def append_v3_routers(self, mapper, routers):
tag_controller = controllers.ProjectTagV3()
routers.append(
router.Router(controllers.ProjectV3(),
'projects',
'project',
resource_descriptions=self.v3_resources))
self._add_resource(
mapper,
tag_controller,
path='/projects/{project_id}/tags',
get_head_action='list_project_tags',
put_action='update_project_tags',
delete_action='delete_project_tags',
rel=json_home.build_v3_resource_relation('project_tags'),
path_vars={'project_id': json_home.Parameters.PROJECT_ID})
self._add_resource(
mapper,
tag_controller,
path='/projects/{project_id}/tags/{value}',
get_head_action='get_project_tag',
put_action='create_project_tag',
delete_action='delete_project_tag',
rel=json_home.build_v3_resource_relation('project_tags'),
path_vars={
'project_id': json_home.Parameters.PROJECT_ID,
'value': json_home.Parameters.TAG_VALUE
})
def append_v3_routers(self, mapper, routers):
project_controller = controllers.ProjectAssignmentV3()
self._add_resource(
mapper,
project_controller,
path='/users/{user_id}/projects',
get_head_action='list_user_projects',
rel=json_home.build_v3_resource_relation('user_projects'),
path_vars={
'user_id': json_home.Parameters.USER_ID,
})
grant_controller = controllers.GrantAssignmentV3()
self._add_resource(
mapper,
grant_controller,
path='/projects/{project_id}/users/{user_id}/roles/{role_id}',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=json_home.build_v3_resource_relation('project_user_role'),
path_vars={
'project_id': json_home.Parameters.PROJECT_ID,
'role_id': json_home.Parameters.ROLE_ID,
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/projects/{project_id}/groups/{group_id}/roles/{role_id}',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=json_home.build_v3_resource_relation('project_group_role'),
path_vars={
'group_id': json_home.Parameters.GROUP_ID,
'project_id': json_home.Parameters.PROJECT_ID,
'role_id': json_home.Parameters.ROLE_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/projects/{project_id}/users/{user_id}/roles',
get_head_action='list_grants',
rel=json_home.build_v3_resource_relation('project_user_roles'),
path_vars={
'project_id': json_home.Parameters.PROJECT_ID,
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/projects/{project_id}/groups/{group_id}/roles',
get_head_action='list_grants',
rel=json_home.build_v3_resource_relation('project_group_roles'),
path_vars={
'group_id': json_home.Parameters.GROUP_ID,
'project_id': json_home.Parameters.PROJECT_ID,
})
def append_v3_routers(self, mapper, routers):
user_controller = controllers.UserV3()
routers.append(
router.Router(user_controller,
'users',
'user',
resource_descriptions=self.v3_resources))
self._add_resource(
mapper,
user_controller,
path='/users/{user_id}/password',
post_action='change_password',
rel=json_home.build_v3_resource_relation('user_change_password'),
path_vars={
'user_id': json_home.Parameters.USER_ID,
})
group_controller = controllers.GroupV3()
self._add_resource(
mapper,
group_controller,
path='/users/{user_id}/groups',
get_head_action='list_groups_for_user',
rel=json_home.build_v3_resource_relation('user_groups'),
path_vars={
'user_id': json_home.Parameters.USER_ID,
})
def add_routes(self, mapper):
collection_path = '/%(collection_key)s' % {
'collection_key': self.collection_key}
entity_path = '/%(collection_key)s/{%(key)s_id}' % {
'collection_key': self.collection_key,
'key': self.key}
mapper.connect(
collection_path,
controller=self.controller,
action='create_%s' % self.key,
conditions=dict(method=['POST']))
mapper.connect(
collection_path,
controller=self.controller,
action='list_%s' % self.collection_key,
conditions=dict(method=['GET']))
mapper.connect(
entity_path,
controller=self.controller,
action='get_%s' % self.key,
conditions=dict(method=['GET']))
mapper.connect(
entity_path,
controller=self.controller,
action='update_%s' % self.key,
conditions=dict(method=['PATCH']))
mapper.connect(
entity_path,
controller=self.controller,
action='delete_%s' % self.key,
conditions=dict(method=['DELETE']))
if self._resource_descriptions is not None:
# Add the collection resource and entity resource to the resource
# descriptions.
collection_rel = json_home.build_v3_resource_relation(
self.collection_key)
self._resource_descriptions.append(
(collection_rel,
{
'href': collection_path,
}
))
if self._is_entity_implemented:
entity_rel = json_home.build_v3_resource_relation(self.key)
id_str = '%s_id' % self.key
id_param_rel = json_home.build_v3_parameter_relation(id_str)
self._resource_descriptions.append(
(entity_rel,
{
'href-template': entity_path,
'href-vars': {
id_str: id_param_rel,
},
}
))
def append_v3_routers(self, mapper, routers):
routers.append(
router.Router(controllers.DomainV3(),
'domains',
'domain',
resource_descriptions=self.v3_resources))
config_controller = controllers.DomainConfigV3()
self._add_resource(
mapper,
config_controller,
path='/domains/{domain_id}/config',
get_head_action='get_domain_config',
put_action='create_domain_config',
patch_action='update_domain_config_only',
delete_action='delete_domain_config',
rel=json_home.build_v3_resource_relation('domain_config'),
status=json_home.Status.EXPERIMENTAL,
path_vars={'domain_id': json_home.Parameters.DOMAIN_ID})
config_group_param = (
json_home.build_v3_parameter_relation('config_group'))
self._add_resource(
mapper,
config_controller,
path='/domains/{domain_id}/config/{group}',
get_head_action='get_domain_config',
patch_action='update_domain_config_group',
delete_action='delete_domain_config',
rel=json_home.build_v3_resource_relation('domain_config_group'),
status=json_home.Status.EXPERIMENTAL,
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'group': config_group_param
})
self._add_resource(
mapper,
config_controller,
path='/domains/{domain_id}/config/{group}/{option}',
get_head_action='get_domain_config',
patch_action='update_domain_config',
delete_action='delete_domain_config',
rel=json_home.build_v3_resource_relation('domain_config_option'),
status=json_home.Status.EXPERIMENTAL,
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'group': config_group_param,
'option':
json_home.build_v3_parameter_relation('config_option')
})
routers.append(
router.Router(controllers.ProjectV3(),
'projects',
'project',
resource_descriptions=self.v3_resources))
def append_v3_routers(self, mapper, routers):
user_controller = controllers.UserV3()
routers.append(
router.Router(user_controller,
'users',
'user',
resource_descriptions=self.v3_resources))
self._add_resource(
mapper,
user_controller,
path='/users/{user_id}/password',
post_action='change_password',
rel=json_home.build_v3_resource_relation('user_change_password'),
path_vars={
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper,
user_controller,
path='/groups/{group_id}/users',
get_head_action='list_users_in_group',
rel=json_home.build_v3_resource_relation('group_users'),
path_vars={
'group_id': json_home.Parameters.GROUP_ID,
})
self._add_resource(
mapper,
user_controller,
path='/groups/{group_id}/users/{user_id}',
put_action='add_user_to_group',
get_head_action='check_user_in_group',
delete_action='remove_user_from_group',
rel=json_home.build_v3_resource_relation('group_user'),
path_vars={
'group_id': json_home.Parameters.GROUP_ID,
'user_id': json_home.Parameters.USER_ID,
})
group_controller = controllers.GroupV3()
routers.append(
router.Router(group_controller,
'groups',
'group',
resource_descriptions=self.v3_resources))
self._add_resource(
mapper,
group_controller,
path='/users/{user_id}/groups',
get_head_action='list_groups_for_user',
rel=json_home.build_v3_resource_relation('user_groups'),
path_vars={
'user_id': json_home.Parameters.USER_ID,
})
def append_v3_routers(self, mapper, routers):
routers.append(
router.Router(controllers.DomainV3(),
'domains', 'domain',
resource_descriptions=self.v3_resources))
config_controller = controllers.DomainConfigV3()
self._add_resource(
mapper, config_controller,
path='/domains/{domain_id}/config',
get_head_action='get_domain_config',
put_action='create_domain_config',
patch_action='update_domain_config_only',
delete_action='delete_domain_config',
rel=json_home.build_v3_resource_relation('domain_config'),
status=json_home.Status.EXPERIMENTAL,
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID
})
config_group_param = (
json_home.build_v3_parameter_relation('config_group'))
self._add_resource(
mapper, config_controller,
path='/domains/{domain_id}/config/{group}',
get_head_action='get_domain_config',
patch_action='update_domain_config_group',
delete_action='delete_domain_config',
rel=json_home.build_v3_resource_relation('domain_config_group'),
status=json_home.Status.EXPERIMENTAL,
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'group': config_group_param
})
self._add_resource(
mapper, config_controller,
path='/domains/{domain_id}/config/{group}/{option}',
get_head_action='get_domain_config',
patch_action='update_domain_config',
delete_action='delete_domain_config',
rel=json_home.build_v3_resource_relation('domain_config_option'),
status=json_home.Status.EXPERIMENTAL,
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'group': config_group_param,
'option': json_home.build_v3_parameter_relation(
'config_option')
})
routers.append(
router.Router(controllers.ProjectV3(),
'projects', 'project',
resource_descriptions=self.v3_resources))
def add_routes(self, mapper):
collection_path = '/%(collection_key)s' % {
'collection_key': self.collection_key
}
entity_path = '/%(collection_key)s/{%(key)s_id}' % {
'collection_key': self.collection_key,
'key': self.key
}
mapper.connect(collection_path,
controller=self.controller,
action=self.method_template % 'create_%s' % self.key,
conditions=dict(method=['POST']))
mapper.connect(collection_path,
controller=self.controller,
action=self.method_template % 'list_%s' %
self.collection_key,
conditions=dict(method=['GET', 'HEAD']))
mapper.connect(entity_path,
controller=self.controller,
action=self.method_template % 'get_%s' % self.key,
conditions=dict(method=['GET', 'HEAD']))
mapper.connect(entity_path,
controller=self.controller,
action=self.method_template % 'update_%s' % self.key,
conditions=dict(method=['PATCH']))
mapper.connect(entity_path,
controller=self.controller,
action=self.method_template % 'delete_%s' % self.key,
conditions=dict(method=['DELETE']))
# Add the collection resource and entity resource to the resource
# descriptions.
collection_rel = json_home.build_v3_resource_relation(
self.collection_key)
rel_data = {
'href': collection_path,
}
self._resource_descriptions.append((collection_rel, rel_data))
json_home.JsonHomeResources.append_resource(collection_rel, rel_data)
if self._is_entity_implemented:
entity_rel = json_home.build_v3_resource_relation(self.key)
id_str = '%s_id' % self.key
id_param_rel = json_home.build_v3_parameter_relation(id_str)
entity_rel_data = {
'href-template': entity_path,
'href-vars': {
id_str: id_param_rel,
},
}
self._resource_descriptions.append((entity_rel, entity_rel_data))
json_home.JsonHomeResources.append_resource(
entity_rel, entity_rel_data)
def append_v3_routers(self, mapper, routers):
self._add_resource(
mapper, controllers.RegisteredLimitV3(),
path='/registered_limits',
post_action='create_registered_limits',
get_head_action='list_registered_limits',
status=json_home.Status.EXPERIMENTAL,
rel=json_home.build_v3_resource_relation('registered_limits')
)
self._add_resource(
mapper, controllers.RegisteredLimitV3(),
path='/registered_limits/{registered_limit_id}',
get_head_action='get_registered_limit',
patch_action='update_registered_limit',
delete_action='delete_registered_limit',
status=json_home.Status.EXPERIMENTAL,
rel=json_home.build_v3_resource_relation('registered_limits'),
path_vars={
'registered_limit_id':
json_home.Parameters.REGISTERED_LIMIT_ID}
)
self._add_resource(
mapper, controllers.LimitV3(),
path='/limits',
post_action='create_limits',
get_head_action='list_limits',
status=json_home.Status.EXPERIMENTAL,
rel=json_home.build_v3_resource_relation('limits')
)
self._add_resource(
mapper, controllers.LimitV3(),
path='/limits/model',
get_head_action='get_limit_model',
status=json_home.Status.EXPERIMENTAL,
rel=json_home.build_v3_resource_relation('limit_model')
)
self._add_resource(
mapper, controllers.LimitV3(),
path='/limits/{limit_id}',
get_head_action='get_limit',
patch_action='update_limit',
delete_action='delete_limit',
status=json_home.Status.EXPERIMENTAL,
rel=json_home.build_v3_resource_relation('limits'),
path_vars={
'limit_id':
json_home.Parameters.LIMIT_ID}
)
def append_v3_routers(self, mapper, routers):
auth_controller = controllers.Auth()
self._add_resource(
mapper, auth_controller,
path='/auth/tokens',
get_action='validate_token',
head_action='check_token',
post_action='authenticate_for_token',
delete_action='revoke_token',
rel=json_home.build_v3_resource_relation('auth_tokens'))
self._add_resource(
mapper, auth_controller,
path='/auth/tokens/OS-PKI/revoked',
get_head_action='revocation_list',
rel=json_home.build_v3_extension_resource_relation(
'OS-PKI', '1.0', 'revocations'))
self._add_resource(
mapper, auth_controller,
path='/auth/catalog',
get_head_action='get_auth_catalog',
rel=json_home.build_v3_resource_relation('auth_catalog'))
self._add_resource(
mapper, auth_controller,
path='/auth/projects',
get_head_action='get_auth_projects',
rel=json_home.build_v3_resource_relation('auth_projects'))
self._add_resource(
mapper, auth_controller,
path='/auth/domains',
get_head_action='get_auth_domains',
rel=json_home.build_v3_resource_relation('auth_domains'))
# NOTE(morgan): explicitly add json_home data for auth_projects and
# auth_domains for OS-FEDERATION here, as auth will always own it
# based upon how the flask scaffolding works. This bit is transitional
# for the move to flask.
for element in ['projects', 'domains']:
resource_data = {'href': '/auth/%s' % element}
json_home.Status.update_resource_data(
resource_data, status=json_home.Status.STABLE)
json_home.JsonHomeResources.append_resource(
json_home_relations.os_federation_resource_rel_func(
resource_name=element), resource_data)
self._add_resource(
mapper, auth_controller,
path='/auth/system',
get_head_action='get_auth_system',
rel=json_home.build_v3_resource_relation('auth_system'))
def append_v3_routers(self, mapper, routers):
user_controller = controllers.User()
routers.append(
router.Router(user_controller,
'users', 'user',
resource_descriptions=self.v3_resources))
self._add_resource(
mapper, user_controller,
path='/users/{user_id}/password',
post_action='change_password',
rel=json_home.build_v3_resource_relation('user_change_password'),
path_vars={
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper, user_controller,
path='/groups/{group_id}/users',
get_action='list_users_in_group',
rel=json_home.build_v3_resource_relation('group_users'),
path_vars={
'group_id': json_home.Parameters.GROUP_ID,
})
self._add_resource(
mapper, user_controller,
path='/groups/{group_id}/users/{user_id}',
put_action='add_user_to_group',
get_head_action='check_user_in_group',
delete_action='remove_user_from_group',
rel=json_home.build_v3_resource_relation('group_user'),
path_vars={
'group_id': json_home.Parameters.GROUP_ID,
'user_id': json_home.Parameters.USER_ID,
})
group_controller = controllers.Group()
routers.append(
router.Router(group_controller,
'groups', 'group',
resource_descriptions=self.v3_resources))
self._add_resource(
mapper, group_controller,
path='/users/{user_id}/groups',
get_action='list_groups_for_user',
rel=json_home.build_v3_resource_relation('user_groups'),
path_vars={
'user_id': json_home.Parameters.USER_ID,
})
def add_routes(self, mapper):
collection_path = "/%(collection_key)s" % {"collection_key": self.collection_key}
entity_path = "/%(collection_key)s/{%(key)s_id}" % {"collection_key": self.collection_key, "key": self.key}
mapper.connect(
collection_path,
controller=self.controller,
action=self.method_template % "create_%s" % self.key,
conditions=dict(method=["POST"]),
)
mapper.connect(
collection_path,
controller=self.controller,
action=self.method_template % "list_%s" % self.collection_key,
conditions=dict(method=["GET"]),
)
mapper.connect(
entity_path,
controller=self.controller,
action=self.method_template % "get_%s" % self.key,
conditions=dict(method=["GET"]),
)
mapper.connect(
entity_path,
controller=self.controller,
action=self.method_template % "update_%s" % self.key,
conditions=dict(method=["PATCH"]),
)
mapper.connect(
entity_path,
controller=self.controller,
action=self.method_template % "delete_%s" % self.key,
conditions=dict(method=["DELETE"]),
)
# Add the collection resource and entity resource to the resource
# descriptions.
collection_rel = json_home.build_v3_resource_relation(self.collection_key)
rel_data = {"href": collection_path}
self._resource_descriptions.append((collection_rel, rel_data))
if self._is_entity_implemented:
entity_rel = json_home.build_v3_resource_relation(self.key)
id_str = "%s_id" % self.key
id_param_rel = json_home.build_v3_parameter_relation(id_str)
entity_rel_data = {"href-template": entity_path, "href-vars": {id_str: id_param_rel}}
self._resource_descriptions.append((entity_rel, entity_rel_data))
def test_build_v3_resource_relation(self):
resource_name = self.getUniqueString()
relation = json_home.build_v3_resource_relation(resource_name)
exp_relation = (
'http://docs.openstack.org/api/openstack-identity/3/rel/%s' %
resource_name)
self.assertThat(relation, matchers.Equals(exp_relation))
def test_construct_resource_map(self):
param_relation = json_home.build_v3_parameter_relation(
'argument_id')
url = '/v3/arguments/<string:argument_id>'
old_url = ['/v3/old_arguments/<string:argument_id>']
resource_name = 'arguments'
mapping = flask_common.construct_resource_map(
resource=_TestResourceWithCollectionInfo,
url=url,
resource_kwargs={},
alternate_urls=old_url,
rel=resource_name,
status=json_home.Status.EXPERIMENTAL,
path_vars={'argument_id': param_relation},
resource_relation_func=json_home.build_v3_resource_relation)
self.assertEqual(_TestResourceWithCollectionInfo,
mapping.resource)
self.assertEqual(url, mapping.url)
self.assertEqual(old_url, mapping.alternate_urls)
self.assertEqual(json_home.build_v3_resource_relation(resource_name),
mapping.json_home_data.rel)
self.assertEqual(json_home.Status.EXPERIMENTAL,
mapping.json_home_data.status)
self.assertEqual({'argument_id': param_relation},
mapping.json_home_data.path_vars)
def test_build_v3_resource_relation(self):
resource_name = self.getUniqueString()
relation = json_home.build_v3_resource_relation(resource_name)
exp_relation = (
'http://docs.openstack.org/api/openstack-identity/3/rel/%s' %
resource_name)
self.assertThat(relation, matchers.Equals(exp_relation))
def append_v3_routers(self, mapper, routers):
auth_controller = controllers.Auth()
self._add_resource(
mapper,
auth_controller,
path='/auth/tokens',
get_action='validate_token',
head_action='check_token',
post_action='authenticate_for_token',
delete_action='revoke_token',
rel=json_home.build_v3_resource_relation('auth_tokens'))
self._add_resource(mapper,
auth_controller,
path='/auth/tokens/OS-PKI/revoked',
get_head_action='revocation_list',
rel=json_home.build_v3_extension_resource_relation(
'OS-PKI', '1.0', 'revocations'))
self._add_resource(
mapper,
auth_controller,
path='/auth/catalog',
get_head_action='get_auth_catalog',
rel=json_home.build_v3_resource_relation('auth_catalog'))
self._add_resource(
mapper,
auth_controller,
path='/auth/projects',
get_head_action='get_auth_projects',
rel=json_home.build_v3_resource_relation('auth_projects'))
self._add_resource(
mapper,
auth_controller,
path='/auth/domains',
get_head_action='get_auth_domains',
rel=json_home.build_v3_resource_relation('auth_domains'))
self._add_resource(
mapper,
auth_controller,
path='/auth/system',
get_head_action='get_auth_system',
rel=json_home.build_v3_resource_relation('auth_system'))
def append_v3_routers(self, mapper, routers):
amey_controller = myapi.Amey()
self._add_resource(
mapper, amey_controller,
path='/amey_api/myapi',
get_action='list_data',
rel=json_home.build_v3_resource_relation('auth_tokens'))
def append_v3_routers(self, mapper, routers):
self._add_resource(
mapper, controllers.RegisteredLimitV3(),
path='/registered_limits',
post_action='create_registered_limits',
put_action='update_registered_limits',
get_head_action='list_registered_limits',
status=json_home.Status.EXPERIMENTAL,
rel=json_home.build_v3_resource_relation('registered_limits')
)
self._add_resource(
mapper, controllers.RegisteredLimitV3(),
path='/registered_limits/{registered_limit_id}',
get_head_action='get_registered_limit',
delete_action='delete_registered_limit',
status=json_home.Status.EXPERIMENTAL,
rel=json_home.build_v3_resource_relation('registered_limits'),
path_vars={
'registered_limit_id':
json_home.Parameters.REGISTERED_LIMIT_ID}
)
self._add_resource(
mapper, controllers.LimitV3(),
path='/limits',
post_action='create_limits',
put_action='update_limits',
get_head_action='list_limits',
status=json_home.Status.EXPERIMENTAL,
rel=json_home.build_v3_resource_relation('limits')
)
self._add_resource(
mapper, controllers.LimitV3(),
path='/limits/{limit_id}',
get_head_action='get_limit',
delete_action='delete_limit',
status=json_home.Status.EXPERIMENTAL,
rel=json_home.build_v3_resource_relation('limits'),
path_vars={
'limit_id':
json_home.Parameters.LIMIT_ID}
)
def append_v3_routers(self, mapper, routers):
auth_controller = controllers.Auth()
# NOTE(morganfainberg): For policy enforcement reasons, the
# ``validate_token_head`` method is still used for HEAD requests.
# The controller method makes the same call as the validate_token
# call and lets wsgi.render_response remove the body data.
self._add_resource(
mapper,
auth_controller,
path='/auth/tokens',
get_action='validate_token',
head_action='check_token',
post_action='authenticate_for_token',
delete_action='revoke_token',
rel=json_home.build_v3_resource_relation('auth_tokens'))
self._add_resource(mapper,
auth_controller,
path='/auth/tokens/OS-PKI/revoked',
get_action='revocation_list',
rel=json_home.build_v3_extension_resource_relation(
'OS-PKI', '1.0', 'revocations'))
self._add_resource(
mapper,
auth_controller,
path='/auth/catalog',
get_action='get_auth_catalog',
rel=json_home.build_v3_resource_relation('auth_catalog'))
self._add_resource(
mapper,
auth_controller,
path='/auth/projects',
get_action='get_auth_projects',
rel=json_home.build_v3_resource_relation('auth_projects'))
self._add_resource(
mapper,
auth_controller,
path='/auth/domains',
get_action='get_auth_domains',
rel=json_home.build_v3_resource_relation('auth_domains'))
def append_v3_routers(self, mapper, routers):
user_controller = controllers.UserV3()
routers.append(router.Router(user_controller, "users", "user", resource_descriptions=self.v3_resources))
self._add_resource(
mapper,
user_controller,
path="/users/{user_id}/password",
post_action="change_password",
rel=json_home.build_v3_resource_relation("user_change_password"),
path_vars={"user_id": json_home.Parameters.USER_ID},
)
self._add_resource(
mapper,
user_controller,
path="/groups/{group_id}/users",
get_action="list_users_in_group",
rel=json_home.build_v3_resource_relation("group_users"),
path_vars={"group_id": json_home.Parameters.GROUP_ID},
)
self._add_resource(
mapper,
user_controller,
path="/groups/{group_id}/users/{user_id}",
put_action="add_user_to_group",
get_head_action="check_user_in_group",
delete_action="remove_user_from_group",
rel=json_home.build_v3_resource_relation("group_user"),
path_vars={"group_id": json_home.Parameters.GROUP_ID, "user_id": json_home.Parameters.USER_ID},
)
group_controller = controllers.GroupV3()
routers.append(router.Router(group_controller, "groups", "group", resource_descriptions=self.v3_resources))
self._add_resource(
mapper,
group_controller,
path="/users/{user_id}/groups",
get_action="list_groups_for_user",
rel=json_home.build_v3_resource_relation("user_groups"),
path_vars={"user_id": json_home.Parameters.USER_ID},
)
def append_v3_routers(self, mapper, routers):
auth_controller = controllers.Auth()
self._add_resource(
mapper, auth_controller,
path='/auth/tokens',
get_action='validate_token',
head_action='check_token',
post_action='authenticate_for_token',
delete_action='revoke_token',
rel=json_home.build_v3_resource_relation('auth_tokens'))
self._add_resource(
mapper, auth_controller,
path='/auth/tokens/OS-PKI/revoked',
get_head_action='revocation_list',
rel=json_home.build_v3_extension_resource_relation(
'OS-PKI', '1.0', 'revocations'))
self._add_resource(
mapper, auth_controller,
path='/auth/catalog',
get_head_action='get_auth_catalog',
rel=json_home.build_v3_resource_relation('auth_catalog'))
self._add_resource(
mapper, auth_controller,
path='/auth/projects',
get_head_action='get_auth_projects',
rel=json_home.build_v3_resource_relation('auth_projects'))
self._add_resource(
mapper, auth_controller,
path='/auth/domains',
get_head_action='get_auth_domains',
rel=json_home.build_v3_resource_relation('auth_domains'))
self._add_resource(
mapper, auth_controller,
path='/auth/system',
get_head_action='get_auth_system',
rel=json_home.build_v3_resource_relation('auth_system'))
def append_v3_routers(self, mapper, routers):
auth_controller = controllers.Auth()
# NOTE(morganfainberg): For policy enforcement reasons, the
# ``validate_token_head`` method is still used for HEAD requests.
# The controller method makes the same call as the validate_token
# call and lets wsgi.render_response remove the body data.
self._add_resource(
mapper, auth_controller,
path='/auth/tokens',
get_action='validate_token',
head_action='check_token',
post_action='authenticate_for_token',
delete_action='revoke_token',
rel=json_home.build_v3_resource_relation('auth_tokens'))
self._add_resource(
mapper, auth_controller,
path='/auth/tokens/OS-PKI/revoked',
get_action='revocation_list',
rel=json_home.build_v3_extension_resource_relation(
'OS-PKI', '1.0', 'revocations'))
self._add_resource(
mapper, auth_controller,
path='/auth/catalog',
get_action='get_auth_catalog',
rel=json_home.build_v3_resource_relation('auth_catalog'))
self._add_resource(
mapper, auth_controller,
path='/auth/projects',
get_action='get_auth_projects',
rel=json_home.build_v3_resource_relation('auth_projects'))
self._add_resource(
mapper, auth_controller,
path='/auth/domains',
get_action='get_auth_domains',
rel=json_home.build_v3_resource_relation('auth_domains'))
def test_construct_resource_map(self):
resource_name = 'arguments'
param_relation = json_home.build_v3_parameter_relation(
'argument_id')
alt_rel_func = functools.partial(
json_home.build_v3_extension_resource_relation,
extension_name='extension', extension_version='1.0')
url = '/v3/arguments/<string:argument_id>'
old_url = [dict(
url='/v3/old_arguments/<string:argument_id>',
json_home=flask_common.construct_json_home_data(
rel='arguments',
resource_relation_func=alt_rel_func)
)]
mapping = flask_common.construct_resource_map(
resource=_TestResourceWithCollectionInfo,
url=url,
resource_kwargs={},
alternate_urls=old_url,
rel=resource_name,
status=json_home.Status.EXPERIMENTAL,
path_vars={'argument_id': param_relation},
resource_relation_func=json_home.build_v3_resource_relation)
self.assertEqual(_TestResourceWithCollectionInfo,
mapping.resource)
self.assertEqual(url, mapping.url)
self.assertEqual(json_home.build_v3_resource_relation(resource_name),
mapping.json_home_data.rel)
self.assertEqual(json_home.Status.EXPERIMENTAL,
mapping.json_home_data.status)
self.assertEqual({'argument_id': param_relation},
mapping.json_home_data.path_vars)
# Check the alternate URL data is populated sanely
self.assertEqual(1, len(mapping.alternate_urls))
alt_url_data = mapping.alternate_urls[0]
self.assertEqual(old_url[0]['url'], alt_url_data['url'])
self.assertEqual(old_url[0]['json_home'], alt_url_data['json_home'])
'/protocols/{protocol_id}/auth')
FEDERATED_IDP_SPECIFIC_WEBSSO = ('/auth/OS-FEDERATION/identity_providers/'
'{idp_id}/protocols/{protocol_id}/websso')
APPLICATION_CREDENTIAL = ('/users/{user_id}/application_credentials/'
'{application_credential_id}')
APPLICATION_CREDENTIALS = '/users/{user_id}/application_credentials'
APPLICATION_CREDENTIAL_RELATION = (
json_home.build_v3_parameter_relation('application_credential_id'))
ACCESS_RULE = '/users/{user_id}/access_rules/{access_rule_id}'
ACCESS_RULES = '/users/{user_id}/access_rules'
ACCESS_RULE_RELATION = json_home.build_v3_parameter_relation('access_rule_id')
V3_JSON_HOME_RESOURCES = {
json_home.build_v3_resource_relation('auth_tokens'): {
'href': '/auth/tokens'
},
json_home.build_v3_resource_relation('auth_catalog'): {
'href': '/auth/catalog'
},
json_home.build_v3_resource_relation('auth_projects'): {
'href': '/auth/projects'
},
json_home.build_v3_resource_relation('auth_domains'): {
'href': '/auth/domains'
},
json_home.build_v3_resource_relation('auth_system'): {
'href': '/auth/system'
},
json_home.build_v3_resource_relation('credential'): {
def append_v3_routers(self, mapper, routers):
project_controller = controllers.ProjectAssignmentV3()
self._add_resource(
mapper,
project_controller,
path='/users/{user_id}/projects',
get_action='list_user_projects',
rel=json_home.build_v3_resource_relation('user_projects'),
path_vars={
'user_id': json_home.Parameters.USER_ID,
})
routers.append(
router.Router(controllers.RoleV3(),
'roles',
'role',
resource_descriptions=self.v3_resources,
method_template='%s_wrapper'))
implied_roles_controller = controllers.ImpliedRolesV3()
self._add_resource(
mapper,
implied_roles_controller,
path='/roles/{prior_role_id}/implies',
rel=json_home.build_v3_resource_relation('implied_roles'),
get_action='list_implied_roles',
status=json_home.Status.EXPERIMENTAL,
path_vars={
'prior_role_id': json_home.Parameters.ROLE_ID,
})
self._add_resource(
mapper,
implied_roles_controller,
path='/roles/{prior_role_id}/implies/{implied_role_id}',
put_action='create_implied_role',
delete_action='delete_implied_role',
head_action='check_implied_role',
get_action='get_implied_role',
rel=json_home.build_v3_resource_relation('implied_role'),
status=json_home.Status.EXPERIMENTAL,
path_vars={
'prior_role_id': json_home.Parameters.ROLE_ID,
'implied_role_id': json_home.Parameters.ROLE_ID
})
self._add_resource(
mapper,
implied_roles_controller,
path='/role_inferences',
get_action='list_role_inference_rules',
rel=json_home.build_v3_resource_relation('role_inferences'),
status=json_home.Status.EXPERIMENTAL,
path_vars={})
grant_controller = controllers.GrantAssignmentV3()
self._add_resource(
mapper,
grant_controller,
path='/projects/{project_id}/users/{user_id}/roles/{role_id}',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=json_home.build_v3_resource_relation('project_user_role'),
path_vars={
'project_id': json_home.Parameters.PROJECT_ID,
'role_id': json_home.Parameters.ROLE_ID,
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/projects/{project_id}/groups/{group_id}/roles/{role_id}',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=json_home.build_v3_resource_relation('project_group_role'),
path_vars={
'group_id': json_home.Parameters.GROUP_ID,
'project_id': json_home.Parameters.PROJECT_ID,
'role_id': json_home.Parameters.ROLE_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/projects/{project_id}/users/{user_id}/roles',
get_action='list_grants',
rel=json_home.build_v3_resource_relation('project_user_roles'),
path_vars={
'project_id': json_home.Parameters.PROJECT_ID,
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/projects/{project_id}/groups/{group_id}/roles',
get_action='list_grants',
rel=json_home.build_v3_resource_relation('project_group_roles'),
path_vars={
'group_id': json_home.Parameters.GROUP_ID,
'project_id': json_home.Parameters.PROJECT_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/domains/{domain_id}/users/{user_id}/roles/{role_id}',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=json_home.build_v3_resource_relation('domain_user_role'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'role_id': json_home.Parameters.ROLE_ID,
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/domains/{domain_id}/groups/{group_id}/roles/{role_id}',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=json_home.build_v3_resource_relation('domain_group_role'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'group_id': json_home.Parameters.GROUP_ID,
'role_id': json_home.Parameters.ROLE_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/domains/{domain_id}/users/{user_id}/roles',
get_action='list_grants',
rel=json_home.build_v3_resource_relation('domain_user_roles'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/domains/{domain_id}/groups/{group_id}/roles',
get_action='list_grants',
rel=json_home.build_v3_resource_relation('domain_group_roles'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'group_id': json_home.Parameters.GROUP_ID,
})
self._add_resource(
mapper,
controllers.RoleAssignmentV3(),
path='/role_assignments',
get_action='list_role_assignments_wrapper',
rel=json_home.build_v3_resource_relation('role_assignments'))
if CONF.os_inherit.enabled:
self._add_resource(
mapper,
grant_controller,
path='/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/'
'{role_id}/inherited_to_projects',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=build_os_inherit_relation(
resource_name='domain_user_role_inherited_to_projects'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'role_id': json_home.Parameters.ROLE_ID,
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/'
'{role_id}/inherited_to_projects',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=build_os_inherit_relation(
resource_name='domain_group_role_inherited_to_projects'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'group_id': json_home.Parameters.GROUP_ID,
'role_id': json_home.Parameters.ROLE_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/'
'inherited_to_projects',
get_action='list_grants',
rel=build_os_inherit_relation(
resource_name='domain_group_roles_inherited_to_projects'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'group_id': json_home.Parameters.GROUP_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/'
'inherited_to_projects',
get_action='list_grants',
rel=build_os_inherit_relation(
resource_name='domain_user_roles_inherited_to_projects'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/OS-INHERIT/projects/{project_id}/users/{user_id}/roles/'
'{role_id}/inherited_to_projects',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=build_os_inherit_relation(
resource_name='project_user_role_inherited_to_projects'),
path_vars={
'project_id': json_home.Parameters.PROJECT_ID,
'user_id': json_home.Parameters.USER_ID,
'role_id': json_home.Parameters.ROLE_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/OS-INHERIT/projects/{project_id}/groups/{group_id}/'
'roles/{role_id}/inherited_to_projects',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=build_os_inherit_relation(
resource_name='project_group_role_inherited_to_projects'),
path_vars={
'project_id': json_home.Parameters.PROJECT_ID,
'group_id': json_home.Parameters.GROUP_ID,
'role_id': json_home.Parameters.ROLE_ID,
})
'OS-EP-FILTER', '1.0', 'endpoint_group_id'))
BASE_IDP_PROTOCOL = '/OS-FEDERATION/identity_providers/{idp_id}/protocols'
BASE_EP_POLICY = '/policies/{policy_id}/OS-ENDPOINT-POLICY'
BASE_EP_FILTER_PREFIX = '/OS-EP-FILTER'
BASE_EP_FILTER = BASE_EP_FILTER_PREFIX + '/endpoint_groups/{endpoint_group_id}'
BASE_ACCESS_TOKEN = (
'/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}')
FEDERATED_AUTH_URL = ('/OS-FEDERATION/identity_providers/{idp_id}'
'/protocols/{protocol_id}/auth')
FEDERATED_IDP_SPECIFIC_WEBSSO = ('/auth/OS-FEDERATION/identity_providers/'
'{idp_id}/protocols/{protocol_id}/websso')
V3_JSON_HOME_RESOURCES = {
json_home.build_v3_resource_relation('auth_tokens'): {
'href': '/auth/tokens'},
json_home.build_v3_resource_relation('auth_catalog'): {
'href': '/auth/catalog'},
json_home.build_v3_resource_relation('auth_projects'): {
'href': '/auth/projects'},
json_home.build_v3_resource_relation('auth_domains'): {
'href': '/auth/domains'},
json_home.build_v3_resource_relation('credential'): {
'href-template': '/credentials/{credential_id}',
'href-vars': {
'credential_id':
json_home.build_v3_parameter_relation('credential_id')}},
json_home.build_v3_resource_relation('credentials'): {
'href': '/credentials'},
json_home.build_v3_resource_relation('domain'): {
def append_v3_routers(self, mapper, routers):
routers.append(
router.Router(controllers.DomainV3(),
'domains',
'domain',
resource_descriptions=self.v3_resources))
project_controller = controllers.ProjectV3()
routers.append(
router.Router(project_controller,
'projects',
'project',
resource_descriptions=self.v3_resources))
self._add_resource(
mapper,
project_controller,
path='/users/{user_id}/projects',
get_action='list_user_projects',
rel=json_home.build_v3_resource_relation('user_projects'),
path_vars={
'user_id': json_home.Parameters.USER_ID,
})
role_controller = controllers.RoleV3()
routers.append(
router.Router(role_controller,
'roles',
'role',
resource_descriptions=self.v3_resources))
self._add_resource(
mapper,
role_controller,
path='/projects/{project_id}/users/{user_id}/roles/{role_id}',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=json_home.build_v3_resource_relation('project_user_role'),
path_vars={
'project_id': json_home.Parameters.PROJECT_ID,
'role_id': json_home.Parameters.ROLE_ID,
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper,
role_controller,
path='/projects/{project_id}/groups/{group_id}/roles/{role_id}',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=json_home.build_v3_resource_relation('project_group_role'),
path_vars={
'group_id': json_home.Parameters.GROUP_ID,
'project_id': json_home.Parameters.PROJECT_ID,
'role_id': json_home.Parameters.ROLE_ID,
})
self._add_resource(
mapper,
role_controller,
path='/projects/{project_id}/users/{user_id}/roles',
get_action='list_grants',
rel=json_home.build_v3_resource_relation('project_user_roles'),
path_vars={
'project_id': json_home.Parameters.PROJECT_ID,
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper,
role_controller,
path='/projects/{project_id}/groups/{group_id}/roles',
get_action='list_grants',
rel=json_home.build_v3_resource_relation('project_group_roles'),
path_vars={
'group_id': json_home.Parameters.GROUP_ID,
'project_id': json_home.Parameters.PROJECT_ID,
})
self._add_resource(
mapper,
role_controller,
path='/domains/{domain_id}/users/{user_id}/roles/{role_id}',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=json_home.build_v3_resource_relation('domain_user_role'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'role_id': json_home.Parameters.ROLE_ID,
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper,
role_controller,
path='/domains/{domain_id}/groups/{group_id}/roles/{role_id}',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=json_home.build_v3_resource_relation('domain_group_role'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'group_id': json_home.Parameters.GROUP_ID,
'role_id': json_home.Parameters.ROLE_ID,
})
self._add_resource(
mapper,
role_controller,
path='/domains/{domain_id}/users/{user_id}/roles',
get_action='list_grants',
rel=json_home.build_v3_resource_relation('domain_user_roles'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper,
role_controller,
path='/domains/{domain_id}/groups/{group_id}/roles',
get_action='list_grants',
rel=json_home.build_v3_resource_relation('domain_group_roles'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'group_id': json_home.Parameters.GROUP_ID,
})
routers.append(
router.Router(controllers.RoleAssignmentV3(),
'role_assignments',
'role_assignment',
resource_descriptions=self.v3_resources,
is_entity_implemented=False))
if config.CONF.os_inherit.enabled:
self._add_resource(
mapper,
role_controller,
path='/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/'
'{role_id}/inherited_to_projects',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=build_os_inherit_relation(
resource_name='domain_user_role_inherited_to_projects'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'role_id': json_home.Parameters.ROLE_ID,
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper,
role_controller,
path='/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/'
'{role_id}/inherited_to_projects',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=build_os_inherit_relation(
resource_name='domain_group_role_inherited_to_projects'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'group_id': json_home.Parameters.GROUP_ID,
'role_id': json_home.Parameters.ROLE_ID,
})
self._add_resource(
mapper,
role_controller,
path='/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/'
'inherited_to_projects',
get_action='list_grants',
rel=build_os_inherit_relation(
resource_name='domain_group_roles_inherited_to_projects'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'group_id': json_home.Parameters.GROUP_ID,
})
self._add_resource(
mapper,
role_controller,
path='/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/'
'inherited_to_projects',
get_action='list_grants',
rel=build_os_inherit_relation(
resource_name='domain_user_roles_inherited_to_projects'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper,
role_controller,
path='/OS-INHERIT/projects/{project_id}/users/{user_id}/roles/'
'{role_id}/inherited_to_projects',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=build_os_inherit_relation(
resource_name='project_user_role_inherited_to_projects'),
path_vars={
'project_id': json_home.Parameters.PROJECT_ID,
'user_id': json_home.Parameters.USER_ID,
'role_id': json_home.Parameters.ROLE_ID,
})
self._add_resource(
mapper,
role_controller,
path='/OS-INHERIT/projects/{project_id}/groups/{group_id}/'
'roles/{role_id}/inherited_to_projects',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=build_os_inherit_relation(
resource_name='project_group_role_inherited_to_projects'),
path_vars={
'project_id': json_home.Parameters.PROJECT_ID,
'group_id': json_home.Parameters.GROUP_ID,
'role_id': json_home.Parameters.ROLE_ID,
})
ENDPOINT_GROUP_ID_PARAMETER_RELATION = json_home.build_v3_extension_parameter_relation(
"OS-EP-FILTER", "1.0", "endpoint_group_id"
)
BASE_IDP_PROTOCOL = "/OS-FEDERATION/identity_providers/{idp_id}/protocols"
BASE_EP_POLICY = "/policies/{policy_id}/OS-ENDPOINT-POLICY"
BASE_EP_FILTER_PREFIX = "/OS-EP-FILTER"
BASE_EP_FILTER = BASE_EP_FILTER_PREFIX + "/endpoint_groups/{endpoint_group_id}"
BASE_ACCESS_TOKEN = "/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}"
# TODO(stevemar): Use BASE_IDP_PROTOCOL when bug 1420125 is resolved.
FEDERATED_AUTH_URL = "/OS-FEDERATION/identity_providers/{identity_provider}" "/protocols/{protocol}/auth"
V3_JSON_HOME_RESOURCES_INHERIT_DISABLED = {
json_home.build_v3_resource_relation("auth_tokens"): {"href": "/auth/tokens"},
json_home.build_v3_resource_relation("auth_catalog"): {"href": "/auth/catalog"},
json_home.build_v3_resource_relation("auth_projects"): {"href": "/auth/projects"},
json_home.build_v3_resource_relation("auth_domains"): {"href": "/auth/domains"},
json_home.build_v3_resource_relation("credential"): {
"href-template": "/credentials/{credential_id}",
"href-vars": {"credential_id": json_home.build_v3_parameter_relation("credential_id")},
},
json_home.build_v3_resource_relation("credentials"): {"href": "/credentials"},
json_home.build_v3_resource_relation("domain"): {
"href-template": "/domains/{domain_id}",
"href-vars": {"domain_id": json_home.Parameters.DOMAIN_ID},
},
json_home.build_v3_resource_relation("domain_group_role"): {
"href-template": "/domains/{domain_id}/groups/{group_id}/roles/{role_id}",
"href-vars": {
def append_v3_routers(self, mapper, routers):
routers.append(
router.Router(controllers.DomainV3(),
'domains', 'domain',
resource_descriptions=self.v3_resources))
config_controller = controllers.DomainConfigV3()
tag_controller = controllers.ProjectTagV3()
self._add_resource(
mapper, config_controller,
path='/domains/{domain_id}/config',
get_head_action='get_domain_config',
put_action='create_domain_config',
patch_action='update_domain_config_only',
delete_action='delete_domain_config',
rel=json_home.build_v3_resource_relation('domain_config'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID
})
config_group_param = (
json_home.build_v3_parameter_relation('config_group'))
self._add_resource(
mapper, config_controller,
path='/domains/{domain_id}/config/{group}',
get_head_action='get_domain_config_wrapper',
patch_action='update_domain_config_group',
delete_action='delete_domain_config',
rel=json_home.build_v3_resource_relation('domain_config_group'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'group': config_group_param
})
self._add_resource(
mapper, config_controller,
path='/domains/{domain_id}/config/{group}/{option}',
get_head_action='get_domain_config_wrapper',
patch_action='update_domain_config',
delete_action='delete_domain_config',
rel=json_home.build_v3_resource_relation('domain_config_option'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'group': config_group_param,
'option': json_home.build_v3_parameter_relation(
'config_option')
})
self._add_resource(
mapper, config_controller,
path='/domains/config/default',
get_head_action='get_domain_config_default',
rel=json_home.build_v3_resource_relation('domain_config_default'))
self._add_resource(
mapper, config_controller,
path='/domains/config/{group}/default',
get_head_action='get_domain_config_default',
rel=json_home.build_v3_resource_relation(
'domain_config_default_group'),
path_vars={
'group': config_group_param
})
self._add_resource(
mapper, config_controller,
path='/domains/config/{group}/{option}/default',
get_head_action='get_domain_config_default',
rel=json_home.build_v3_resource_relation(
'domain_config_default_option'),
path_vars={
'group': config_group_param,
'option': json_home.build_v3_parameter_relation(
'config_option')
})
routers.append(
router.Router(controllers.ProjectV3(),
'projects', 'project',
resource_descriptions=self.v3_resources))
self._add_resource(
mapper, tag_controller,
path='/projects/{project_id}/tags',
get_head_action='list_project_tags',
put_action='update_project_tags',
delete_action='delete_project_tags',
rel=json_home.build_v3_resource_relation(
'project_tags'),
path_vars={
'project_id': json_home.Parameters.PROJECT_ID
})
self._add_resource(
mapper, tag_controller,
path='/projects/{project_id}/tags/{value}',
get_head_action='get_project_tag',
put_action='create_project_tag',
delete_action='delete_project_tag',
rel=json_home.build_v3_resource_relation(
'project_tags'),
path_vars={
'project_id': json_home.Parameters.PROJECT_ID,
'value': json_home.Parameters.TAG_VALUE
})
def append_v3_routers(self, mapper, routers):
routers.append(
router.Router(controllers.DomainV3(),
'domains', 'domain',
resource_descriptions=self.v3_resources))
project_controller = controllers.ProjectV3()
routers.append(
router.Router(project_controller,
'projects', 'project',
resource_descriptions=self.v3_resources))
self._add_resource(
mapper, project_controller,
path='/users/{user_id}/projects',
get_action='list_user_projects',
rel=json_home.build_v3_resource_relation('user_projects'),
path_vars={
'user_id': json_home.Parameters.USER_ID,
})
role_controller = controllers.RoleV3()
routers.append(
router.Router(role_controller, 'roles', 'role',
resource_descriptions=self.v3_resources))
self._add_resource(
mapper, role_controller,
path='/projects/{project_id}/users/{user_id}/roles/{role_id}',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=json_home.build_v3_resource_relation('project_user_role'),
path_vars={
'project_id': json_home.Parameters.PROJECT_ID,
'role_id': json_home.Parameters.ROLE_ID,
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper, role_controller,
path='/projects/{project_id}/groups/{group_id}/roles/{role_id}',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=json_home.build_v3_resource_relation('project_group_role'),
path_vars={
'group_id': json_home.Parameters.GROUP_ID,
'project_id': json_home.Parameters.PROJECT_ID,
'role_id': json_home.Parameters.ROLE_ID,
})
self._add_resource(
mapper, role_controller,
path='/projects/{project_id}/users/{user_id}/roles',
get_action='list_grants',
rel=json_home.build_v3_resource_relation('project_user_roles'),
path_vars={
'project_id': json_home.Parameters.PROJECT_ID,
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper, role_controller,
path='/projects/{project_id}/groups/{group_id}/roles',
get_action='list_grants',
rel=json_home.build_v3_resource_relation('project_group_roles'),
path_vars={
'group_id': json_home.Parameters.GROUP_ID,
'project_id': json_home.Parameters.PROJECT_ID,
})
self._add_resource(
mapper, role_controller,
path='/domains/{domain_id}/users/{user_id}/roles/{role_id}',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=json_home.build_v3_resource_relation('domain_user_role'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'role_id': json_home.Parameters.ROLE_ID,
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper, role_controller,
path='/domains/{domain_id}/groups/{group_id}/roles/{role_id}',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=json_home.build_v3_resource_relation('domain_group_role'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'group_id': json_home.Parameters.GROUP_ID,
'role_id': json_home.Parameters.ROLE_ID,
})
self._add_resource(
mapper, role_controller,
path='/domains/{domain_id}/users/{user_id}/roles',
get_action='list_grants',
rel=json_home.build_v3_resource_relation('domain_user_roles'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper, role_controller,
path='/domains/{domain_id}/groups/{group_id}/roles',
get_action='list_grants',
rel=json_home.build_v3_resource_relation('domain_group_roles'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'group_id': json_home.Parameters.GROUP_ID,
})
routers.append(
router.Router(controllers.RoleAssignmentV3(),
'role_assignments', 'role_assignment',
resource_descriptions=self.v3_resources,
is_entity_implemented=False))
if config.CONF.os_inherit.enabled:
self._add_resource(
mapper, role_controller,
path='/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/'
'{role_id}/inherited_to_projects',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=build_os_inherit_relation(
resource_name='domain_user_role_inherited_to_projects'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'role_id': json_home.Parameters.ROLE_ID,
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper, role_controller,
path='/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/'
'{role_id}/inherited_to_projects',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=build_os_inherit_relation(
resource_name='domain_group_role_inherited_to_projects'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'group_id': json_home.Parameters.GROUP_ID,
'role_id': json_home.Parameters.ROLE_ID,
})
self._add_resource(
mapper, role_controller,
path='/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/'
'inherited_to_projects',
get_action='list_grants',
rel=build_os_inherit_relation(
resource_name='domain_group_roles_inherited_to_projects'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'group_id': json_home.Parameters.GROUP_ID,
})
self._add_resource(
mapper, role_controller,
path='/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/'
'inherited_to_projects',
get_action='list_grants',
rel=build_os_inherit_relation(
resource_name='domain_user_roles_inherited_to_projects'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'user_id': json_home.Parameters.USER_ID,
})
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
"""WSGI Routers for the Application Credential service."""
from keystone.application_credential import controllers
from keystone.common import json_home
from keystone.common import wsgi
APP_CRED_RESOURCE_RELATION = json_home.build_v3_resource_relation(
'application_credential')
APP_CRED_PARAMETER_RELATION = json_home.build_v3_parameter_relation(
'application_credential_id')
APP_CRED_COLLECTION_PATH = '/users/{user_id}/application_credentials'
APP_CRED_RESOURCE_PATH = (
'/users/{user_id}/application_credentials/{application_credential_id}'
)
class Routers(wsgi.RoutersBase):
_path_prefixes = (APP_CRED_COLLECTION_PATH, 'users',)
def append_v3_routers(self, mapper, routers):
app_cred_controller = controllers.ApplicationCredentialV3()
self._add_resource(
def append_v3_routers(self, mapper, routers):
routers.append(
router.Router(controllers.DomainV3(),
'domains',
'domain',
resource_descriptions=self.v3_resources))
config_controller = controllers.DomainConfigV3()
tag_controller = controllers.ProjectTagV3()
self._add_resource(
mapper,
config_controller,
path='/domains/{domain_id}/config',
get_head_action='get_domain_config',
put_action='create_domain_config',
patch_action='update_domain_config_only',
delete_action='delete_domain_config',
rel=json_home.build_v3_resource_relation('domain_config'),
path_vars={'domain_id': json_home.Parameters.DOMAIN_ID})
config_group_param = (
json_home.build_v3_parameter_relation('config_group'))
self._add_resource(
mapper,
config_controller,
path='/domains/{domain_id}/config/{group}',
get_head_action='get_domain_config_wrapper',
patch_action='update_domain_config_group',
delete_action='delete_domain_config',
rel=json_home.build_v3_resource_relation('domain_config_group'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'group': config_group_param
})
self._add_resource(
mapper,
config_controller,
path='/domains/{domain_id}/config/{group}/{option}',
get_head_action='get_domain_config_wrapper',
patch_action='update_domain_config',
delete_action='delete_domain_config',
rel=json_home.build_v3_resource_relation('domain_config_option'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'group': config_group_param,
'option':
json_home.build_v3_parameter_relation('config_option')
})
self._add_resource(
mapper,
config_controller,
path='/domains/config/default',
get_head_action='get_domain_config_default',
rel=json_home.build_v3_resource_relation('domain_config_default'))
self._add_resource(mapper,
config_controller,
path='/domains/config/{group}/default',
get_head_action='get_domain_config_default',
rel=json_home.build_v3_resource_relation(
'domain_config_default_group'),
path_vars={'group': config_group_param})
self._add_resource(
mapper,
config_controller,
path='/domains/config/{group}/{option}/default',
get_head_action='get_domain_config_default',
rel=json_home.build_v3_resource_relation(
'domain_config_default_option'),
path_vars={
'group': config_group_param,
'option':
json_home.build_v3_parameter_relation('config_option')
})
routers.append(
router.Router(controllers.ProjectV3(),
'projects',
'project',
resource_descriptions=self.v3_resources))
self._add_resource(
mapper,
tag_controller,
path='/projects/{project_id}/tags',
get_head_action='list_project_tags',
put_action='update_project_tags',
delete_action='delete_project_tags',
rel=json_home.build_v3_resource_relation('project_tags'),
path_vars={'project_id': json_home.Parameters.PROJECT_ID})
self._add_resource(
mapper,
tag_controller,
path='/projects/{project_id}/tags/{value}',
get_head_action='get_project_tag',
put_action='create_project_tag',
delete_action='delete_project_tag',
rel=json_home.build_v3_resource_relation('project_tags'),
path_vars={
'project_id': json_home.Parameters.PROJECT_ID,
'value': json_home.Parameters.TAG_VALUE
})
def _add_resources(self):
# Add resources that are standardized. Each resource implements a
# base set of handling for a collection of entities such as
# `users`. Resources are sourced from self.resources. Each resource
# should have an attribute/property containing the `collection_key`
# which is typically the "plural" form of the entity, e.g. `users` and
# `member_key` which is typically the "singular" of the entity, e.g.
# `user`. Resources are sourced from self.resources, each element is
# simply a :class:`flask_restful.Resource`.
for r in self.resources:
c_key = getattr(r, 'collection_key', None)
m_key = getattr(r, 'member_key', None)
if not c_key or not m_key:
LOG.debug(
'Unable to add resource %(resource)s to API '
'%(name)s, both `member_key` and `collection_key` '
'must be implemented. [collection_key(%(col_key)s) '
'member_key(%(m_key)s)]', {
'resource': r.__class__.view_class.__name__,
'name': self._name,
'col_key': c_key,
'm_key': m_key
})
continue
collection_path = '/%s' % c_key
entity_path = '/%(collection_key)s/<string:%(member_key)s_id>' % {
'collection_key': c_key,
'member_key': m_key
}
# NOTE(morgan): The json-home form of the entity path is different
# from the flask-url routing form.
jh_e_path = _URL_SUBST.sub('{\\1}', entity_path)
LOG.debug(
'Adding standard routes to API %(name)s for `%(resource)s` '
'[%(collection_path)s, %(entity_path)s]', {
'name': self._name,
'resource': r.__class__.__name__,
'collection_path': collection_path,
'entity_path': entity_path
})
self.api.add_resource(r, collection_path, entity_path)
# Add JSON Home data
collection_rel = json_home.build_v3_resource_relation(c_key)
rel_data = {'href': collection_path}
entity_rel = json_home.build_v3_resource_relation(m_key)
id_str = '%s_id' % m_key
id_param_rel = json_home.build_v3_parameter_relation(id_str)
entity_rel_data = {
'href-template': jh_e_path,
'href-vars': {
id_str: id_param_rel
}
}
json_home.JsonHomeResources.append_resource(
collection_rel, rel_data)
json_home.JsonHomeResources.append_resource(
entity_rel, entity_rel_data)
def append_v3_routers(self, mapper, routers):
project_controller = controllers.ProjectAssignmentV3()
self._add_resource(
mapper,
project_controller,
path="/users/{user_id}/projects",
get_head_action="list_user_projects",
rel=json_home.build_v3_resource_relation("user_projects"),
path_vars={"user_id": json_home.Parameters.USER_ID},
)
routers.append(
router.Router(
controllers.RoleV3(),
"roles",
"role",
resource_descriptions=self.v3_resources,
method_template="%s_wrapper",
)
)
implied_roles_controller = controllers.ImpliedRolesV3()
self._add_resource(
mapper,
implied_roles_controller,
path="/roles/{prior_role_id}/implies",
rel=json_home.build_v3_resource_relation("implied_roles"),
get_action="list_implied_roles",
status=json_home.Status.EXPERIMENTAL,
path_vars={"prior_role_id": json_home.Parameters.ROLE_ID},
)
self._add_resource(
mapper,
implied_roles_controller,
path="/roles/{prior_role_id}/implies/{implied_role_id}",
put_action="create_implied_role",
delete_action="delete_implied_role",
head_action="check_implied_role",
get_action="get_implied_role",
rel=json_home.build_v3_resource_relation("implied_role"),
status=json_home.Status.EXPERIMENTAL,
path_vars={"prior_role_id": json_home.Parameters.ROLE_ID, "implied_role_id": json_home.Parameters.ROLE_ID},
)
self._add_resource(
mapper,
implied_roles_controller,
path="/role_inferences",
get_action="list_role_inference_rules",
rel=json_home.build_v3_resource_relation("role_inferences"),
status=json_home.Status.EXPERIMENTAL,
path_vars={},
)
grant_controller = controllers.GrantAssignmentV3()
self._add_resource(
mapper,
grant_controller,
path="/projects/{project_id}/users/{user_id}/roles/{role_id}",
get_head_action="check_grant",
put_action="create_grant",
delete_action="revoke_grant",
rel=json_home.build_v3_resource_relation("project_user_role"),
path_vars={
"project_id": json_home.Parameters.PROJECT_ID,
"role_id": json_home.Parameters.ROLE_ID,
"user_id": json_home.Parameters.USER_ID,
},
)
self._add_resource(
mapper,
grant_controller,
path="/projects/{project_id}/groups/{group_id}/roles/{role_id}",
get_head_action="check_grant",
put_action="create_grant",
delete_action="revoke_grant",
rel=json_home.build_v3_resource_relation("project_group_role"),
path_vars={
"group_id": json_home.Parameters.GROUP_ID,
"project_id": json_home.Parameters.PROJECT_ID,
"role_id": json_home.Parameters.ROLE_ID,
},
)
self._add_resource(
mapper,
grant_controller,
path="/projects/{project_id}/users/{user_id}/roles",
get_head_action="list_grants",
rel=json_home.build_v3_resource_relation("project_user_roles"),
path_vars={"project_id": json_home.Parameters.PROJECT_ID, "user_id": json_home.Parameters.USER_ID},
)
self._add_resource(
mapper,
grant_controller,
path="/projects/{project_id}/groups/{group_id}/roles",
get_head_action="list_grants",
rel=json_home.build_v3_resource_relation("project_group_roles"),
path_vars={"group_id": json_home.Parameters.GROUP_ID, "project_id": json_home.Parameters.PROJECT_ID},
)
self._add_resource(
mapper,
grant_controller,
path="/domains/{domain_id}/users/{user_id}/roles/{role_id}",
get_head_action="check_grant",
put_action="create_grant",
delete_action="revoke_grant",
rel=json_home.build_v3_resource_relation("domain_user_role"),
path_vars={
"domain_id": json_home.Parameters.DOMAIN_ID,
"role_id": json_home.Parameters.ROLE_ID,
"user_id": json_home.Parameters.USER_ID,
},
)
self._add_resource(
mapper,
grant_controller,
path="/domains/{domain_id}/groups/{group_id}/roles/{role_id}",
get_head_action="check_grant",
put_action="create_grant",
delete_action="revoke_grant",
rel=json_home.build_v3_resource_relation("domain_group_role"),
path_vars={
"domain_id": json_home.Parameters.DOMAIN_ID,
"group_id": json_home.Parameters.GROUP_ID,
"role_id": json_home.Parameters.ROLE_ID,
},
)
self._add_resource(
mapper,
grant_controller,
path="/domains/{domain_id}/users/{user_id}/roles",
get_head_action="list_grants",
rel=json_home.build_v3_resource_relation("domain_user_roles"),
path_vars={"domain_id": json_home.Parameters.DOMAIN_ID, "user_id": json_home.Parameters.USER_ID},
)
self._add_resource(
mapper,
grant_controller,
path="/domains/{domain_id}/groups/{group_id}/roles",
get_head_action="list_grants",
rel=json_home.build_v3_resource_relation("domain_group_roles"),
path_vars={"domain_id": json_home.Parameters.DOMAIN_ID, "group_id": json_home.Parameters.GROUP_ID},
)
self._add_resource(
mapper,
controllers.RoleAssignmentV3(),
path="/role_assignments",
get_head_action="list_role_assignments_wrapper",
rel=json_home.build_v3_resource_relation("role_assignments"),
)
if CONF.os_inherit.enabled:
self._add_resource(
mapper,
grant_controller,
path="/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/" "{role_id}/inherited_to_projects",
get_head_action="check_grant",
put_action="create_grant",
delete_action="revoke_grant",
rel=build_os_inherit_relation(resource_name="domain_user_role_inherited_to_projects"),
path_vars={
"domain_id": json_home.Parameters.DOMAIN_ID,
"role_id": json_home.Parameters.ROLE_ID,
"user_id": json_home.Parameters.USER_ID,
},
)
self._add_resource(
mapper,
grant_controller,
path="/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/" "{role_id}/inherited_to_projects",
get_head_action="check_grant",
put_action="create_grant",
delete_action="revoke_grant",
rel=build_os_inherit_relation(resource_name="domain_group_role_inherited_to_projects"),
path_vars={
"domain_id": json_home.Parameters.DOMAIN_ID,
"group_id": json_home.Parameters.GROUP_ID,
"role_id": json_home.Parameters.ROLE_ID,
},
)
self._add_resource(
mapper,
grant_controller,
path="/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/" "inherited_to_projects",
get_action="list_grants",
rel=build_os_inherit_relation(resource_name="domain_group_roles_inherited_to_projects"),
path_vars={"domain_id": json_home.Parameters.DOMAIN_ID, "group_id": json_home.Parameters.GROUP_ID},
)
self._add_resource(
mapper,
grant_controller,
path="/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/" "inherited_to_projects",
get_action="list_grants",
rel=build_os_inherit_relation(resource_name="domain_user_roles_inherited_to_projects"),
path_vars={"domain_id": json_home.Parameters.DOMAIN_ID, "user_id": json_home.Parameters.USER_ID},
)
self._add_resource(
mapper,
grant_controller,
path="/OS-INHERIT/projects/{project_id}/users/{user_id}/roles/" "{role_id}/inherited_to_projects",
get_head_action="check_grant",
put_action="create_grant",
delete_action="revoke_grant",
rel=build_os_inherit_relation(resource_name="project_user_role_inherited_to_projects"),
path_vars={
"project_id": json_home.Parameters.PROJECT_ID,
"user_id": json_home.Parameters.USER_ID,
"role_id": json_home.Parameters.ROLE_ID,
},
)
self._add_resource(
mapper,
grant_controller,
path="/OS-INHERIT/projects/{project_id}/groups/{group_id}/" "roles/{role_id}/inherited_to_projects",
get_head_action="check_grant",
put_action="create_grant",
delete_action="revoke_grant",
rel=build_os_inherit_relation(resource_name="project_group_role_inherited_to_projects"),
path_vars={
"project_id": json_home.Parameters.PROJECT_ID,
"group_id": json_home.Parameters.GROUP_ID,
"role_id": json_home.Parameters.ROLE_ID,
},
)
def append_v3_routers(self, mapper, routers):
project_controller = controllers.ProjectAssignmentV3()
self._add_resource(
mapper, project_controller,
path='/users/{user_id}/projects',
get_head_action='list_user_projects',
rel=json_home.build_v3_resource_relation('user_projects'),
path_vars={
'user_id': json_home.Parameters.USER_ID,
})
routers.append(
router.Router(controllers.RoleV3(), 'roles', 'role',
resource_descriptions=self.v3_resources,
method_template='%s_wrapper'))
implied_roles_controller = controllers.ImpliedRolesV3()
self._add_resource(
mapper, implied_roles_controller,
path='/roles/{prior_role_id}/implies',
rel=json_home.build_v3_resource_relation('implied_roles'),
get_action='list_implied_roles',
status=json_home.Status.EXPERIMENTAL,
path_vars={
'prior_role_id': json_home.Parameters.ROLE_ID,
}
)
self._add_resource(
mapper, implied_roles_controller,
path='/roles/{prior_role_id}/implies/{implied_role_id}',
put_action='create_implied_role',
delete_action='delete_implied_role',
head_action='check_implied_role',
get_action='get_implied_role',
rel=json_home.build_v3_resource_relation('implied_role'),
status=json_home.Status.EXPERIMENTAL,
path_vars={
'prior_role_id': json_home.Parameters.ROLE_ID,
'implied_role_id': json_home.Parameters.ROLE_ID
}
)
self._add_resource(
mapper, implied_roles_controller,
path='/role_inferences',
get_action='list_role_inference_rules',
rel=json_home.build_v3_resource_relation('role_inferences'),
status=json_home.Status.EXPERIMENTAL,
path_vars={}
)
grant_controller = controllers.GrantAssignmentV3()
self._add_resource(
mapper, grant_controller,
path='/projects/{project_id}/users/{user_id}/roles/{role_id}',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=json_home.build_v3_resource_relation('project_user_role'),
path_vars={
'project_id': json_home.Parameters.PROJECT_ID,
'role_id': json_home.Parameters.ROLE_ID,
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper, grant_controller,
path='/projects/{project_id}/groups/{group_id}/roles/{role_id}',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=json_home.build_v3_resource_relation('project_group_role'),
path_vars={
'group_id': json_home.Parameters.GROUP_ID,
'project_id': json_home.Parameters.PROJECT_ID,
'role_id': json_home.Parameters.ROLE_ID,
})
self._add_resource(
mapper, grant_controller,
path='/projects/{project_id}/users/{user_id}/roles',
get_head_action='list_grants',
rel=json_home.build_v3_resource_relation('project_user_roles'),
path_vars={
'project_id': json_home.Parameters.PROJECT_ID,
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper, grant_controller,
path='/projects/{project_id}/groups/{group_id}/roles',
get_head_action='list_grants',
rel=json_home.build_v3_resource_relation('project_group_roles'),
path_vars={
'group_id': json_home.Parameters.GROUP_ID,
'project_id': json_home.Parameters.PROJECT_ID,
})
self._add_resource(
mapper, grant_controller,
path='/domains/{domain_id}/users/{user_id}/roles/{role_id}',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=json_home.build_v3_resource_relation('domain_user_role'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'role_id': json_home.Parameters.ROLE_ID,
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper, grant_controller,
path='/domains/{domain_id}/groups/{group_id}/roles/{role_id}',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=json_home.build_v3_resource_relation('domain_group_role'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'group_id': json_home.Parameters.GROUP_ID,
'role_id': json_home.Parameters.ROLE_ID,
})
self._add_resource(
mapper, grant_controller,
path='/domains/{domain_id}/users/{user_id}/roles',
get_head_action='list_grants',
rel=json_home.build_v3_resource_relation('domain_user_roles'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper, grant_controller,
path='/domains/{domain_id}/groups/{group_id}/roles',
get_head_action='list_grants',
rel=json_home.build_v3_resource_relation('domain_group_roles'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'group_id': json_home.Parameters.GROUP_ID,
})
self._add_resource(
mapper, controllers.RoleAssignmentV3(),
path='/role_assignments',
get_head_action='list_role_assignments_wrapper',
rel=json_home.build_v3_resource_relation('role_assignments'))
self._add_resource(
mapper, grant_controller,
path='/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/'
'{role_id}/inherited_to_projects',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=build_os_inherit_relation(
resource_name='domain_user_role_inherited_to_projects'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'role_id': json_home.Parameters.ROLE_ID,
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper, grant_controller,
path='/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/'
'{role_id}/inherited_to_projects',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=build_os_inherit_relation(
resource_name='domain_group_role_inherited_to_projects'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'group_id': json_home.Parameters.GROUP_ID,
'role_id': json_home.Parameters.ROLE_ID,
})
self._add_resource(
mapper, grant_controller,
path='/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/'
'inherited_to_projects',
get_action='list_grants',
rel=build_os_inherit_relation(
resource_name='domain_group_roles_inherited_to_projects'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'group_id': json_home.Parameters.GROUP_ID,
})
self._add_resource(
mapper, grant_controller,
path='/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/'
'inherited_to_projects',
get_action='list_grants',
rel=build_os_inherit_relation(
resource_name='domain_user_roles_inherited_to_projects'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper, grant_controller,
path='/OS-INHERIT/projects/{project_id}/users/{user_id}/roles/'
'{role_id}/inherited_to_projects',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=build_os_inherit_relation(
resource_name='project_user_role_inherited_to_projects'),
path_vars={
'project_id': json_home.Parameters.PROJECT_ID,
'user_id': json_home.Parameters.USER_ID,
'role_id': json_home.Parameters.ROLE_ID,
})
self._add_resource(
mapper, grant_controller,
path='/OS-INHERIT/projects/{project_id}/groups/{group_id}/'
'roles/{role_id}/inherited_to_projects',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=build_os_inherit_relation(
resource_name='project_group_role_inherited_to_projects'),
path_vars={
'project_id': json_home.Parameters.PROJECT_ID,
'group_id': json_home.Parameters.GROUP_ID,
'role_id': json_home.Parameters.ROLE_ID,
})
REVOCATIONS_RELATION = json_home.build_v3_extension_resource_relation(
'OS-PKI', '1.0', 'revocations')
_build_simple_cert_relation = functools.partial(
json_home.build_v3_extension_resource_relation,
extension_name='OS-SIMPLE-CERT', extension_version='1.0')
_build_trust_relation = functools.partial(
json_home.build_v3_extension_resource_relation, extension_name='OS-TRUST',
extension_version='1.0')
TRUST_ID_PARAMETER_RELATION = json_home.build_v3_extension_parameter_relation(
'OS-TRUST', '1.0', 'trust_id')
V3_JSON_HOME_RESOURCES_INHERIT_DISABLED = {
json_home.build_v3_resource_relation('auth_tokens'): {
'href': '/auth/tokens'},
json_home.build_v3_resource_relation('auth_catalog'): {
'href': '/auth/catalog'},
json_home.build_v3_resource_relation('auth_projects'): {
'href': '/auth/projects'},
json_home.build_v3_resource_relation('auth_domains'): {
'href': '/auth/domains'},
json_home.build_v3_resource_relation('credential'): {
'href-template': '/credentials/{credential_id}',
'href-vars': {
'credential_id':
json_home.build_v3_parameter_relation('credential_id')}},
json_home.build_v3_resource_relation('credentials'): {
'href': '/credentials'},
json_home.build_v3_resource_relation('domain'): {
def append_v3_routers(self, mapper, routers):
routers.append(
router.Router(controllers.DomainV3(), "domains", "domain", resource_descriptions=self.v3_resources)
)
project_controller = controllers.ProjectV3()
routers.append(
router.Router(project_controller, "projects", "project", resource_descriptions=self.v3_resources)
)
self._add_resource(
mapper,
project_controller,
path="/users/{user_id}/projects",
get_action="list_user_projects",
rel=json_home.build_v3_resource_relation("user_projects"),
path_vars={"user_id": json_home.Parameters.USER_ID},
)
role_controller = controllers.RoleV3()
routers.append(router.Router(role_controller, "roles", "role", resource_descriptions=self.v3_resources))
self._add_resource(
mapper,
role_controller,
path="/projects/{project_id}/users/{user_id}/roles/{role_id}",
get_head_action="check_grant",
put_action="create_grant",
delete_action="revoke_grant",
rel=json_home.build_v3_resource_relation("project_user_role"),
path_vars={
"project_id": json_home.Parameters.PROJECT_ID,
"role_id": json_home.Parameters.ROLE_ID,
"user_id": json_home.Parameters.USER_ID,
},
)
self._add_resource(
mapper,
role_controller,
path="/projects/{project_id}/groups/{group_id}/roles/{role_id}",
get_head_action="check_grant",
put_action="create_grant",
delete_action="revoke_grant",
rel=json_home.build_v3_resource_relation("project_group_role"),
path_vars={
"group_id": json_home.Parameters.GROUP_ID,
"project_id": json_home.Parameters.PROJECT_ID,
"role_id": json_home.Parameters.ROLE_ID,
},
)
self._add_resource(
mapper,
role_controller,
path="/projects/{project_id}/users/{user_id}/roles",
get_action="list_grants",
rel=json_home.build_v3_resource_relation("project_user_roles"),
path_vars={"project_id": json_home.Parameters.PROJECT_ID, "user_id": json_home.Parameters.USER_ID},
)
self._add_resource(
mapper,
role_controller,
path="/projects/{project_id}/groups/{group_id}/roles",
get_action="list_grants",
rel=json_home.build_v3_resource_relation("project_group_roles"),
path_vars={"group_id": json_home.Parameters.GROUP_ID, "project_id": json_home.Parameters.PROJECT_ID},
)
self._add_resource(
mapper,
role_controller,
path="/domains/{domain_id}/users/{user_id}/roles/{role_id}",
get_head_action="check_grant",
put_action="create_grant",
delete_action="revoke_grant",
rel=json_home.build_v3_resource_relation("domain_user_role"),
path_vars={
"domain_id": json_home.Parameters.DOMAIN_ID,
"role_id": json_home.Parameters.ROLE_ID,
"user_id": json_home.Parameters.USER_ID,
},
)
self._add_resource(
mapper,
role_controller,
path="/domains/{domain_id}/groups/{group_id}/roles/{role_id}",
get_head_action="check_grant",
put_action="create_grant",
delete_action="revoke_grant",
rel=json_home.build_v3_resource_relation("domain_group_role"),
path_vars={
"domain_id": json_home.Parameters.DOMAIN_ID,
"group_id": json_home.Parameters.GROUP_ID,
"role_id": json_home.Parameters.ROLE_ID,
},
)
self._add_resource(
mapper,
role_controller,
path="/domains/{domain_id}/users/{user_id}/roles",
get_action="list_grants",
rel=json_home.build_v3_resource_relation("domain_user_roles"),
path_vars={"domain_id": json_home.Parameters.DOMAIN_ID, "user_id": json_home.Parameters.USER_ID},
)
self._add_resource(
mapper,
role_controller,
path="/domains/{domain_id}/groups/{group_id}/roles",
get_action="list_grants",
rel=json_home.build_v3_resource_relation("domain_group_roles"),
path_vars={"domain_id": json_home.Parameters.DOMAIN_ID, "group_id": json_home.Parameters.GROUP_ID},
)
routers.append(
router.Router(
controllers.RoleAssignmentV3(),
"role_assignments",
"role_assignment",
resource_descriptions=self.v3_resources,
is_entity_implemented=False,
)
)
if config.CONF.os_inherit.enabled:
self._add_resource(
mapper,
role_controller,
path="/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/" "{role_id}/inherited_to_projects",
get_head_action="check_grant",
put_action="create_grant",
delete_action="revoke_grant",
rel=build_os_inherit_relation(resource_name="domain_user_role_inherited_to_projects"),
path_vars={
"domain_id": json_home.Parameters.DOMAIN_ID,
"role_id": json_home.Parameters.ROLE_ID,
"user_id": json_home.Parameters.USER_ID,
},
)
self._add_resource(
mapper,
role_controller,
path="/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/" "{role_id}/inherited_to_projects",
get_head_action="check_grant",
put_action="create_grant",
delete_action="revoke_grant",
rel=build_os_inherit_relation(resource_name="domain_group_role_inherited_to_projects"),
path_vars={
"domain_id": json_home.Parameters.DOMAIN_ID,
"group_id": json_home.Parameters.GROUP_ID,
"role_id": json_home.Parameters.ROLE_ID,
},
)
self._add_resource(
mapper,
role_controller,
path="/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/" "inherited_to_projects",
get_action="list_grants",
rel=build_os_inherit_relation(resource_name="domain_group_roles_inherited_to_projects"),
path_vars={"domain_id": json_home.Parameters.DOMAIN_ID, "group_id": json_home.Parameters.GROUP_ID},
)
self._add_resource(
mapper,
role_controller,
path="/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/" "inherited_to_projects",
get_action="list_grants",
rel=build_os_inherit_relation(resource_name="domain_user_roles_inherited_to_projects"),
path_vars={"domain_id": json_home.Parameters.DOMAIN_ID, "user_id": json_home.Parameters.USER_ID},
)
self._add_resource(
mapper,
role_controller,
path="/OS-INHERIT/projects/{project_id}/users/{user_id}/roles/" "{role_id}/inherited_to_projects",
get_head_action="check_grant",
put_action="create_grant",
delete_action="revoke_grant",
rel=build_os_inherit_relation(resource_name="project_user_role_inherited_to_projects"),
path_vars={
"project_id": json_home.Parameters.PROJECT_ID,
"user_id": json_home.Parameters.USER_ID,
"role_id": json_home.Parameters.ROLE_ID,
},
)
self._add_resource(
mapper,
role_controller,
path="/OS-INHERIT/projects/{project_id}/groups/{group_id}/" "roles/{role_id}/inherited_to_projects",
get_head_action="check_grant",
put_action="create_grant",
delete_action="revoke_grant",
rel=build_os_inherit_relation(resource_name="project_group_role_inherited_to_projects"),
path_vars={
"project_id": json_home.Parameters.PROJECT_ID,
"group_id": json_home.Parameters.GROUP_ID,
"role_id": json_home.Parameters.ROLE_ID,
},
)
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
"""WSGI Routers for the Application Credential service."""
from keystone.application_credential import controllers
from keystone.common import json_home
from keystone.common import wsgi
APP_CRED_RESOURCE_RELATION = json_home.build_v3_resource_relation(
'application_credential')
APP_CRED_PARAMETER_RELATION = json_home.build_v3_parameter_relation(
'application_credential_id')
APP_CRED_COLLECTION_PATH = '/users/{user_id}/application_credentials'
APP_CRED_RESOURCE_PATH = (
'/users/{user_id}/application_credentials/{application_credential_id}')
class Routers(wsgi.RoutersBase):
_path_prefixes = (
APP_CRED_COLLECTION_PATH,
'users',
)
def append_v3_routers(self, mapper, routers):
app_cred_controller = controllers.ApplicationCredentialV3()
def append_v3_routers(self, mapper, routers):
project_controller = controllers.ProjectAssignmentV3()
self._add_resource(
mapper,
project_controller,
path='/users/{user_id}/projects',
get_head_action='list_user_projects',
rel=json_home.build_v3_resource_relation('user_projects'),
path_vars={
'user_id': json_home.Parameters.USER_ID,
})
grant_controller = controllers.GrantAssignmentV3()
self._add_resource(
mapper,
grant_controller,
path='/projects/{project_id}/users/{user_id}/roles/{role_id}',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=json_home.build_v3_resource_relation('project_user_role'),
path_vars={
'project_id': json_home.Parameters.PROJECT_ID,
'role_id': json_home.Parameters.ROLE_ID,
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/projects/{project_id}/groups/{group_id}/roles/{role_id}',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=json_home.build_v3_resource_relation('project_group_role'),
path_vars={
'group_id': json_home.Parameters.GROUP_ID,
'project_id': json_home.Parameters.PROJECT_ID,
'role_id': json_home.Parameters.ROLE_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/projects/{project_id}/users/{user_id}/roles',
get_head_action='list_grants',
rel=json_home.build_v3_resource_relation('project_user_roles'),
path_vars={
'project_id': json_home.Parameters.PROJECT_ID,
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/projects/{project_id}/groups/{group_id}/roles',
get_head_action='list_grants',
rel=json_home.build_v3_resource_relation('project_group_roles'),
path_vars={
'group_id': json_home.Parameters.GROUP_ID,
'project_id': json_home.Parameters.PROJECT_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/domains/{domain_id}/users/{user_id}/roles/{role_id}',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=json_home.build_v3_resource_relation('domain_user_role'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'role_id': json_home.Parameters.ROLE_ID,
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/domains/{domain_id}/groups/{group_id}/roles/{role_id}',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=json_home.build_v3_resource_relation('domain_group_role'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'group_id': json_home.Parameters.GROUP_ID,
'role_id': json_home.Parameters.ROLE_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/domains/{domain_id}/users/{user_id}/roles',
get_head_action='list_grants',
rel=json_home.build_v3_resource_relation('domain_user_roles'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/domains/{domain_id}/groups/{group_id}/roles',
get_head_action='list_grants',
rel=json_home.build_v3_resource_relation('domain_group_roles'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'group_id': json_home.Parameters.GROUP_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/'
'{role_id}/inherited_to_projects',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=build_os_inherit_relation(
resource_name='domain_user_role_inherited_to_projects'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'role_id': json_home.Parameters.ROLE_ID,
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/'
'{role_id}/inherited_to_projects',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=build_os_inherit_relation(
resource_name='domain_group_role_inherited_to_projects'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'group_id': json_home.Parameters.GROUP_ID,
'role_id': json_home.Parameters.ROLE_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/'
'inherited_to_projects',
get_head_action='list_grants',
rel=build_os_inherit_relation(
resource_name='domain_group_roles_inherited_to_projects'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'group_id': json_home.Parameters.GROUP_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/'
'inherited_to_projects',
get_head_action='list_grants',
rel=build_os_inherit_relation(
resource_name='domain_user_roles_inherited_to_projects'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/OS-INHERIT/projects/{project_id}/users/{user_id}/roles/'
'{role_id}/inherited_to_projects',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=build_os_inherit_relation(
resource_name='project_user_role_inherited_to_projects'),
path_vars={
'project_id': json_home.Parameters.PROJECT_ID,
'user_id': json_home.Parameters.USER_ID,
'role_id': json_home.Parameters.ROLE_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/OS-INHERIT/projects/{project_id}/groups/{group_id}/'
'roles/{role_id}/inherited_to_projects',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=build_os_inherit_relation(
resource_name='project_group_role_inherited_to_projects'),
path_vars={
'project_id': json_home.Parameters.PROJECT_ID,
'group_id': json_home.Parameters.GROUP_ID,
'role_id': json_home.Parameters.ROLE_ID,
})
