Python oslo_context.context.project_id() Examples
The following are 21
code examples of oslo_context.context.project_id().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
oslo_context.context
, or try the search function
.
.
Example #1
| Source File: context.py From zun with Apache License 2.0 | 6 votes |
|
def to_dict(self):
value = super(RequestContext, self).to_dict()
value.update({'auth_token': self.auth_token,
'domain_id': self.domain_id,
'domain_name': self.domain_name,
'user_domain_id': self.user_domain_id,
'user_domain_name': self.user_domain_name,
'user_name': self.user_name,
'user_id': self.user_id,
'project_name': self.project_name,
'project_id': self.project_id,
'is_admin': self.is_admin,
'read_only': self.read_only,
'roles': self.roles,
'show_deleted': self.show_deleted,
'request_id': self.request_id,
'trust_id': self.trust_id,
'auth_token_info': self.auth_token_info,
'password': self.password,
'all_projects': self.all_projects,
'timestamp': timeutils.strtime(self.timestamp) if
hasattr(self, 'timestamp') else None
})
return value
Example #2
| Source File: context.py From ec2-api with Apache License 2.0 | 6 votes |
|
def to_dict(self):
values = super(RequestContext, self).to_dict()
# FIXME(dims): defensive hasattr() checks need to be
# removed once we figure out why we are seeing stack
# traces
values.update({
'user_id': getattr(self, 'user_id', None),
'project_id': getattr(self, 'project_id', None),
'is_admin': getattr(self, 'is_admin', None),
'remote_address': getattr(self, 'remote_address', None),
'timestamp': self.timestamp.strftime(
timeutils.PERFECT_TIME_FORMAT) if hasattr(
self, 'timestamp') else None,
'request_id': getattr(self, 'request_id', None),
'quota_class': getattr(self, 'quota_class', None),
'user_name': getattr(self, 'user_name', None),
'service_catalog': getattr(self, 'service_catalog', None),
'project_name': getattr(self, 'project_name', None),
'is_os_admin': getattr(self, 'is_os_admin', None),
'api_version': getattr(self, 'api_version', None),
})
return values
Example #3
| Source File: context.py From karbor with Apache License 2.0 | 6 votes |
|
def from_dict(cls, values):
allowed_keys = [
'user_id',
'project_id',
'project_name',
'domain',
'read_deleted',
'remote_address',
'timestamp',
'quota_class',
'service_catalog',
'request_id',
'is_admin',
'roles',
'auth_token',
'user_domain',
'project_domain',
'auth_token_info'
]
kwargs = {k: values[k] for k in values if k in allowed_keys}
return cls(**kwargs)
Example #4
| Source File: context.py From masakari with Apache License 2.0 | 6 votes |
|
def to_dict(self):
values = super(RequestContext, self).to_dict()
# FIXME: defensive hasattr() checks need to be
# removed once we figure out why we are seeing stack
# traces
values.update({
'user_id': getattr(self, 'user_id', None),
'project_id': getattr(self, 'project_id', None),
'is_admin': getattr(self, 'is_admin', None),
'read_deleted': getattr(self, 'read_deleted', 'no'),
'remote_address': getattr(self, 'remote_address', None),
'timestamp': utils.strtime(self.timestamp) if hasattr(
self, 'timestamp') else None,
'request_id': getattr(self, 'request_id', None),
'user_name': getattr(self, 'user_name', None),
'service_catalog': getattr(self, 'service_catalog', None),
'project_name': getattr(self, 'project_name', None)
})
return values
Example #5
| Source File: context.py From karbor with Apache License 2.0 | 5 votes |
|
def get_admin_context(read_deleted="no"):
return RequestContext(user_id=None,
project_id=None,
is_admin=True,
read_deleted=read_deleted,
overwrite=False)
Example #6
| Source File: context.py From karbor with Apache License 2.0 | 5 votes |
|
def project_id(self):
return self.tenant
Example #7
| Source File: context.py From karbor with Apache License 2.0 | 5 votes |
|
def can(self, action, target_obj=None, fatal=True):
"""Verifies that the given action is valid on the target in this context.
:param action: string representing the action to be checked.
:param target: dictionary representing the object of the action
for object creation this should be a dictionary representing the
location of the object e.g. ``{'project_id': context.project_id}``.
If None, then this default target will be considered:
{'project_id': self.project_id, 'user_id': self.user_id}
:param: target_obj: dictionary representing the object which will be
used to update target.
:param fatal: if False, will return False when an
exception.NotAuthorized occurs.
:raises nova.exception.Forbidden: if verification fails and fatal is
True.
:return: returns a non-False value (not necessarily "True") if
authorized and False if not authorized and fatal is False.
"""
target = {'project_id': self.project_id,
'user_id': self.user_id}
if isinstance(target_obj, objects_base.KarborObject):
# Turn object into dict so target.update can work
target.update(
target_obj.obj_to_primitive()['karbor_object.data'] or {})
else:
target.update(target_obj or {})
try:
return policy.authorize(self, action, target)
except exception.NotAuthorized:
if fatal:
raise
return False
Example #8
| Source File: context.py From karbor with Apache License 2.0 | 5 votes |
|
def to_dict(self):
result = super(RequestContext, self).to_dict()
result['user_id'] = self.user_id
result['project_id'] = self.project_id
result['project_name'] = self.project_name
result['domain'] = self.domain
result['read_deleted'] = self.read_deleted
result['roles'] = self.roles
result['remote_address'] = self.remote_address
result['timestamp'] = self.timestamp.isoformat()
result['quota_class'] = self.quota_class
result['service_catalog'] = self.service_catalog
result['request_id'] = self.request_id
result['auth_token_info'] = self._auth_token_info
return result
Example #9
| Source File: context.py From cyborg with Apache License 2.0 | 5 votes |
|
def authorize_project_context(context, project_id):
"""Ensures a request has permission to access the given project."""
if is_user_context(context):
if not context.project_id:
raise exception.Forbidden()
elif context.project_id != project_id:
raise exception.Forbidden()
Example #10
| Source File: context.py From cyborg with Apache License 2.0 | 5 votes |
|
def get_admin_context(read_deleted="no"):
# NOTE(alaski): This method should only be used when an admin context is
# necessary for the entirety of the context lifetime. If that's not the
# case please use get_context(), or create the RequestContext manually, and
# use context.elevated() where necessary. Some periodic tasks may use
# get_admin_context so that their database calls are not filtered on
# project_id.
return RequestContext(user_id=None,
project_id=None,
is_admin=True,
read_deleted=read_deleted,
overwrite=False)
Example #11
| Source File: context.py From cyborg with Apache License 2.0 | 5 votes |
|
def get_context():
"""A helper method to get a blank context.
Note that overwrite is False here so this context will not update the
greenthread-local stored context that is used when logging.
"""
return RequestContext(user_id=None,
project_id=None,
is_admin=False,
overwrite=False)
Example #12
| Source File: context.py From cyborg with Apache License 2.0 | 5 votes |
|
def from_dict(cls, values):
return super(RequestContext, cls).from_dict(
values,
user_id=values.get('user_id'),
project_id=values.get('project_id'),
# TODO(sdague): oslo.context has show_deleted, if
# possible, we should migrate to that in the future so we
# don't need to be different here.
read_deleted=values.get('read_deleted', 'no'),
remote_address=values.get('remote_address'),
timestamp=values.get('timestamp'),
quota_class=values.get('quota_class'),
service_catalog=values.get('service_catalog'),
)
Example #13
| Source File: context.py From cyborg with Apache License 2.0 | 5 votes |
|
def to_dict(self):
values = super(RequestContext, self).to_dict()
# FIXME(dims): defensive hasattr() checks need to be
# removed once we figure out why we are seeing stack
# traces
values.update({
'user_id': getattr(self, 'user_id', None),
'project_id': getattr(self, 'project_id', None),
'is_admin': getattr(self, 'is_admin', None),
'read_deleted': getattr(self, 'read_deleted', 'no'),
'remote_address': getattr(self, 'remote_address', None),
'timestamp': utils.strtime(self.timestamp) if hasattr(
self, 'timestamp') else None,
'request_id': getattr(self, 'request_id', None),
'quota_class': getattr(self, 'quota_class', None),
'user_name': getattr(self, 'user_name', None),
'service_catalog': getattr(self, 'service_catalog', None),
'project_name': getattr(self, 'project_name', None),
})
# NOTE(tonyb): This can be removed once we're certain to have a
# RequestContext contains 'is_admin_project', We can only get away with
# this because we "know" the default value of 'is_admin_project' which
# is very fragile.
values.update({
'is_admin_project': getattr(self, 'is_admin_project', True),
})
return values
Example #14
| Source File: context.py From masakari with Apache License 2.0 | 5 votes |
|
def get_admin_context(read_deleted="no"):
return RequestContext(user_id=None,
project_id=None,
is_admin=True,
read_deleted=read_deleted,
overwrite=False)
Example #15
| Source File: context.py From masakari with Apache License 2.0 | 5 votes |
|
def can(self, action, target=None, fatal=True):
"""Verifies that the given action is valid on the target in this context.
:param action: string representing the action to be checked.
:param target: dictionary representing the object of the action
for object creation this should be a dictionary representing the
location of the object e.g. ``{'project_id': context.project_id}``.
If None, then this default target will be considered:
{'project_id': self.project_id, 'user_id': self.user_id}
:param fatal: if False, will return False when an exception.Forbidden
occurs.
:raises masakari.exception.Forbidden: if verification fails and fatal
is True.
:return: returns a non-False value (not necessarily "True") if
authorized and False if not authorized and fatal is False.
"""
if target is None:
target = {'project_id': self.project_id,
'user_id': self.user_id}
try:
return policy.authorize(self, action, target)
except exception.Forbidden:
if fatal:
raise
return False
Example #16
| Source File: context.py From ec2-api with Apache License 2.0 | 5 votes |
|
def is_user_context(context):
"""Indicates if the request context is a normal user."""
if not context:
return False
if context.is_os_admin:
return False
if not context.user_id or not context.project_id:
return False
return True
Example #17
| Source File: context.py From zun with Apache License 2.0 | 5 votes |
|
def can(self, action, target=None, fatal=True, might_not_exist=False):
"""Verifies that the given action is valid on the target in this context.
:param action: string representing the action to be checked.
:param target: dictionary representing the object of the action
for object creation this should be a dictionary representing the
location of the object e.g. ``{'project_id': context.project_id}``.
If None, then this default target will be considered:
{'project_id': self.project_id, 'user_id': self.user_id}
:param fatal: if False, will return False when an
exception.NotAuthorized occurs.
:param might_not_exist: If True the policy check is skipped (and the
function returns True) if the specified policy does not exist.
Defaults to false.
:raises zun.common.exception.NotAuthorized: if verification fails and
fatal is True.
:return: returns a non-False value (not necessarily "True") if
authorized and False if not authorized and fatal is False.
"""
if target is None:
target = {'project_id': self.project_id,
'user_id': self.user_id}
try:
return policy.authorize(self, action, target,
might_not_exist=might_not_exist)
except exception.NotAuthorized:
if fatal:
raise
return False
Example #18
| Source File: context.py From cyborg with Apache License 2.0 | 4 votes |
|
def __init__(self, user_id=None, project_id=None, is_admin=None,
read_deleted="no", remote_address=None, timestamp=None,
quota_class=None, service_catalog=None,
user_auth_plugin=None, **kwargs):
""":param read_deleted: 'no' indicates deleted records are hidden,
'yes' indicates deleted records are visible,
'only' indicates that *only* deleted records are visible.
:param overwrite: Set to False to ensure that the greenthread local
copy of the index is not overwritten.
:param instance_lock_checked: This is not used and will be removed
in a future release.
:param user_auth_plugin: The auth plugin for the current request's
authentication data.
"""
if user_id:
kwargs['user_id'] = user_id
if project_id:
kwargs['project_id'] = project_id
super(RequestContext, self).__init__(is_admin=is_admin, **kwargs)
self.read_deleted = read_deleted
self.remote_address = remote_address
if not timestamp:
timestamp = timeutils.utcnow()
if isinstance(timestamp, six.string_types):
timestamp = timeutils.parse_strtime(timestamp)
self.timestamp = timestamp
if service_catalog:
# Only include required parts of service_catalog
self.service_catalog = [s for s in service_catalog
if s.get('type') in ('image')]
else:
# if list is empty or none
self.service_catalog = []
self.user_auth_plugin = user_auth_plugin
# if self.is_admin is None:
# self.is_admin = policy.check_is_admin(self)
Example #19
| Source File: context.py From karbor with Apache License 2.0 | 4 votes |
|
def __init__(self, user_id, project_id, is_admin=None, read_deleted="no",
roles=None, project_name=None, remote_address=None,
timestamp=None, request_id=None, auth_token=None,
overwrite=True, quota_class=None, service_catalog=None,
domain=None, user_domain=None, project_domain=None,
auth_token_info=None):
"""Initialize RequestContext.
:param read_deleted: 'no' indicates deleted records are hidden, 'yes'
indicates deleted records are visible, 'only' indicates that
*only* deleted records are visible.
:param overwrite: Set to False to ensure that the greenthread local
copy of the index is not overwritten.
"""
super(RequestContext, self).__init__(auth_token=auth_token,
user=user_id,
tenant=project_id,
domain=domain,
user_domain=user_domain,
project_domain=project_domain,
is_admin=is_admin,
request_id=request_id,
overwrite=overwrite)
self.roles = roles or []
self.project_name = project_name
self.read_deleted = read_deleted
self.remote_address = remote_address
if not timestamp:
timestamp = timeutils.utcnow()
elif isinstance(timestamp, six.string_types):
timestamp = timeutils.parse_isotime(timestamp)
self.timestamp = timestamp
self.quota_class = quota_class
self._auth_token_info = auth_token_info
if service_catalog:
# Only include required parts of service_catalog
self.service_catalog = [s for s in service_catalog
if s.get('type') in
('identity', 'compute', 'object-store',
'image', 'volume', 'volumev2', 'network',
'volumev3', 'orchestration',
'share', 'sharev2', 'database')]
else:
# if list is empty or none
self.service_catalog = []
# We need to have RequestContext attributes defined
# when policy.check_is_admin invokes request logging
# to make it loggable.
if self.is_admin is None:
self.is_admin = policy.check_is_admin(self)
elif self.is_admin and 'admin' not in self.roles:
self.roles.append('admin')
Example #20
| Source File: context.py From ec2-api with Apache License 2.0 | 4 votes |
|
def __init__(self, user_id, project_id, request_id=None,
is_admin=None, remote_address=None,
auth_token=None, user_name=None, project_name=None,
overwrite=True, service_catalog=None, api_version=None,
is_os_admin=None, **kwargs):
"""Parameters
:param overwrite: Set to False to ensure that the greenthread local
copy of the index is not overwritten.
:param kwargs: Extra arguments that might be present, but we ignore
because they possibly came in from older rpc messages.
"""
user = kwargs.pop('user', None)
tenant = kwargs.pop('tenant', None)
super(RequestContext, self).__init__(
auth_token=auth_token,
user=user_id or user,
tenant=project_id or tenant,
is_admin=is_admin,
request_id=request_id,
resource_uuid=kwargs.pop('resource_uuid', None),
overwrite=overwrite)
# oslo_context's RequestContext.to_dict() generates this field, we can
# safely ignore this as we don't use it.
kwargs.pop('user_identity', None)
self.session = kwargs.pop('session', None)
if kwargs:
LOG.warning('Arguments dropped when creating context: %s',
str(kwargs))
self.user_id = user_id
self.project_id = project_id
self.remote_address = remote_address
timestamp = timeutils.utcnow()
if isinstance(timestamp, six.string_types):
timestamp = timeutils.parse_strtime(timestamp)
self.timestamp = timestamp
self.service_catalog = service_catalog
if self.service_catalog is None:
# if list is empty or none
self.service_catalog = []
self.user_name = user_name
self.project_name = project_name
self.is_admin = is_admin
# TODO(ft): call policy.check_is_admin if is_admin is None
self.is_os_admin = is_os_admin
self.api_version = api_version
Example #21
| Source File: context.py From zun with Apache License 2.0 | 4 votes |
|
def __init__(self, auth_token=None, domain_id=None,
domain_name=None, user_name=None, user_id=None,
user_domain_name=None, user_domain_id=None,
project_name=None, project_id=None, roles=None,
is_admin=None, read_only=False, show_deleted=False,
request_id=None, trust_id=None, auth_token_info=None,
all_projects=False, password=None, timestamp=None, **kwargs):
"""Stores several additional request parameters:
:param domain_id: The ID of the domain.
:param domain_name: The name of the domain.
:param user_domain_id: The ID of the domain to
authenticate a user against.
:param user_domain_name: The name of the domain to
authenticate a user against.
"""
super(RequestContext, self).__init__(auth_token=auth_token,
user_id=user_name,
project_id=project_name,
is_admin=is_admin,
read_only=read_only,
show_deleted=show_deleted,
request_id=request_id,
roles=roles)
self.user_name = user_name
self.user_id = user_id
self.project_name = project_name
self.project_id = project_id
self.domain_id = domain_id
self.domain_name = domain_name
self.user_domain_id = user_domain_id
self.user_domain_name = user_domain_name
self.auth_token_info = auth_token_info
self.trust_id = trust_id
self.all_projects = all_projects
self.password = password
if is_admin is None:
self.is_admin = policy.check_is_admin(self)
else:
self.is_admin = is_admin
if not timestamp:
timestamp = timeutils.utcnow()
if isinstance(timestamp, str):
timestamp = timeutils.parse_strtime(timestamp)
self.timestamp = timestamp
