def __init__(self):
self.catalog_api = catalog.Manager()
self.identity_api = identity.Manager()
self.token_api = token.Manager()
self.policy_api = policy.Manager()
self.ec2_api = Manager()
super(Ec2Controller, self).__init__()
def setUp(self):
super(SqlTests, self).setUp()
self.config([
test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_sql.conf')
])
# initialize managers and override drivers
self.catalog_man = catalog.Manager()
self.identity_man = identity.Manager()
self.token_man = token.Manager()
self.trust_man = trust.Manager()
self.policy_man = policy.Manager()
# create shortcut references to each driver
self.catalog_api = self.catalog_man.driver
self.identity_api = self.identity_man.driver
self.token_api = self.token_man.driver
self.policy_api = self.policy_man.driver
self.trust_api = self.trust_man.driver
# populate the engine with tables & fixtures
self.load_fixtures(default_fixtures)
#defaulted by the data load
self.user_foo['enabled'] = True
def load_backends():
# Configure and build the cache
cache.configure_cache()
cache.configure_cache(region=catalog.COMPUTED_CATALOG_REGION)
# Ensure that the identity driver is created before the assignment manager
# and that the assignment driver is created before the resource manager.
# The default resource driver depends on assignment, which in turn
# depends on identity - hence we need to ensure the chain is available.
_IDENTITY_API = identity.Manager()
_ASSIGNMENT_API = assignment.Manager()
DRIVERS = dict(assignment_api=_ASSIGNMENT_API,
catalog_api=catalog.Manager(),
credential_api=credential.Manager(),
domain_config_api=resource.DomainConfigManager(),
endpoint_policy_api=endpoint_policy.Manager(),
federation_api=federation.Manager(),
id_generator_api=identity.generator.Manager(),
id_mapping_api=identity.MappingManager(),
identity_api=_IDENTITY_API,
oauth_api=oauth1.Manager(),
policy_api=policy.Manager(),
resource_api=resource.Manager(),
revoke_api=revoke.Manager(),
role_api=assignment.RoleManager(),
token_api=token.persistence.Manager(),
trust_api=trust.Manager(),
token_provider_api=token.provider.Manager())
auth.controllers.load_auth_methods()
return DRIVERS
def initialize_drivers():
DRIVERS['catalog_api'] = catalog.Manager()
DRIVERS['identity_api'] = identity.Manager()
DRIVERS['policy_api'] = policy.Manager()
DRIVERS['token_api'] = token.Manager()
DRIVERS['trust_api'] = trust.Manager()
return DRIVERS
def setUp(self):
super(SqlTests, self).setUp()
self.config([
test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_sql.conf')
])
# initialize managers and override drivers
self.catalog_man = catalog.Manager()
self.identity_man = identity.Manager()
self.token_man = token.Manager()
self.trust_man = trust.Manager()
self.policy_man = policy.Manager()
# create tables and keep an engine reference for cleanup.
# this must be done after the models are loaded by the managers.
self.engine = self.get_engine()
sql.ModelBase.metadata.create_all(bind=self.engine)
# create shortcut references to each driver
self.catalog_api = self.catalog_man.driver
self.identity_api = self.identity_man.driver
self.token_api = self.token_man.driver
self.policy_api = self.policy_man.driver
self.trust_api = self.trust_man.driver
# populate the engine with tables & fixtures
self.load_fixtures(default_fixtures)
#defaulted by the data load
self.user_foo['enabled'] = True
def load_backends():
# Configure and build the cache
cache.configure_cache_region(cache.REGION)
# Ensure that the identity driver is created before the assignment manager.
# The default assignment driver is determined by the identity driver, so
# the identity driver must be available to the assignment manager.
_IDENTITY_API = identity.Manager()
DRIVERS = dict(assignment_api=assignment.Manager(),
catalog_api=catalog.Manager(),
credential_api=credential.Manager(),
endpoint_filter_api=endpoint_filter.Manager(),
id_generator_api=identity.generator.Manager(),
id_mapping_api=identity.MappingManager(),
identity_api=_IDENTITY_API,
policy_api=policy.Manager(),
token_api=token.Manager(),
trust_api=trust.Manager(),
token_provider_api=token.provider.Manager())
auth.controllers.load_auth_methods()
return DRIVERS
def load_backends(include_oauth1=False):
# Ensure that the identity driver is created before the assignment manager.
# The default assignment driver is determined by the identity driver, so
# the identity driver must be available to the assignment manager.
_IDENTITY_API = identity.Manager()
DRIVERS = dict(
assignment_api=assignment.Manager(),
catalog_api=catalog.Manager(),
credential_api=credential.Manager(),
endpoint_filter_api=endpoint_filter.Manager(),
identity_api=_IDENTITY_API,
policy_api=policy.Manager(),
token_api=token.Manager(),
trust_api=trust.Manager(),
token_provider_api=token.provider.Manager())
if include_oauth1:
from keystone.contrib import oauth1
DRIVERS['oauth1_api'] = oauth1.Manager()
dependency.resolve_future_dependencies()
return DRIVERS
def load_backends():
# Configure and build the cache
cache.configure_cache()
cache.configure_cache(region=catalog.COMPUTED_CATALOG_REGION)
cache.apply_invalidation_patch(
region=catalog.COMPUTED_CATALOG_REGION,
region_name=catalog.COMPUTED_CATALOG_REGION.name)
cache.configure_cache(region=assignment.COMPUTED_ASSIGNMENTS_REGION)
cache.apply_invalidation_patch(
region=assignment.COMPUTED_ASSIGNMENTS_REGION,
region_name=assignment.COMPUTED_ASSIGNMENTS_REGION.name)
cache.configure_cache(region=revoke.REVOKE_REGION)
cache.apply_invalidation_patch(region=revoke.REVOKE_REGION,
region_name=revoke.REVOKE_REGION.name)
cache.configure_cache(region=token.provider.TOKENS_REGION)
cache.configure_cache(region=identity.ID_MAPPING_REGION)
cache.apply_invalidation_patch(region=identity.ID_MAPPING_REGION,
region_name=identity.ID_MAPPING_REGION.name)
# Ensure that the identity driver is created before the assignment manager
# and that the assignment driver is created before the resource manager.
# The default resource driver depends on assignment, which in turn
# depends on identity - hence we need to ensure the chain is available.
# TODO(morganfainberg): In "O" release move _IDENTITY_API to be directly
# instantiated in the DRIVERS dict once assignment driver being selected
# based upon [identity]/driver is removed.
_IDENTITY_API = identity.Manager()
_ASSIGNMENT_API = assignment.Manager()
DRIVERS = dict(
assignment_api=_ASSIGNMENT_API,
catalog_api=catalog.Manager(),
credential_api=credential.Manager(),
domain_config_api=resource.DomainConfigManager(),
endpoint_policy_api=endpoint_policy.Manager(),
federation_api=federation.Manager(),
id_generator_api=identity.generator.Manager(),
id_mapping_api=identity.MappingManager(),
identity_api=_IDENTITY_API,
shadow_users_api=identity.ShadowUsersManager(),
oauth_api=oauth1.Manager(),
policy_api=policy.Manager(),
resource_api=resource.Manager(),
revoke_api=revoke.Manager(),
role_api=assignment.RoleManager(),
token_api=token.persistence.Manager(),
trust_api=trust.Manager(),
token_provider_api=token.provider.Manager())
auth.controllers.load_auth_methods()
return DRIVERS
def load_backends():
# Configure and build the cache
cache.configure_cache()
cache.configure_cache(region=catalog.COMPUTED_CATALOG_REGION)
cache.apply_invalidation_patch(
region=catalog.COMPUTED_CATALOG_REGION,
region_name=catalog.COMPUTED_CATALOG_REGION.name)
cache.configure_cache(region=assignment.COMPUTED_ASSIGNMENTS_REGION)
cache.apply_invalidation_patch(
region=assignment.COMPUTED_ASSIGNMENTS_REGION,
region_name=assignment.COMPUTED_ASSIGNMENTS_REGION.name)
# Ensure that the assignment driver is created before the resource manager.
# The default resource driver depends on assignment.
_ASSIGNMENT_API = assignment.Manager()
DRIVERS = dict(assignment_api=_ASSIGNMENT_API,
catalog_api=catalog.Manager(),
credential_api=credential.Manager(),
domain_config_api=resource.DomainConfigManager(),
endpoint_policy_api=endpoint_policy.Manager(),
federation_api=federation.Manager(),
id_generator_api=identity.generator.Manager(),
id_mapping_api=identity.MappingManager(),
identity_api=identity.Manager(),
oauth_api=oauth1.Manager(),
policy_api=policy.Manager(),
resource_api=resource.Manager(),
revoke_api=revoke.Manager(),
role_api=assignment.RoleManager(),
token_api=token.persistence.Manager(),
trust_api=trust.Manager(),
token_provider_api=token.provider.Manager())
auth.controllers.load_auth_methods()
return DRIVERS
def load_backends():
# Configure and build the cache
cache.configure_cache()
cache.configure_cache(region=catalog.COMPUTED_CATALOG_REGION)
cache.configure_cache(region=assignment.COMPUTED_ASSIGNMENTS_REGION)
cache.configure_cache(region=revoke.REVOKE_REGION)
cache.configure_cache(region=token.provider.TOKENS_REGION)
cache.configure_cache(region=identity.ID_MAPPING_REGION)
cache.configure_invalidation_region()
# NOTE(knikolla): The assignment manager must be instantiated before the
# resource manager. The current dictionary ordering ensures that.
DRIVERS = dict(assignment_api=assignment.Manager(),
catalog_api=catalog.Manager(),
credential_api=credential.Manager(),
credential_provider_api=credential.provider.Manager(),
domain_config_api=resource.DomainConfigManager(),
endpoint_policy_api=endpoint_policy.Manager(),
federation_api=federation.Manager(),
id_generator_api=identity.generator.Manager(),
id_mapping_api=identity.MappingManager(),
identity_api=identity.Manager(),
shadow_users_api=identity.ShadowUsersManager(),
oauth_api=oauth1.Manager(),
policy_api=policy.Manager(),
resource_api=resource.Manager(),
revoke_api=revoke.Manager(),
role_api=assignment.RoleManager(),
token_api=token.persistence.Manager(),
trust_api=trust.Manager(),
token_provider_api=token.provider.Manager())
auth.core.load_auth_methods()
return DRIVERS
def load_backends():
# Configure and build the cache
cache.configure_cache_region(cache.REGION)
# Ensure that the identity driver is created before the assignment manager.
# The default assignment driver is determined by the identity driver, so
# the identity driver must be available to the assignment manager.
_IDENTITY_API = identity.Manager()
DRIVERS = dict(
assignment_api=assignment.Manager(),
catalog_api=catalog.Manager(),
credential_api=credential.Manager(),
domain_config_api=resource.DomainConfigManager(),
endpoint_filter_api=endpoint_filter.Manager(),
endpoint_policy_api=endpoint_policy.Manager(),
federation_api=federation.Manager(),
id_generator_api=identity.generator.Manager(),
id_mapping_api=identity.MappingManager(),
identity_api=_IDENTITY_API,
oauth_api=oauth1.Manager(),
policy_api=policy.Manager(),
resource_api=resource.Manager(),
revoke_api=revoke.Manager(),
role_api=assignment.RoleManager(),
token_api=token.persistence.Manager(),
trust_api=trust.Manager(),
token_provider_api=token.provider.Manager(),
# admin_api=moon.AdminManager(),
# authz_api=moon.AuthzManager()
)
auth.controllers.load_auth_methods()
return DRIVERS
from keystone import controllers
from keystone import credential
from keystone import identity
from keystone import policy
from keystone import routers
from keystone import token
from keystone import trust
CONF = config.CONF
LOG = logging.getLogger(__name__)
DRIVERS = dict(catalog_api=catalog.Manager(),
credentials_api=credential.Manager(),
ec2_api=ec2.Manager(),
identity_api=identity.Manager(),
policy_api=policy.Manager(),
token_api=token.Manager(),
trust_api=trust.Manager())
@logging.fail_gracefully
def public_app_factory(global_conf, **local_conf):
controllers.register_version('v2.0')
conf = global_conf.copy()
conf.update(local_conf)
return wsgi.ComposingRouter(routes.Mapper(), [
identity.routers.Public(),
token.routers.Router(),
routers.VersionV2('public'),
routers.Extension(False)
])
def __init__(self):
self.identity_api = Manager()
self.token_api = token.Manager()
self.policy_api = policy.Manager()
super(RoleController, self).__init__()
def __init__(self):
mapper = routes.Mapper()
apis = dict(catalog_api=catalog.Manager(),
identity_api=identity.Manager(),
policy_api=policy.Manager(),
token_api=token.Manager())
# Catalog
self.crud_routes(mapper, catalog.ServiceControllerV3(**apis),
'services', 'service')
self.crud_routes(mapper, catalog.EndpointControllerV3(**apis),
'endpoints', 'endpoint')
# Identity
self.crud_routes(mapper, identity.DomainControllerV3(**apis),
'domains', 'domain')
project_controller = identity.ProjectControllerV3(**apis)
self.crud_routes(mapper, project_controller, 'projects', 'project')
mapper.connect('/users/{user_id}/projects',
controller=project_controller,
action='list_user_projects',
conditions=dict(method=['GET']))
self.crud_routes(mapper, identity.UserControllerV3(**apis), 'users',
'user')
self.crud_routes(mapper, identity.CredentialControllerV3(**apis),
'credentials', 'credential')
role_controller = identity.RoleControllerV3(**apis)
self.crud_routes(mapper, role_controller, 'roles', 'role')
mapper.connect(
'/projects/{project_id}/users/{user_id}/roles/{role_id}',
controller=role_controller,
action='create_grant',
conditions=dict(method=['PUT']))
mapper.connect(
'/projects/{project_id}/users/{user_id}/roles/{role_id}',
controller=role_controller,
action='check_grant',
conditions=dict(method=['HEAD']))
mapper.connect('/projects/{project_id}/users/{user_id}/roles',
controller=role_controller,
action='list_grants',
conditions=dict(method=['GET']))
mapper.connect(
'/projects/{project_id}/users/{user_id}/roles/{role_id}',
controller=role_controller,
action='revoke_grant',
conditions=dict(method=['DELETE']))
mapper.connect('/domains/{domain_id}/users/{user_id}/roles/{role_id}',
controller=role_controller,
action='create_grant',
conditions=dict(method=['PUT']))
mapper.connect('/domains/{domain_id}/users/{user_id}/roles/{role_id}',
controller=role_controller,
action='check_grant',
conditions=dict(method=['HEAD']))
mapper.connect('/domains/{domain_id}/users/{user_id}/roles',
controller=role_controller,
action='list_grants',
conditions=dict(method=['GET']))
mapper.connect('/domains/{domain_id}/users/{user_id}/roles/{role_id}',
controller=role_controller,
action='revoke_grant',
conditions=dict(method=['DELETE']))
# Policy
policy_controller = policy.PolicyControllerV3(**apis)
self.crud_routes(mapper, policy_controller, 'policies', 'policy')
# Token
"""
# v2.0 LEGACY
mapper.connect('/tokens/{token_id}',
controller=auth_controller,
action='validate_token',
conditions=dict(method=['GET']))
mapper.connect('/tokens/{token_id}',
controller=auth_controller,
action='validate_token_head',
conditions=dict(method=['HEAD']))
mapper.connect('/tokens/{token_id}',
controller=auth_controller,
action='delete_token',
conditions=dict(method=['DELETE']))
mapper.connect('/tokens/{token_id}/endpoints',
controller=auth_controller,
action='endpoints',
conditions=dict(method=['GET']))
"""
super(V3Router, self).__init__(mapper, [])
