Merge pull request #263 from ImMin5/feature-service-accont-auto-sync

Modify error code

src/spaceone/identity/error/custom.py

@@ -5,5 +5,5 @@ class ERROR_GENERATE_KEY_FAILURE(ERROR_BASE):
     _message = "Error on generate key."
 
 
-class ERROR_MANAGED_RESOURCE_CAN_NOT_BE_MODIFIED(ERROR_BASE):
+class ERROR_MANAGED_RESOURCE_CAN_NOT_BE_MODIFIED(ERROR_UNKNOWN):
     _message = "Managed resource can not be deleted. please disable schedule first."

src/spaceone/identity/manager/resource_manager.py

@@ -19,7 +19,7 @@ def __init__(self, *args, **kwargs):
         super().__init__(*args, **kwargs)
         self.trusted_account_model = TrustedAccount
 
-    def check_is_managed_resource(
+    def check_is_managed_resource_by_trusted_account(
         self,
         resource_vo: Union[ServiceAccount, Project, ProjectGroup, Workspace],
     ) -> None:

src/spaceone/identity/service/project_group_service.py

@@ -33,7 +33,7 @@ def __init__(self, *args, **kwargs):
     )
     @convert_model
     def create(
-            self, params: ProjectGroupCreateRequest
+        self, params: ProjectGroupCreateRequest
     ) -> Union[ProjectGroupResponse, dict]:
         """Create project group
 
@@ -64,7 +64,7 @@ def create(
     )
     @convert_model
     def update(
-            self, params: ProjectGroupUpdateRequest
+        self, params: ProjectGroupUpdateRequest
     ) -> Union[ProjectGroupResponse, dict]:
         """Update project group
 
@@ -87,7 +87,7 @@ def update(
         )
 
         # Check is managed resource
-        self.resource_mgr.check_is_managed_resource(project_group_vo)
+        self.resource_mgr.check_is_managed_resource_by_trusted_account(project_group_vo)
 
         project_group_vo = self.project_group_mgr.update_project_group_by_vo(
             params.dict(exclude_unset=True), project_group_vo
@@ -100,7 +100,7 @@ def update(
     )
     @convert_model
     def change_parent_group(
-            self, params: ProjectChangeParentGroupRequest
+        self, params: ProjectChangeParentGroupRequest
     ) -> Union[ProjectGroupResponse, dict]:
         """Change parent project group
 
@@ -122,7 +122,7 @@ def change_parent_group(
         )
 
         # Check is managed resource
-        self.resource_mgr.check_is_managed_resource(project_group_vo)
+        self.resource_mgr.check_is_managed_resource_by_trusted_account(project_group_vo)
 
         # Check parent project group is
         if params.parent_group_id:
@@ -171,7 +171,7 @@ def delete(self, params: ProjectGroupDeleteRequest) -> None:
         )
 
         # Check is managed resource
-        self.resource_mgr.check_is_managed_resource(project_group_vo)
+        self.resource_mgr.check_is_managed_resource_by_trusted_account(project_group_vo)
 
         self.project_group_mgr.delete_project_group_by_vo(project_group_vo)
 
@@ -180,7 +180,7 @@ def delete(self, params: ProjectGroupDeleteRequest) -> None:
     )
     @convert_model
     def add_users(
-            self, params: ProjectGroupAddUsersRequest
+        self, params: ProjectGroupAddUsersRequest
     ) -> Union[ProjectGroupResponse, dict]:
         """Add users to project group
 
@@ -221,7 +221,7 @@ def add_users(
     )
     @convert_model
     def remove_users(
-            self, params: ProjectGroupRemoveUsersRequest
+        self, params: ProjectGroupRemoveUsersRequest
     ) -> ProjectGroupResponse:
         """Remove users from project group
         Args:
@@ -288,7 +288,7 @@ def get(self, params: ProjectGroupGetRequest) -> Union[ProjectGroupResponse, dic
     @append_keyword_filter(["project_group_id", "name"])
     @convert_model
     def list(
-            self, params: ProjectGroupSearchQueryRequest
+        self, params: ProjectGroupSearchQueryRequest
     ) -> Union[ProjectGroupsResponse, dict]:
         """List project groups
 
@@ -337,10 +337,10 @@ def stat(self, params: ProjectGroupStatQueryRequest) -> dict:
         return self.project_group_mgr.stat_project_groups(query)
 
     def _check_is_sub_project_group(
-            self,
-            change_parent_group_id: str,
-            cur_group_id: str,
-            project_group_vos: QuerySet,
+        self,
+        change_parent_group_id: str,
+        cur_group_id: str,
+        project_group_vos: QuerySet,
     ) -> Union[None, Exception]:
         for project_group_vo in project_group_vos:
             if project_group_vo.parent_group_id == cur_group_id:
@@ -357,7 +357,7 @@ def _check_is_sub_project_group(
         return None
 
     def _check_workspace_member_permission(
-            self, project_group_vo: ProjectGroup
+        self, project_group_vo: ProjectGroup
     ) -> None:
         role_type = self.transaction.get_meta("authorization.role_type")
         if role_type == "WORKSPACE_MEMBER":

src/spaceone/identity/service/project_service.py

@@ -90,7 +90,7 @@ def update(self, params: ProjectUpdateRequest) -> Union[ProjectResponse, dict]:
         )
 
         # Check is managed resource
-        self.resource_mgr.check_is_managed_resource(project_vo)
+        self.resource_mgr.check_is_managed_resource_by_trusted_account(project_vo)
 
         project_vo = self.project_mgr.update_project_by_vo(
             params.dict(exclude_unset=True), project_vo
@@ -101,7 +101,7 @@ def update(self, params: ProjectUpdateRequest) -> Union[ProjectResponse, dict]:
     @transaction(permission="identity:Project.write", role_types=["WORKSPACE_OWNER"])
     @convert_model
     def update_project_type(
-            self, params: ProjectUpdateProjectTypeRequest
+        self, params: ProjectUpdateProjectTypeRequest
     ) -> Union[ProjectResponse, dict]:
         """Update project type
         Args:
@@ -120,7 +120,7 @@ def update_project_type(
         )
 
         # Check is managed resource
-        self.resource_mgr.check_is_managed_resource(project_vo)
+        self.resource_mgr.check_is_managed_resource_by_trusted_account(project_vo)
 
         params_dict = params.dict(exclude_unset=True)
         if params.project_type == "PUBLIC":
@@ -134,7 +134,7 @@ def update_project_type(
     @transaction(permission="identity:Project.write", role_types=["WORKSPACE_OWNER"])
     @convert_model
     def change_project_group(
-            self, params: ProjectChangeProjectGroupRequest
+        self, params: ProjectChangeProjectGroupRequest
     ) -> Union[ProjectResponse, dict]:
         """Change project group
         Args:
@@ -162,7 +162,7 @@ def change_project_group(
         )
 
         # Check is managed resource
-        self.resource_mgr.check_is_managed_resource(project_vo)
+        self.resource_mgr.check_is_managed_resource_by_trusted_account(project_vo)
 
         project_vo = self.project_mgr.update_project_by_vo(params.dict(), project_vo)
 
@@ -189,7 +189,7 @@ def delete(self, params: ProjectDeleteRequest) -> None:
         )
 
         # Check is managed resource
-        self.resource_mgr.check_is_managed_resource(project_vo)
+        self.resource_mgr.check_is_managed_resource_by_trusted_account(project_vo)
 
         self.project_mgr.delete_project_by_vo(project_vo)
 
@@ -244,7 +244,7 @@ def add_users(self, params: ProjectAddUsersRequest) -> Union[ProjectResponse, di
     )
     @convert_model
     def remove_users(
-            self, params: ProjectRemoveUsersRequest
+        self, params: ProjectRemoveUsersRequest
     ) -> Union[ProjectResponse, dict]:
         """Remove users from project
         Args:
@@ -287,7 +287,7 @@ def remove_users(
     )
     @convert_model
     def add_user_groups(
-            self, params: ProjectAddUserGroupsRequest
+        self, params: ProjectAddUserGroupsRequest
     ) -> Union[ProjectResponse, dict]:
         return {}
 
@@ -297,7 +297,7 @@ def add_user_groups(
     )
     @convert_model
     def remove_user_groups(
-            self, params: ProjectRemoveUserGroupsRequest
+        self, params: ProjectRemoveUserGroupsRequest
     ) -> Union[ProjectResponse, dict]:
         return {}
 

src/spaceone/identity/service/service_account_service.py

@@ -171,7 +171,9 @@ def update(
         )
 
         # Check is managed resource
-        self.resource_mgr.check_is_managed_resource(service_account_vo)
+        self.resource_mgr.check_is_managed_resource_by_trusted_account(
+            service_account_vo
+        )
 
         if params.data:
             # Check data by schema
@@ -348,7 +350,9 @@ def delete(self, params: ServiceAccountDeleteRequest) -> None:
         )
 
         # Check is managed resource
-        self.resource_mgr.check_is_managed_resource(service_account_vo)
+        self.resource_mgr.check_is_managed_resource_by_trusted_account(
+            service_account_vo
+        )
 
         self.delete_service_account(service_account_vo)
 

src/spaceone/identity/service/workspace_service.py

@@ -73,7 +73,7 @@ def update(self, params: WorkspaceUpdateRequest) -> Union[WorkspaceResponse, dic
         )
 
         # Check is managed resource
-        self.resource_mgr.check_is_managed_resource(workspace_vo)
+        self.resource_mgr.check_is_managed_resource_by_trusted_account(workspace_vo)
 
         workspace_vo = self.workspace_mgr.update_workspace_by_vo(
             params.dict(exclude_unset=True), workspace_vo
@@ -100,7 +100,7 @@ def delete(self, params: WorkspaceDeleteRequest) -> None:
         workspace_vo = self.workspace_mgr.get_workspace(workspace_id, domain_id)
 
         # Check is managed resource
-        self.resource_mgr.check_is_managed_resource(workspace_vo)
+        self.resource_mgr.check_is_managed_resource_by_trusted_account(workspace_vo)
 
         service_account_vos = self.workspace_mgr.filter_workspaces(
             domain_id=domain_id, workspace_id=workspace_id
@@ -109,7 +109,9 @@ def delete(self, params: WorkspaceDeleteRequest) -> None:
         if params.force:
             self._delete_related_resources_in_workspace(workspace_vo)
         elif service_account_vos.count() > 0:
-            raise ERROR_EXIST_RESOURCE(child="Service Account", parent=workspace_vo.name)
+            raise ERROR_UNKNOWN(
+                _message=f"Please delete service accounts in workspace : {workspace_id}"
+            )
         else:
             self._delete_related_resources_in_workspace(workspace_vo)
 
@@ -132,15 +134,15 @@ def enable(self, params: WorkspaceEnableRequest) -> Union[WorkspaceResponse, dic
         )
 
         # Check is managed resource
-        self.resource_mgr.check_is_managed_resource(workspace_vo)
+        self.resource_mgr.check_is_managed_resource_by_trusted_account(workspace_vo)
 
         workspace_vo = self.workspace_mgr.enable_workspace(workspace_vo)
         return WorkspaceResponse(**workspace_vo.to_dict())
 
     @transaction(permission="identity:Workspace.write", role_types=["DOMAIN_ADMIN"])
     @convert_model
     def disable(
-            self, params: WorkspaceDisableRequest
+        self, params: WorkspaceDisableRequest
     ) -> Union[WorkspaceResponse, dict]:
         """Disable workspace
         Args:
@@ -157,7 +159,7 @@ def disable(
         )
 
         # Check is managed resource
-        self.resource_mgr.check_is_managed_resource(workspace_vo)
+        self.resource_mgr.check_is_managed_resource_by_trusted_account(workspace_vo)
 
         workspace_vo = self.workspace_mgr.disable_workspace(workspace_vo)
         return WorkspaceResponse(**workspace_vo.to_dict())
@@ -200,7 +202,7 @@ def check(self, params: WorkspaceCheckRequest) -> None:
     @append_keyword_filter(["workspace_id", "name"])
     @convert_model
     def list(
-            self, params: WorkspaceSearchQueryRequest
+        self, params: WorkspaceSearchQueryRequest
     ) -> Union[WorkspacesResponse, dict]:
         """List workspaces
         Args: