ
r*|j
stjƒ‚
n|j
|
kr*tjƒ‚
d
S)zAEnsures a request has permission to access the given quota class.N)r^r9r	rS)rÚ
class_namerrrÚauthorize_quota_class_context/
s






rccsVˆd
k	rFddlm
‰
ddlm‰
tjˆjƒ
‡‡
‡‡fdd„ƒ
}|ƒ
nd
ˆ
_d
ˆ
_d
S)a¯
Adds database connection information to the context
    for communicating with the given target_cell.

    This is used for permanently targeting a cell in a context.
    Use this when you want all subsequent code to target a cell.

    Passing None for cell_mapping will untarget the context.

    :param context: The RequestContext to add connection information
    :param cell_mapping: An objects.CellMapping object or None
    Nr
)
Údb)
Úrpccszytˆj
}WnRtk
r`


ˆj}
ˆj|
ƒ
ˆ
_ˆjjd
ƒ
sJˆjˆjƒ
ˆ
_	ˆ
jˆ
j	ftˆj
<YnX|dˆ
_|dˆ
_	dS)NZnoner
é
)
Ú
CELL_CACHEÚuuidÚKeyErrorZdatabase_connectionZcreate_context_managerÚ
db_connectionZ
transport_urlÚ
startswithZcreate_transportÚ
mq_connection)Z
cell_tupleZdb_connection_string)Úcell_mappingrrdrerrÚ*get_or_set_cached_cell_and_set_connectionsL
s












zCset_target_cell.<locals>.get_or_set_cached_cell_and_set_connections)ÚdmapirdrerZsynchronizedrhrjrl)rrmrnr)rmrrdrerÚset_target_cell9
s


rpccs"tj
|jƒƒ
}t||
ƒ
|V
d
S)a¡
Yields a new context with connection information for a specific cell.

    This function yields a copy of the provided context, which is targeted to
    the referenced cell for MQ and DB connections.

    Passing None for cell_mapping will yield an untargetd copy of the context.

    :param context: The RequestContext to add connection information
    :param cell_mapping: An objects.CellMapping object or None
    N)r#rMrHrp)rrmZcctxtrrrÚtarget_cellc
s


rq)
r$)-r!rOÚ
contextlibrZkeystoneauth1.accessrrZ
keystoneauth1rZoslo_contextrZoslo_db.sqlalchemyrZoslo_logrZloggingZ
oslo_utilsrr6ror	Z
dmapi.i18nr
rrZ	getLoggerrZLOGÚobjectZdid_not_respond_sentinelZraised_exception_sentinelZBaseAuthPluginr
Ztransaction_context_providerr#r\r]r^r_r`rarcrgrprqrrrrÚ<module>s<








6
			
*