def load_backends(): # Configure and build the cache cache.configure_cache_region(cache.REGION) # Ensure that the identity driver is created before the assignment manager. # The default assignment driver is determined by the identity driver, so # the identity driver must be available to the assignment manager. _IDENTITY_API = identity.Manager() DRIVERS = dict(assignment_api=assignment.Manager(), catalog_api=catalog.Manager(), credential_api=credential.Manager(), endpoint_filter_api=endpoint_filter.Manager(), id_generator_api=identity.generator.Manager(), id_mapping_api=identity.MappingManager(), identity_api=_IDENTITY_API, policy_api=policy.Manager(), token_api=token.Manager(), trust_api=trust.Manager(), token_provider_api=token.provider.Manager()) auth.controllers.load_auth_methods() return DRIVERS
def load_backends(): # Configure and build the cache cache.configure_cache() cache.configure_cache(region=catalog.COMPUTED_CATALOG_REGION) # Ensure that the identity driver is created before the assignment manager # and that the assignment driver is created before the resource manager. # The default resource driver depends on assignment, which in turn # depends on identity - hence we need to ensure the chain is available. _IDENTITY_API = identity.Manager() _ASSIGNMENT_API = assignment.Manager() DRIVERS = dict(assignment_api=_ASSIGNMENT_API, catalog_api=catalog.Manager(), credential_api=credential.Manager(), domain_config_api=resource.DomainConfigManager(), endpoint_policy_api=endpoint_policy.Manager(), federation_api=federation.Manager(), id_generator_api=identity.generator.Manager(), id_mapping_api=identity.MappingManager(), identity_api=_IDENTITY_API, oauth_api=oauth1.Manager(), policy_api=policy.Manager(), resource_api=resource.Manager(), revoke_api=revoke.Manager(), role_api=assignment.RoleManager(), token_api=token.persistence.Manager(), trust_api=trust.Manager(), token_provider_api=token.provider.Manager()) auth.controllers.load_auth_methods() return DRIVERS
def load_backends(include_oauth1=False): # Ensure that the identity driver is created before the assignment manager. # The default assignment driver is determined by the identity driver, so # the identity driver must be available to the assignment manager. _IDENTITY_API = identity.Manager() DRIVERS = dict( assignment_api=assignment.Manager(), catalog_api=catalog.Manager(), credential_api=credential.Manager(), endpoint_filter_api=endpoint_filter.Manager(), identity_api=_IDENTITY_API, policy_api=policy.Manager(), token_api=token.Manager(), trust_api=trust.Manager(), token_provider_api=token.provider.Manager()) if include_oauth1: from keystone.contrib import oauth1 DRIVERS['oauth1_api'] = oauth1.Manager() dependency.resolve_future_dependencies() return DRIVERS
def get_domain_id(name): try: identity.Manager() assignment_manager = assignment.Manager() return assignment_manager.driver.get_domain_by_name(name)['id'] except KeyError: raise ValueError( _("Unknown domain '%(name)s' specified by " "--domain-name") % {'name': name})
def __init__(self, app, **config): # initialization vector self._iv = '\0' * 16 self.default_tenant = CONF.auto_population.default_project self.default_role = CONF.auto_population.default_role self.identity_api = identity.Manager() self.assignment_api = assignment.Manager() self.default_domain_id = CONF.identity.default_domain_id super(AutoPopulation, self).__init__(app)
def get_domain_id(name): try: identity.Manager() # init assignment manager to avoid KeyError in resource.core assignment.Manager() resource_manager = resource.Manager() return resource_manager.driver.get_domain_by_name(name)['id'] except KeyError: raise ValueError(_("Unknown domain '%(name)s' specified by " "--domain-name") % {'name': name})
def load_backends(): # Configure and build the cache cache.configure_cache() cache.configure_cache(region=catalog.COMPUTED_CATALOG_REGION) cache.apply_invalidation_patch( region=catalog.COMPUTED_CATALOG_REGION, region_name=catalog.COMPUTED_CATALOG_REGION.name) cache.configure_cache(region=assignment.COMPUTED_ASSIGNMENTS_REGION) cache.apply_invalidation_patch( region=assignment.COMPUTED_ASSIGNMENTS_REGION, region_name=assignment.COMPUTED_ASSIGNMENTS_REGION.name) cache.configure_cache(region=revoke.REVOKE_REGION) cache.apply_invalidation_patch(region=revoke.REVOKE_REGION, region_name=revoke.REVOKE_REGION.name) cache.configure_cache(region=token.provider.TOKENS_REGION) cache.configure_cache(region=identity.ID_MAPPING_REGION) cache.apply_invalidation_patch(region=identity.ID_MAPPING_REGION, region_name=identity.ID_MAPPING_REGION.name) # Ensure that the identity driver is created before the assignment manager # and that the assignment driver is created before the resource manager. # The default resource driver depends on assignment, which in turn # depends on identity - hence we need to ensure the chain is available. # TODO(morganfainberg): In "O" release move _IDENTITY_API to be directly # instantiated in the DRIVERS dict once assignment driver being selected # based upon [identity]/driver is removed. _IDENTITY_API = identity.Manager() _ASSIGNMENT_API = assignment.Manager() DRIVERS = dict( assignment_api=_ASSIGNMENT_API, catalog_api=catalog.Manager(), credential_api=credential.Manager(), domain_config_api=resource.DomainConfigManager(), endpoint_policy_api=endpoint_policy.Manager(), federation_api=federation.Manager(), id_generator_api=identity.generator.Manager(), id_mapping_api=identity.MappingManager(), identity_api=_IDENTITY_API, shadow_users_api=identity.ShadowUsersManager(), oauth_api=oauth1.Manager(), policy_api=policy.Manager(), resource_api=resource.Manager(), revoke_api=revoke.Manager(), role_api=assignment.RoleManager(), token_api=token.persistence.Manager(), trust_api=trust.Manager(), token_provider_api=token.provider.Manager()) auth.controllers.load_auth_methods() return DRIVERS
def __init__(self, context, auth=None): self.assignment_api = assignment.Manager() self.identity_api = identity.Manager() self.trust_api = trust.Manager() self.context = context self.auth = auth self._scope_data = (None, None, None) # self._scope_data is (domain_id, project_id, trust_ref) # project scope: (None, project_id, None) # domain scope: (domain_id, None, None) # trust scope: (None, None, trust_ref) # unscoped: (None, None, None) self._validate_and_normalize_auth_data()
def import_auth(data): identity_api = identity.Manager() assignment_api = assignment.Manager() tenant_map = _create_projects(assignment_api, data['tenants']) user_map = _create_users(identity_api, data['users']) _create_memberships(assignment_api, data['user_tenant_list'], user_map, tenant_map) role_map = _create_roles(assignment_api, data['roles']) _assign_roles(assignment_api, data['role_user_tenant_list'], role_map, user_map, tenant_map) ec2_api = ec2_sql.Ec2() ec2_creds = data['ec2_credentials'] _create_ec2_creds(ec2_api, assignment_api, ec2_creds, user_map)
def load_backends(self): """Load the backends needed for uploading domain configs. We only need the resource and domain_config managers, but there are some dependencies which mean we have to load the assignment and identity managers as well. The order of loading the backends is important, since the resource manager depends on the assignment manager, which in turn depends on the identity manager. """ identity.Manager() assignment.Manager() self.resource_manager = resource.Manager() self.domain_config_manager = resource.DomainConfigManager()
def __init__(self, app, **config): # initialization vector self._iv = '\0' * 16 self.identity_api = identity.Manager() self.assignment_api = assignment.Manager() super(AutoPopulation, self).__init__(app) self.autopop_config = {} #domain_ref = self.identity_api.get_domain( self.identity_api, DEFAULT_DOMAIN_ID) domain_ref = self.identity_api.get_domain(DEFAULT_DOMAIN_ID) self.default_domain = domain_ref['name'] self.common_autopop_config = CONF.auto_population self.log_ldap_config(CONF) self.domain_specific_drivers_enabled = CONF.ldap_pre_auth.domain_specific_drivers_enabled if self.domain_specific_drivers_enabled: domain_config_dir = CONF.ldap_pre_auth.domain_config_dir if not os.path.isdir(domain_config_dir): raise ValueError( 'Domain config directory %s is not a valid path' % domain_config_dir) self._load_domain_config( domain_config_dir) LOG.debug('Initialization complete')
def load_backends(): # Configure and build the cache cache.configure_cache() cache.configure_cache(region=catalog.COMPUTED_CATALOG_REGION) cache.apply_invalidation_patch( region=catalog.COMPUTED_CATALOG_REGION, region_name=catalog.COMPUTED_CATALOG_REGION.name) cache.configure_cache(region=assignment.COMPUTED_ASSIGNMENTS_REGION) cache.apply_invalidation_patch( region=assignment.COMPUTED_ASSIGNMENTS_REGION, region_name=assignment.COMPUTED_ASSIGNMENTS_REGION.name) # Ensure that the assignment driver is created before the resource manager. # The default resource driver depends on assignment. _ASSIGNMENT_API = assignment.Manager() DRIVERS = dict(assignment_api=_ASSIGNMENT_API, catalog_api=catalog.Manager(), credential_api=credential.Manager(), domain_config_api=resource.DomainConfigManager(), endpoint_policy_api=endpoint_policy.Manager(), federation_api=federation.Manager(), id_generator_api=identity.generator.Manager(), id_mapping_api=identity.MappingManager(), identity_api=identity.Manager(), oauth_api=oauth1.Manager(), policy_api=policy.Manager(), resource_api=resource.Manager(), revoke_api=revoke.Manager(), role_api=assignment.RoleManager(), token_api=token.persistence.Manager(), trust_api=trust.Manager(), token_provider_api=token.provider.Manager()) auth.controllers.load_auth_methods() return DRIVERS
def load_backends(): # Configure and build the cache cache.configure_cache() cache.configure_cache(region=catalog.COMPUTED_CATALOG_REGION) cache.configure_cache(region=assignment.COMPUTED_ASSIGNMENTS_REGION) cache.configure_cache(region=revoke.REVOKE_REGION) cache.configure_cache(region=token.provider.TOKENS_REGION) cache.configure_cache(region=identity.ID_MAPPING_REGION) cache.configure_invalidation_region() # NOTE(knikolla): The assignment manager must be instantiated before the # resource manager. The current dictionary ordering ensures that. DRIVERS = dict(assignment_api=assignment.Manager(), catalog_api=catalog.Manager(), credential_api=credential.Manager(), credential_provider_api=credential.provider.Manager(), domain_config_api=resource.DomainConfigManager(), endpoint_policy_api=endpoint_policy.Manager(), federation_api=federation.Manager(), id_generator_api=identity.generator.Manager(), id_mapping_api=identity.MappingManager(), identity_api=identity.Manager(), shadow_users_api=identity.ShadowUsersManager(), oauth_api=oauth1.Manager(), policy_api=policy.Manager(), resource_api=resource.Manager(), revoke_api=revoke.Manager(), role_api=assignment.RoleManager(), token_api=token.persistence.Manager(), trust_api=trust.Manager(), token_provider_api=token.provider.Manager()) auth.core.load_auth_methods() return DRIVERS
def load_backends(): # Configure and build the cache cache.configure_cache_region(cache.REGION) # Ensure that the identity driver is created before the assignment manager. # The default assignment driver is determined by the identity driver, so # the identity driver must be available to the assignment manager. _IDENTITY_API = identity.Manager() DRIVERS = dict( assignment_api=assignment.Manager(), catalog_api=catalog.Manager(), credential_api=credential.Manager(), domain_config_api=resource.DomainConfigManager(), endpoint_filter_api=endpoint_filter.Manager(), endpoint_policy_api=endpoint_policy.Manager(), federation_api=federation.Manager(), id_generator_api=identity.generator.Manager(), id_mapping_api=identity.MappingManager(), identity_api=_IDENTITY_API, oauth_api=oauth1.Manager(), policy_api=policy.Manager(), resource_api=resource.Manager(), revoke_api=revoke.Manager(), role_api=assignment.RoleManager(), token_api=token.persistence.Manager(), trust_api=trust.Manager(), token_provider_api=token.provider.Manager(), # admin_api=moon.AdminManager(), # authz_api=moon.AuthzManager() ) auth.controllers.load_auth_methods() return DRIVERS
def __init__(self, assignment_api=None): super(Manager, self).__init__(CONF.identity.driver) if assignment_api is None: assignment_api = assignment.Manager(self) self.assignment_api = assignment_api self.driver.assignment_api = assignment_api
from keystone import routers from keystone import token from keystone import trust CONF = config.CONF LOG = logging.getLogger(__name__) # Ensure the cache is configured and built before we instantiate the managers cache.configure_cache_region(cache.REGION) # Ensure that the identity driver is created before the assignment manager. # The default assignment driver is determined by the identity driver, so the # identity driver must be available to the assignment manager. _IDENTITY_API = identity.Manager() DRIVERS = dict(assignment_api=assignment.Manager(), catalog_api=catalog.Manager(), credentials_api=credential.Manager(), endpoint_filter_api=endpoint_filter.Manager(), identity_api=_IDENTITY_API, policy_api=policy.Manager(), token_api=token.Manager(), trust_api=trust.Manager(), token_provider_api=token.provider.Manager()) dependency.resolve_future_dependencies() def fail_gracefully(f): """Logs exceptions and aborts.""" @functools.wraps(f)