def load_backends(self):
"""Initializes each manager and assigns them to an attribute."""
# TODO(blk-u): Shouldn't need to clear the registry here, but some
# tests call load_backends multiple times. These should be fixed to
# only call load_backends once.
dependency.reset()
# TODO(morganfainberg): Shouldn't need to clear the registry here, but
# some tests call load_backends multiple times. Since it is not
# possible to re-configure a backend, we need to clear the list. This
# should eventually be removed once testing has been cleaned up.
kvs_core.KEY_VALUE_STORE_REGISTRY.clear()
drivers = service.load_backends()
# TODO(stevemar): currently, load oauth1 driver as well, eventually
# we need to have this as optional.
from keystone.contrib import oauth1
drivers['oauth1_api'] = oauth1.Manager()
from keystone.contrib import federation
drivers['federation_api'] = federation.Manager()
dependency.resolve_future_dependencies()
for manager_name, manager in six.iteritems(drivers):
setattr(self, manager_name, manager)
def load_backends():
# Configure and build the cache
cache.configure_cache_region(cache.REGION)
# Ensure that the identity driver is created before the assignment manager
# and that the assignment driver is created before the resource manager.
# The default resource driver depends on assignment, which in turn
# depends on identity - hence we need to ensure the chain is available.
_IDENTITY_API = identity.Manager()
_ASSIGNMENT_API = assignment.Manager()
DRIVERS = dict(assignment_api=_ASSIGNMENT_API,
catalog_api=catalog.Manager(),
credential_api=credential.Manager(),
domain_config_api=resource.DomainConfigManager(),
endpoint_filter_api=endpoint_filter.Manager(),
endpoint_policy_api=endpoint_policy.Manager(),
federation_api=federation.Manager(),
id_generator_api=identity.generator.Manager(),
id_mapping_api=identity.MappingManager(),
identity_api=_IDENTITY_API,
oauth_api=oauth1.Manager(),
policy_api=policy.Manager(),
resource_api=resource.Manager(),
revoke_api=revoke.Manager(),
role_api=assignment.RoleManager(),
token_api=token.persistence.Manager(),
trust_api=trust.Manager(),
token_provider_api=token.provider.Manager())
auth.controllers.load_auth_methods()
return DRIVERS
def load_backends(include_oauth1=False):
# Ensure that the identity driver is created before the assignment manager.
# The default assignment driver is determined by the identity driver, so
# the identity driver must be available to the assignment manager.
_IDENTITY_API = identity.Manager()
DRIVERS = dict(
assignment_api=assignment.Manager(),
catalog_api=catalog.Manager(),
credential_api=credential.Manager(),
endpoint_filter_api=endpoint_filter.Manager(),
identity_api=_IDENTITY_API,
policy_api=policy.Manager(),
token_api=token.Manager(),
trust_api=trust.Manager(),
token_provider_api=token.provider.Manager())
if include_oauth1:
from keystone.contrib import oauth1
DRIVERS['oauth1_api'] = oauth1.Manager()
dependency.resolve_future_dependencies()
return DRIVERS
def add_routes(self, mapper):
# This is needed for dependency injection,
# it loads the OAuth driver which registers it as a dependency.
oauth1.Manager()
consumer_controller = controllers.ConsumerCrudV3()
access_token_controller = controllers.AccessTokenCrudV3()
access_token_roles_controller = controllers.AccessTokenRolesV3()
oauth_controller = controllers.OAuthControllerV3()
# basic admin-only consumer crud
self._add_resource(mapper,
consumer_controller,
path='/OS-OAUTH1/consumers',
get_action='list_consumers',
post_action='create_consumer')
self._add_resource(mapper,
consumer_controller,
path='/OS-OAUTH1/consumers/{consumer_id}',
get_action='get_consumer',
patch_action='update_consumer',
delete_action='delete_consumer')
# user accesss token crud
self._add_resource(mapper,
access_token_controller,
path='/users/{user_id}/OS-OAUTH1/access_tokens',
get_action='list_access_tokens')
self._add_resource(
mapper,
access_token_controller,
path='/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}',
get_action='get_access_token',
delete_action='delete_access_token')
self._add_resource(
mapper,
access_token_roles_controller,
path='/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}/'
'roles',
get_action='list_access_token_roles')
self._add_resource(
mapper,
access_token_roles_controller,
path='/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}/'
'roles/{role_id}',
get_action='get_access_token_role')
# oauth flow calls
self._add_resource(mapper,
oauth_controller,
path='/OS-OAUTH1/request_token',
post_action='create_request_token')
self._add_resource(mapper,
oauth_controller,
path='/OS-OAUTH1/access_token',
post_action='create_access_token')
self._add_resource(mapper,
oauth_controller,
path='/OS-OAUTH1/authorize/{request_token_id}',
put_action='authorize_request_token')
def load_backends(self):
"""Initializes each manager and assigns them to an attribute."""
# TODO(blk-u): Shouldn't need to clear the registry here, but some
# tests call load_backends multiple times. These should be fixed to
# only call load_backends once.
dependency.reset()
# TODO(morganfainberg): Shouldn't need to clear the registry here, but
# some tests call load_backends multiple times. Since it is not
# possible to re-configure a backend, we need to clear the list. This
# should eventually be removed once testing has been cleaned up.
kvs_core.KEY_VALUE_STORE_REGISTRY.clear()
self.clear_auth_plugin_registry()
drivers = service.load_backends()
# TODO(stevemar): currently, load oauth1 driver as well, eventually
# we need to have this as optional.
from keystone.contrib import oauth1
drivers['oauth1_api'] = oauth1.Manager()
from keystone.contrib import federation
drivers['federation_api'] = federation.Manager()
dependency.resolve_future_dependencies()
for manager_name, manager in six.iteritems(drivers):
setattr(self, manager_name, manager)
# The credential backend only supports SQL, so we always have to load
# the tables.
self.engine = session.get_engine()
self.addCleanup(session.cleanup)
sql.ModelBase.metadata.create_all(bind=self.engine)
self.addCleanup(sql.ModelBase.metadata.drop_all, bind=self.engine)
def load_backends():
# Configure and build the cache
cache.configure_cache_region(cache.REGION)
# Ensure that the identity driver is created before the assignment manager.
# The default assignment driver is determined by the identity driver, so
# the identity driver must be available to the assignment manager.
_IDENTITY_API = identity.Manager()
DRIVERS = dict(
assignment_api=assignment.Manager(),
catalog_api=catalog.Manager(),
credential_api=credential.Manager(),
domain_config_api=resource.DomainConfigManager(),
endpoint_filter_api=endpoint_filter.Manager(),
endpoint_policy_api=endpoint_policy.Manager(),
federation_api=federation.Manager(),
id_generator_api=identity.generator.Manager(),
id_mapping_api=identity.MappingManager(),
identity_api=_IDENTITY_API,
oauth_api=oauth1.Manager(),
policy_api=policy.Manager(),
resource_api=resource.Manager(),
revoke_api=revoke.Manager(),
role_api=assignment.RoleManager(),
token_api=token.persistence.Manager(),
trust_api=trust.Manager(),
token_provider_api=token.provider.Manager(),
# admin_api=moon.AdminManager(),
# authz_api=moon.AuthzManager()
)
auth.controllers.load_auth_methods()
return DRIVERS
def __init__(self):
self.oauth_api = oauth1.Manager()
def load_extra_backends(self):
return {'oauth_api': oauth1.Manager()}
def add_routes(self, mapper):
# This is needed for dependency injection,
# it loads the OAuth driver which registers it as a dependency.
oauth1.Manager()
consumer_controller = controllers.ConsumerCrudV3()
access_token_controller = controllers.AccessTokenCrudV3()
access_token_roles_controller = controllers.AccessTokenRolesV3()
oauth_controller = controllers.OAuthControllerV3()
# basic admin-only consumer crud
mapper.connect('/OS-OAUTH1/consumers',
controller=consumer_controller,
action='create_consumer',
conditions=dict(method=['POST']))
mapper.connect('/OS-OAUTH1/consumers/{consumer_id}',
controller=consumer_controller,
action='get_consumer',
conditions=dict(method=['GET']))
mapper.connect('/OS-OAUTH1/consumers/{consumer_id}',
controller=consumer_controller,
action='update_consumer',
conditions=dict(method=['PATCH']))
mapper.connect('/OS-OAUTH1/consumers/{consumer_id}',
controller=consumer_controller,
action='delete_consumer',
conditions=dict(method=['DELETE']))
mapper.connect('/OS-OAUTH1/consumers',
controller=consumer_controller,
action='list_consumers',
conditions=dict(method=['GET']))
# user accesss token crud
mapper.connect('/users/{user_id}/OS-OAUTH1/access_tokens',
controller=access_token_controller,
action='list_access_tokens',
conditions=dict(method=['GET']))
mapper.connect(
'/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}',
controller=access_token_controller,
action='get_access_token',
conditions=dict(method=['GET']))
mapper.connect(
'/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}',
controller=access_token_controller,
action='delete_access_token',
conditions=dict(method=['DELETE']))
mapper.connect(
'/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}/roles',
controller=access_token_roles_controller,
action='list_access_token_roles',
conditions=dict(method=['GET']))
mapper.connect(
'/users/{user_id}/OS-OAUTH1/access_tokens/'
'{access_token_id}/roles/{role_id}',
controller=access_token_roles_controller,
action='get_access_token_role',
conditions=dict(method=['GET']))
# oauth flow calls
mapper.connect('/OS-OAUTH1/request_token',
controller=oauth_controller,
action='create_request_token',
conditions=dict(method=['POST']))
mapper.connect('/OS-OAUTH1/access_token',
controller=oauth_controller,
action='create_access_token',
conditions=dict(method=['POST']))
mapper.connect('/OS-OAUTH1/authorize/{request_token_id}',
controller=oauth_controller,
action='authorize_request_token',
conditions=dict(method=['PUT']))
def add_routes(self, mapper):
# This is needed for dependency injection,
# it loads the OAuth driver which registers it as a dependency.
oauth1.Manager()
consumer_controller = controllers.ConsumerCrudV3()
access_token_controller = controllers.AccessTokenCrudV3()
access_token_roles_controller = controllers.AccessTokenRolesV3()
oauth_controller = controllers.OAuthControllerV3()
# basic admin-only consumer crud
self._add_resource(
mapper,
consumer_controller,
path='/OS-OAUTH1/consumers',
get_action='list_consumers',
post_action='create_consumer',
rel=build_resource_relation(resource_name='consumers'))
self._add_resource(
mapper,
consumer_controller,
path='/OS-OAUTH1/consumers/{consumer_id}',
get_action='get_consumer',
patch_action='update_consumer',
delete_action='delete_consumer',
rel=build_resource_relation(resource_name='consumer'),
path_vars={
'consumer_id':
build_parameter_relation(parameter_name='consumer_id'),
})
# user access token crud
self._add_resource(
mapper,
access_token_controller,
path='/users/{user_id}/OS-OAUTH1/access_tokens',
get_action='list_access_tokens',
rel=build_resource_relation(resource_name='user_access_tokens'),
path_vars={
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper,
access_token_controller,
path='/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}',
get_action='get_access_token',
delete_action='delete_access_token',
rel=build_resource_relation(resource_name='user_access_token'),
path_vars={
'access_token_id': ACCESS_TOKEN_ID_PARAMETER_RELATION,
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper,
access_token_roles_controller,
path='/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}/'
'roles',
get_action='list_access_token_roles',
rel=build_resource_relation(
resource_name='user_access_token_roles'),
path_vars={
'access_token_id': ACCESS_TOKEN_ID_PARAMETER_RELATION,
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper,
access_token_roles_controller,
path='/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}/'
'roles/{role_id}',
get_action='get_access_token_role',
rel=build_resource_relation(
resource_name='user_access_token_role'),
path_vars={
'access_token_id': ACCESS_TOKEN_ID_PARAMETER_RELATION,
'role_id': json_home.Parameters.ROLE_ID,
'user_id': json_home.Parameters.USER_ID,
})
# oauth flow calls
self._add_resource(
mapper,
oauth_controller,
path='/OS-OAUTH1/request_token',
post_action='create_request_token',
rel=build_resource_relation(resource_name='request_tokens'))
self._add_resource(
mapper,
oauth_controller,
path='/OS-OAUTH1/access_token',
post_action='create_access_token',
rel=build_resource_relation(resource_name='access_tokens'))
self._add_resource(
mapper,
oauth_controller,
path='/OS-OAUTH1/authorize/{request_token_id}',
path_vars={
'request_token_id':
build_parameter_relation(parameter_name='request_token_id')
},
put_action='authorize_request_token',
rel=build_resource_relation(
resource_name='authorize_request_token'))
from keystone import trust
CONF = config.CONF
LOG = logging.getLogger(__name__)
# Ensure that the identity driver is created before the assignment manager.
# The default assignment driver is determined by the identity driver, so the
# identity driver must be available to the assignment manager.
_IDENTITY_API = identity.Manager()
DRIVERS = dict(assignment_api=assignment.Manager(),
catalog_api=catalog.Manager(),
credentials_api=credential.Manager(),
ec2_api=ec2.Manager(),
identity_api=_IDENTITY_API,
oauth1_api=oauth1.Manager(),
policy_api=policy.Manager(),
token_api=token.Manager(),
trust_api=trust.Manager(),
token_provider_api=token.provider.Manager())
dependency.resolve_future_dependencies()
def fail_gracefully(f):
"""Logs exceptions and aborts."""
@functools.wraps(f)
def wrapper(*args, **kw):
try:
return f(*args, **kw)
except Exception as e:
