def load_backends():
# Configure and build the cache
cache.configure_cache_region(cache.REGION)
# Ensure that the identity driver is created before the assignment manager.
# The default assignment driver is determined by the identity driver, so
# the identity driver must be available to the assignment manager.
_IDENTITY_API = identity.Manager()
DRIVERS = dict(assignment_api=assignment.Manager(),
catalog_api=catalog.Manager(),
credential_api=credential.Manager(),
endpoint_filter_api=endpoint_filter.Manager(),
id_generator_api=identity.generator.Manager(),
id_mapping_api=identity.MappingManager(),
identity_api=_IDENTITY_API,
policy_api=policy.Manager(),
token_api=token.Manager(),
trust_api=trust.Manager(),
token_provider_api=token.provider.Manager())
auth.controllers.load_auth_methods()
return DRIVERS
def load_backends():
# Configure and build the cache
cache.configure_cache()
cache.configure_cache(region=catalog.COMPUTED_CATALOG_REGION)
# Ensure that the identity driver is created before the assignment manager
# and that the assignment driver is created before the resource manager.
# The default resource driver depends on assignment, which in turn
# depends on identity - hence we need to ensure the chain is available.
_IDENTITY_API = identity.Manager()
_ASSIGNMENT_API = assignment.Manager()
DRIVERS = dict(assignment_api=_ASSIGNMENT_API,
catalog_api=catalog.Manager(),
credential_api=credential.Manager(),
domain_config_api=resource.DomainConfigManager(),
endpoint_policy_api=endpoint_policy.Manager(),
federation_api=federation.Manager(),
id_generator_api=identity.generator.Manager(),
id_mapping_api=identity.MappingManager(),
identity_api=_IDENTITY_API,
oauth_api=oauth1.Manager(),
policy_api=policy.Manager(),
resource_api=resource.Manager(),
revoke_api=revoke.Manager(),
role_api=assignment.RoleManager(),
token_api=token.persistence.Manager(),
trust_api=trust.Manager(),
token_provider_api=token.provider.Manager())
auth.controllers.load_auth_methods()
return DRIVERS
def load_backends(include_oauth1=False):
# Ensure that the identity driver is created before the assignment manager.
# The default assignment driver is determined by the identity driver, so
# the identity driver must be available to the assignment manager.
_IDENTITY_API = identity.Manager()
DRIVERS = dict(
assignment_api=assignment.Manager(),
catalog_api=catalog.Manager(),
credential_api=credential.Manager(),
endpoint_filter_api=endpoint_filter.Manager(),
identity_api=_IDENTITY_API,
policy_api=policy.Manager(),
token_api=token.Manager(),
trust_api=trust.Manager(),
token_provider_api=token.provider.Manager())
if include_oauth1:
from keystone.contrib import oauth1
DRIVERS['oauth1_api'] = oauth1.Manager()
dependency.resolve_future_dependencies()
return DRIVERS
def get_domain_id(name):
try:
identity.Manager()
assignment_manager = assignment.Manager()
return assignment_manager.driver.get_domain_by_name(name)['id']
except KeyError:
raise ValueError(
_("Unknown domain '%(name)s' specified by "
"--domain-name") % {'name': name})
def __init__(self, app, **config):
# initialization vector
self._iv = '\0' * 16
self.default_tenant = CONF.auto_population.default_project
self.default_role = CONF.auto_population.default_role
self.identity_api = identity.Manager()
self.assignment_api = assignment.Manager()
self.default_domain_id = CONF.identity.default_domain_id
super(AutoPopulation, self).__init__(app)
def get_domain_id(name):
try:
identity.Manager()
# init assignment manager to avoid KeyError in resource.core
assignment.Manager()
resource_manager = resource.Manager()
return resource_manager.driver.get_domain_by_name(name)['id']
except KeyError:
raise ValueError(_("Unknown domain '%(name)s' specified by "
"--domain-name") % {'name': name})
def load_backends():
# Configure and build the cache
cache.configure_cache()
cache.configure_cache(region=catalog.COMPUTED_CATALOG_REGION)
cache.apply_invalidation_patch(
region=catalog.COMPUTED_CATALOG_REGION,
region_name=catalog.COMPUTED_CATALOG_REGION.name)
cache.configure_cache(region=assignment.COMPUTED_ASSIGNMENTS_REGION)
cache.apply_invalidation_patch(
region=assignment.COMPUTED_ASSIGNMENTS_REGION,
region_name=assignment.COMPUTED_ASSIGNMENTS_REGION.name)
cache.configure_cache(region=revoke.REVOKE_REGION)
cache.apply_invalidation_patch(region=revoke.REVOKE_REGION,
region_name=revoke.REVOKE_REGION.name)
cache.configure_cache(region=token.provider.TOKENS_REGION)
cache.configure_cache(region=identity.ID_MAPPING_REGION)
cache.apply_invalidation_patch(region=identity.ID_MAPPING_REGION,
region_name=identity.ID_MAPPING_REGION.name)
# Ensure that the identity driver is created before the assignment manager
# and that the assignment driver is created before the resource manager.
# The default resource driver depends on assignment, which in turn
# depends on identity - hence we need to ensure the chain is available.
# TODO(morganfainberg): In "O" release move _IDENTITY_API to be directly
# instantiated in the DRIVERS dict once assignment driver being selected
# based upon [identity]/driver is removed.
_IDENTITY_API = identity.Manager()
_ASSIGNMENT_API = assignment.Manager()
DRIVERS = dict(
assignment_api=_ASSIGNMENT_API,
catalog_api=catalog.Manager(),
credential_api=credential.Manager(),
domain_config_api=resource.DomainConfigManager(),
endpoint_policy_api=endpoint_policy.Manager(),
federation_api=federation.Manager(),
id_generator_api=identity.generator.Manager(),
id_mapping_api=identity.MappingManager(),
identity_api=_IDENTITY_API,
shadow_users_api=identity.ShadowUsersManager(),
oauth_api=oauth1.Manager(),
policy_api=policy.Manager(),
resource_api=resource.Manager(),
revoke_api=revoke.Manager(),
role_api=assignment.RoleManager(),
token_api=token.persistence.Manager(),
trust_api=trust.Manager(),
token_provider_api=token.provider.Manager())
auth.controllers.load_auth_methods()
return DRIVERS
def __init__(self, context, auth=None):
self.assignment_api = assignment.Manager()
self.identity_api = identity.Manager()
self.trust_api = trust.Manager()
self.context = context
self.auth = auth
self._scope_data = (None, None, None)
# self._scope_data is (domain_id, project_id, trust_ref)
# project scope: (None, project_id, None)
# domain scope: (domain_id, None, None)
# trust scope: (None, None, trust_ref)
# unscoped: (None, None, None)
self._validate_and_normalize_auth_data()
def import_auth(data):
identity_api = identity.Manager()
assignment_api = assignment.Manager()
tenant_map = _create_projects(assignment_api, data['tenants'])
user_map = _create_users(identity_api, data['users'])
_create_memberships(assignment_api, data['user_tenant_list'], user_map,
tenant_map)
role_map = _create_roles(assignment_api, data['roles'])
_assign_roles(assignment_api, data['role_user_tenant_list'], role_map,
user_map, tenant_map)
ec2_api = ec2_sql.Ec2()
ec2_creds = data['ec2_credentials']
_create_ec2_creds(ec2_api, assignment_api, ec2_creds, user_map)
def load_backends(self):
"""Load the backends needed for uploading domain configs.
We only need the resource and domain_config managers, but there are
some dependencies which mean we have to load the assignment and
identity managers as well.
The order of loading the backends is important, since the resource
manager depends on the assignment manager, which in turn depends on
the identity manager.
"""
identity.Manager()
assignment.Manager()
self.resource_manager = resource.Manager()
self.domain_config_manager = resource.DomainConfigManager()
def __init__(self, app, **config):
# initialization vector
self._iv = '\0' * 16
self.identity_api = identity.Manager()
self.assignment_api = assignment.Manager()
super(AutoPopulation, self).__init__(app)
self.autopop_config = {}
#domain_ref = self.identity_api.get_domain( self.identity_api, DEFAULT_DOMAIN_ID)
domain_ref = self.identity_api.get_domain(DEFAULT_DOMAIN_ID)
self.default_domain = domain_ref['name']
self.common_autopop_config = CONF.auto_population
self.log_ldap_config(CONF)
self.domain_specific_drivers_enabled = CONF.ldap_pre_auth.domain_specific_drivers_enabled
if self.domain_specific_drivers_enabled:
domain_config_dir = CONF.ldap_pre_auth.domain_config_dir
if not os.path.isdir(domain_config_dir):
raise ValueError( 'Domain config directory %s is not a valid path' % domain_config_dir)
self._load_domain_config( domain_config_dir)
LOG.debug('Initialization complete')
def load_backends():
# Configure and build the cache
cache.configure_cache()
cache.configure_cache(region=catalog.COMPUTED_CATALOG_REGION)
cache.apply_invalidation_patch(
region=catalog.COMPUTED_CATALOG_REGION,
region_name=catalog.COMPUTED_CATALOG_REGION.name)
cache.configure_cache(region=assignment.COMPUTED_ASSIGNMENTS_REGION)
cache.apply_invalidation_patch(
region=assignment.COMPUTED_ASSIGNMENTS_REGION,
region_name=assignment.COMPUTED_ASSIGNMENTS_REGION.name)
# Ensure that the assignment driver is created before the resource manager.
# The default resource driver depends on assignment.
_ASSIGNMENT_API = assignment.Manager()
DRIVERS = dict(assignment_api=_ASSIGNMENT_API,
catalog_api=catalog.Manager(),
credential_api=credential.Manager(),
domain_config_api=resource.DomainConfigManager(),
endpoint_policy_api=endpoint_policy.Manager(),
federation_api=federation.Manager(),
id_generator_api=identity.generator.Manager(),
id_mapping_api=identity.MappingManager(),
identity_api=identity.Manager(),
oauth_api=oauth1.Manager(),
policy_api=policy.Manager(),
resource_api=resource.Manager(),
revoke_api=revoke.Manager(),
role_api=assignment.RoleManager(),
token_api=token.persistence.Manager(),
trust_api=trust.Manager(),
token_provider_api=token.provider.Manager())
auth.controllers.load_auth_methods()
return DRIVERS
def load_backends():
# Configure and build the cache
cache.configure_cache()
cache.configure_cache(region=catalog.COMPUTED_CATALOG_REGION)
cache.configure_cache(region=assignment.COMPUTED_ASSIGNMENTS_REGION)
cache.configure_cache(region=revoke.REVOKE_REGION)
cache.configure_cache(region=token.provider.TOKENS_REGION)
cache.configure_cache(region=identity.ID_MAPPING_REGION)
cache.configure_invalidation_region()
# NOTE(knikolla): The assignment manager must be instantiated before the
# resource manager. The current dictionary ordering ensures that.
DRIVERS = dict(assignment_api=assignment.Manager(),
catalog_api=catalog.Manager(),
credential_api=credential.Manager(),
credential_provider_api=credential.provider.Manager(),
domain_config_api=resource.DomainConfigManager(),
endpoint_policy_api=endpoint_policy.Manager(),
federation_api=federation.Manager(),
id_generator_api=identity.generator.Manager(),
id_mapping_api=identity.MappingManager(),
identity_api=identity.Manager(),
shadow_users_api=identity.ShadowUsersManager(),
oauth_api=oauth1.Manager(),
policy_api=policy.Manager(),
resource_api=resource.Manager(),
revoke_api=revoke.Manager(),
role_api=assignment.RoleManager(),
token_api=token.persistence.Manager(),
trust_api=trust.Manager(),
token_provider_api=token.provider.Manager())
auth.core.load_auth_methods()
return DRIVERS
def load_backends():
# Configure and build the cache
cache.configure_cache_region(cache.REGION)
# Ensure that the identity driver is created before the assignment manager.
# The default assignment driver is determined by the identity driver, so
# the identity driver must be available to the assignment manager.
_IDENTITY_API = identity.Manager()
DRIVERS = dict(
assignment_api=assignment.Manager(),
catalog_api=catalog.Manager(),
credential_api=credential.Manager(),
domain_config_api=resource.DomainConfigManager(),
endpoint_filter_api=endpoint_filter.Manager(),
endpoint_policy_api=endpoint_policy.Manager(),
federation_api=federation.Manager(),
id_generator_api=identity.generator.Manager(),
id_mapping_api=identity.MappingManager(),
identity_api=_IDENTITY_API,
oauth_api=oauth1.Manager(),
policy_api=policy.Manager(),
resource_api=resource.Manager(),
revoke_api=revoke.Manager(),
role_api=assignment.RoleManager(),
token_api=token.persistence.Manager(),
trust_api=trust.Manager(),
token_provider_api=token.provider.Manager(),
# admin_api=moon.AdminManager(),
# authz_api=moon.AuthzManager()
)
auth.controllers.load_auth_methods()
return DRIVERS
def __init__(self, assignment_api=None):
super(Manager, self).__init__(CONF.identity.driver)
if assignment_api is None:
assignment_api = assignment.Manager(self)
self.assignment_api = assignment_api
self.driver.assignment_api = assignment_api
from keystone import routers
from keystone import token
from keystone import trust
CONF = config.CONF
LOG = logging.getLogger(__name__)
# Ensure the cache is configured and built before we instantiate the managers
cache.configure_cache_region(cache.REGION)
# Ensure that the identity driver is created before the assignment manager.
# The default assignment driver is determined by the identity driver, so the
# identity driver must be available to the assignment manager.
_IDENTITY_API = identity.Manager()
DRIVERS = dict(assignment_api=assignment.Manager(),
catalog_api=catalog.Manager(),
credentials_api=credential.Manager(),
endpoint_filter_api=endpoint_filter.Manager(),
identity_api=_IDENTITY_API,
policy_api=policy.Manager(),
token_api=token.Manager(),
trust_api=trust.Manager(),
token_provider_api=token.provider.Manager())
dependency.resolve_future_dependencies()
def fail_gracefully(f):
"""Logs exceptions and aborts."""
@functools.wraps(f)
