3

kÉÛc9ã@s.
dZd
dl
Z
d
dlmZ
d
dlmZ
d
dlmZ
d
dl	m
Z

d
dlmZ
d
dl
mZ
d
d	lmZ
d
dlZd
d
lmZ
d
dlmZ
d
dlmZ
d
d
lmZ
ejeƒ
ZeƒZeƒZGdd„dejƒZ ej!Gdd„de
j"ƒƒ
Z"dd„Z#d%dd„
Z$dd„Z%dd„Z&dd„Z'dd„Z(dd „Z)ia*d!d"„Z+ed#d$„ƒ
Z,dS)&zGRequestContext: context for requests that persist through all of dmapi.éN)
Úcontextmanager)
Úservice_catalog)
Úplugin)
Úcontext)
Úenginefacade)
Úlog)
Ú	timeutils)
Ú	exception)
Ú
_)
Úpolicy)
Úutilscs2eZ
dZd
Z‡f
dd„Zdd„Zd	dd„
Z‡ZS)
Ú_ContextAuthPluginzñA keystoneauth auth plugin that uses the values from the Context.

    Ideally we would use the plugin provided by auth_token middleware however
    this plugin isn't serialized yet so we construct one from the serialized
    auth data.
    cs$tt
|ƒjƒ
|
|_tj|ƒ
|_dS)
N)Úsuperr
Ú__init__Ú
auth_tokenÚksa_service_catalogZServiceCatalogV2r)ÚselfrZsc)
Ú	__class__©ú/usr/lib/python3.6/context.pyr)s

z_ContextAuthPlugin.__init__c

Os|jS)
N)
r)rÚargsÚkwargsrrrÚ	get_token/s
z_ContextAuthPlugin.get_tokenNcKs|jj
||||d
S)N)Úservice_typeÚservice_nameÚ	interfaceÚregion_name)rZurl_for)rZsessionrrrrrrrrÚget_endpoint2s


z_ContextAuthPlugin.get_endpoint)NNNN)Ú__name__Ú
__module__Ú__qualname__Ú__doc__rrrÚ
__classcell__rr)
rrr
!s

r
c
s’eZ
dZd
Zd‡f
dd„	Zdd„Zd	d
„Zdd„Zd
d„Ze	eeeƒZ
‡f
dd„Ze‡f
dd„ƒ
Z
ddd„
Zddd„
Z‡f
dd„Zdd„Z‡ZS)ÚRequestContextzpSecurity context and request information.

    Represents the user taking a given action within the system.
    NÚnoFcsº|
r|
|d
<|r||d<|jddƒ
t
t|ƒjfd|i
|—Ž

||_||_|sVtjƒ}t|t	j
ƒrltj|ƒ
}||_|rˆdd„|Dƒ
|_
ng|_
|	|_||_|
|_|jdkr¶tj|ƒ
|_dS)aÉ
:param read_deleted: 'no' indicates deleted records are hidden,
                'yes' indicates deleted records are visible,
                'only' indicates that *only* deleted records are visible.

           :param overwrite: Set to False to ensure that the greenthread local
                copy of the index is not overwritten.

           :param user_auth_plugin: The auth plugin for the current request's
                authentication data.
        ÚuserÚ
project_idZtenantNÚis_adminc

Ssg|]}
|
jdƒ
dkr|
‘qS)	ÚtypeÚimageú
block-storageÚvolumev2Úvolumev3úkey-managerÚ	placementÚnetwork)r)r*r+r,r-r.r/)
Úget)Ú.0Ú
srrrú
<listcomp>ds


z+RequestContext.__init__.<locals>.<listcomp>)Úpoprr#rÚread_deletedÚremote_addressrZutcnowÚ
isinstanceÚsixZstring_typesZ
parse_strtimeÚ	timestamprÚinstance_lock_checkedÚquota_classÚuser_auth_pluginr'rZcheck_is_admin)rÚuser_idr&r'r5r6r9r;rr:r<r)
rrrr@s*













zRequestContext.__init__c

Cs|jr|jSt
|j|jƒSdS)
N)r<r
rr)
rrrrÚget_auth_pluginws

zRequestContext.get_auth_pluginc


Cs|jS)
N)
Ú
_read_deleted)
rrrrÚ_get_read_deleted}s
z RequestContext._get_read_deletedcCs"|
dkrtt
dƒ
|
ƒ
‚
|
|_dS)Nr$ÚyesÚonlyz=read_deleted can only be one of 'no', 'yes' or 'only', not %r)r$rArB)Ú
ValueErrorr
r?)rr5rrrÚ_set_read_deleted€s



z RequestContext._set_read_deletedc


Cs|`dS)
N)
r?)
rrrrÚ_del_read_deleted†s
z RequestContext._del_read_deletedc
sºtt
|ƒjƒ}
|
jt|d
dƒt|ddƒt|ddƒt|ddƒt|ddƒt|dƒrZtj|jƒ
ndt|ddƒt|d	dƒt|d
dƒt|ddƒt|ddƒt|d
dƒdœƒ

|
jdt|ddƒi
ƒ

|
S)Nr=r&r'r5r$r6r9Ú
request_idr;Ú	user_namerÚproject_namer:F)r=r&r'r5r6r9rFr;rGrrHr:Zis_admin_projectT)	rr#Úto_dictÚupdateÚgetattrÚhasattrrZstrtimer9)rÚvalues)
rrrrIŒs&

























zRequestContext.to_dictcsVtt
|ƒj|
|
jd
ƒ
|
jdƒ
|
jddƒ|
jdƒ
|
jdƒ
|
jdƒ
|
jdƒ
|
jd	d
ƒd	S)Nr=r&r5r$r6r9r;rr:F)r=r&r5r6r9r;rr:)rr#Ú	from_dictr0)ÚclsrM)
rrrrNªs









zRequestContext.from_dictcCsFtj|ƒ
}tj
|jƒ
|_d
|_d|jkr4|jjdƒ

|
dk	rB|
|_|S)z5Return a version of this context with admin flag set.TZadminN)ÚcopyÚdeepcopyZrolesr'Úappendr5)rr5rrrrÚelevated»s




zRequestContext.elevatedTcCsF|d
kr|j|j
dœ}ytj||
|ƒStjk
r@


|r<‚dSXd
S)aRVerifies that the given action is valid on the target in this context.

        :param action: string representing the action to be checked.
        :param target: dictionary representing the object of the action
            for object creation this should be a dictionary representing the
            location of the object e.g. ``{'project_id': context.project_id}``.
            If None, then this default target will be considered:
            {'project_id': self.project_id, 'user_id': self.user_id}
        :param fatal: if False, will return False when an exception.Forbidden
           occurs.

        :raises dmapi.exception.Forbidden: if verification fails and fatal is
            True.

        :return: returns a non-False value (not necessarily "True") if
            authorized and False if not authorized and fatal is False.
        N)r&r=F)r&r=rZ	authorizer	Ú	Forbidden)rÚactionÚtargetZfatalrrrÚcanËs







zRequestContext.canc
stt
|ƒjƒ}
|j|
d
<|
S)Nr')rr#Úto_policy_valuesr')rr)
rrrrXès



zRequestContext.to_policy_valuesc

Csd
|jƒS)Nz<Context %s>)
rI)
rrrrÚ__str__ís
zRequestContext.__str__)
NNNr$NNNNFN)
N)NT)rrr r!rr>r@rDrEÚpropertyr5rIÚclassmethodrNrSrWrXrYr"rr)
rrr#:s"



4


r#cCstd
d
dddS)z·A helper method to get a blank context.

    Note that overwrite is False here so this context will not update the
    greenthread-local stored context that is used when logging.
    NF)r=r&r'Ú	overwrite)
r#rrrrÚget_contextñs


r]r$c

Cstddd
|ddS)NTF)r=r&r'r5r\)
r#)
r5rrrÚget_admin_contextýs




r^c


Cs*|sd
S|jrd
S|j
s"|jr&d
SdS)z2Indicates if the request context is a normal user.FT)r'r=r&)
rrrrÚis_user_context
s





r_c

Cs|jrt
|ƒ
rtjƒ‚
d
S)zRRaise exception.Forbidden() if context is not a user or an
    admin context.
    N)r'r_r	rT)
ZctxtrrrÚrequire_context
s
r`cCs.t|ƒ
r*|j
stjƒ‚
n|j
|
kr*tjƒ‚
d
S)z=Ensures a request has permission to access the given project.N)r_r&r	rT)rr&rrrÚauthorize_project_context
s






racCs.t|ƒ
r*|j
stjƒ‚
n|j
|
kr*tjƒ‚
d
S)z:Ensures a request has permission to access the given user.N)r_r=r	rT)rr=rrrÚauthorize_user_context'
s






rbcCs.t|ƒ
r*|j
stjƒ‚
n|j
|
kr*tjƒ‚
d
S)zAEnsures a request has permission to access the given quota class.N)r_r;r	rT)rÚ
class_namerrrÚauthorize_quota_class_context0
s






rdcsVˆd
k	rFddlm
‰
ddlm‰
tjˆjƒ
‡‡
‡‡fdd„ƒ
}|ƒ
nd
ˆ
_d
ˆ
_d
S)a¯
Adds database connection information to the context
    for communicating with the given target_cell.

    This is used for permanently targeting a cell in a context.
    Use this when you want all subsequent code to target a cell.

    Passing None for cell_mapping will untarget the context.

    :param context: The RequestContext to add connection information
    :param cell_mapping: An objects.CellMapping object or None
    Nr
)
Údb)
Úrpccszytˆj
}WnRtk
r`


ˆj}
ˆj|
ƒ
ˆ
_ˆjjd
ƒ
sJˆjˆjƒ
ˆ
_	ˆ
jˆ
j	ftˆj
<YnX|dˆ
_|dˆ
_	dS)NZnoner
é
)
Ú
CELL_CACHEÚuuidÚKeyErrorZdatabase_connectionZcreate_context_managerÚ
db_connectionZ
transport_urlÚ
startswithZcreate_transportÚ
mq_connection)Z
cell_tupleZdb_connection_string)Úcell_mappingrrerfrrÚ*get_or_set_cached_cell_and_set_connectionsM
s












zCset_target_cell.<locals>.get_or_set_cached_cell_and_set_connections)ÚdmapirerfrZsynchronizedrirkrm)rrnror)rnrrerfrÚset_target_cell:
s


rqccs"tj
|jƒƒ
}t||
ƒ
|V
d
S)a¡
Yields a new context with connection information for a specific cell.

    This function yields a copy of the provided context, which is targeted to
    the referenced cell for MQ and DB connections.

    Passing None for cell_mapping will yield an untargetd copy of the context.

    :param context: The RequestContext to add connection information
    :param cell_mapping: An objects.CellMapping object or None
    N)r#rNrIrq)rrnZcctxtrrrÚtarget_celld
s


rr)
r$)-r!rPÚ
contextlibrZkeystoneauth1.accessrrZ
keystoneauth1rZoslo_contextrZoslo_db.sqlalchemyrZoslo_logrZloggingZ
oslo_utilsrr8rpr	Z
dmapi.i18nr
rrZ	getLoggerrZLOGÚobjectZdid_not_respond_sentinelZraised_exception_sentinelZBaseAuthPluginr
Ztransaction_context_providerr#r]r^r_r`rarbrdrhrqrrrrrrÚ<module>s<








7
			
*