def append_v3_routers(self, mapper, routers): tag_controller = controllers.ProjectTagV3() routers.append( router.Router(controllers.ProjectV3(), 'projects', 'project', resource_descriptions=self.v3_resources)) self._add_resource( mapper, tag_controller, path='/projects/{project_id}/tags', get_head_action='list_project_tags', put_action='update_project_tags', delete_action='delete_project_tags', rel=json_home.build_v3_resource_relation('project_tags'), path_vars={'project_id': json_home.Parameters.PROJECT_ID}) self._add_resource( mapper, tag_controller, path='/projects/{project_id}/tags/{value}', get_head_action='get_project_tag', put_action='create_project_tag', delete_action='delete_project_tag', rel=json_home.build_v3_resource_relation('project_tags'), path_vars={ 'project_id': json_home.Parameters.PROJECT_ID, 'value': json_home.Parameters.TAG_VALUE })
def append_v3_routers(self, mapper, routers): project_controller = controllers.ProjectAssignmentV3() self._add_resource( mapper, project_controller, path='/users/{user_id}/projects', get_head_action='list_user_projects', rel=json_home.build_v3_resource_relation('user_projects'), path_vars={ 'user_id': json_home.Parameters.USER_ID, }) grant_controller = controllers.GrantAssignmentV3() self._add_resource( mapper, grant_controller, path='/projects/{project_id}/users/{user_id}/roles/{role_id}', get_head_action='check_grant', put_action='create_grant', delete_action='revoke_grant', rel=json_home.build_v3_resource_relation('project_user_role'), path_vars={ 'project_id': json_home.Parameters.PROJECT_ID, 'role_id': json_home.Parameters.ROLE_ID, 'user_id': json_home.Parameters.USER_ID, }) self._add_resource( mapper, grant_controller, path='/projects/{project_id}/groups/{group_id}/roles/{role_id}', get_head_action='check_grant', put_action='create_grant', delete_action='revoke_grant', rel=json_home.build_v3_resource_relation('project_group_role'), path_vars={ 'group_id': json_home.Parameters.GROUP_ID, 'project_id': json_home.Parameters.PROJECT_ID, 'role_id': json_home.Parameters.ROLE_ID, }) self._add_resource( mapper, grant_controller, path='/projects/{project_id}/users/{user_id}/roles', get_head_action='list_grants', rel=json_home.build_v3_resource_relation('project_user_roles'), path_vars={ 'project_id': json_home.Parameters.PROJECT_ID, 'user_id': json_home.Parameters.USER_ID, }) self._add_resource( mapper, grant_controller, path='/projects/{project_id}/groups/{group_id}/roles', get_head_action='list_grants', rel=json_home.build_v3_resource_relation('project_group_roles'), path_vars={ 'group_id': json_home.Parameters.GROUP_ID, 'project_id': json_home.Parameters.PROJECT_ID, })
def append_v3_routers(self, mapper, routers): user_controller = controllers.UserV3() routers.append( router.Router(user_controller, 'users', 'user', resource_descriptions=self.v3_resources)) self._add_resource( mapper, user_controller, path='/users/{user_id}/password', post_action='change_password', rel=json_home.build_v3_resource_relation('user_change_password'), path_vars={ 'user_id': json_home.Parameters.USER_ID, }) group_controller = controllers.GroupV3() self._add_resource( mapper, group_controller, path='/users/{user_id}/groups', get_head_action='list_groups_for_user', rel=json_home.build_v3_resource_relation('user_groups'), path_vars={ 'user_id': json_home.Parameters.USER_ID, })
def add_routes(self, mapper): collection_path = '/%(collection_key)s' % { 'collection_key': self.collection_key} entity_path = '/%(collection_key)s/{%(key)s_id}' % { 'collection_key': self.collection_key, 'key': self.key} mapper.connect( collection_path, controller=self.controller, action='create_%s' % self.key, conditions=dict(method=['POST'])) mapper.connect( collection_path, controller=self.controller, action='list_%s' % self.collection_key, conditions=dict(method=['GET'])) mapper.connect( entity_path, controller=self.controller, action='get_%s' % self.key, conditions=dict(method=['GET'])) mapper.connect( entity_path, controller=self.controller, action='update_%s' % self.key, conditions=dict(method=['PATCH'])) mapper.connect( entity_path, controller=self.controller, action='delete_%s' % self.key, conditions=dict(method=['DELETE'])) if self._resource_descriptions is not None: # Add the collection resource and entity resource to the resource # descriptions. collection_rel = json_home.build_v3_resource_relation( self.collection_key) self._resource_descriptions.append( (collection_rel, { 'href': collection_path, } )) if self._is_entity_implemented: entity_rel = json_home.build_v3_resource_relation(self.key) id_str = '%s_id' % self.key id_param_rel = json_home.build_v3_parameter_relation(id_str) self._resource_descriptions.append( (entity_rel, { 'href-template': entity_path, 'href-vars': { id_str: id_param_rel, }, } ))
def append_v3_routers(self, mapper, routers): routers.append( router.Router(controllers.DomainV3(), 'domains', 'domain', resource_descriptions=self.v3_resources)) config_controller = controllers.DomainConfigV3() self._add_resource( mapper, config_controller, path='/domains/{domain_id}/config', get_head_action='get_domain_config', put_action='create_domain_config', patch_action='update_domain_config_only', delete_action='delete_domain_config', rel=json_home.build_v3_resource_relation('domain_config'), status=json_home.Status.EXPERIMENTAL, path_vars={'domain_id': json_home.Parameters.DOMAIN_ID}) config_group_param = ( json_home.build_v3_parameter_relation('config_group')) self._add_resource( mapper, config_controller, path='/domains/{domain_id}/config/{group}', get_head_action='get_domain_config', patch_action='update_domain_config_group', delete_action='delete_domain_config', rel=json_home.build_v3_resource_relation('domain_config_group'), status=json_home.Status.EXPERIMENTAL, path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID, 'group': config_group_param }) self._add_resource( mapper, config_controller, path='/domains/{domain_id}/config/{group}/{option}', get_head_action='get_domain_config', patch_action='update_domain_config', delete_action='delete_domain_config', rel=json_home.build_v3_resource_relation('domain_config_option'), status=json_home.Status.EXPERIMENTAL, path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID, 'group': config_group_param, 'option': json_home.build_v3_parameter_relation('config_option') }) routers.append( router.Router(controllers.ProjectV3(), 'projects', 'project', resource_descriptions=self.v3_resources))
def append_v3_routers(self, mapper, routers): user_controller = controllers.UserV3() routers.append( router.Router(user_controller, 'users', 'user', resource_descriptions=self.v3_resources)) self._add_resource( mapper, user_controller, path='/users/{user_id}/password', post_action='change_password', rel=json_home.build_v3_resource_relation('user_change_password'), path_vars={ 'user_id': json_home.Parameters.USER_ID, }) self._add_resource( mapper, user_controller, path='/groups/{group_id}/users', get_head_action='list_users_in_group', rel=json_home.build_v3_resource_relation('group_users'), path_vars={ 'group_id': json_home.Parameters.GROUP_ID, }) self._add_resource( mapper, user_controller, path='/groups/{group_id}/users/{user_id}', put_action='add_user_to_group', get_head_action='check_user_in_group', delete_action='remove_user_from_group', rel=json_home.build_v3_resource_relation('group_user'), path_vars={ 'group_id': json_home.Parameters.GROUP_ID, 'user_id': json_home.Parameters.USER_ID, }) group_controller = controllers.GroupV3() routers.append( router.Router(group_controller, 'groups', 'group', resource_descriptions=self.v3_resources)) self._add_resource( mapper, group_controller, path='/users/{user_id}/groups', get_head_action='list_groups_for_user', rel=json_home.build_v3_resource_relation('user_groups'), path_vars={ 'user_id': json_home.Parameters.USER_ID, })
def append_v3_routers(self, mapper, routers): routers.append( router.Router(controllers.DomainV3(), 'domains', 'domain', resource_descriptions=self.v3_resources)) config_controller = controllers.DomainConfigV3() self._add_resource( mapper, config_controller, path='/domains/{domain_id}/config', get_head_action='get_domain_config', put_action='create_domain_config', patch_action='update_domain_config_only', delete_action='delete_domain_config', rel=json_home.build_v3_resource_relation('domain_config'), status=json_home.Status.EXPERIMENTAL, path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID }) config_group_param = ( json_home.build_v3_parameter_relation('config_group')) self._add_resource( mapper, config_controller, path='/domains/{domain_id}/config/{group}', get_head_action='get_domain_config', patch_action='update_domain_config_group', delete_action='delete_domain_config', rel=json_home.build_v3_resource_relation('domain_config_group'), status=json_home.Status.EXPERIMENTAL, path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID, 'group': config_group_param }) self._add_resource( mapper, config_controller, path='/domains/{domain_id}/config/{group}/{option}', get_head_action='get_domain_config', patch_action='update_domain_config', delete_action='delete_domain_config', rel=json_home.build_v3_resource_relation('domain_config_option'), status=json_home.Status.EXPERIMENTAL, path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID, 'group': config_group_param, 'option': json_home.build_v3_parameter_relation( 'config_option') }) routers.append( router.Router(controllers.ProjectV3(), 'projects', 'project', resource_descriptions=self.v3_resources))
def add_routes(self, mapper): collection_path = '/%(collection_key)s' % { 'collection_key': self.collection_key } entity_path = '/%(collection_key)s/{%(key)s_id}' % { 'collection_key': self.collection_key, 'key': self.key } mapper.connect(collection_path, controller=self.controller, action=self.method_template % 'create_%s' % self.key, conditions=dict(method=['POST'])) mapper.connect(collection_path, controller=self.controller, action=self.method_template % 'list_%s' % self.collection_key, conditions=dict(method=['GET', 'HEAD'])) mapper.connect(entity_path, controller=self.controller, action=self.method_template % 'get_%s' % self.key, conditions=dict(method=['GET', 'HEAD'])) mapper.connect(entity_path, controller=self.controller, action=self.method_template % 'update_%s' % self.key, conditions=dict(method=['PATCH'])) mapper.connect(entity_path, controller=self.controller, action=self.method_template % 'delete_%s' % self.key, conditions=dict(method=['DELETE'])) # Add the collection resource and entity resource to the resource # descriptions. collection_rel = json_home.build_v3_resource_relation( self.collection_key) rel_data = { 'href': collection_path, } self._resource_descriptions.append((collection_rel, rel_data)) json_home.JsonHomeResources.append_resource(collection_rel, rel_data) if self._is_entity_implemented: entity_rel = json_home.build_v3_resource_relation(self.key) id_str = '%s_id' % self.key id_param_rel = json_home.build_v3_parameter_relation(id_str) entity_rel_data = { 'href-template': entity_path, 'href-vars': { id_str: id_param_rel, }, } self._resource_descriptions.append((entity_rel, entity_rel_data)) json_home.JsonHomeResources.append_resource( entity_rel, entity_rel_data)
def append_v3_routers(self, mapper, routers): self._add_resource( mapper, controllers.RegisteredLimitV3(), path='/registered_limits', post_action='create_registered_limits', get_head_action='list_registered_limits', status=json_home.Status.EXPERIMENTAL, rel=json_home.build_v3_resource_relation('registered_limits') ) self._add_resource( mapper, controllers.RegisteredLimitV3(), path='/registered_limits/{registered_limit_id}', get_head_action='get_registered_limit', patch_action='update_registered_limit', delete_action='delete_registered_limit', status=json_home.Status.EXPERIMENTAL, rel=json_home.build_v3_resource_relation('registered_limits'), path_vars={ 'registered_limit_id': json_home.Parameters.REGISTERED_LIMIT_ID} ) self._add_resource( mapper, controllers.LimitV3(), path='/limits', post_action='create_limits', get_head_action='list_limits', status=json_home.Status.EXPERIMENTAL, rel=json_home.build_v3_resource_relation('limits') ) self._add_resource( mapper, controllers.LimitV3(), path='/limits/model', get_head_action='get_limit_model', status=json_home.Status.EXPERIMENTAL, rel=json_home.build_v3_resource_relation('limit_model') ) self._add_resource( mapper, controllers.LimitV3(), path='/limits/{limit_id}', get_head_action='get_limit', patch_action='update_limit', delete_action='delete_limit', status=json_home.Status.EXPERIMENTAL, rel=json_home.build_v3_resource_relation('limits'), path_vars={ 'limit_id': json_home.Parameters.LIMIT_ID} )
def append_v3_routers(self, mapper, routers): auth_controller = controllers.Auth() self._add_resource( mapper, auth_controller, path='/auth/tokens', get_action='validate_token', head_action='check_token', post_action='authenticate_for_token', delete_action='revoke_token', rel=json_home.build_v3_resource_relation('auth_tokens')) self._add_resource( mapper, auth_controller, path='/auth/tokens/OS-PKI/revoked', get_head_action='revocation_list', rel=json_home.build_v3_extension_resource_relation( 'OS-PKI', '1.0', 'revocations')) self._add_resource( mapper, auth_controller, path='/auth/catalog', get_head_action='get_auth_catalog', rel=json_home.build_v3_resource_relation('auth_catalog')) self._add_resource( mapper, auth_controller, path='/auth/projects', get_head_action='get_auth_projects', rel=json_home.build_v3_resource_relation('auth_projects')) self._add_resource( mapper, auth_controller, path='/auth/domains', get_head_action='get_auth_domains', rel=json_home.build_v3_resource_relation('auth_domains')) # NOTE(morgan): explicitly add json_home data for auth_projects and # auth_domains for OS-FEDERATION here, as auth will always own it # based upon how the flask scaffolding works. This bit is transitional # for the move to flask. for element in ['projects', 'domains']: resource_data = {'href': '/auth/%s' % element} json_home.Status.update_resource_data( resource_data, status=json_home.Status.STABLE) json_home.JsonHomeResources.append_resource( json_home_relations.os_federation_resource_rel_func( resource_name=element), resource_data) self._add_resource( mapper, auth_controller, path='/auth/system', get_head_action='get_auth_system', rel=json_home.build_v3_resource_relation('auth_system'))
def append_v3_routers(self, mapper, routers): user_controller = controllers.User() routers.append( router.Router(user_controller, 'users', 'user', resource_descriptions=self.v3_resources)) self._add_resource( mapper, user_controller, path='/users/{user_id}/password', post_action='change_password', rel=json_home.build_v3_resource_relation('user_change_password'), path_vars={ 'user_id': json_home.Parameters.USER_ID, }) self._add_resource( mapper, user_controller, path='/groups/{group_id}/users', get_action='list_users_in_group', rel=json_home.build_v3_resource_relation('group_users'), path_vars={ 'group_id': json_home.Parameters.GROUP_ID, }) self._add_resource( mapper, user_controller, path='/groups/{group_id}/users/{user_id}', put_action='add_user_to_group', get_head_action='check_user_in_group', delete_action='remove_user_from_group', rel=json_home.build_v3_resource_relation('group_user'), path_vars={ 'group_id': json_home.Parameters.GROUP_ID, 'user_id': json_home.Parameters.USER_ID, }) group_controller = controllers.Group() routers.append( router.Router(group_controller, 'groups', 'group', resource_descriptions=self.v3_resources)) self._add_resource( mapper, group_controller, path='/users/{user_id}/groups', get_action='list_groups_for_user', rel=json_home.build_v3_resource_relation('user_groups'), path_vars={ 'user_id': json_home.Parameters.USER_ID, })
def add_routes(self, mapper): collection_path = "/%(collection_key)s" % {"collection_key": self.collection_key} entity_path = "/%(collection_key)s/{%(key)s_id}" % {"collection_key": self.collection_key, "key": self.key} mapper.connect( collection_path, controller=self.controller, action=self.method_template % "create_%s" % self.key, conditions=dict(method=["POST"]), ) mapper.connect( collection_path, controller=self.controller, action=self.method_template % "list_%s" % self.collection_key, conditions=dict(method=["GET"]), ) mapper.connect( entity_path, controller=self.controller, action=self.method_template % "get_%s" % self.key, conditions=dict(method=["GET"]), ) mapper.connect( entity_path, controller=self.controller, action=self.method_template % "update_%s" % self.key, conditions=dict(method=["PATCH"]), ) mapper.connect( entity_path, controller=self.controller, action=self.method_template % "delete_%s" % self.key, conditions=dict(method=["DELETE"]), ) # Add the collection resource and entity resource to the resource # descriptions. collection_rel = json_home.build_v3_resource_relation(self.collection_key) rel_data = {"href": collection_path} self._resource_descriptions.append((collection_rel, rel_data)) if self._is_entity_implemented: entity_rel = json_home.build_v3_resource_relation(self.key) id_str = "%s_id" % self.key id_param_rel = json_home.build_v3_parameter_relation(id_str) entity_rel_data = {"href-template": entity_path, "href-vars": {id_str: id_param_rel}} self._resource_descriptions.append((entity_rel, entity_rel_data))
def test_build_v3_resource_relation(self): resource_name = self.getUniqueString() relation = json_home.build_v3_resource_relation(resource_name) exp_relation = ( 'http://docs.openstack.org/api/openstack-identity/3/rel/%s' % resource_name) self.assertThat(relation, matchers.Equals(exp_relation))
def test_construct_resource_map(self): param_relation = json_home.build_v3_parameter_relation( 'argument_id') url = '/v3/arguments/<string:argument_id>' old_url = ['/v3/old_arguments/<string:argument_id>'] resource_name = 'arguments' mapping = flask_common.construct_resource_map( resource=_TestResourceWithCollectionInfo, url=url, resource_kwargs={}, alternate_urls=old_url, rel=resource_name, status=json_home.Status.EXPERIMENTAL, path_vars={'argument_id': param_relation}, resource_relation_func=json_home.build_v3_resource_relation) self.assertEqual(_TestResourceWithCollectionInfo, mapping.resource) self.assertEqual(url, mapping.url) self.assertEqual(old_url, mapping.alternate_urls) self.assertEqual(json_home.build_v3_resource_relation(resource_name), mapping.json_home_data.rel) self.assertEqual(json_home.Status.EXPERIMENTAL, mapping.json_home_data.status) self.assertEqual({'argument_id': param_relation}, mapping.json_home_data.path_vars)
def append_v3_routers(self, mapper, routers): auth_controller = controllers.Auth() self._add_resource( mapper, auth_controller, path='/auth/tokens', get_action='validate_token', head_action='check_token', post_action='authenticate_for_token', delete_action='revoke_token', rel=json_home.build_v3_resource_relation('auth_tokens')) self._add_resource(mapper, auth_controller, path='/auth/tokens/OS-PKI/revoked', get_head_action='revocation_list', rel=json_home.build_v3_extension_resource_relation( 'OS-PKI', '1.0', 'revocations')) self._add_resource( mapper, auth_controller, path='/auth/catalog', get_head_action='get_auth_catalog', rel=json_home.build_v3_resource_relation('auth_catalog')) self._add_resource( mapper, auth_controller, path='/auth/projects', get_head_action='get_auth_projects', rel=json_home.build_v3_resource_relation('auth_projects')) self._add_resource( mapper, auth_controller, path='/auth/domains', get_head_action='get_auth_domains', rel=json_home.build_v3_resource_relation('auth_domains')) self._add_resource( mapper, auth_controller, path='/auth/system', get_head_action='get_auth_system', rel=json_home.build_v3_resource_relation('auth_system'))
def append_v3_routers(self, mapper, routers): amey_controller = myapi.Amey() self._add_resource( mapper, amey_controller, path='/amey_api/myapi', get_action='list_data', rel=json_home.build_v3_resource_relation('auth_tokens'))
def append_v3_routers(self, mapper, routers): self._add_resource( mapper, controllers.RegisteredLimitV3(), path='/registered_limits', post_action='create_registered_limits', put_action='update_registered_limits', get_head_action='list_registered_limits', status=json_home.Status.EXPERIMENTAL, rel=json_home.build_v3_resource_relation('registered_limits') ) self._add_resource( mapper, controllers.RegisteredLimitV3(), path='/registered_limits/{registered_limit_id}', get_head_action='get_registered_limit', delete_action='delete_registered_limit', status=json_home.Status.EXPERIMENTAL, rel=json_home.build_v3_resource_relation('registered_limits'), path_vars={ 'registered_limit_id': json_home.Parameters.REGISTERED_LIMIT_ID} ) self._add_resource( mapper, controllers.LimitV3(), path='/limits', post_action='create_limits', put_action='update_limits', get_head_action='list_limits', status=json_home.Status.EXPERIMENTAL, rel=json_home.build_v3_resource_relation('limits') ) self._add_resource( mapper, controllers.LimitV3(), path='/limits/{limit_id}', get_head_action='get_limit', delete_action='delete_limit', status=json_home.Status.EXPERIMENTAL, rel=json_home.build_v3_resource_relation('limits'), path_vars={ 'limit_id': json_home.Parameters.LIMIT_ID} )
def append_v3_routers(self, mapper, routers): auth_controller = controllers.Auth() # NOTE(morganfainberg): For policy enforcement reasons, the # ``validate_token_head`` method is still used for HEAD requests. # The controller method makes the same call as the validate_token # call and lets wsgi.render_response remove the body data. self._add_resource( mapper, auth_controller, path='/auth/tokens', get_action='validate_token', head_action='check_token', post_action='authenticate_for_token', delete_action='revoke_token', rel=json_home.build_v3_resource_relation('auth_tokens')) self._add_resource(mapper, auth_controller, path='/auth/tokens/OS-PKI/revoked', get_action='revocation_list', rel=json_home.build_v3_extension_resource_relation( 'OS-PKI', '1.0', 'revocations')) self._add_resource( mapper, auth_controller, path='/auth/catalog', get_action='get_auth_catalog', rel=json_home.build_v3_resource_relation('auth_catalog')) self._add_resource( mapper, auth_controller, path='/auth/projects', get_action='get_auth_projects', rel=json_home.build_v3_resource_relation('auth_projects')) self._add_resource( mapper, auth_controller, path='/auth/domains', get_action='get_auth_domains', rel=json_home.build_v3_resource_relation('auth_domains'))
def append_v3_routers(self, mapper, routers): user_controller = controllers.UserV3() routers.append(router.Router(user_controller, "users", "user", resource_descriptions=self.v3_resources)) self._add_resource( mapper, user_controller, path="/users/{user_id}/password", post_action="change_password", rel=json_home.build_v3_resource_relation("user_change_password"), path_vars={"user_id": json_home.Parameters.USER_ID}, ) self._add_resource( mapper, user_controller, path="/groups/{group_id}/users", get_action="list_users_in_group", rel=json_home.build_v3_resource_relation("group_users"), path_vars={"group_id": json_home.Parameters.GROUP_ID}, ) self._add_resource( mapper, user_controller, path="/groups/{group_id}/users/{user_id}", put_action="add_user_to_group", get_head_action="check_user_in_group", delete_action="remove_user_from_group", rel=json_home.build_v3_resource_relation("group_user"), path_vars={"group_id": json_home.Parameters.GROUP_ID, "user_id": json_home.Parameters.USER_ID}, ) group_controller = controllers.GroupV3() routers.append(router.Router(group_controller, "groups", "group", resource_descriptions=self.v3_resources)) self._add_resource( mapper, group_controller, path="/users/{user_id}/groups", get_action="list_groups_for_user", rel=json_home.build_v3_resource_relation("user_groups"), path_vars={"user_id": json_home.Parameters.USER_ID}, )
def append_v3_routers(self, mapper, routers): auth_controller = controllers.Auth() self._add_resource( mapper, auth_controller, path='/auth/tokens', get_action='validate_token', head_action='check_token', post_action='authenticate_for_token', delete_action='revoke_token', rel=json_home.build_v3_resource_relation('auth_tokens')) self._add_resource( mapper, auth_controller, path='/auth/tokens/OS-PKI/revoked', get_head_action='revocation_list', rel=json_home.build_v3_extension_resource_relation( 'OS-PKI', '1.0', 'revocations')) self._add_resource( mapper, auth_controller, path='/auth/catalog', get_head_action='get_auth_catalog', rel=json_home.build_v3_resource_relation('auth_catalog')) self._add_resource( mapper, auth_controller, path='/auth/projects', get_head_action='get_auth_projects', rel=json_home.build_v3_resource_relation('auth_projects')) self._add_resource( mapper, auth_controller, path='/auth/domains', get_head_action='get_auth_domains', rel=json_home.build_v3_resource_relation('auth_domains')) self._add_resource( mapper, auth_controller, path='/auth/system', get_head_action='get_auth_system', rel=json_home.build_v3_resource_relation('auth_system'))
def append_v3_routers(self, mapper, routers): auth_controller = controllers.Auth() # NOTE(morganfainberg): For policy enforcement reasons, the # ``validate_token_head`` method is still used for HEAD requests. # The controller method makes the same call as the validate_token # call and lets wsgi.render_response remove the body data. self._add_resource( mapper, auth_controller, path='/auth/tokens', get_action='validate_token', head_action='check_token', post_action='authenticate_for_token', delete_action='revoke_token', rel=json_home.build_v3_resource_relation('auth_tokens')) self._add_resource( mapper, auth_controller, path='/auth/tokens/OS-PKI/revoked', get_action='revocation_list', rel=json_home.build_v3_extension_resource_relation( 'OS-PKI', '1.0', 'revocations')) self._add_resource( mapper, auth_controller, path='/auth/catalog', get_action='get_auth_catalog', rel=json_home.build_v3_resource_relation('auth_catalog')) self._add_resource( mapper, auth_controller, path='/auth/projects', get_action='get_auth_projects', rel=json_home.build_v3_resource_relation('auth_projects')) self._add_resource( mapper, auth_controller, path='/auth/domains', get_action='get_auth_domains', rel=json_home.build_v3_resource_relation('auth_domains'))
def test_construct_resource_map(self): resource_name = 'arguments' param_relation = json_home.build_v3_parameter_relation( 'argument_id') alt_rel_func = functools.partial( json_home.build_v3_extension_resource_relation, extension_name='extension', extension_version='1.0') url = '/v3/arguments/<string:argument_id>' old_url = [dict( url='/v3/old_arguments/<string:argument_id>', json_home=flask_common.construct_json_home_data( rel='arguments', resource_relation_func=alt_rel_func) )] mapping = flask_common.construct_resource_map( resource=_TestResourceWithCollectionInfo, url=url, resource_kwargs={}, alternate_urls=old_url, rel=resource_name, status=json_home.Status.EXPERIMENTAL, path_vars={'argument_id': param_relation}, resource_relation_func=json_home.build_v3_resource_relation) self.assertEqual(_TestResourceWithCollectionInfo, mapping.resource) self.assertEqual(url, mapping.url) self.assertEqual(json_home.build_v3_resource_relation(resource_name), mapping.json_home_data.rel) self.assertEqual(json_home.Status.EXPERIMENTAL, mapping.json_home_data.status) self.assertEqual({'argument_id': param_relation}, mapping.json_home_data.path_vars) # Check the alternate URL data is populated sanely self.assertEqual(1, len(mapping.alternate_urls)) alt_url_data = mapping.alternate_urls[0] self.assertEqual(old_url[0]['url'], alt_url_data['url']) self.assertEqual(old_url[0]['json_home'], alt_url_data['json_home'])
'/protocols/{protocol_id}/auth') FEDERATED_IDP_SPECIFIC_WEBSSO = ('/auth/OS-FEDERATION/identity_providers/' '{idp_id}/protocols/{protocol_id}/websso') APPLICATION_CREDENTIAL = ('/users/{user_id}/application_credentials/' '{application_credential_id}') APPLICATION_CREDENTIALS = '/users/{user_id}/application_credentials' APPLICATION_CREDENTIAL_RELATION = ( json_home.build_v3_parameter_relation('application_credential_id')) ACCESS_RULE = '/users/{user_id}/access_rules/{access_rule_id}' ACCESS_RULES = '/users/{user_id}/access_rules' ACCESS_RULE_RELATION = json_home.build_v3_parameter_relation('access_rule_id') V3_JSON_HOME_RESOURCES = { json_home.build_v3_resource_relation('auth_tokens'): { 'href': '/auth/tokens' }, json_home.build_v3_resource_relation('auth_catalog'): { 'href': '/auth/catalog' }, json_home.build_v3_resource_relation('auth_projects'): { 'href': '/auth/projects' }, json_home.build_v3_resource_relation('auth_domains'): { 'href': '/auth/domains' }, json_home.build_v3_resource_relation('auth_system'): { 'href': '/auth/system' }, json_home.build_v3_resource_relation('credential'): {
def append_v3_routers(self, mapper, routers): project_controller = controllers.ProjectAssignmentV3() self._add_resource( mapper, project_controller, path='/users/{user_id}/projects', get_action='list_user_projects', rel=json_home.build_v3_resource_relation('user_projects'), path_vars={ 'user_id': json_home.Parameters.USER_ID, }) routers.append( router.Router(controllers.RoleV3(), 'roles', 'role', resource_descriptions=self.v3_resources, method_template='%s_wrapper')) implied_roles_controller = controllers.ImpliedRolesV3() self._add_resource( mapper, implied_roles_controller, path='/roles/{prior_role_id}/implies', rel=json_home.build_v3_resource_relation('implied_roles'), get_action='list_implied_roles', status=json_home.Status.EXPERIMENTAL, path_vars={ 'prior_role_id': json_home.Parameters.ROLE_ID, }) self._add_resource( mapper, implied_roles_controller, path='/roles/{prior_role_id}/implies/{implied_role_id}', put_action='create_implied_role', delete_action='delete_implied_role', head_action='check_implied_role', get_action='get_implied_role', rel=json_home.build_v3_resource_relation('implied_role'), status=json_home.Status.EXPERIMENTAL, path_vars={ 'prior_role_id': json_home.Parameters.ROLE_ID, 'implied_role_id': json_home.Parameters.ROLE_ID }) self._add_resource( mapper, implied_roles_controller, path='/role_inferences', get_action='list_role_inference_rules', rel=json_home.build_v3_resource_relation('role_inferences'), status=json_home.Status.EXPERIMENTAL, path_vars={}) grant_controller = controllers.GrantAssignmentV3() self._add_resource( mapper, grant_controller, path='/projects/{project_id}/users/{user_id}/roles/{role_id}', get_head_action='check_grant', put_action='create_grant', delete_action='revoke_grant', rel=json_home.build_v3_resource_relation('project_user_role'), path_vars={ 'project_id': json_home.Parameters.PROJECT_ID, 'role_id': json_home.Parameters.ROLE_ID, 'user_id': json_home.Parameters.USER_ID, }) self._add_resource( mapper, grant_controller, path='/projects/{project_id}/groups/{group_id}/roles/{role_id}', get_head_action='check_grant', put_action='create_grant', delete_action='revoke_grant', rel=json_home.build_v3_resource_relation('project_group_role'), path_vars={ 'group_id': json_home.Parameters.GROUP_ID, 'project_id': json_home.Parameters.PROJECT_ID, 'role_id': json_home.Parameters.ROLE_ID, }) self._add_resource( mapper, grant_controller, path='/projects/{project_id}/users/{user_id}/roles', get_action='list_grants', rel=json_home.build_v3_resource_relation('project_user_roles'), path_vars={ 'project_id': json_home.Parameters.PROJECT_ID, 'user_id': json_home.Parameters.USER_ID, }) self._add_resource( mapper, grant_controller, path='/projects/{project_id}/groups/{group_id}/roles', get_action='list_grants', rel=json_home.build_v3_resource_relation('project_group_roles'), path_vars={ 'group_id': json_home.Parameters.GROUP_ID, 'project_id': json_home.Parameters.PROJECT_ID, }) self._add_resource( mapper, grant_controller, path='/domains/{domain_id}/users/{user_id}/roles/{role_id}', get_head_action='check_grant', put_action='create_grant', delete_action='revoke_grant', rel=json_home.build_v3_resource_relation('domain_user_role'), path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID, 'role_id': json_home.Parameters.ROLE_ID, 'user_id': json_home.Parameters.USER_ID, }) self._add_resource( mapper, grant_controller, path='/domains/{domain_id}/groups/{group_id}/roles/{role_id}', get_head_action='check_grant', put_action='create_grant', delete_action='revoke_grant', rel=json_home.build_v3_resource_relation('domain_group_role'), path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID, 'group_id': json_home.Parameters.GROUP_ID, 'role_id': json_home.Parameters.ROLE_ID, }) self._add_resource( mapper, grant_controller, path='/domains/{domain_id}/users/{user_id}/roles', get_action='list_grants', rel=json_home.build_v3_resource_relation('domain_user_roles'), path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID, 'user_id': json_home.Parameters.USER_ID, }) self._add_resource( mapper, grant_controller, path='/domains/{domain_id}/groups/{group_id}/roles', get_action='list_grants', rel=json_home.build_v3_resource_relation('domain_group_roles'), path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID, 'group_id': json_home.Parameters.GROUP_ID, }) self._add_resource( mapper, controllers.RoleAssignmentV3(), path='/role_assignments', get_action='list_role_assignments_wrapper', rel=json_home.build_v3_resource_relation('role_assignments')) if CONF.os_inherit.enabled: self._add_resource( mapper, grant_controller, path='/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/' '{role_id}/inherited_to_projects', get_head_action='check_grant', put_action='create_grant', delete_action='revoke_grant', rel=build_os_inherit_relation( resource_name='domain_user_role_inherited_to_projects'), path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID, 'role_id': json_home.Parameters.ROLE_ID, 'user_id': json_home.Parameters.USER_ID, }) self._add_resource( mapper, grant_controller, path='/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/' '{role_id}/inherited_to_projects', get_head_action='check_grant', put_action='create_grant', delete_action='revoke_grant', rel=build_os_inherit_relation( resource_name='domain_group_role_inherited_to_projects'), path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID, 'group_id': json_home.Parameters.GROUP_ID, 'role_id': json_home.Parameters.ROLE_ID, }) self._add_resource( mapper, grant_controller, path='/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/' 'inherited_to_projects', get_action='list_grants', rel=build_os_inherit_relation( resource_name='domain_group_roles_inherited_to_projects'), path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID, 'group_id': json_home.Parameters.GROUP_ID, }) self._add_resource( mapper, grant_controller, path='/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/' 'inherited_to_projects', get_action='list_grants', rel=build_os_inherit_relation( resource_name='domain_user_roles_inherited_to_projects'), path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID, 'user_id': json_home.Parameters.USER_ID, }) self._add_resource( mapper, grant_controller, path='/OS-INHERIT/projects/{project_id}/users/{user_id}/roles/' '{role_id}/inherited_to_projects', get_head_action='check_grant', put_action='create_grant', delete_action='revoke_grant', rel=build_os_inherit_relation( resource_name='project_user_role_inherited_to_projects'), path_vars={ 'project_id': json_home.Parameters.PROJECT_ID, 'user_id': json_home.Parameters.USER_ID, 'role_id': json_home.Parameters.ROLE_ID, }) self._add_resource( mapper, grant_controller, path='/OS-INHERIT/projects/{project_id}/groups/{group_id}/' 'roles/{role_id}/inherited_to_projects', get_head_action='check_grant', put_action='create_grant', delete_action='revoke_grant', rel=build_os_inherit_relation( resource_name='project_group_role_inherited_to_projects'), path_vars={ 'project_id': json_home.Parameters.PROJECT_ID, 'group_id': json_home.Parameters.GROUP_ID, 'role_id': json_home.Parameters.ROLE_ID, })
'OS-EP-FILTER', '1.0', 'endpoint_group_id')) BASE_IDP_PROTOCOL = '/OS-FEDERATION/identity_providers/{idp_id}/protocols' BASE_EP_POLICY = '/policies/{policy_id}/OS-ENDPOINT-POLICY' BASE_EP_FILTER_PREFIX = '/OS-EP-FILTER' BASE_EP_FILTER = BASE_EP_FILTER_PREFIX + '/endpoint_groups/{endpoint_group_id}' BASE_ACCESS_TOKEN = ( '/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}') FEDERATED_AUTH_URL = ('/OS-FEDERATION/identity_providers/{idp_id}' '/protocols/{protocol_id}/auth') FEDERATED_IDP_SPECIFIC_WEBSSO = ('/auth/OS-FEDERATION/identity_providers/' '{idp_id}/protocols/{protocol_id}/websso') V3_JSON_HOME_RESOURCES = { json_home.build_v3_resource_relation('auth_tokens'): { 'href': '/auth/tokens'}, json_home.build_v3_resource_relation('auth_catalog'): { 'href': '/auth/catalog'}, json_home.build_v3_resource_relation('auth_projects'): { 'href': '/auth/projects'}, json_home.build_v3_resource_relation('auth_domains'): { 'href': '/auth/domains'}, json_home.build_v3_resource_relation('credential'): { 'href-template': '/credentials/{credential_id}', 'href-vars': { 'credential_id': json_home.build_v3_parameter_relation('credential_id')}}, json_home.build_v3_resource_relation('credentials'): { 'href': '/credentials'}, json_home.build_v3_resource_relation('domain'): {
def append_v3_routers(self, mapper, routers): routers.append( router.Router(controllers.DomainV3(), 'domains', 'domain', resource_descriptions=self.v3_resources)) project_controller = controllers.ProjectV3() routers.append( router.Router(project_controller, 'projects', 'project', resource_descriptions=self.v3_resources)) self._add_resource( mapper, project_controller, path='/users/{user_id}/projects', get_action='list_user_projects', rel=json_home.build_v3_resource_relation('user_projects'), path_vars={ 'user_id': json_home.Parameters.USER_ID, }) role_controller = controllers.RoleV3() routers.append( router.Router(role_controller, 'roles', 'role', resource_descriptions=self.v3_resources)) self._add_resource( mapper, role_controller, path='/projects/{project_id}/users/{user_id}/roles/{role_id}', get_head_action='check_grant', put_action='create_grant', delete_action='revoke_grant', rel=json_home.build_v3_resource_relation('project_user_role'), path_vars={ 'project_id': json_home.Parameters.PROJECT_ID, 'role_id': json_home.Parameters.ROLE_ID, 'user_id': json_home.Parameters.USER_ID, }) self._add_resource( mapper, role_controller, path='/projects/{project_id}/groups/{group_id}/roles/{role_id}', get_head_action='check_grant', put_action='create_grant', delete_action='revoke_grant', rel=json_home.build_v3_resource_relation('project_group_role'), path_vars={ 'group_id': json_home.Parameters.GROUP_ID, 'project_id': json_home.Parameters.PROJECT_ID, 'role_id': json_home.Parameters.ROLE_ID, }) self._add_resource( mapper, role_controller, path='/projects/{project_id}/users/{user_id}/roles', get_action='list_grants', rel=json_home.build_v3_resource_relation('project_user_roles'), path_vars={ 'project_id': json_home.Parameters.PROJECT_ID, 'user_id': json_home.Parameters.USER_ID, }) self._add_resource( mapper, role_controller, path='/projects/{project_id}/groups/{group_id}/roles', get_action='list_grants', rel=json_home.build_v3_resource_relation('project_group_roles'), path_vars={ 'group_id': json_home.Parameters.GROUP_ID, 'project_id': json_home.Parameters.PROJECT_ID, }) self._add_resource( mapper, role_controller, path='/domains/{domain_id}/users/{user_id}/roles/{role_id}', get_head_action='check_grant', put_action='create_grant', delete_action='revoke_grant', rel=json_home.build_v3_resource_relation('domain_user_role'), path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID, 'role_id': json_home.Parameters.ROLE_ID, 'user_id': json_home.Parameters.USER_ID, }) self._add_resource( mapper, role_controller, path='/domains/{domain_id}/groups/{group_id}/roles/{role_id}', get_head_action='check_grant', put_action='create_grant', delete_action='revoke_grant', rel=json_home.build_v3_resource_relation('domain_group_role'), path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID, 'group_id': json_home.Parameters.GROUP_ID, 'role_id': json_home.Parameters.ROLE_ID, }) self._add_resource( mapper, role_controller, path='/domains/{domain_id}/users/{user_id}/roles', get_action='list_grants', rel=json_home.build_v3_resource_relation('domain_user_roles'), path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID, 'user_id': json_home.Parameters.USER_ID, }) self._add_resource( mapper, role_controller, path='/domains/{domain_id}/groups/{group_id}/roles', get_action='list_grants', rel=json_home.build_v3_resource_relation('domain_group_roles'), path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID, 'group_id': json_home.Parameters.GROUP_ID, }) routers.append( router.Router(controllers.RoleAssignmentV3(), 'role_assignments', 'role_assignment', resource_descriptions=self.v3_resources, is_entity_implemented=False)) if config.CONF.os_inherit.enabled: self._add_resource( mapper, role_controller, path='/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/' '{role_id}/inherited_to_projects', get_head_action='check_grant', put_action='create_grant', delete_action='revoke_grant', rel=build_os_inherit_relation( resource_name='domain_user_role_inherited_to_projects'), path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID, 'role_id': json_home.Parameters.ROLE_ID, 'user_id': json_home.Parameters.USER_ID, }) self._add_resource( mapper, role_controller, path='/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/' '{role_id}/inherited_to_projects', get_head_action='check_grant', put_action='create_grant', delete_action='revoke_grant', rel=build_os_inherit_relation( resource_name='domain_group_role_inherited_to_projects'), path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID, 'group_id': json_home.Parameters.GROUP_ID, 'role_id': json_home.Parameters.ROLE_ID, }) self._add_resource( mapper, role_controller, path='/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/' 'inherited_to_projects', get_action='list_grants', rel=build_os_inherit_relation( resource_name='domain_group_roles_inherited_to_projects'), path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID, 'group_id': json_home.Parameters.GROUP_ID, }) self._add_resource( mapper, role_controller, path='/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/' 'inherited_to_projects', get_action='list_grants', rel=build_os_inherit_relation( resource_name='domain_user_roles_inherited_to_projects'), path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID, 'user_id': json_home.Parameters.USER_ID, }) self._add_resource( mapper, role_controller, path='/OS-INHERIT/projects/{project_id}/users/{user_id}/roles/' '{role_id}/inherited_to_projects', get_head_action='check_grant', put_action='create_grant', delete_action='revoke_grant', rel=build_os_inherit_relation( resource_name='project_user_role_inherited_to_projects'), path_vars={ 'project_id': json_home.Parameters.PROJECT_ID, 'user_id': json_home.Parameters.USER_ID, 'role_id': json_home.Parameters.ROLE_ID, }) self._add_resource( mapper, role_controller, path='/OS-INHERIT/projects/{project_id}/groups/{group_id}/' 'roles/{role_id}/inherited_to_projects', get_head_action='check_grant', put_action='create_grant', delete_action='revoke_grant', rel=build_os_inherit_relation( resource_name='project_group_role_inherited_to_projects'), path_vars={ 'project_id': json_home.Parameters.PROJECT_ID, 'group_id': json_home.Parameters.GROUP_ID, 'role_id': json_home.Parameters.ROLE_ID, })
ENDPOINT_GROUP_ID_PARAMETER_RELATION = json_home.build_v3_extension_parameter_relation( "OS-EP-FILTER", "1.0", "endpoint_group_id" ) BASE_IDP_PROTOCOL = "/OS-FEDERATION/identity_providers/{idp_id}/protocols" BASE_EP_POLICY = "/policies/{policy_id}/OS-ENDPOINT-POLICY" BASE_EP_FILTER_PREFIX = "/OS-EP-FILTER" BASE_EP_FILTER = BASE_EP_FILTER_PREFIX + "/endpoint_groups/{endpoint_group_id}" BASE_ACCESS_TOKEN = "/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}" # TODO(stevemar): Use BASE_IDP_PROTOCOL when bug 1420125 is resolved. FEDERATED_AUTH_URL = "/OS-FEDERATION/identity_providers/{identity_provider}" "/protocols/{protocol}/auth" V3_JSON_HOME_RESOURCES_INHERIT_DISABLED = { json_home.build_v3_resource_relation("auth_tokens"): {"href": "/auth/tokens"}, json_home.build_v3_resource_relation("auth_catalog"): {"href": "/auth/catalog"}, json_home.build_v3_resource_relation("auth_projects"): {"href": "/auth/projects"}, json_home.build_v3_resource_relation("auth_domains"): {"href": "/auth/domains"}, json_home.build_v3_resource_relation("credential"): { "href-template": "/credentials/{credential_id}", "href-vars": {"credential_id": json_home.build_v3_parameter_relation("credential_id")}, }, json_home.build_v3_resource_relation("credentials"): {"href": "/credentials"}, json_home.build_v3_resource_relation("domain"): { "href-template": "/domains/{domain_id}", "href-vars": {"domain_id": json_home.Parameters.DOMAIN_ID}, }, json_home.build_v3_resource_relation("domain_group_role"): { "href-template": "/domains/{domain_id}/groups/{group_id}/roles/{role_id}", "href-vars": {
def append_v3_routers(self, mapper, routers): routers.append( router.Router(controllers.DomainV3(), 'domains', 'domain', resource_descriptions=self.v3_resources)) config_controller = controllers.DomainConfigV3() tag_controller = controllers.ProjectTagV3() self._add_resource( mapper, config_controller, path='/domains/{domain_id}/config', get_head_action='get_domain_config', put_action='create_domain_config', patch_action='update_domain_config_only', delete_action='delete_domain_config', rel=json_home.build_v3_resource_relation('domain_config'), path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID }) config_group_param = ( json_home.build_v3_parameter_relation('config_group')) self._add_resource( mapper, config_controller, path='/domains/{domain_id}/config/{group}', get_head_action='get_domain_config_wrapper', patch_action='update_domain_config_group', delete_action='delete_domain_config', rel=json_home.build_v3_resource_relation('domain_config_group'), path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID, 'group': config_group_param }) self._add_resource( mapper, config_controller, path='/domains/{domain_id}/config/{group}/{option}', get_head_action='get_domain_config_wrapper', patch_action='update_domain_config', delete_action='delete_domain_config', rel=json_home.build_v3_resource_relation('domain_config_option'), path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID, 'group': config_group_param, 'option': json_home.build_v3_parameter_relation( 'config_option') }) self._add_resource( mapper, config_controller, path='/domains/config/default', get_head_action='get_domain_config_default', rel=json_home.build_v3_resource_relation('domain_config_default')) self._add_resource( mapper, config_controller, path='/domains/config/{group}/default', get_head_action='get_domain_config_default', rel=json_home.build_v3_resource_relation( 'domain_config_default_group'), path_vars={ 'group': config_group_param }) self._add_resource( mapper, config_controller, path='/domains/config/{group}/{option}/default', get_head_action='get_domain_config_default', rel=json_home.build_v3_resource_relation( 'domain_config_default_option'), path_vars={ 'group': config_group_param, 'option': json_home.build_v3_parameter_relation( 'config_option') }) routers.append( router.Router(controllers.ProjectV3(), 'projects', 'project', resource_descriptions=self.v3_resources)) self._add_resource( mapper, tag_controller, path='/projects/{project_id}/tags', get_head_action='list_project_tags', put_action='update_project_tags', delete_action='delete_project_tags', rel=json_home.build_v3_resource_relation( 'project_tags'), path_vars={ 'project_id': json_home.Parameters.PROJECT_ID }) self._add_resource( mapper, tag_controller, path='/projects/{project_id}/tags/{value}', get_head_action='get_project_tag', put_action='create_project_tag', delete_action='delete_project_tag', rel=json_home.build_v3_resource_relation( 'project_tags'), path_vars={ 'project_id': json_home.Parameters.PROJECT_ID, 'value': json_home.Parameters.TAG_VALUE })
def append_v3_routers(self, mapper, routers): routers.append( router.Router(controllers.DomainV3(), 'domains', 'domain', resource_descriptions=self.v3_resources)) project_controller = controllers.ProjectV3() routers.append( router.Router(project_controller, 'projects', 'project', resource_descriptions=self.v3_resources)) self._add_resource( mapper, project_controller, path='/users/{user_id}/projects', get_action='list_user_projects', rel=json_home.build_v3_resource_relation('user_projects'), path_vars={ 'user_id': json_home.Parameters.USER_ID, }) role_controller = controllers.RoleV3() routers.append( router.Router(role_controller, 'roles', 'role', resource_descriptions=self.v3_resources)) self._add_resource( mapper, role_controller, path='/projects/{project_id}/users/{user_id}/roles/{role_id}', get_head_action='check_grant', put_action='create_grant', delete_action='revoke_grant', rel=json_home.build_v3_resource_relation('project_user_role'), path_vars={ 'project_id': json_home.Parameters.PROJECT_ID, 'role_id': json_home.Parameters.ROLE_ID, 'user_id': json_home.Parameters.USER_ID, }) self._add_resource( mapper, role_controller, path='/projects/{project_id}/groups/{group_id}/roles/{role_id}', get_head_action='check_grant', put_action='create_grant', delete_action='revoke_grant', rel=json_home.build_v3_resource_relation('project_group_role'), path_vars={ 'group_id': json_home.Parameters.GROUP_ID, 'project_id': json_home.Parameters.PROJECT_ID, 'role_id': json_home.Parameters.ROLE_ID, }) self._add_resource( mapper, role_controller, path='/projects/{project_id}/users/{user_id}/roles', get_action='list_grants', rel=json_home.build_v3_resource_relation('project_user_roles'), path_vars={ 'project_id': json_home.Parameters.PROJECT_ID, 'user_id': json_home.Parameters.USER_ID, }) self._add_resource( mapper, role_controller, path='/projects/{project_id}/groups/{group_id}/roles', get_action='list_grants', rel=json_home.build_v3_resource_relation('project_group_roles'), path_vars={ 'group_id': json_home.Parameters.GROUP_ID, 'project_id': json_home.Parameters.PROJECT_ID, }) self._add_resource( mapper, role_controller, path='/domains/{domain_id}/users/{user_id}/roles/{role_id}', get_head_action='check_grant', put_action='create_grant', delete_action='revoke_grant', rel=json_home.build_v3_resource_relation('domain_user_role'), path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID, 'role_id': json_home.Parameters.ROLE_ID, 'user_id': json_home.Parameters.USER_ID, }) self._add_resource( mapper, role_controller, path='/domains/{domain_id}/groups/{group_id}/roles/{role_id}', get_head_action='check_grant', put_action='create_grant', delete_action='revoke_grant', rel=json_home.build_v3_resource_relation('domain_group_role'), path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID, 'group_id': json_home.Parameters.GROUP_ID, 'role_id': json_home.Parameters.ROLE_ID, }) self._add_resource( mapper, role_controller, path='/domains/{domain_id}/users/{user_id}/roles', get_action='list_grants', rel=json_home.build_v3_resource_relation('domain_user_roles'), path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID, 'user_id': json_home.Parameters.USER_ID, }) self._add_resource( mapper, role_controller, path='/domains/{domain_id}/groups/{group_id}/roles', get_action='list_grants', rel=json_home.build_v3_resource_relation('domain_group_roles'), path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID, 'group_id': json_home.Parameters.GROUP_ID, }) routers.append( router.Router(controllers.RoleAssignmentV3(), 'role_assignments', 'role_assignment', resource_descriptions=self.v3_resources, is_entity_implemented=False)) if config.CONF.os_inherit.enabled: self._add_resource( mapper, role_controller, path='/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/' '{role_id}/inherited_to_projects', get_head_action='check_grant', put_action='create_grant', delete_action='revoke_grant', rel=build_os_inherit_relation( resource_name='domain_user_role_inherited_to_projects'), path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID, 'role_id': json_home.Parameters.ROLE_ID, 'user_id': json_home.Parameters.USER_ID, }) self._add_resource( mapper, role_controller, path='/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/' '{role_id}/inherited_to_projects', get_head_action='check_grant', put_action='create_grant', delete_action='revoke_grant', rel=build_os_inherit_relation( resource_name='domain_group_role_inherited_to_projects'), path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID, 'group_id': json_home.Parameters.GROUP_ID, 'role_id': json_home.Parameters.ROLE_ID, }) self._add_resource( mapper, role_controller, path='/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/' 'inherited_to_projects', get_action='list_grants', rel=build_os_inherit_relation( resource_name='domain_group_roles_inherited_to_projects'), path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID, 'group_id': json_home.Parameters.GROUP_ID, }) self._add_resource( mapper, role_controller, path='/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/' 'inherited_to_projects', get_action='list_grants', rel=build_os_inherit_relation( resource_name='domain_user_roles_inherited_to_projects'), path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID, 'user_id': json_home.Parameters.USER_ID, })
# a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. """WSGI Routers for the Application Credential service.""" from keystone.application_credential import controllers from keystone.common import json_home from keystone.common import wsgi APP_CRED_RESOURCE_RELATION = json_home.build_v3_resource_relation( 'application_credential') APP_CRED_PARAMETER_RELATION = json_home.build_v3_parameter_relation( 'application_credential_id') APP_CRED_COLLECTION_PATH = '/users/{user_id}/application_credentials' APP_CRED_RESOURCE_PATH = ( '/users/{user_id}/application_credentials/{application_credential_id}' ) class Routers(wsgi.RoutersBase): _path_prefixes = (APP_CRED_COLLECTION_PATH, 'users',) def append_v3_routers(self, mapper, routers): app_cred_controller = controllers.ApplicationCredentialV3() self._add_resource(
def append_v3_routers(self, mapper, routers): routers.append( router.Router(controllers.DomainV3(), 'domains', 'domain', resource_descriptions=self.v3_resources)) config_controller = controllers.DomainConfigV3() tag_controller = controllers.ProjectTagV3() self._add_resource( mapper, config_controller, path='/domains/{domain_id}/config', get_head_action='get_domain_config', put_action='create_domain_config', patch_action='update_domain_config_only', delete_action='delete_domain_config', rel=json_home.build_v3_resource_relation('domain_config'), path_vars={'domain_id': json_home.Parameters.DOMAIN_ID}) config_group_param = ( json_home.build_v3_parameter_relation('config_group')) self._add_resource( mapper, config_controller, path='/domains/{domain_id}/config/{group}', get_head_action='get_domain_config_wrapper', patch_action='update_domain_config_group', delete_action='delete_domain_config', rel=json_home.build_v3_resource_relation('domain_config_group'), path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID, 'group': config_group_param }) self._add_resource( mapper, config_controller, path='/domains/{domain_id}/config/{group}/{option}', get_head_action='get_domain_config_wrapper', patch_action='update_domain_config', delete_action='delete_domain_config', rel=json_home.build_v3_resource_relation('domain_config_option'), path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID, 'group': config_group_param, 'option': json_home.build_v3_parameter_relation('config_option') }) self._add_resource( mapper, config_controller, path='/domains/config/default', get_head_action='get_domain_config_default', rel=json_home.build_v3_resource_relation('domain_config_default')) self._add_resource(mapper, config_controller, path='/domains/config/{group}/default', get_head_action='get_domain_config_default', rel=json_home.build_v3_resource_relation( 'domain_config_default_group'), path_vars={'group': config_group_param}) self._add_resource( mapper, config_controller, path='/domains/config/{group}/{option}/default', get_head_action='get_domain_config_default', rel=json_home.build_v3_resource_relation( 'domain_config_default_option'), path_vars={ 'group': config_group_param, 'option': json_home.build_v3_parameter_relation('config_option') }) routers.append( router.Router(controllers.ProjectV3(), 'projects', 'project', resource_descriptions=self.v3_resources)) self._add_resource( mapper, tag_controller, path='/projects/{project_id}/tags', get_head_action='list_project_tags', put_action='update_project_tags', delete_action='delete_project_tags', rel=json_home.build_v3_resource_relation('project_tags'), path_vars={'project_id': json_home.Parameters.PROJECT_ID}) self._add_resource( mapper, tag_controller, path='/projects/{project_id}/tags/{value}', get_head_action='get_project_tag', put_action='create_project_tag', delete_action='delete_project_tag', rel=json_home.build_v3_resource_relation('project_tags'), path_vars={ 'project_id': json_home.Parameters.PROJECT_ID, 'value': json_home.Parameters.TAG_VALUE })
def _add_resources(self): # Add resources that are standardized. Each resource implements a # base set of handling for a collection of entities such as # `users`. Resources are sourced from self.resources. Each resource # should have an attribute/property containing the `collection_key` # which is typically the "plural" form of the entity, e.g. `users` and # `member_key` which is typically the "singular" of the entity, e.g. # `user`. Resources are sourced from self.resources, each element is # simply a :class:`flask_restful.Resource`. for r in self.resources: c_key = getattr(r, 'collection_key', None) m_key = getattr(r, 'member_key', None) if not c_key or not m_key: LOG.debug( 'Unable to add resource %(resource)s to API ' '%(name)s, both `member_key` and `collection_key` ' 'must be implemented. [collection_key(%(col_key)s) ' 'member_key(%(m_key)s)]', { 'resource': r.__class__.view_class.__name__, 'name': self._name, 'col_key': c_key, 'm_key': m_key }) continue collection_path = '/%s' % c_key entity_path = '/%(collection_key)s/<string:%(member_key)s_id>' % { 'collection_key': c_key, 'member_key': m_key } # NOTE(morgan): The json-home form of the entity path is different # from the flask-url routing form. jh_e_path = _URL_SUBST.sub('{\\1}', entity_path) LOG.debug( 'Adding standard routes to API %(name)s for `%(resource)s` ' '[%(collection_path)s, %(entity_path)s]', { 'name': self._name, 'resource': r.__class__.__name__, 'collection_path': collection_path, 'entity_path': entity_path }) self.api.add_resource(r, collection_path, entity_path) # Add JSON Home data collection_rel = json_home.build_v3_resource_relation(c_key) rel_data = {'href': collection_path} entity_rel = json_home.build_v3_resource_relation(m_key) id_str = '%s_id' % m_key id_param_rel = json_home.build_v3_parameter_relation(id_str) entity_rel_data = { 'href-template': jh_e_path, 'href-vars': { id_str: id_param_rel } } json_home.JsonHomeResources.append_resource( collection_rel, rel_data) json_home.JsonHomeResources.append_resource( entity_rel, entity_rel_data)
def append_v3_routers(self, mapper, routers): project_controller = controllers.ProjectAssignmentV3() self._add_resource( mapper, project_controller, path="/users/{user_id}/projects", get_head_action="list_user_projects", rel=json_home.build_v3_resource_relation("user_projects"), path_vars={"user_id": json_home.Parameters.USER_ID}, ) routers.append( router.Router( controllers.RoleV3(), "roles", "role", resource_descriptions=self.v3_resources, method_template="%s_wrapper", ) ) implied_roles_controller = controllers.ImpliedRolesV3() self._add_resource( mapper, implied_roles_controller, path="/roles/{prior_role_id}/implies", rel=json_home.build_v3_resource_relation("implied_roles"), get_action="list_implied_roles", status=json_home.Status.EXPERIMENTAL, path_vars={"prior_role_id": json_home.Parameters.ROLE_ID}, ) self._add_resource( mapper, implied_roles_controller, path="/roles/{prior_role_id}/implies/{implied_role_id}", put_action="create_implied_role", delete_action="delete_implied_role", head_action="check_implied_role", get_action="get_implied_role", rel=json_home.build_v3_resource_relation("implied_role"), status=json_home.Status.EXPERIMENTAL, path_vars={"prior_role_id": json_home.Parameters.ROLE_ID, "implied_role_id": json_home.Parameters.ROLE_ID}, ) self._add_resource( mapper, implied_roles_controller, path="/role_inferences", get_action="list_role_inference_rules", rel=json_home.build_v3_resource_relation("role_inferences"), status=json_home.Status.EXPERIMENTAL, path_vars={}, ) grant_controller = controllers.GrantAssignmentV3() self._add_resource( mapper, grant_controller, path="/projects/{project_id}/users/{user_id}/roles/{role_id}", get_head_action="check_grant", put_action="create_grant", delete_action="revoke_grant", rel=json_home.build_v3_resource_relation("project_user_role"), path_vars={ "project_id": json_home.Parameters.PROJECT_ID, "role_id": json_home.Parameters.ROLE_ID, "user_id": json_home.Parameters.USER_ID, }, ) self._add_resource( mapper, grant_controller, path="/projects/{project_id}/groups/{group_id}/roles/{role_id}", get_head_action="check_grant", put_action="create_grant", delete_action="revoke_grant", rel=json_home.build_v3_resource_relation("project_group_role"), path_vars={ "group_id": json_home.Parameters.GROUP_ID, "project_id": json_home.Parameters.PROJECT_ID, "role_id": json_home.Parameters.ROLE_ID, }, ) self._add_resource( mapper, grant_controller, path="/projects/{project_id}/users/{user_id}/roles", get_head_action="list_grants", rel=json_home.build_v3_resource_relation("project_user_roles"), path_vars={"project_id": json_home.Parameters.PROJECT_ID, "user_id": json_home.Parameters.USER_ID}, ) self._add_resource( mapper, grant_controller, path="/projects/{project_id}/groups/{group_id}/roles", get_head_action="list_grants", rel=json_home.build_v3_resource_relation("project_group_roles"), path_vars={"group_id": json_home.Parameters.GROUP_ID, "project_id": json_home.Parameters.PROJECT_ID}, ) self._add_resource( mapper, grant_controller, path="/domains/{domain_id}/users/{user_id}/roles/{role_id}", get_head_action="check_grant", put_action="create_grant", delete_action="revoke_grant", rel=json_home.build_v3_resource_relation("domain_user_role"), path_vars={ "domain_id": json_home.Parameters.DOMAIN_ID, "role_id": json_home.Parameters.ROLE_ID, "user_id": json_home.Parameters.USER_ID, }, ) self._add_resource( mapper, grant_controller, path="/domains/{domain_id}/groups/{group_id}/roles/{role_id}", get_head_action="check_grant", put_action="create_grant", delete_action="revoke_grant", rel=json_home.build_v3_resource_relation("domain_group_role"), path_vars={ "domain_id": json_home.Parameters.DOMAIN_ID, "group_id": json_home.Parameters.GROUP_ID, "role_id": json_home.Parameters.ROLE_ID, }, ) self._add_resource( mapper, grant_controller, path="/domains/{domain_id}/users/{user_id}/roles", get_head_action="list_grants", rel=json_home.build_v3_resource_relation("domain_user_roles"), path_vars={"domain_id": json_home.Parameters.DOMAIN_ID, "user_id": json_home.Parameters.USER_ID}, ) self._add_resource( mapper, grant_controller, path="/domains/{domain_id}/groups/{group_id}/roles", get_head_action="list_grants", rel=json_home.build_v3_resource_relation("domain_group_roles"), path_vars={"domain_id": json_home.Parameters.DOMAIN_ID, "group_id": json_home.Parameters.GROUP_ID}, ) self._add_resource( mapper, controllers.RoleAssignmentV3(), path="/role_assignments", get_head_action="list_role_assignments_wrapper", rel=json_home.build_v3_resource_relation("role_assignments"), ) if CONF.os_inherit.enabled: self._add_resource( mapper, grant_controller, path="/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/" "{role_id}/inherited_to_projects", get_head_action="check_grant", put_action="create_grant", delete_action="revoke_grant", rel=build_os_inherit_relation(resource_name="domain_user_role_inherited_to_projects"), path_vars={ "domain_id": json_home.Parameters.DOMAIN_ID, "role_id": json_home.Parameters.ROLE_ID, "user_id": json_home.Parameters.USER_ID, }, ) self._add_resource( mapper, grant_controller, path="/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/" "{role_id}/inherited_to_projects", get_head_action="check_grant", put_action="create_grant", delete_action="revoke_grant", rel=build_os_inherit_relation(resource_name="domain_group_role_inherited_to_projects"), path_vars={ "domain_id": json_home.Parameters.DOMAIN_ID, "group_id": json_home.Parameters.GROUP_ID, "role_id": json_home.Parameters.ROLE_ID, }, ) self._add_resource( mapper, grant_controller, path="/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/" "inherited_to_projects", get_action="list_grants", rel=build_os_inherit_relation(resource_name="domain_group_roles_inherited_to_projects"), path_vars={"domain_id": json_home.Parameters.DOMAIN_ID, "group_id": json_home.Parameters.GROUP_ID}, ) self._add_resource( mapper, grant_controller, path="/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/" "inherited_to_projects", get_action="list_grants", rel=build_os_inherit_relation(resource_name="domain_user_roles_inherited_to_projects"), path_vars={"domain_id": json_home.Parameters.DOMAIN_ID, "user_id": json_home.Parameters.USER_ID}, ) self._add_resource( mapper, grant_controller, path="/OS-INHERIT/projects/{project_id}/users/{user_id}/roles/" "{role_id}/inherited_to_projects", get_head_action="check_grant", put_action="create_grant", delete_action="revoke_grant", rel=build_os_inherit_relation(resource_name="project_user_role_inherited_to_projects"), path_vars={ "project_id": json_home.Parameters.PROJECT_ID, "user_id": json_home.Parameters.USER_ID, "role_id": json_home.Parameters.ROLE_ID, }, ) self._add_resource( mapper, grant_controller, path="/OS-INHERIT/projects/{project_id}/groups/{group_id}/" "roles/{role_id}/inherited_to_projects", get_head_action="check_grant", put_action="create_grant", delete_action="revoke_grant", rel=build_os_inherit_relation(resource_name="project_group_role_inherited_to_projects"), path_vars={ "project_id": json_home.Parameters.PROJECT_ID, "group_id": json_home.Parameters.GROUP_ID, "role_id": json_home.Parameters.ROLE_ID, }, )
def append_v3_routers(self, mapper, routers): project_controller = controllers.ProjectAssignmentV3() self._add_resource( mapper, project_controller, path='/users/{user_id}/projects', get_head_action='list_user_projects', rel=json_home.build_v3_resource_relation('user_projects'), path_vars={ 'user_id': json_home.Parameters.USER_ID, }) routers.append( router.Router(controllers.RoleV3(), 'roles', 'role', resource_descriptions=self.v3_resources, method_template='%s_wrapper')) implied_roles_controller = controllers.ImpliedRolesV3() self._add_resource( mapper, implied_roles_controller, path='/roles/{prior_role_id}/implies', rel=json_home.build_v3_resource_relation('implied_roles'), get_action='list_implied_roles', status=json_home.Status.EXPERIMENTAL, path_vars={ 'prior_role_id': json_home.Parameters.ROLE_ID, } ) self._add_resource( mapper, implied_roles_controller, path='/roles/{prior_role_id}/implies/{implied_role_id}', put_action='create_implied_role', delete_action='delete_implied_role', head_action='check_implied_role', get_action='get_implied_role', rel=json_home.build_v3_resource_relation('implied_role'), status=json_home.Status.EXPERIMENTAL, path_vars={ 'prior_role_id': json_home.Parameters.ROLE_ID, 'implied_role_id': json_home.Parameters.ROLE_ID } ) self._add_resource( mapper, implied_roles_controller, path='/role_inferences', get_action='list_role_inference_rules', rel=json_home.build_v3_resource_relation('role_inferences'), status=json_home.Status.EXPERIMENTAL, path_vars={} ) grant_controller = controllers.GrantAssignmentV3() self._add_resource( mapper, grant_controller, path='/projects/{project_id}/users/{user_id}/roles/{role_id}', get_head_action='check_grant', put_action='create_grant', delete_action='revoke_grant', rel=json_home.build_v3_resource_relation('project_user_role'), path_vars={ 'project_id': json_home.Parameters.PROJECT_ID, 'role_id': json_home.Parameters.ROLE_ID, 'user_id': json_home.Parameters.USER_ID, }) self._add_resource( mapper, grant_controller, path='/projects/{project_id}/groups/{group_id}/roles/{role_id}', get_head_action='check_grant', put_action='create_grant', delete_action='revoke_grant', rel=json_home.build_v3_resource_relation('project_group_role'), path_vars={ 'group_id': json_home.Parameters.GROUP_ID, 'project_id': json_home.Parameters.PROJECT_ID, 'role_id': json_home.Parameters.ROLE_ID, }) self._add_resource( mapper, grant_controller, path='/projects/{project_id}/users/{user_id}/roles', get_head_action='list_grants', rel=json_home.build_v3_resource_relation('project_user_roles'), path_vars={ 'project_id': json_home.Parameters.PROJECT_ID, 'user_id': json_home.Parameters.USER_ID, }) self._add_resource( mapper, grant_controller, path='/projects/{project_id}/groups/{group_id}/roles', get_head_action='list_grants', rel=json_home.build_v3_resource_relation('project_group_roles'), path_vars={ 'group_id': json_home.Parameters.GROUP_ID, 'project_id': json_home.Parameters.PROJECT_ID, }) self._add_resource( mapper, grant_controller, path='/domains/{domain_id}/users/{user_id}/roles/{role_id}', get_head_action='check_grant', put_action='create_grant', delete_action='revoke_grant', rel=json_home.build_v3_resource_relation('domain_user_role'), path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID, 'role_id': json_home.Parameters.ROLE_ID, 'user_id': json_home.Parameters.USER_ID, }) self._add_resource( mapper, grant_controller, path='/domains/{domain_id}/groups/{group_id}/roles/{role_id}', get_head_action='check_grant', put_action='create_grant', delete_action='revoke_grant', rel=json_home.build_v3_resource_relation('domain_group_role'), path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID, 'group_id': json_home.Parameters.GROUP_ID, 'role_id': json_home.Parameters.ROLE_ID, }) self._add_resource( mapper, grant_controller, path='/domains/{domain_id}/users/{user_id}/roles', get_head_action='list_grants', rel=json_home.build_v3_resource_relation('domain_user_roles'), path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID, 'user_id': json_home.Parameters.USER_ID, }) self._add_resource( mapper, grant_controller, path='/domains/{domain_id}/groups/{group_id}/roles', get_head_action='list_grants', rel=json_home.build_v3_resource_relation('domain_group_roles'), path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID, 'group_id': json_home.Parameters.GROUP_ID, }) self._add_resource( mapper, controllers.RoleAssignmentV3(), path='/role_assignments', get_head_action='list_role_assignments_wrapper', rel=json_home.build_v3_resource_relation('role_assignments')) self._add_resource( mapper, grant_controller, path='/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/' '{role_id}/inherited_to_projects', get_head_action='check_grant', put_action='create_grant', delete_action='revoke_grant', rel=build_os_inherit_relation( resource_name='domain_user_role_inherited_to_projects'), path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID, 'role_id': json_home.Parameters.ROLE_ID, 'user_id': json_home.Parameters.USER_ID, }) self._add_resource( mapper, grant_controller, path='/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/' '{role_id}/inherited_to_projects', get_head_action='check_grant', put_action='create_grant', delete_action='revoke_grant', rel=build_os_inherit_relation( resource_name='domain_group_role_inherited_to_projects'), path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID, 'group_id': json_home.Parameters.GROUP_ID, 'role_id': json_home.Parameters.ROLE_ID, }) self._add_resource( mapper, grant_controller, path='/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/' 'inherited_to_projects', get_action='list_grants', rel=build_os_inherit_relation( resource_name='domain_group_roles_inherited_to_projects'), path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID, 'group_id': json_home.Parameters.GROUP_ID, }) self._add_resource( mapper, grant_controller, path='/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/' 'inherited_to_projects', get_action='list_grants', rel=build_os_inherit_relation( resource_name='domain_user_roles_inherited_to_projects'), path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID, 'user_id': json_home.Parameters.USER_ID, }) self._add_resource( mapper, grant_controller, path='/OS-INHERIT/projects/{project_id}/users/{user_id}/roles/' '{role_id}/inherited_to_projects', get_head_action='check_grant', put_action='create_grant', delete_action='revoke_grant', rel=build_os_inherit_relation( resource_name='project_user_role_inherited_to_projects'), path_vars={ 'project_id': json_home.Parameters.PROJECT_ID, 'user_id': json_home.Parameters.USER_ID, 'role_id': json_home.Parameters.ROLE_ID, }) self._add_resource( mapper, grant_controller, path='/OS-INHERIT/projects/{project_id}/groups/{group_id}/' 'roles/{role_id}/inherited_to_projects', get_head_action='check_grant', put_action='create_grant', delete_action='revoke_grant', rel=build_os_inherit_relation( resource_name='project_group_role_inherited_to_projects'), path_vars={ 'project_id': json_home.Parameters.PROJECT_ID, 'group_id': json_home.Parameters.GROUP_ID, 'role_id': json_home.Parameters.ROLE_ID, })
REVOCATIONS_RELATION = json_home.build_v3_extension_resource_relation( 'OS-PKI', '1.0', 'revocations') _build_simple_cert_relation = functools.partial( json_home.build_v3_extension_resource_relation, extension_name='OS-SIMPLE-CERT', extension_version='1.0') _build_trust_relation = functools.partial( json_home.build_v3_extension_resource_relation, extension_name='OS-TRUST', extension_version='1.0') TRUST_ID_PARAMETER_RELATION = json_home.build_v3_extension_parameter_relation( 'OS-TRUST', '1.0', 'trust_id') V3_JSON_HOME_RESOURCES_INHERIT_DISABLED = { json_home.build_v3_resource_relation('auth_tokens'): { 'href': '/auth/tokens'}, json_home.build_v3_resource_relation('auth_catalog'): { 'href': '/auth/catalog'}, json_home.build_v3_resource_relation('auth_projects'): { 'href': '/auth/projects'}, json_home.build_v3_resource_relation('auth_domains'): { 'href': '/auth/domains'}, json_home.build_v3_resource_relation('credential'): { 'href-template': '/credentials/{credential_id}', 'href-vars': { 'credential_id': json_home.build_v3_parameter_relation('credential_id')}}, json_home.build_v3_resource_relation('credentials'): { 'href': '/credentials'}, json_home.build_v3_resource_relation('domain'): {
def append_v3_routers(self, mapper, routers): routers.append( router.Router(controllers.DomainV3(), "domains", "domain", resource_descriptions=self.v3_resources) ) project_controller = controllers.ProjectV3() routers.append( router.Router(project_controller, "projects", "project", resource_descriptions=self.v3_resources) ) self._add_resource( mapper, project_controller, path="/users/{user_id}/projects", get_action="list_user_projects", rel=json_home.build_v3_resource_relation("user_projects"), path_vars={"user_id": json_home.Parameters.USER_ID}, ) role_controller = controllers.RoleV3() routers.append(router.Router(role_controller, "roles", "role", resource_descriptions=self.v3_resources)) self._add_resource( mapper, role_controller, path="/projects/{project_id}/users/{user_id}/roles/{role_id}", get_head_action="check_grant", put_action="create_grant", delete_action="revoke_grant", rel=json_home.build_v3_resource_relation("project_user_role"), path_vars={ "project_id": json_home.Parameters.PROJECT_ID, "role_id": json_home.Parameters.ROLE_ID, "user_id": json_home.Parameters.USER_ID, }, ) self._add_resource( mapper, role_controller, path="/projects/{project_id}/groups/{group_id}/roles/{role_id}", get_head_action="check_grant", put_action="create_grant", delete_action="revoke_grant", rel=json_home.build_v3_resource_relation("project_group_role"), path_vars={ "group_id": json_home.Parameters.GROUP_ID, "project_id": json_home.Parameters.PROJECT_ID, "role_id": json_home.Parameters.ROLE_ID, }, ) self._add_resource( mapper, role_controller, path="/projects/{project_id}/users/{user_id}/roles", get_action="list_grants", rel=json_home.build_v3_resource_relation("project_user_roles"), path_vars={"project_id": json_home.Parameters.PROJECT_ID, "user_id": json_home.Parameters.USER_ID}, ) self._add_resource( mapper, role_controller, path="/projects/{project_id}/groups/{group_id}/roles", get_action="list_grants", rel=json_home.build_v3_resource_relation("project_group_roles"), path_vars={"group_id": json_home.Parameters.GROUP_ID, "project_id": json_home.Parameters.PROJECT_ID}, ) self._add_resource( mapper, role_controller, path="/domains/{domain_id}/users/{user_id}/roles/{role_id}", get_head_action="check_grant", put_action="create_grant", delete_action="revoke_grant", rel=json_home.build_v3_resource_relation("domain_user_role"), path_vars={ "domain_id": json_home.Parameters.DOMAIN_ID, "role_id": json_home.Parameters.ROLE_ID, "user_id": json_home.Parameters.USER_ID, }, ) self._add_resource( mapper, role_controller, path="/domains/{domain_id}/groups/{group_id}/roles/{role_id}", get_head_action="check_grant", put_action="create_grant", delete_action="revoke_grant", rel=json_home.build_v3_resource_relation("domain_group_role"), path_vars={ "domain_id": json_home.Parameters.DOMAIN_ID, "group_id": json_home.Parameters.GROUP_ID, "role_id": json_home.Parameters.ROLE_ID, }, ) self._add_resource( mapper, role_controller, path="/domains/{domain_id}/users/{user_id}/roles", get_action="list_grants", rel=json_home.build_v3_resource_relation("domain_user_roles"), path_vars={"domain_id": json_home.Parameters.DOMAIN_ID, "user_id": json_home.Parameters.USER_ID}, ) self._add_resource( mapper, role_controller, path="/domains/{domain_id}/groups/{group_id}/roles", get_action="list_grants", rel=json_home.build_v3_resource_relation("domain_group_roles"), path_vars={"domain_id": json_home.Parameters.DOMAIN_ID, "group_id": json_home.Parameters.GROUP_ID}, ) routers.append( router.Router( controllers.RoleAssignmentV3(), "role_assignments", "role_assignment", resource_descriptions=self.v3_resources, is_entity_implemented=False, ) ) if config.CONF.os_inherit.enabled: self._add_resource( mapper, role_controller, path="/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/" "{role_id}/inherited_to_projects", get_head_action="check_grant", put_action="create_grant", delete_action="revoke_grant", rel=build_os_inherit_relation(resource_name="domain_user_role_inherited_to_projects"), path_vars={ "domain_id": json_home.Parameters.DOMAIN_ID, "role_id": json_home.Parameters.ROLE_ID, "user_id": json_home.Parameters.USER_ID, }, ) self._add_resource( mapper, role_controller, path="/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/" "{role_id}/inherited_to_projects", get_head_action="check_grant", put_action="create_grant", delete_action="revoke_grant", rel=build_os_inherit_relation(resource_name="domain_group_role_inherited_to_projects"), path_vars={ "domain_id": json_home.Parameters.DOMAIN_ID, "group_id": json_home.Parameters.GROUP_ID, "role_id": json_home.Parameters.ROLE_ID, }, ) self._add_resource( mapper, role_controller, path="/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/" "inherited_to_projects", get_action="list_grants", rel=build_os_inherit_relation(resource_name="domain_group_roles_inherited_to_projects"), path_vars={"domain_id": json_home.Parameters.DOMAIN_ID, "group_id": json_home.Parameters.GROUP_ID}, ) self._add_resource( mapper, role_controller, path="/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/" "inherited_to_projects", get_action="list_grants", rel=build_os_inherit_relation(resource_name="domain_user_roles_inherited_to_projects"), path_vars={"domain_id": json_home.Parameters.DOMAIN_ID, "user_id": json_home.Parameters.USER_ID}, ) self._add_resource( mapper, role_controller, path="/OS-INHERIT/projects/{project_id}/users/{user_id}/roles/" "{role_id}/inherited_to_projects", get_head_action="check_grant", put_action="create_grant", delete_action="revoke_grant", rel=build_os_inherit_relation(resource_name="project_user_role_inherited_to_projects"), path_vars={ "project_id": json_home.Parameters.PROJECT_ID, "user_id": json_home.Parameters.USER_ID, "role_id": json_home.Parameters.ROLE_ID, }, ) self._add_resource( mapper, role_controller, path="/OS-INHERIT/projects/{project_id}/groups/{group_id}/" "roles/{role_id}/inherited_to_projects", get_head_action="check_grant", put_action="create_grant", delete_action="revoke_grant", rel=build_os_inherit_relation(resource_name="project_group_role_inherited_to_projects"), path_vars={ "project_id": json_home.Parameters.PROJECT_ID, "group_id": json_home.Parameters.GROUP_ID, "role_id": json_home.Parameters.ROLE_ID, }, )
# a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. """WSGI Routers for the Application Credential service.""" from keystone.application_credential import controllers from keystone.common import json_home from keystone.common import wsgi APP_CRED_RESOURCE_RELATION = json_home.build_v3_resource_relation( 'application_credential') APP_CRED_PARAMETER_RELATION = json_home.build_v3_parameter_relation( 'application_credential_id') APP_CRED_COLLECTION_PATH = '/users/{user_id}/application_credentials' APP_CRED_RESOURCE_PATH = ( '/users/{user_id}/application_credentials/{application_credential_id}') class Routers(wsgi.RoutersBase): _path_prefixes = ( APP_CRED_COLLECTION_PATH, 'users', ) def append_v3_routers(self, mapper, routers): app_cred_controller = controllers.ApplicationCredentialV3()
def append_v3_routers(self, mapper, routers): project_controller = controllers.ProjectAssignmentV3() self._add_resource( mapper, project_controller, path='/users/{user_id}/projects', get_head_action='list_user_projects', rel=json_home.build_v3_resource_relation('user_projects'), path_vars={ 'user_id': json_home.Parameters.USER_ID, }) grant_controller = controllers.GrantAssignmentV3() self._add_resource( mapper, grant_controller, path='/projects/{project_id}/users/{user_id}/roles/{role_id}', get_head_action='check_grant', put_action='create_grant', delete_action='revoke_grant', rel=json_home.build_v3_resource_relation('project_user_role'), path_vars={ 'project_id': json_home.Parameters.PROJECT_ID, 'role_id': json_home.Parameters.ROLE_ID, 'user_id': json_home.Parameters.USER_ID, }) self._add_resource( mapper, grant_controller, path='/projects/{project_id}/groups/{group_id}/roles/{role_id}', get_head_action='check_grant', put_action='create_grant', delete_action='revoke_grant', rel=json_home.build_v3_resource_relation('project_group_role'), path_vars={ 'group_id': json_home.Parameters.GROUP_ID, 'project_id': json_home.Parameters.PROJECT_ID, 'role_id': json_home.Parameters.ROLE_ID, }) self._add_resource( mapper, grant_controller, path='/projects/{project_id}/users/{user_id}/roles', get_head_action='list_grants', rel=json_home.build_v3_resource_relation('project_user_roles'), path_vars={ 'project_id': json_home.Parameters.PROJECT_ID, 'user_id': json_home.Parameters.USER_ID, }) self._add_resource( mapper, grant_controller, path='/projects/{project_id}/groups/{group_id}/roles', get_head_action='list_grants', rel=json_home.build_v3_resource_relation('project_group_roles'), path_vars={ 'group_id': json_home.Parameters.GROUP_ID, 'project_id': json_home.Parameters.PROJECT_ID, }) self._add_resource( mapper, grant_controller, path='/domains/{domain_id}/users/{user_id}/roles/{role_id}', get_head_action='check_grant', put_action='create_grant', delete_action='revoke_grant', rel=json_home.build_v3_resource_relation('domain_user_role'), path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID, 'role_id': json_home.Parameters.ROLE_ID, 'user_id': json_home.Parameters.USER_ID, }) self._add_resource( mapper, grant_controller, path='/domains/{domain_id}/groups/{group_id}/roles/{role_id}', get_head_action='check_grant', put_action='create_grant', delete_action='revoke_grant', rel=json_home.build_v3_resource_relation('domain_group_role'), path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID, 'group_id': json_home.Parameters.GROUP_ID, 'role_id': json_home.Parameters.ROLE_ID, }) self._add_resource( mapper, grant_controller, path='/domains/{domain_id}/users/{user_id}/roles', get_head_action='list_grants', rel=json_home.build_v3_resource_relation('domain_user_roles'), path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID, 'user_id': json_home.Parameters.USER_ID, }) self._add_resource( mapper, grant_controller, path='/domains/{domain_id}/groups/{group_id}/roles', get_head_action='list_grants', rel=json_home.build_v3_resource_relation('domain_group_roles'), path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID, 'group_id': json_home.Parameters.GROUP_ID, }) self._add_resource( mapper, grant_controller, path='/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/' '{role_id}/inherited_to_projects', get_head_action='check_grant', put_action='create_grant', delete_action='revoke_grant', rel=build_os_inherit_relation( resource_name='domain_user_role_inherited_to_projects'), path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID, 'role_id': json_home.Parameters.ROLE_ID, 'user_id': json_home.Parameters.USER_ID, }) self._add_resource( mapper, grant_controller, path='/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/' '{role_id}/inherited_to_projects', get_head_action='check_grant', put_action='create_grant', delete_action='revoke_grant', rel=build_os_inherit_relation( resource_name='domain_group_role_inherited_to_projects'), path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID, 'group_id': json_home.Parameters.GROUP_ID, 'role_id': json_home.Parameters.ROLE_ID, }) self._add_resource( mapper, grant_controller, path='/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/' 'inherited_to_projects', get_head_action='list_grants', rel=build_os_inherit_relation( resource_name='domain_group_roles_inherited_to_projects'), path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID, 'group_id': json_home.Parameters.GROUP_ID, }) self._add_resource( mapper, grant_controller, path='/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/' 'inherited_to_projects', get_head_action='list_grants', rel=build_os_inherit_relation( resource_name='domain_user_roles_inherited_to_projects'), path_vars={ 'domain_id': json_home.Parameters.DOMAIN_ID, 'user_id': json_home.Parameters.USER_ID, }) self._add_resource( mapper, grant_controller, path='/OS-INHERIT/projects/{project_id}/users/{user_id}/roles/' '{role_id}/inherited_to_projects', get_head_action='check_grant', put_action='create_grant', delete_action='revoke_grant', rel=build_os_inherit_relation( resource_name='project_user_role_inherited_to_projects'), path_vars={ 'project_id': json_home.Parameters.PROJECT_ID, 'user_id': json_home.Parameters.USER_ID, 'role_id': json_home.Parameters.ROLE_ID, }) self._add_resource( mapper, grant_controller, path='/OS-INHERIT/projects/{project_id}/groups/{group_id}/' 'roles/{role_id}/inherited_to_projects', get_head_action='check_grant', put_action='create_grant', delete_action='revoke_grant', rel=build_os_inherit_relation( resource_name='project_group_role_inherited_to_projects'), path_vars={ 'project_id': json_home.Parameters.PROJECT_ID, 'group_id': json_home.Parameters.GROUP_ID, 'role_id': json_home.Parameters.ROLE_ID, })