def get(self): """List role inference rules. GET/HEAD /v3/role_inferences """ ENFORCER.enforce_call(action='identity:list_role_inference_rules') refs = PROVIDERS.role_api.list_role_inference_rules() role_dict = { role_ref['id']: role_ref for role_ref in PROVIDERS.role_api.list_roles() } rules = dict() for ref in refs: implied_role_id = ref['implied_role_id'] prior_role_id = ref['prior_role_id'] implied = rules.get(prior_role_id, []) implied.append( shared.build_implied_role_response_data( role_dict[implied_role_id])) rules[prior_role_id] = implied inferences = [] for prior_id, implied, in rules.items(): prior_response = shared.build_prior_role_response_data( prior_id, role_dict[prior_id]['name']) inferences.append({ 'prior_role': prior_response, 'implies': implied }) results = {'role_inferences': inferences} return results
def get(self): """List role inference rules. GET/HEAD /v3/role_inferences """ ENFORCER.enforce_call(action='identity:list_role_inference_rules') refs = PROVIDERS.role_api.list_role_inference_rules() role_dict = {role_ref['id']: role_ref for role_ref in PROVIDERS.role_api.list_roles()} rules = dict() for ref in refs: implied_role_id = ref['implied_role_id'] prior_role_id = ref['prior_role_id'] implied = rules.get(prior_role_id, []) implied.append( shared.build_implied_role_response_data( role_dict[implied_role_id])) rules[prior_role_id] = implied inferences = [] for prior_id, implied, in rules.items(): prior_response = shared.build_prior_role_response_data( prior_id, role_dict[prior_id]['name']) inferences.append({'prior_role': prior_response, 'implies': implied}) results = {'role_inferences': inferences} return results
def _get_implied_role(self, prior_role_id, implied_role_id): # Isolate this logic so it can be re-used without added enforcement PROVIDERS.role_api.get_implied_role( prior_role_id, implied_role_id) implied_role_ref = PROVIDERS.role_api.get_role(implied_role_id) response_json = shared.role_inference_response(prior_role_id) response_json['role_inference'][ 'implies'] = shared.build_implied_role_response_data( implied_role_ref) response_json['links'] = { 'self': ks_flask.base_url( path='/roles/%(prior)s/implies/%(implies)s' % { 'prior': prior_role_id, 'implies': implied_role_id})} return response_json
def _get_implied_role(self, prior_role_id, implied_role_id): # Isolate this logic so it can be re-used without added enforcement PROVIDERS.role_api.get_implied_role( prior_role_id, implied_role_id) implied_role_ref = PROVIDERS.role_api.get_role(implied_role_id) response_json = shared.role_inference_response(prior_role_id) response_json['role_inference'][ 'implies'] = shared.build_implied_role_response_data( implied_role_ref) response_json['links'] = { 'self': ks_flask.base_url( path='/roles/%(prior)s/implies/%(implies)s' % { 'prior': prior_role_id, 'implies': implied_role_id})} return response_json
def get(self, prior_role_id): """List Implied Roles. GET/HEAD /v3/roles/{prior_role_id}/implies """ ENFORCER.enforce_call(action='identity:list_implied_roles', build_target=_build_enforcement_target_ref) ref = PROVIDERS.role_api.list_implied_roles(prior_role_id) implied_ids = [r['implied_role_id'] for r in ref] response_json = shared.role_inference_response(prior_role_id) response_json['role_inference']['implies'] = [] for implied_id in implied_ids: implied_role = PROVIDERS.role_api.get_role(implied_id) response_json['role_inference']['implies'].append( shared.build_implied_role_response_data(implied_role)) response_json['links'] = { 'self': ks_flask.base_url(path='/roles/%s/implies' % prior_role_id) } return response_json
def get(self, prior_role_id): """List Implied Roles. GET/HEAD /v3/roles/{prior_role_id}/implies """ ENFORCER.enforce_call(action='identity:list_implied_roles', build_target=_build_enforcement_target_ref) ref = PROVIDERS.role_api.list_implied_roles(prior_role_id) implied_ids = [r['implied_role_id'] for r in ref] response_json = shared.role_inference_response(prior_role_id) response_json['role_inference']['implies'] = [] for implied_id in implied_ids: implied_role = PROVIDERS.role_api.get_role(implied_id) response_json['role_inference']['implies'].append( shared.build_implied_role_response_data(implied_role)) response_json['links'] = { 'self': ks_flask.base_url( path='/roles/%s/implies' % prior_role_id)} return response_json