def load_backends(): # Configure and build the cache cache.configure_cache_region(cache.REGION) # Ensure that the identity driver is created before the assignment manager # and that the assignment driver is created before the resource manager. # The default resource driver depends on assignment, which in turn # depends on identity - hence we need to ensure the chain is available. _IDENTITY_API = identity.Manager() _ASSIGNMENT_API = assignment.Manager() DRIVERS = dict(assignment_api=_ASSIGNMENT_API, catalog_api=catalog.Manager(), credential_api=credential.Manager(), endpoint_filter_api=endpoint_filter.Manager(), endpoint_policy_api=endpoint_policy.Manager(), federation_api=federation.Manager(), id_generator_api=identity.generator.Manager(), id_mapping_api=identity.MappingManager(), identity_api=_IDENTITY_API, policy_api=policy.Manager(), resource_api=resource.Manager(), role_api=assignment.RoleManager(), token_api=token.persistence.Manager(), trust_api=trust.Manager(), token_provider_api=token.provider.Manager()) auth.controllers.load_auth_methods() return DRIVERS
def load_backends(self): """Initializes each manager and assigns them to an attribute.""" # TODO(blk-u): Shouldn't need to clear the registry here, but some # tests call load_backends multiple times. These should be fixed to # only call load_backends once. dependency.reset() # TODO(morganfainberg): Shouldn't need to clear the registry here, but # some tests call load_backends multiple times. Since it is not # possible to re-configure a backend, we need to clear the list. This # should eventually be removed once testing has been cleaned up. kvs_core.KEY_VALUE_STORE_REGISTRY.clear() drivers = service.load_backends() # TODO(stevemar): currently, load oauth1 driver as well, eventually # we need to have this as optional. from keystone.contrib import oauth1 drivers['oauth1_api'] = oauth1.Manager() from keystone.contrib import federation drivers['federation_api'] = federation.Manager() dependency.resolve_future_dependencies() for manager_name, manager in six.iteritems(drivers): setattr(self, manager_name, manager)
def load_backends(self): """Initializes each manager and assigns them to an attribute.""" # TODO(blk-u): Shouldn't need to clear the registry here, but some # tests call load_backends multiple times. These should be fixed to # only call load_backends once. dependency.reset() # TODO(morganfainberg): Shouldn't need to clear the registry here, but # some tests call load_backends multiple times. Since it is not # possible to re-configure a backend, we need to clear the list. This # should eventually be removed once testing has been cleaned up. kvs_core.KEY_VALUE_STORE_REGISTRY.clear() self.clear_auth_plugin_registry() drivers = service.load_backends() # TODO(stevemar): currently, load oauth1 driver as well, eventually # we need to have this as optional. from keystone.contrib import oauth1 drivers['oauth1_api'] = oauth1.Manager() from keystone.contrib import federation drivers['federation_api'] = federation.Manager() dependency.resolve_future_dependencies() for manager_name, manager in six.iteritems(drivers): setattr(self, manager_name, manager) # The credential backend only supports SQL, so we always have to load # the tables. self.engine = session.get_engine() self.addCleanup(session.cleanup) sql.ModelBase.metadata.create_all(bind=self.engine) self.addCleanup(sql.ModelBase.metadata.drop_all, bind=self.engine)
def load_backends(): # Configure and build the cache cache.configure_cache_region(cache.REGION) # Ensure that the identity driver is created before the assignment manager. # The default assignment driver is determined by the identity driver, so # the identity driver must be available to the assignment manager. _IDENTITY_API = identity.Manager() DRIVERS = dict( assignment_api=assignment.Manager(), catalog_api=catalog.Manager(), credential_api=credential.Manager(), domain_config_api=resource.DomainConfigManager(), endpoint_filter_api=endpoint_filter.Manager(), endpoint_policy_api=endpoint_policy.Manager(), federation_api=federation.Manager(), id_generator_api=identity.generator.Manager(), id_mapping_api=identity.MappingManager(), identity_api=_IDENTITY_API, oauth_api=oauth1.Manager(), policy_api=policy.Manager(), resource_api=resource.Manager(), revoke_api=revoke.Manager(), role_api=assignment.RoleManager(), token_api=token.persistence.Manager(), trust_api=trust.Manager(), token_provider_api=token.provider.Manager(), # admin_api=moon.AdminManager(), # authz_api=moon.AuthzManager() ) auth.controllers.load_auth_methods() return DRIVERS
def add_routes(self, mapper): # This is needed for dependency injection # it loads the Federation driver which registers it as a dependency. federation.Manager() idp_controller = controllers.IdentityProvider() protocol_controller = controllers.FederationProtocol() mapping_controller = controllers.MappingController() # Identity Provider CRUD operations mapper.connect(self._construct_url('identity_providers/{idp_id}'), controller=idp_controller, action='create_identity_provider', conditions=dict(method=['PUT'])) mapper.connect(self._construct_url('identity_providers'), controller=idp_controller, action='list_identity_providers', conditions=dict(method=['GET'])) mapper.connect(self._construct_url('identity_providers/{idp_id}'), controller=idp_controller, action='get_identity_provider', conditions=dict(method=['GET'])) mapper.connect(self._construct_url('identity_providers/{idp_id}'), controller=idp_controller, action='delete_identity_provider', conditions=dict(method=['DELETE'])) mapper.connect(self._construct_url('identity_providers/{idp_id}'), controller=idp_controller, action='update_identity_provider', conditions=dict(method=['PATCH'])) # Protocol CRUD operations mapper.connect(self._construct_url('identity_providers/{idp_id}/' 'protocols/{protocol_id}'), controller=protocol_controller, action='create_protocol', conditions=dict(method=['PUT'])) mapper.connect(self._construct_url('identity_providers/{idp_id}/' 'protocols/{protocol_id}'), controller=protocol_controller, action='update_protocol', conditions=dict(method=['PATCH'])) mapper.connect(self._construct_url('identity_providers/{idp_id}/' 'protocols/{protocol_id}'), controller=protocol_controller, action='get_protocol', conditions=dict(method=['GET'])) mapper.connect(self._construct_url('identity_providers/{idp_id}/' 'protocols'), controller=protocol_controller, action='list_protocols', conditions=dict(method=['GET'])) mapper.connect(self._construct_url('identity_providers/{idp_id}/' 'protocols/{protocol_id}'), controller=protocol_controller, action='delete_protocol', conditions=dict(method=['DELETE'])) # Mapping CRUD operations mapper.connect(self._construct_url('mappings/{mapping_id}'), controller=mapping_controller, action='create_mapping', conditions=dict(method=['PUT'])) mapper.connect(self._construct_url('mappings'), controller=mapping_controller, action='list_mappings', conditions=dict(method=['GET'])) mapper.connect(self._construct_url('mappings/{mapping_id}'), controller=mapping_controller, action='get_mapping', conditions=dict(method=['GET'])) mapper.connect(self._construct_url('mappings/{mapping_id}'), controller=mapping_controller, action='delete_mapping', conditions=dict(method=['DELETE'])) mapper.connect(self._construct_url('mappings/{mapping_id}'), controller=mapping_controller, action='update_mapping', conditions=dict(method=['PATCH']))
def add_routes(self, mapper): # This is needed for dependency injection # it loads the Federation driver which registers it as a dependency. federation.Manager() auth_controller = controllers.Auth() idp_controller = controllers.IdentityProvider() protocol_controller = controllers.FederationProtocol() mapping_controller = controllers.MappingController() project_controller = controllers.ProjectV3() domain_controller = controllers.DomainV3() # Identity Provider CRUD operations self._add_resource( mapper, idp_controller, path=self._construct_url('identity_providers/{idp_id}'), get_action='get_identity_provider', put_action='create_identity_provider', patch_action='update_identity_provider', delete_action='delete_identity_provider') self._add_resource(mapper, idp_controller, path=self._construct_url('identity_providers'), get_action='list_identity_providers') # Protocol CRUD operations self._add_resource(mapper, protocol_controller, path=self._construct_url( 'identity_providers/{idp_id}/protocols/' '{protocol_id}'), get_action='get_protocol', put_action='create_protocol', patch_action='update_protocol', delete_action='delete_protocol') self._add_resource( mapper, protocol_controller, path=self._construct_url('identity_providers/{idp_id}/protocols'), get_action='list_protocols') # Mapping CRUD operations self._add_resource(mapper, mapping_controller, path=self._construct_url('mappings/{mapping_id}'), get_action='get_mapping', put_action='create_mapping', patch_action='update_mapping', delete_action='delete_mapping') self._add_resource(mapper, mapping_controller, path=self._construct_url('mappings'), get_action='list_mappings') self._add_resource(mapper, domain_controller, path=self._construct_url('domains'), get_action='list_domains_for_groups') self._add_resource(mapper, project_controller, path=self._construct_url('projects'), get_action='list_projects_for_groups') self._add_resource(mapper, auth_controller, path=self._construct_url( 'identity_providers/{identity_provider}/' 'protocols/{protocol}/auth'), get_post_action='federated_authentication')
def add_routes(self, mapper): # This is needed for dependency injection # it loads the Federation driver which registers it as a dependency. federation.Manager() auth_controller = controllers.Auth() idp_controller = controllers.IdentityProvider() protocol_controller = controllers.FederationProtocol() mapping_controller = controllers.MappingController() project_controller = controllers.ProjectV3() domain_controller = controllers.DomainV3() # Identity Provider CRUD operations mapper.connect( self._construct_url('identity_providers/{idp_id}'), controller=idp_controller, action='create_identity_provider', conditions=dict(method=['PUT'])) mapper.connect( self._construct_url('identity_providers'), controller=idp_controller, action='list_identity_providers', conditions=dict(method=['GET'])) mapper.connect( self._construct_url('identity_providers/{idp_id}'), controller=idp_controller, action='get_identity_provider', conditions=dict(method=['GET'])) mapper.connect( self._construct_url('identity_providers/{idp_id}'), controller=idp_controller, action='delete_identity_provider', conditions=dict(method=['DELETE'])) mapper.connect( self._construct_url('identity_providers/{idp_id}'), controller=idp_controller, action='update_identity_provider', conditions=dict(method=['PATCH'])) # Protocol CRUD operations mapper.connect( self._construct_url('identity_providers/{idp_id}/' 'protocols/{protocol_id}'), controller=protocol_controller, action='create_protocol', conditions=dict(method=['PUT'])) mapper.connect( self._construct_url('identity_providers/{idp_id}/' 'protocols/{protocol_id}'), controller=protocol_controller, action='update_protocol', conditions=dict(method=['PATCH'])) mapper.connect( self._construct_url('identity_providers/{idp_id}/' 'protocols/{protocol_id}'), controller=protocol_controller, action='get_protocol', conditions=dict(method=['GET'])) mapper.connect( self._construct_url('identity_providers/{idp_id}/' 'protocols'), controller=protocol_controller, action='list_protocols', conditions=dict(method=['GET'])) mapper.connect( self._construct_url('identity_providers/{idp_id}/' 'protocols/{protocol_id}'), controller=protocol_controller, action='delete_protocol', conditions=dict(method=['DELETE'])) # Mapping CRUD operations mapper.connect( self._construct_url('mappings/{mapping_id}'), controller=mapping_controller, action='create_mapping', conditions=dict(method=['PUT'])) mapper.connect( self._construct_url('mappings'), controller=mapping_controller, action='list_mappings', conditions=dict(method=['GET'])) mapper.connect( self._construct_url('mappings/{mapping_id}'), controller=mapping_controller, action='get_mapping', conditions=dict(method=['GET'])) mapper.connect( self._construct_url('mappings/{mapping_id}'), controller=mapping_controller, action='delete_mapping', conditions=dict(method=['DELETE'])) mapper.connect( self._construct_url('mappings/{mapping_id}'), controller=mapping_controller, action='update_mapping', conditions=dict(method=['PATCH'])) mapper.connect( self._construct_url('domains'), controller=domain_controller, action='list_domains_for_groups', conditions=dict(method=['GET'])) mapper.connect( self._construct_url('projects'), controller=project_controller, action='list_projects_for_groups', conditions=dict(method=['GET'])) mapper.connect( self._construct_url('identity_providers/' '{identity_provider}/protocols/' '{protocol}/auth'), controller=auth_controller, action='federated_authentication', conditions=dict(method=['GET', 'POST']))
def add_routes(self, mapper): # This is needed for dependency injection # it loads the Federation driver which registers it as a dependency. federation.Manager() auth_controller = controllers.Auth() idp_controller = controllers.IdentityProvider() protocol_controller = controllers.FederationProtocol() mapping_controller = controllers.MappingController() project_controller = controllers.ProjectV3() domain_controller = controllers.DomainV3() saml_metadata_controller = controllers.SAMLMetadataV3() # Identity Provider CRUD operations self._add_resource( mapper, idp_controller, path=self._construct_url('identity_providers/{idp_id}'), get_action='get_identity_provider', put_action='create_identity_provider', patch_action='update_identity_provider', delete_action='delete_identity_provider', rel=build_resource_relation(resource_name='identity_provider'), path_vars={ 'idp_id': IDP_ID_PARAMETER_RELATION, }) self._add_resource( mapper, idp_controller, path=self._construct_url('identity_providers'), get_action='list_identity_providers', rel=build_resource_relation(resource_name='identity_providers')) # Protocol CRUD operations self._add_resource(mapper, protocol_controller, path=self._construct_url( 'identity_providers/{idp_id}/protocols/' '{protocol_id}'), get_action='get_protocol', put_action='create_protocol', patch_action='update_protocol', delete_action='delete_protocol', rel=build_resource_relation( resource_name='identity_provider_protocol'), path_vars={ 'idp_id': IDP_ID_PARAMETER_RELATION, 'protocol_id': PROTOCOL_ID_PARAMETER_RELATION, }) self._add_resource( mapper, protocol_controller, path=self._construct_url('identity_providers/{idp_id}/protocols'), get_action='list_protocols', rel=build_resource_relation( resource_name='identity_provider_protocols'), path_vars={ 'idp_id': IDP_ID_PARAMETER_RELATION, }) # Mapping CRUD operations self._add_resource( mapper, mapping_controller, path=self._construct_url('mappings/{mapping_id}'), get_action='get_mapping', put_action='create_mapping', patch_action='update_mapping', delete_action='delete_mapping', rel=build_resource_relation(resource_name='mapping'), path_vars={ 'mapping_id': build_parameter_relation(parameter_name='mapping_id'), }) self._add_resource( mapper, mapping_controller, path=self._construct_url('mappings'), get_action='list_mappings', rel=build_resource_relation(resource_name='mappings')) self._add_resource( mapper, domain_controller, path=self._construct_url('domains'), get_action='list_domains_for_groups', rel=build_resource_relation(resource_name='domains')) self._add_resource( mapper, project_controller, path=self._construct_url('projects'), get_action='list_projects_for_groups', rel=build_resource_relation(resource_name='projects')) self._add_resource( mapper, auth_controller, path=self._construct_url('identity_providers/{identity_provider}/' 'protocols/{protocol}/auth'), get_post_action='federated_authentication', rel=build_resource_relation( resource_name='identity_provider_protocol_auth'), path_vars={ 'identity_provider': IDP_ID_PARAMETER_RELATION, 'protocol': PROTOCOL_ID_PARAMETER_RELATION, }) # Auth operations self._add_resource(mapper, auth_controller, path='/auth' + self._construct_url('saml2'), post_action='create_saml_assertion', rel=build_resource_relation(resource_name='saml2')) # Keystone-Identity-Provider metadata endpoint self._add_resource( mapper, saml_metadata_controller, path=self._construct_url('saml2/metadata'), get_action='get_metadata', rel=build_resource_relation(resource_name='metadata'))