def append_v3_routers(mapper, routers):
user_controller = controllers.UserV3()
routers.append(router.Router(user_controller, 'users', 'user'))
mapper.connect('/users/{user_id}/password',
controller=user_controller,
action='change_password',
conditions=dict(method=['POST']))
mapper.connect('/groups/{group_id}/users',
controller=user_controller,
action='list_users_in_group',
conditions=dict(method=['GET']))
mapper.connect('/groups/{group_id}/users/{user_id}',
controller=user_controller,
action='add_user_to_group',
conditions=dict(method=['PUT']))
mapper.connect('/groups/{group_id}/users/{user_id}',
controller=user_controller,
action='check_user_in_group',
conditions=dict(method=['HEAD']))
mapper.connect('/groups/{group_id}/users/{user_id}',
controller=user_controller,
action='remove_user_from_group',
conditions=dict(method=['DELETE']))
group_controller = controllers.GroupV3()
routers.append(router.Router(group_controller, 'groups', 'group'))
mapper.connect('/users/{user_id}/groups',
controller=group_controller,
action='list_groups_for_user',
conditions=dict(method=['GET']))
def append_v3_routers(self, mapper, routers):
user_controller = controllers.UserV3()
routers.append(router.Router(user_controller, 'users', 'user'))
self._add_resource(mapper,
user_controller,
path='/users/{user_id}/password',
post_action='change_password')
self._add_resource(mapper,
user_controller,
path='/groups/{group_id}/users',
get_action='list_users_in_group')
self._add_resource(mapper,
user_controller,
path='/groups/{group_id}/users/{user_id}',
put_action='add_user_to_group',
get_head_action='check_user_in_group',
delete_action='remove_user_from_group')
group_controller = controllers.GroupV3()
routers.append(router.Router(group_controller, 'groups', 'group'))
self._add_resource(mapper,
group_controller,
path='/users/{user_id}/groups',
get_action='list_groups_for_user')
def append_v3_routers(self, mapper, routers):
routers.append(
router.Router(controllers.DomainV3(),
'domains',
'domain',
resource_descriptions=self.v3_resources))
config_controller = controllers.DomainConfigV3()
self._add_resource(
mapper,
config_controller,
path='/domains/{domain_id}/config',
get_head_action='get_domain_config',
put_action='create_domain_config',
patch_action='update_domain_config_only',
delete_action='delete_domain_config',
rel=json_home.build_v3_resource_relation('domain_config'),
status=json_home.Status.EXPERIMENTAL,
path_vars={'domain_id': json_home.Parameters.DOMAIN_ID})
config_group_param = (
json_home.build_v3_parameter_relation('config_group'))
self._add_resource(
mapper,
config_controller,
path='/domains/{domain_id}/config/{group}',
get_head_action='get_domain_config',
patch_action='update_domain_config_group',
delete_action='delete_domain_config',
rel=json_home.build_v3_resource_relation('domain_config_group'),
status=json_home.Status.EXPERIMENTAL,
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'group': config_group_param
})
self._add_resource(
mapper,
config_controller,
path='/domains/{domain_id}/config/{group}/{option}',
get_head_action='get_domain_config',
patch_action='update_domain_config',
delete_action='delete_domain_config',
rel=json_home.build_v3_resource_relation('domain_config_option'),
status=json_home.Status.EXPERIMENTAL,
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'group': config_group_param,
'option':
json_home.build_v3_parameter_relation('config_option')
})
routers.append(
router.Router(controllers.ProjectV3(),
'projects',
'project',
resource_descriptions=self.v3_resources))
def append_v3_routers(self, mapper, routers):
user_controller = controllers.UserV3()
routers.append(
router.Router(user_controller,
'users',
'user',
resource_descriptions=self.v3_resources))
self._add_resource(
mapper,
user_controller,
path='/users/{user_id}/password',
post_action='change_password',
rel=json_home.build_v3_resource_relation('user_change_password'),
path_vars={
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper,
user_controller,
path='/groups/{group_id}/users',
get_head_action='list_users_in_group',
rel=json_home.build_v3_resource_relation('group_users'),
path_vars={
'group_id': json_home.Parameters.GROUP_ID,
})
self._add_resource(
mapper,
user_controller,
path='/groups/{group_id}/users/{user_id}',
put_action='add_user_to_group',
get_head_action='check_user_in_group',
delete_action='remove_user_from_group',
rel=json_home.build_v3_resource_relation('group_user'),
path_vars={
'group_id': json_home.Parameters.GROUP_ID,
'user_id': json_home.Parameters.USER_ID,
})
group_controller = controllers.GroupV3()
routers.append(
router.Router(group_controller,
'groups',
'group',
resource_descriptions=self.v3_resources))
self._add_resource(
mapper,
group_controller,
path='/users/{user_id}/groups',
get_head_action='list_groups_for_user',
rel=json_home.build_v3_resource_relation('user_groups'),
path_vars={
'user_id': json_home.Parameters.USER_ID,
})
def append_v3_routers(self, mapper, routers):
routers.append(
router.Router(controllers.DomainV3(),
'domains',
'domain',
resource_descriptions=self.v3_resources))
routers.append(
router.Router(controllers.ProjectV3(),
'projects',
'project',
resource_descriptions=self.v3_resources))
def append_v3_routers(self, mapper, routers):
user_controller = controllers.UserV3()
routers.append(
router.Router(user_controller,
'users',
'user',
resource_descriptions=self.v3_resources))
self._add_resource(
mapper,
user_controller,
path='/users/{user_id}/password',
post_action='change_password',
rel=json_home.build_v3_resource_relation('user_change_password'),
path_vars={
'user_id': json_home.Parameters.USER_ID,
})
group_controller = controllers.GroupV3()
self._add_resource(
mapper,
group_controller,
path='/users/{user_id}/groups',
get_head_action='list_groups_for_user',
rel=json_home.build_v3_resource_relation('user_groups'),
path_vars={
'user_id': json_home.Parameters.USER_ID,
})
def append_v3_routers(self, mapper, routers):
policy_controller = controllers.PolicyV3()
routers.append(
router.Router(policy_controller,
'policies',
'policy',
resource_descriptions=self.v3_resources))
def append_v3_routers(mapper, routers):
regions_controller = controllers.RegionV3()
routers.append(router.Router(regions_controller,
'regions', 'region'))
# Need to add an additional route to support PUT /regions/{region_id}
mapper.connect(
'/regions/{region_id}',
controller=regions_controller,
action='create_region_with_id',
conditions=dict(method=['PUT']))
routers.append(router.Router(controllers.ServiceV3(),
'services', 'service'))
routers.append(router.Router(controllers.EndpointV3(),
'endpoints', 'endpoint'))
def append_v3_routers(self, mapper, routers):
tag_controller = controllers.ProjectTagV3()
routers.append(
router.Router(controllers.ProjectV3(),
'projects',
'project',
resource_descriptions=self.v3_resources))
self._add_resource(
mapper,
tag_controller,
path='/projects/{project_id}/tags',
get_head_action='list_project_tags',
put_action='update_project_tags',
delete_action='delete_project_tags',
rel=json_home.build_v3_resource_relation('project_tags'),
path_vars={'project_id': json_home.Parameters.PROJECT_ID})
self._add_resource(
mapper,
tag_controller,
path='/projects/{project_id}/tags/{value}',
get_head_action='get_project_tag',
put_action='create_project_tag',
delete_action='delete_project_tag',
rel=json_home.build_v3_resource_relation('project_tags'),
path_vars={
'project_id': json_home.Parameters.PROJECT_ID,
'value': json_home.Parameters.TAG_VALUE
})
def append_v3_routers(self, mapper, routers):
regions_controller = controllers.RegionV3()
routers.append(router.Router(regions_controller, 'regions', 'region'))
# Need to add an additional route to support PUT /regions/{region_id}
mapper.connect('/regions/{region_id}',
controller=regions_controller,
action='create_region_with_id',
conditions=dict(method=['PUT']))
routers.append(
router.Router(controllers.ServiceV3(), 'services', 'service'))
routers.append(
router.Router(controllers.EndpointV3(), 'endpoints', 'endpoint'))
self._add_resource(mapper,
controllers.CatalogV3(),
path='/catalog',
get_action='get_catalog')
def append_v3_routers(self, mapper, routers):
policy_controller = controllers.PolicyV3()
routers.append(router.Router(policy_controller, 'policies', 'policy'))
def append_v3_routers(self, mapper, routers):
routers.append(
router.Router(controllers.CredentialV3(),
'credentials', 'credential',
resource_descriptions=self.v3_resources))
def append_v3_routers(mapper, routers):
routers.append(router.Router(controllers.DomainV3(), 'domains', 'domain'))
project_controller = controllers.ProjectV3()
routers.append(router.Router(project_controller, 'projects', 'project'))
mapper.connect('/users/{user_id}/projects',
controller=project_controller,
action='list_user_projects',
conditions=dict(method=['GET']))
user_controller = controllers.UserV3()
routers.append(router.Router(user_controller, 'users', 'user'))
mapper.connect('/groups/{group_id}/users',
controller=user_controller,
action='list_users_in_group',
conditions=dict(method=['GET']))
mapper.connect('/groups/{group_id}/users/{user_id}',
controller=user_controller,
action='add_user_to_group',
conditions=dict(method=['PUT']))
mapper.connect('/groups/{group_id}/users/{user_id}',
controller=user_controller,
action='check_user_in_group',
conditions=dict(method=['HEAD']))
mapper.connect('/groups/{group_id}/users/{user_id}',
controller=user_controller,
action='remove_user_from_group',
conditions=dict(method=['DELETE']))
group_controller = controllers.GroupV3()
routers.append(router.Router(group_controller, 'groups', 'group'))
mapper.connect('/users/{user_id}/groups',
controller=group_controller,
action='list_groups_for_user',
conditions=dict(method=['GET']))
role_controller = controllers.RoleV3()
routers.append(router.Router(role_controller, 'roles', 'role'))
mapper.connect('/projects/{project_id}/users/{user_id}/roles/{role_id}',
controller=role_controller,
action='create_grant',
conditions=dict(method=['PUT']))
mapper.connect('/projects/{project_id}/groups/{group_id}/roles/{role_id}',
controller=role_controller,
action='create_grant',
conditions=dict(method=['PUT']))
mapper.connect('/projects/{project_id}/users/{user_id}/roles/{role_id}',
controller=role_controller,
action='check_grant',
conditions=dict(method=['HEAD']))
mapper.connect('/projects/{project_id}/groups/{group_id}/roles/{role_id}',
controller=role_controller,
action='check_grant',
conditions=dict(method=['HEAD']))
mapper.connect('/projects/{project_id}/users/{user_id}/roles',
controller=role_controller,
action='list_grants',
conditions=dict(method=['GET']))
mapper.connect('/projects/{project_id}/groups/{group_id}/roles',
controller=role_controller,
action='list_grants',
conditions=dict(method=['GET']))
mapper.connect('/projects/{project_id}/users/{user_id}/roles/{role_id}',
controller=role_controller,
action='revoke_grant',
conditions=dict(method=['DELETE']))
mapper.connect('/projects/{project_id}/groups/{group_id}/roles/{role_id}',
controller=role_controller,
action='revoke_grant',
conditions=dict(method=['DELETE']))
mapper.connect('/domains/{domain_id}/users/{user_id}/roles/{role_id}',
controller=role_controller,
action='create_grant',
conditions=dict(method=['PUT']))
mapper.connect('/domains/{domain_id}/groups/{group_id}/roles/{role_id}',
controller=role_controller,
action='create_grant',
conditions=dict(method=['PUT']))
mapper.connect('/domains/{domain_id}/users/{user_id}/roles/{role_id}',
controller=role_controller,
action='check_grant',
conditions=dict(method=['HEAD']))
mapper.connect('/domains/{domain_id}/groups/{group_id}/roles/{role_id}',
controller=role_controller,
action='check_grant',
conditions=dict(method=['HEAD']))
mapper.connect('/domains/{domain_id}/users/{user_id}/roles',
controller=role_controller,
action='list_grants',
conditions=dict(method=['GET']))
mapper.connect('/domains/{domain_id}/groups/{group_id}/roles',
controller=role_controller,
action='list_grants',
conditions=dict(method=['GET']))
mapper.connect('/domains/{domain_id}/users/{user_id}/roles/{role_id}',
controller=role_controller,
action='revoke_grant',
conditions=dict(method=['DELETE']))
mapper.connect('/domains/{domain_id}/groups/{group_id}/roles/{role_id}',
controller=role_controller,
action='revoke_grant',
conditions=dict(method=['DELETE']))
if config.CONF.os_inherit.enabled:
mapper.connect(('/OS-INHERIT/domains/{domain_id}/users/{user_id}'
'/roles/{role_id}/inherited_to_projects'),
controller=role_controller,
action='create_grant',
conditions=dict(method=['PUT']))
mapper.connect(('/OS-INHERIT/domains/{domain_id}/groups/{group_id}'
'/roles/{role_id}/inherited_to_projects'),
controller=role_controller,
action='create_grant',
conditions=dict(method=['PUT']))
mapper.connect(('/OS-INHERIT/domains/{domain_id}/users/{user_id}'
'/roles/{role_id}/inherited_to_projects'),
controller=role_controller,
action='check_grant',
conditions=dict(method=['HEAD']))
mapper.connect(('/OS-INHERIT/domains/{domain_id}/groups/{group_id}'
'/roles/{role_id}/inherited_to_projects'),
controller=role_controller,
action='check_grant',
conditions=dict(method=['HEAD']))
mapper.connect(('/OS-INHERIT/domains/{domain_id}/users/{user_id}'
'/roles/inherited_to_projects'),
controller=role_controller,
action='list_grants',
conditions=dict(method=['GET']))
mapper.connect(('/OS-INHERIT/domains/{domain_id}/groups/{group_id}'
'/roles/inherited_to_projects'),
controller=role_controller,
action='list_grants',
conditions=dict(method=['GET']))
mapper.connect(('/OS-INHERIT/domains/{domain_id}/users/{user_id}'
'/roles/{role_id}/inherited_to_projects'),
controller=role_controller,
action='revoke_grant',
conditions=dict(method=['DELETE']))
mapper.connect(('/OS-INHERIT/domains/{domain_id}/groups/{group_id}'
'/roles/{role_id}/inherited_to_projects'),
controller=role_controller,
action='revoke_grant',
conditions=dict(method=['DELETE']))
routers.append(
router.Router(controllers.RoleAssignmentV3(), 'role_assignments',
'role_assignment'))
def append_v3_routers(mapper, routers):
routers.append(router.Router(controllers.RegionV3(), 'regions', 'region'))
routers.append(
router.Router(controllers.ServiceV3(), 'services', 'service'))
routers.append(
router.Router(controllers.EndpointV3(), 'endpoints', 'endpoint'))
def append_v3_routers(mapper, routers):
routers.append(
router.Router(controllers.CredentialV3(), 'credentials', 'credential'))
def append_v3_routers(self, mapper, routers):
routers.append(
router.Router(controllers.DomainV3(),
'domains',
'domain',
resource_descriptions=self.v3_resources))
config_controller = controllers.DomainConfigV3()
tag_controller = controllers.ProjectTagV3()
self._add_resource(
mapper,
config_controller,
path='/domains/{domain_id}/config',
get_head_action='get_domain_config',
put_action='create_domain_config',
patch_action='update_domain_config_only',
delete_action='delete_domain_config',
rel=json_home.build_v3_resource_relation('domain_config'),
path_vars={'domain_id': json_home.Parameters.DOMAIN_ID})
config_group_param = (
json_home.build_v3_parameter_relation('config_group'))
self._add_resource(
mapper,
config_controller,
path='/domains/{domain_id}/config/{group}',
get_head_action='get_domain_config_wrapper',
patch_action='update_domain_config_group',
delete_action='delete_domain_config',
rel=json_home.build_v3_resource_relation('domain_config_group'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'group': config_group_param
})
self._add_resource(
mapper,
config_controller,
path='/domains/{domain_id}/config/{group}/{option}',
get_head_action='get_domain_config_wrapper',
patch_action='update_domain_config',
delete_action='delete_domain_config',
rel=json_home.build_v3_resource_relation('domain_config_option'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'group': config_group_param,
'option':
json_home.build_v3_parameter_relation('config_option')
})
self._add_resource(
mapper,
config_controller,
path='/domains/config/default',
get_head_action='get_domain_config_default',
rel=json_home.build_v3_resource_relation('domain_config_default'))
self._add_resource(mapper,
config_controller,
path='/domains/config/{group}/default',
get_head_action='get_domain_config_default',
rel=json_home.build_v3_resource_relation(
'domain_config_default_group'),
path_vars={'group': config_group_param})
self._add_resource(
mapper,
config_controller,
path='/domains/config/{group}/{option}/default',
get_head_action='get_domain_config_default',
rel=json_home.build_v3_resource_relation(
'domain_config_default_option'),
path_vars={
'group': config_group_param,
'option':
json_home.build_v3_parameter_relation('config_option')
})
routers.append(
router.Router(controllers.ProjectV3(),
'projects',
'project',
resource_descriptions=self.v3_resources))
self._add_resource(
mapper,
tag_controller,
path='/projects/{project_id}/tags',
get_head_action='list_project_tags',
put_action='update_project_tags',
delete_action='delete_project_tags',
rel=json_home.build_v3_resource_relation('project_tags'),
path_vars={'project_id': json_home.Parameters.PROJECT_ID})
self._add_resource(
mapper,
tag_controller,
path='/projects/{project_id}/tags/{value}',
get_head_action='get_project_tag',
put_action='create_project_tag',
delete_action='delete_project_tag',
rel=json_home.build_v3_resource_relation('project_tags'),
path_vars={
'project_id': json_home.Parameters.PROJECT_ID,
'value': json_home.Parameters.TAG_VALUE
})
def append_v3_routers(self, mapper, routers):
routers.append(
router.Router(controllers.DomainV3(), 'domains', 'domain'))
project_controller = controllers.ProjectV3()
routers.append(router.Router(project_controller, 'projects',
'project'))
self._add_resource(mapper,
project_controller,
path='/users/{user_id}/projects',
get_action='list_user_projects')
role_controller = controllers.RoleV3()
routers.append(router.Router(role_controller, 'roles', 'role'))
self._add_resource(
mapper,
role_controller,
path='/projects/{project_id}/users/{user_id}/roles/{role_id}',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant')
self._add_resource(
mapper,
role_controller,
path='/projects/{project_id}/groups/{group_id}/roles/{role_id}',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant')
self._add_resource(mapper,
role_controller,
path='/projects/{project_id}/users/{user_id}/roles',
get_action='list_grants')
self._add_resource(
mapper,
role_controller,
path='/projects/{project_id}/groups/{group_id}/roles',
get_action='list_grants')
self._add_resource(
mapper,
role_controller,
path='/domains/{domain_id}/users/{user_id}/roles/{role_id}',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant')
self._add_resource(
mapper,
role_controller,
path='/domains/{domain_id}/groups/{group_id}/roles/{role_id}',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant')
self._add_resource(mapper,
role_controller,
path='/domains/{domain_id}/users/{user_id}/roles',
get_action='list_grants')
self._add_resource(mapper,
role_controller,
path='/domains/{domain_id}/groups/{group_id}/roles',
get_action='list_grants')
routers.append(
router.Router(controllers.RoleAssignmentV3(), 'role_assignments',
'role_assignment'))
if config.CONF.os_inherit.enabled:
self._add_resource(
mapper,
role_controller,
path='/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/'
'{role_id}/inherited_to_projects',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant')
self._add_resource(
mapper,
role_controller,
path='/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/'
'{role_id}/inherited_to_projects',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant')
self._add_resource(
mapper,
role_controller,
path='/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/'
'inherited_to_projects',
get_action='list_grants')
self._add_resource(
mapper,
role_controller,
path='/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/'
'inherited_to_projects',
get_action='list_grants')
def append_v3_routers(self, mapper, routers):
project_controller = controllers.ProjectAssignmentV3()
self._add_resource(
mapper,
project_controller,
path='/users/{user_id}/projects',
get_action='list_user_projects',
rel=json_home.build_v3_resource_relation('user_projects'),
path_vars={
'user_id': json_home.Parameters.USER_ID,
})
routers.append(
router.Router(controllers.RoleV3(),
'roles',
'role',
resource_descriptions=self.v3_resources))
grant_controller = controllers.GrantAssignmentV3()
self._add_resource(
mapper,
grant_controller,
path='/projects/{project_id}/users/{user_id}/roles/{role_id}',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=json_home.build_v3_resource_relation('project_user_role'),
path_vars={
'project_id': json_home.Parameters.PROJECT_ID,
'role_id': json_home.Parameters.ROLE_ID,
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/projects/{project_id}/groups/{group_id}/roles/{role_id}',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=json_home.build_v3_resource_relation('project_group_role'),
path_vars={
'group_id': json_home.Parameters.GROUP_ID,
'project_id': json_home.Parameters.PROJECT_ID,
'role_id': json_home.Parameters.ROLE_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/projects/{project_id}/users/{user_id}/roles',
get_action='list_grants',
rel=json_home.build_v3_resource_relation('project_user_roles'),
path_vars={
'project_id': json_home.Parameters.PROJECT_ID,
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/projects/{project_id}/groups/{group_id}/roles',
get_action='list_grants',
rel=json_home.build_v3_resource_relation('project_group_roles'),
path_vars={
'group_id': json_home.Parameters.GROUP_ID,
'project_id': json_home.Parameters.PROJECT_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/domains/{domain_id}/users/{user_id}/roles/{role_id}',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=json_home.build_v3_resource_relation('domain_user_role'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'role_id': json_home.Parameters.ROLE_ID,
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/domains/{domain_id}/groups/{group_id}/roles/{role_id}',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=json_home.build_v3_resource_relation('domain_group_role'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'group_id': json_home.Parameters.GROUP_ID,
'role_id': json_home.Parameters.ROLE_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/domains/{domain_id}/users/{user_id}/roles',
get_action='list_grants',
rel=json_home.build_v3_resource_relation('domain_user_roles'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/domains/{domain_id}/groups/{group_id}/roles',
get_action='list_grants',
rel=json_home.build_v3_resource_relation('domain_group_roles'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'group_id': json_home.Parameters.GROUP_ID,
})
routers.append(
router.Router(controllers.RoleAssignmentV3(),
'role_assignments',
'role_assignment',
resource_descriptions=self.v3_resources,
is_entity_implemented=False))
if CONF.os_inherit.enabled:
self._add_resource(
mapper,
grant_controller,
path='/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/'
'{role_id}/inherited_to_projects',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=build_os_inherit_relation(
resource_name='domain_user_role_inherited_to_projects'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'role_id': json_home.Parameters.ROLE_ID,
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/'
'{role_id}/inherited_to_projects',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=build_os_inherit_relation(
resource_name='domain_group_role_inherited_to_projects'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'group_id': json_home.Parameters.GROUP_ID,
'role_id': json_home.Parameters.ROLE_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/'
'inherited_to_projects',
get_action='list_grants',
rel=build_os_inherit_relation(
resource_name='domain_group_roles_inherited_to_projects'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'group_id': json_home.Parameters.GROUP_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/'
'inherited_to_projects',
get_action='list_grants',
rel=build_os_inherit_relation(
resource_name='domain_user_roles_inherited_to_projects'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/OS-INHERIT/projects/{project_id}/users/{user_id}/roles/'
'{role_id}/inherited_to_projects',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=build_os_inherit_relation(
resource_name='project_user_role_inherited_to_projects'),
path_vars={
'project_id': json_home.Parameters.PROJECT_ID,
'user_id': json_home.Parameters.USER_ID,
'role_id': json_home.Parameters.ROLE_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/OS-INHERIT/projects/{project_id}/groups/{group_id}/'
'roles/{role_id}/inherited_to_projects',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=build_os_inherit_relation(
resource_name='project_group_role_inherited_to_projects'),
path_vars={
'project_id': json_home.Parameters.PROJECT_ID,
'group_id': json_home.Parameters.GROUP_ID,
'role_id': json_home.Parameters.ROLE_ID,
})
def append_v3_routers(self, mapper, routers):
regions_controller = controllers.RegionV3()
endpoint_filter_controller = controllers.EndpointFilterV3Controller()
endpoint_group_controller = controllers.EndpointGroupV3Controller()
project_endpoint_group_controller = (
controllers.ProjectEndpointGroupV3Controller())
routers.append(router.Router(regions_controller,
'regions', 'region',
resource_descriptions=self.v3_resources))
# Need to add an additional route to support PUT /regions/{region_id}
mapper.connect(
'/regions/{region_id}',
controller=regions_controller,
action='create_region_with_id',
conditions=dict(method=['PUT']))
routers.append(router.Router(controllers.ServiceV3(),
'services', 'service',
resource_descriptions=self.v3_resources))
routers.append(router.Router(controllers.EndpointV3(),
'endpoints', 'endpoint',
resource_descriptions=self.v3_resources))
self._add_resource(
mapper, endpoint_filter_controller,
path=self.PATH_PREFIX + '/endpoints/{endpoint_id}/projects',
get_head_action='list_projects_for_endpoint',
rel=build_resource_relation(resource_name='endpoint_projects'),
path_vars={
'endpoint_id': json_home.Parameters.ENDPOINT_ID,
})
self._add_resource(
mapper, endpoint_filter_controller,
path=self.PATH_PREFIX + self.PATH_PROJECT_ENDPOINT,
get_head_action='check_endpoint_in_project',
put_action='add_endpoint_to_project',
delete_action='remove_endpoint_from_project',
rel=build_resource_relation(resource_name='project_endpoint'),
path_vars={
'endpoint_id': json_home.Parameters.ENDPOINT_ID,
'project_id': json_home.Parameters.PROJECT_ID,
})
self._add_resource(
mapper, endpoint_filter_controller,
path=self.PATH_PREFIX + '/projects/{project_id}/endpoints',
get_head_action='list_endpoints_for_project',
rel=build_resource_relation(resource_name='project_endpoints'),
path_vars={
'project_id': json_home.Parameters.PROJECT_ID,
})
self._add_resource(
mapper, endpoint_group_controller,
path=self.PATH_PREFIX + '/projects/{project_id}/endpoint_groups',
get_head_action='list_endpoint_groups_for_project',
rel=build_resource_relation(
resource_name='project_endpoint_groups'),
path_vars={
'project_id': json_home.Parameters.PROJECT_ID,
})
self._add_resource(
mapper, endpoint_group_controller,
path=self.PATH_PREFIX + '/endpoint_groups',
get_head_action='list_endpoint_groups',
post_action='create_endpoint_group',
rel=build_resource_relation(resource_name='endpoint_groups'))
self._add_resource(
mapper, endpoint_group_controller,
path=self.PATH_PREFIX + self.PATH_ENDPOINT_GROUPS,
get_head_action='get_endpoint_group',
patch_action='update_endpoint_group',
delete_action='delete_endpoint_group',
rel=build_resource_relation(resource_name='endpoint_group'),
path_vars={
'endpoint_group_id': ENDPOINT_GROUP_PARAMETER_RELATION
})
self._add_resource(
mapper, project_endpoint_group_controller,
path=self.PATH_PREFIX + self.PATH_ENDPOINT_GROUP_PROJECTS,
get_head_action='get_endpoint_group_in_project',
put_action='add_endpoint_group_to_project',
delete_action='remove_endpoint_group_from_project',
rel=build_resource_relation(
resource_name='endpoint_group_to_project_association'),
path_vars={
'project_id': json_home.Parameters.PROJECT_ID,
'endpoint_group_id': ENDPOINT_GROUP_PARAMETER_RELATION
})
self._add_resource(
mapper, endpoint_group_controller,
path=self.PATH_PREFIX + self.PATH_ENDPOINT_GROUPS + (
'/projects'),
get_head_action='list_projects_associated_with_endpoint_group',
rel=build_resource_relation(
resource_name='projects_associated_with_endpoint_group'),
path_vars={
'endpoint_group_id': ENDPOINT_GROUP_PARAMETER_RELATION
})
self._add_resource(
mapper, endpoint_group_controller,
path=self.PATH_PREFIX + self.PATH_ENDPOINT_GROUPS + (
'/endpoints'),
get_head_action='list_endpoints_associated_with_endpoint_group',
rel=build_resource_relation(
resource_name='endpoints_in_endpoint_group'),
path_vars={
'endpoint_group_id': ENDPOINT_GROUP_PARAMETER_RELATION
})
def append_v3_routers(self, mapper, routers):
project_controller = controllers.ProjectAssignmentV3()
self._add_resource(
mapper,
project_controller,
path='/users/{user_id}/projects',
get_action='list_user_projects',
rel=json_home.build_v3_resource_relation('user_projects'),
path_vars={
'user_id': json_home.Parameters.USER_ID,
})
routers.append(
router.Router(controllers.RoleV3(),
'roles',
'role',
resource_descriptions=self.v3_resources,
method_template='%s_wrapper'))
implied_roles_controller = controllers.ImpliedRolesV3()
self._add_resource(
mapper,
implied_roles_controller,
path='/roles/{prior_role_id}/implies',
rel=json_home.build_v3_resource_relation('implied_roles'),
get_action='list_implied_roles',
status=json_home.Status.EXPERIMENTAL,
path_vars={
'prior_role_id': json_home.Parameters.ROLE_ID,
})
self._add_resource(
mapper,
implied_roles_controller,
path='/roles/{prior_role_id}/implies/{implied_role_id}',
put_action='create_implied_role',
delete_action='delete_implied_role',
head_action='check_implied_role',
get_action='get_implied_role',
rel=json_home.build_v3_resource_relation('implied_role'),
status=json_home.Status.EXPERIMENTAL,
path_vars={
'prior_role_id': json_home.Parameters.ROLE_ID,
'implied_role_id': json_home.Parameters.ROLE_ID
})
self._add_resource(
mapper,
implied_roles_controller,
path='/role_inferences',
get_action='list_role_inference_rules',
rel=json_home.build_v3_resource_relation('role_inferences'),
status=json_home.Status.EXPERIMENTAL,
path_vars={})
grant_controller = controllers.GrantAssignmentV3()
self._add_resource(
mapper,
grant_controller,
path='/projects/{project_id}/users/{user_id}/roles/{role_id}',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=json_home.build_v3_resource_relation('project_user_role'),
path_vars={
'project_id': json_home.Parameters.PROJECT_ID,
'role_id': json_home.Parameters.ROLE_ID,
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/projects/{project_id}/groups/{group_id}/roles/{role_id}',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=json_home.build_v3_resource_relation('project_group_role'),
path_vars={
'group_id': json_home.Parameters.GROUP_ID,
'project_id': json_home.Parameters.PROJECT_ID,
'role_id': json_home.Parameters.ROLE_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/projects/{project_id}/users/{user_id}/roles',
get_action='list_grants',
rel=json_home.build_v3_resource_relation('project_user_roles'),
path_vars={
'project_id': json_home.Parameters.PROJECT_ID,
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/projects/{project_id}/groups/{group_id}/roles',
get_action='list_grants',
rel=json_home.build_v3_resource_relation('project_group_roles'),
path_vars={
'group_id': json_home.Parameters.GROUP_ID,
'project_id': json_home.Parameters.PROJECT_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/domains/{domain_id}/users/{user_id}/roles/{role_id}',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=json_home.build_v3_resource_relation('domain_user_role'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'role_id': json_home.Parameters.ROLE_ID,
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/domains/{domain_id}/groups/{group_id}/roles/{role_id}',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=json_home.build_v3_resource_relation('domain_group_role'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'group_id': json_home.Parameters.GROUP_ID,
'role_id': json_home.Parameters.ROLE_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/domains/{domain_id}/users/{user_id}/roles',
get_action='list_grants',
rel=json_home.build_v3_resource_relation('domain_user_roles'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/domains/{domain_id}/groups/{group_id}/roles',
get_action='list_grants',
rel=json_home.build_v3_resource_relation('domain_group_roles'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'group_id': json_home.Parameters.GROUP_ID,
})
self._add_resource(
mapper,
controllers.RoleAssignmentV3(),
path='/role_assignments',
get_action='list_role_assignments_wrapper',
rel=json_home.build_v3_resource_relation('role_assignments'))
if CONF.os_inherit.enabled:
self._add_resource(
mapper,
grant_controller,
path='/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/'
'{role_id}/inherited_to_projects',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=build_os_inherit_relation(
resource_name='domain_user_role_inherited_to_projects'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'role_id': json_home.Parameters.ROLE_ID,
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/'
'{role_id}/inherited_to_projects',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=build_os_inherit_relation(
resource_name='domain_group_role_inherited_to_projects'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'group_id': json_home.Parameters.GROUP_ID,
'role_id': json_home.Parameters.ROLE_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/'
'inherited_to_projects',
get_action='list_grants',
rel=build_os_inherit_relation(
resource_name='domain_group_roles_inherited_to_projects'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'group_id': json_home.Parameters.GROUP_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/'
'inherited_to_projects',
get_action='list_grants',
rel=build_os_inherit_relation(
resource_name='domain_user_roles_inherited_to_projects'),
path_vars={
'domain_id': json_home.Parameters.DOMAIN_ID,
'user_id': json_home.Parameters.USER_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/OS-INHERIT/projects/{project_id}/users/{user_id}/roles/'
'{role_id}/inherited_to_projects',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=build_os_inherit_relation(
resource_name='project_user_role_inherited_to_projects'),
path_vars={
'project_id': json_home.Parameters.PROJECT_ID,
'user_id': json_home.Parameters.USER_ID,
'role_id': json_home.Parameters.ROLE_ID,
})
self._add_resource(
mapper,
grant_controller,
path='/OS-INHERIT/projects/{project_id}/groups/{group_id}/'
'roles/{role_id}/inherited_to_projects',
get_head_action='check_grant',
put_action='create_grant',
delete_action='revoke_grant',
rel=build_os_inherit_relation(
resource_name='project_group_role_inherited_to_projects'),
path_vars={
'project_id': json_home.Parameters.PROJECT_ID,
'group_id': json_home.Parameters.GROUP_ID,
'role_id': json_home.Parameters.ROLE_ID,
})
def append_v3_routers(mapper, routers):
routers.append(router.Router(controllers.DomainV3(), 'domains', 'domain'))
project_controller = controllers.ProjectV3()
routers.append(router.Router(project_controller, 'projects', 'project'))
mapper.connect('/users/{user_id}/projects',
controller=project_controller,
action='list_user_projects',
conditions=dict(method=['GET']))
user_controller = controllers.UserV3()
routers.append(router.Router(user_controller, 'users', 'user'))
mapper.connect('/groups/{group_id}/users',
controller=user_controller,
action='list_users_in_group',
conditions=dict(method=['GET']))
mapper.connect('/groups/{group_id}/users/{user_id}',
controller=user_controller,
action='add_user_to_group',
conditions=dict(method=['PUT']))
mapper.connect('/groups/{group_id}/users/{user_id}',
controller=user_controller,
action='check_user_in_group',
conditions=dict(method=['HEAD']))
mapper.connect('/groups/{group_id}/users/{user_id}',
controller=user_controller,
action='remove_user_from_group',
conditions=dict(method=['DELETE']))
group_controller = controllers.GroupV3()
routers.append(router.Router(group_controller, 'groups', 'group'))
mapper.connect('/users/{user_id}/groups',
controller=group_controller,
action='list_groups_for_user',
conditions=dict(method=['GET']))
routers.append(
router.Router(controllers.CredentialV3(), 'credentials', 'credential'))
role_controller = controllers.RoleV3()
routers.append(router.Router(role_controller, 'roles', 'role'))
mapper.connect('/projects/{project_id}/users/{user_id}/roles/{role_id}',
controller=role_controller,
action='create_grant',
conditions=dict(method=['PUT']))
mapper.connect('/projects/{project_id}/groups/{group_id}/roles/{role_id}',
controller=role_controller,
action='create_grant',
conditions=dict(method=['PUT']))
mapper.connect('/projects/{project_id}/users/{user_id}/roles/{role_id}',
controller=role_controller,
action='check_grant',
conditions=dict(method=['HEAD']))
mapper.connect('/projects/{project_id}/groups/{group_id}/roles/{role_id}',
controller=role_controller,
action='check_grant',
conditions=dict(method=['HEAD']))
mapper.connect('/projects/{project_id}/users/{user_id}/roles',
controller=role_controller,
action='list_grants',
conditions=dict(method=['GET']))
mapper.connect('/projects/{project_id}/groups/{group_id}/roles',
controller=role_controller,
action='list_grants',
conditions=dict(method=['GET']))
mapper.connect('/projects/{project_id}/users/{user_id}/roles/{role_id}',
controller=role_controller,
action='revoke_grant',
conditions=dict(method=['DELETE']))
mapper.connect('/projects/{project_id}/groups/{group_id}/roles/{role_id}',
controller=role_controller,
action='revoke_grant',
conditions=dict(method=['DELETE']))
mapper.connect('/domains/{domain_id}/users/{user_id}/roles/{role_id}',
controller=role_controller,
action='create_grant',
conditions=dict(method=['PUT']))
mapper.connect('/domains/{domain_id}/groups/{group_id}/roles/{role_id}',
controller=role_controller,
action='create_grant',
conditions=dict(method=['PUT']))
mapper.connect('/domains/{domain_id}/users/{user_id}/roles/{role_id}',
controller=role_controller,
action='check_grant',
conditions=dict(method=['HEAD']))
mapper.connect('/domains/{domain_id}/groups/{group_id}/roles/{role_id}',
controller=role_controller,
action='check_grant',
conditions=dict(method=['HEAD']))
mapper.connect('/domains/{domain_id}/users/{user_id}/roles',
controller=role_controller,
action='list_grants',
conditions=dict(method=['GET']))
mapper.connect('/domains/{domain_id}/groups/{group_id}/roles',
controller=role_controller,
action='list_grants',
conditions=dict(method=['GET']))
mapper.connect('/domains/{domain_id}/users/{user_id}/roles/{role_id}',
controller=role_controller,
action='revoke_grant',
conditions=dict(method=['DELETE']))
mapper.connect('/domains/{domain_id}/groups/{group_id}/roles/{role_id}',
controller=role_controller,
action='revoke_grant',
conditions=dict(method=['DELETE']))