class Project(resource.Resource):
resource_key = 'project'
resources_key = 'projects'
base_path = '/projects'
service = identity_service.IdentityService()
# capabilities
allow_create = True
allow_retrieve = True
allow_update = True
allow_delete = True
allow_list = True
patch_update = True
# Properties
#: The description of the project. *Type: string*
description = resource.prop('description')
#: References the domain ID which owns the project; if a domain ID is not
#: specified by the client, the Identity service implementation will
#: default it to the domain ID to which the client's token is scoped.
#: *Type: string*
domain_id = resource.prop('domain_id')
#: Setting this attribute to ``False`` prevents users from authorizing
#: against this project. Additionally, all pre-existing tokens authorized
#: for the project are immediately invalidated. Re-enabling a project
#: does not re-enable pre-existing tokens. *Type: bool*
is_enabled = resource.prop('enabled', type=bool)
#: Unique project name, within the owning domain. *Type: string*
name = resource.prop('name')
class Service(resource.Resource):
resource_key = 'service'
resources_key = 'services'
base_path = '/services'
service = identity_service.IdentityService()
# capabilities
allow_create = True
allow_retrieve = True
allow_update = True
allow_delete = True
allow_list = True
patch_update = True
# Properties
#: User-facing description of the service. *Type: string*
description = resource.prop('description')
#: Setting this value to ``False`` prevents the service and
#: its endpoints from appearing in the service catalog. *Type: bool*
is_enabled = resource.prop('enabled', type=bool)
#: User-facing name of the service. *Type: string*
name = resource.prop('name')
#: Describes the API implemented by the service. The following values are
#: recognized within the OpenStack ecosystem: ``compute``, ``image``,
#: ``ec2``, ``identity``, ``volume``, ``network``. To support non-core and
#: future projects, the value should not be validated against this list.
#: *Type: string*
type = resource.prop('type')
class Domain(resource.Resource):
resource_key = 'domain'
resources_key = 'domains'
base_path = '/domains'
service = identity_service.IdentityService()
# capabilities
allow_create = True
allow_retrieve = True
allow_update = True
allow_delete = True
allow_list = True
patch_update = True
# Properties
#: The description of this domain. *Type: string*
description = resource.prop('description')
#: Setting this attribute to ``False`` prevents users from authorizing
#: against this domain or any projects owned by this domain, and prevents
#: users owned by this domain from authenticating or receiving any other
#: authorization. Additionally, all pre-existing tokens applicable
#: to the above entities are immediately invalidated.
#: Re-enabling a domain does not re-enable pre-existing tokens.
#: *Type: bool*
is_enabled = resource.prop('enabled', type=bool)
#: The globally unique name of this domain. *Type: string*
name = resource.prop('name')
def __init__(self, plugins=None):
"""User preference for each service.
:param list plugins: List of entry point namespaces to load.
Create a new :class:`~ecl.profile.Profile`
object with no preferences defined, but knowledge of the services.
Services are identified by their service type, e.g.: 'identity',
'compute', etc.
"""
self._services = {}
self._add_service(compute_service.ComputeService(version="v2"))
self._add_service(
connectivity_service.ConnectivityService(version="v1"))
self._add_service(identity_service.IdentityService(version="v3"))
self._add_service(image_service.ImageService(version="v2"))
self._add_service(network_service.NetworkService(version="v2"))
self._add_service(sss_service.SssService(version="v1"))
self._add_service(
orchestration_service.OrchestrationService(version="v1"))
self._add_service(
provider_connectivity_service.ProviderConnectivityService(
version="v2"))
self._add_service(telemetry_service.TelemetryService(version="v2"))
self._add_service(block_store_service.BlockStoreService(version="v2"))
self._add_service(storage_service.StorageService(version="v1"))
self._add_service(
security_order_service.SecurityOrderService(version="v2"))
self._add_service(
security_portal_service.SecurityPortalService(version="v2"))
## This section will be deleted if MSS v1 API is not available
self._add_service(
security_order_service_v1.SecurityOrderService(version="v1"))
self._add_service(
security_portal_service_v1.SecurityPortalService(version="v1"))
## end of the section
self._add_service(rca_service.RcaService(version="v1"))
self._add_service(baremetal_service.BaremetalService(version="v2"))
self._add_service(
dedicated_hypervisor_service.DedicatedHypervisorService(
version="v1"))
self._add_service(dns_service.DnsService(version="v2"))
self._add_service(
virtual_network_appliance_service.VirtualNetworkApplianceService(
version="v1"))
self._add_service(mvna_service.MVNAService(version="v1"))
# NOTE: The Metric service is not added here as it currently
# only retrieves the /capabilities API.
if plugins:
for plugin in plugins:
self._load_plugin(plugin)
self.service_keys = sorted(self._services.keys())
def test_regular_service(self):
sot = identity_service.IdentityService()
self.assertEqual('identity', sot.service_type)
self.assertEqual('public', sot.interface)
self.assertIsNone(sot.region)
self.assertIsNone(sot.service_name)
self.assertEqual(2, len(sot.valid_versions))
self.assertEqual('v3', sot.valid_versions[0].module)
self.assertEqual('v3', sot.valid_versions[0].path)
self.assertEqual('v2', sot.valid_versions[1].module)
self.assertEqual('v2', sot.valid_versions[1].path)
class User(resource.Resource):
resource_key = 'user'
resources_key = 'users'
base_path = '/users'
service = identity_service.IdentityService()
# capabilities
allow_create = True
allow_retrieve = True
allow_update = True
allow_delete = True
allow_list = True
patch_update = True
# Properties
#: References the user's default project ID against which to authorize,
#: if the API user does not explicitly specify one when creating a token.
#: Setting this attribute does not grant any actual authorization on the
#: project, and is merely provided for the user's convenience.
#: Therefore, the referenced project does not need to exist within the
#: user's domain.
#:
#: *New in version 3.1* If the user does not have authorization to
#: their default project, the default project will be ignored at token
#: creation. *Type: string*
default_project_id = resource.prop('default_project_id')
#: The description of this user. *Type: string*
description = resource.prop('description')
#: References the domain ID which owns the user; if a domain ID is not
#: specified by the client, the Identity service implementation will
#: default it to the domain ID to which the client's token is scoped.
#: *Type: string*
domain_id = resource.prop('domain_id')
#: The email of this user. *Type: string*
email = resource.prop('email')
#: Setting this value to ``False`` prevents the user from authenticating or
#: receiving authorization. Additionally, all pre-existing tokens held by
#: the user are immediately invalidated. Re-enabling a user does not
#: re-enable pre-existing tokens. *Type: bool*
is_enabled = resource.prop('enabled', type=bool)
#: Unique user name, within the owning domain. *Type: string*
name = resource.prop('name')
#: The default form of credential used during authentication.
#: *Type: string*
password = resource.prop('password')
class Region(resource.Resource):
resource_key = 'region'
resources_key = 'regions'
base_path = '/regions'
service = identity_service.IdentityService()
# capabilities
allow_create = True
allow_retrieve = True
allow_update = True
allow_delete = True
allow_list = True
patch_update = True
# Properties
#: User-facing description of the region. *Type: string*
description = resource.prop('description')
#: ID of parent region, if any. *Type: string*
parent_region_id = resource.prop('parent_region_id')
class Policy(resource.Resource):
resource_key = 'policy'
resources_key = 'policies'
base_path = '/policies'
service = identity_service.IdentityService()
# capabilities
allow_create = True
allow_retrieve = True
allow_update = True
allow_delete = True
allow_list = True
patch_update = True
# Properties
#: The policy rule set itself, as a serialized blob. *Type: string*
blob = resource.prop('blob')
#: The MIME Media Type of the serialized policy blob. *Type: string*
type = resource.prop('type')
class Trust(resource.Resource):
resource_key = 'trust'
resources_key = 'trusts'
base_path = '/OS-TRUST/trusts'
service = identity_service.IdentityService()
# capabilities
allow_create = True
allow_delete = True
allow_list = True
allow_retrieve = True
# Properties
#: ID of the project upon which the trustor is
#: delegating authorization. *Type: string*
project_id = resource.prop('project_id')
#: Specifies the expiration time of the trust. A trust may be revoked
#: ahead of expiration. If the value represents a time in the past,
#: the trust is deactivated.
expires_at = resource.prop('expires_at')
#: ID of the trust object. *Type: string*
id = resource.prop('id')
#: If ``impersonation`` is set to true, then the ``user`` attribute
#: of tokens that are generated based on the trust will represent
#: that of the trustor rather than the trustee, thus allowing the trustee
#: to impersonate the trustor.
#: If ``impersonation`` is set to ``False``, then the token's ``user``
#: attribute will represent that of the trustee. *Type: bool*
is_impersonation = resource.prop('impersonation', type=bool)
#: Represents the user ID who is capable of consuming the trust.
#: *Type: string*
trustee_user_id = resource.prop('trustee_user_id')
#: Represents the user ID who created the trust, and who's authorization is
#: being delegated. *Type: string*
trustor_user_id = resource.prop('trustor_user_id')
#: Specifies the subset of the trustor's roles on the ``project_id``
#: to be granted to the trustee when the token in consumed. The
#: trustor must already be granted these roles in the project referenced
#: by the ``project_id`` attribute. *Type: list*
roles = resource.prop('roles')
#: Redelegation count
redelegation_count = resource.prop('redelegation_count')
class Role(resource.Resource):
resource_key = 'role'
resources_key = 'roles'
base_path = '/OS-KSADM/roles'
service = identity_service.IdentityService()
# capabilities
allow_create = True
allow_retrieve = True
allow_update = True
allow_delete = True
allow_list = True
# Properties
#: The description of the role. *Type: string*
description = resource.prop('description')
#: Setting this attribute to ``False`` prevents this role from being
#: available in the role list. *Type: bool*
is_enabled = resource.prop('enabled', type=format.BoolStr)
#: Unique role name. *Type: string*
name = resource.prop('name')
class Version(resource.Resource):
resource_key = 'version'
resources_key = 'versions'
base_path = '/'
service = identity_service.IdentityService(
version=identity_service.IdentityService.UNVERSIONED)
# capabilities
allow_list = True
# Properties
media_types = resource.prop('media-types')
status = resource.prop('status')
updated = resource.prop('updated')
@classmethod
def list(cls, session, **params):
resp = session.get(cls.base_path,
endpoint_filter=cls.service,
params=params)
resp = resp.json()
for data in resp[cls.resources_key]['values']:
yield cls.existing(**data)
class Extension(resource.Resource):
resource_key = 'extension'
resources_key = 'extensions'
base_path = '/extensions'
service = identity_service.IdentityService()
# capabilities
allow_list = True
# Properties
#: A unique identifier, which will be used for accessing the extension
#: through a dedicated url ``/extensions/*alias*``. The extension
#: alias uniquely identifies an extension and is prefixed by a vendor
#: identifier. *Type: string*
alias = resource.prop('alias')
#: A description of the extension. *Type: string*
description = resource.prop('description')
#: Links to the documentation in various format. *Type: string*
links = resource.prop('links')
#: The name of the extension. *Type: string*
name = resource.prop('name')
#: The second unique identifier of the extension after the alias.
#: It is usually a URL which will be used. Example:
#: "http://docs.ecl.org/identity/api/ext/s3tokens/v1.0"
#: *Type: string*
namespace = resource.prop('namespace')
#: The last time the extension has been modified (update date).
updated_at = resource.prop('updated')
@classmethod
def list(cls, session, **params):
resp = session.get(cls.base_path,
endpoint_filter=cls.service,
params=params)
resp = resp.json()
for data in resp[cls.resources_key]['values']:
yield cls.existing(**data)
class Group(resource.Resource):
resource_key = 'group'
resources_key = 'groups'
base_path = '/groups'
service = identity_service.IdentityService()
# capabilities
allow_create = True
allow_retrieve = True
allow_update = True
allow_delete = True
allow_list = True
patch_update = True
# Properties
#: The description of this group. *Type: string*
description = resource.prop('description')
#: References the domain ID which owns the group; if a domain ID is not
#: specified by the client, the Identity service implementation will
#: default it to the domain ID to which the client's token is scoped.
#: *Type: string*
domain_id = resource.prop('domain_id')
#: Unique group name, within the owning domain. *Type: string*
name = resource.prop('name')
def test_get_module(self):
sot = identity_service.IdentityService()
self.assertEqual('ecl.identity.v3', sot.get_module())
self.assertEqual('identity', sot.get_service_module())