def load_backends():
# Configure and build the cache
cache.configure_cache_region(cache.REGION)
# Ensure that the identity driver is created before the assignment manager
# and that the assignment driver is created before the resource manager.
# The default resource driver depends on assignment, which in turn
# depends on identity - hence we need to ensure the chain is available.
_IDENTITY_API = identity.Manager()
_ASSIGNMENT_API = assignment.Manager()
DRIVERS = dict(assignment_api=_ASSIGNMENT_API,
catalog_api=catalog.Manager(),
credential_api=credential.Manager(),
endpoint_filter_api=endpoint_filter.Manager(),
endpoint_policy_api=endpoint_policy.Manager(),
federation_api=federation.Manager(),
id_generator_api=identity.generator.Manager(),
id_mapping_api=identity.MappingManager(),
identity_api=_IDENTITY_API,
policy_api=policy.Manager(),
resource_api=resource.Manager(),
role_api=assignment.RoleManager(),
token_api=token.persistence.Manager(),
trust_api=trust.Manager(),
token_provider_api=token.provider.Manager())
auth.controllers.load_auth_methods()
return DRIVERS
def load_backends(self):
"""Initializes each manager and assigns them to an attribute."""
# TODO(blk-u): Shouldn't need to clear the registry here, but some
# tests call load_backends multiple times. These should be fixed to
# only call load_backends once.
dependency.reset()
# TODO(morganfainberg): Shouldn't need to clear the registry here, but
# some tests call load_backends multiple times. Since it is not
# possible to re-configure a backend, we need to clear the list. This
# should eventually be removed once testing has been cleaned up.
kvs_core.KEY_VALUE_STORE_REGISTRY.clear()
drivers = service.load_backends()
# TODO(stevemar): currently, load oauth1 driver as well, eventually
# we need to have this as optional.
from keystone.contrib import oauth1
drivers['oauth1_api'] = oauth1.Manager()
from keystone.contrib import federation
drivers['federation_api'] = federation.Manager()
dependency.resolve_future_dependencies()
for manager_name, manager in six.iteritems(drivers):
setattr(self, manager_name, manager)
def load_backends(self):
"""Initializes each manager and assigns them to an attribute."""
# TODO(blk-u): Shouldn't need to clear the registry here, but some
# tests call load_backends multiple times. These should be fixed to
# only call load_backends once.
dependency.reset()
# TODO(morganfainberg): Shouldn't need to clear the registry here, but
# some tests call load_backends multiple times. Since it is not
# possible to re-configure a backend, we need to clear the list. This
# should eventually be removed once testing has been cleaned up.
kvs_core.KEY_VALUE_STORE_REGISTRY.clear()
self.clear_auth_plugin_registry()
drivers = service.load_backends()
# TODO(stevemar): currently, load oauth1 driver as well, eventually
# we need to have this as optional.
from keystone.contrib import oauth1
drivers['oauth1_api'] = oauth1.Manager()
from keystone.contrib import federation
drivers['federation_api'] = federation.Manager()
dependency.resolve_future_dependencies()
for manager_name, manager in six.iteritems(drivers):
setattr(self, manager_name, manager)
# The credential backend only supports SQL, so we always have to load
# the tables.
self.engine = session.get_engine()
self.addCleanup(session.cleanup)
sql.ModelBase.metadata.create_all(bind=self.engine)
self.addCleanup(sql.ModelBase.metadata.drop_all, bind=self.engine)
def load_backends():
# Configure and build the cache
cache.configure_cache_region(cache.REGION)
# Ensure that the identity driver is created before the assignment manager.
# The default assignment driver is determined by the identity driver, so
# the identity driver must be available to the assignment manager.
_IDENTITY_API = identity.Manager()
DRIVERS = dict(
assignment_api=assignment.Manager(),
catalog_api=catalog.Manager(),
credential_api=credential.Manager(),
domain_config_api=resource.DomainConfigManager(),
endpoint_filter_api=endpoint_filter.Manager(),
endpoint_policy_api=endpoint_policy.Manager(),
federation_api=federation.Manager(),
id_generator_api=identity.generator.Manager(),
id_mapping_api=identity.MappingManager(),
identity_api=_IDENTITY_API,
oauth_api=oauth1.Manager(),
policy_api=policy.Manager(),
resource_api=resource.Manager(),
revoke_api=revoke.Manager(),
role_api=assignment.RoleManager(),
token_api=token.persistence.Manager(),
trust_api=trust.Manager(),
token_provider_api=token.provider.Manager(),
# admin_api=moon.AdminManager(),
# authz_api=moon.AuthzManager()
)
auth.controllers.load_auth_methods()
return DRIVERS
def add_routes(self, mapper):
# This is needed for dependency injection
# it loads the Federation driver which registers it as a dependency.
federation.Manager()
idp_controller = controllers.IdentityProvider()
protocol_controller = controllers.FederationProtocol()
mapping_controller = controllers.MappingController()
# Identity Provider CRUD operations
mapper.connect(self._construct_url('identity_providers/{idp_id}'),
controller=idp_controller,
action='create_identity_provider',
conditions=dict(method=['PUT']))
mapper.connect(self._construct_url('identity_providers'),
controller=idp_controller,
action='list_identity_providers',
conditions=dict(method=['GET']))
mapper.connect(self._construct_url('identity_providers/{idp_id}'),
controller=idp_controller,
action='get_identity_provider',
conditions=dict(method=['GET']))
mapper.connect(self._construct_url('identity_providers/{idp_id}'),
controller=idp_controller,
action='delete_identity_provider',
conditions=dict(method=['DELETE']))
mapper.connect(self._construct_url('identity_providers/{idp_id}'),
controller=idp_controller,
action='update_identity_provider',
conditions=dict(method=['PATCH']))
# Protocol CRUD operations
mapper.connect(self._construct_url('identity_providers/{idp_id}/'
'protocols/{protocol_id}'),
controller=protocol_controller,
action='create_protocol',
conditions=dict(method=['PUT']))
mapper.connect(self._construct_url('identity_providers/{idp_id}/'
'protocols/{protocol_id}'),
controller=protocol_controller,
action='update_protocol',
conditions=dict(method=['PATCH']))
mapper.connect(self._construct_url('identity_providers/{idp_id}/'
'protocols/{protocol_id}'),
controller=protocol_controller,
action='get_protocol',
conditions=dict(method=['GET']))
mapper.connect(self._construct_url('identity_providers/{idp_id}/'
'protocols'),
controller=protocol_controller,
action='list_protocols',
conditions=dict(method=['GET']))
mapper.connect(self._construct_url('identity_providers/{idp_id}/'
'protocols/{protocol_id}'),
controller=protocol_controller,
action='delete_protocol',
conditions=dict(method=['DELETE']))
# Mapping CRUD operations
mapper.connect(self._construct_url('mappings/{mapping_id}'),
controller=mapping_controller,
action='create_mapping',
conditions=dict(method=['PUT']))
mapper.connect(self._construct_url('mappings'),
controller=mapping_controller,
action='list_mappings',
conditions=dict(method=['GET']))
mapper.connect(self._construct_url('mappings/{mapping_id}'),
controller=mapping_controller,
action='get_mapping',
conditions=dict(method=['GET']))
mapper.connect(self._construct_url('mappings/{mapping_id}'),
controller=mapping_controller,
action='delete_mapping',
conditions=dict(method=['DELETE']))
mapper.connect(self._construct_url('mappings/{mapping_id}'),
controller=mapping_controller,
action='update_mapping',
conditions=dict(method=['PATCH']))
def add_routes(self, mapper):
# This is needed for dependency injection
# it loads the Federation driver which registers it as a dependency.
federation.Manager()
auth_controller = controllers.Auth()
idp_controller = controllers.IdentityProvider()
protocol_controller = controllers.FederationProtocol()
mapping_controller = controllers.MappingController()
project_controller = controllers.ProjectV3()
domain_controller = controllers.DomainV3()
# Identity Provider CRUD operations
self._add_resource(
mapper,
idp_controller,
path=self._construct_url('identity_providers/{idp_id}'),
get_action='get_identity_provider',
put_action='create_identity_provider',
patch_action='update_identity_provider',
delete_action='delete_identity_provider')
self._add_resource(mapper,
idp_controller,
path=self._construct_url('identity_providers'),
get_action='list_identity_providers')
# Protocol CRUD operations
self._add_resource(mapper,
protocol_controller,
path=self._construct_url(
'identity_providers/{idp_id}/protocols/'
'{protocol_id}'),
get_action='get_protocol',
put_action='create_protocol',
patch_action='update_protocol',
delete_action='delete_protocol')
self._add_resource(
mapper,
protocol_controller,
path=self._construct_url('identity_providers/{idp_id}/protocols'),
get_action='list_protocols')
# Mapping CRUD operations
self._add_resource(mapper,
mapping_controller,
path=self._construct_url('mappings/{mapping_id}'),
get_action='get_mapping',
put_action='create_mapping',
patch_action='update_mapping',
delete_action='delete_mapping')
self._add_resource(mapper,
mapping_controller,
path=self._construct_url('mappings'),
get_action='list_mappings')
self._add_resource(mapper,
domain_controller,
path=self._construct_url('domains'),
get_action='list_domains_for_groups')
self._add_resource(mapper,
project_controller,
path=self._construct_url('projects'),
get_action='list_projects_for_groups')
self._add_resource(mapper,
auth_controller,
path=self._construct_url(
'identity_providers/{identity_provider}/'
'protocols/{protocol}/auth'),
get_post_action='federated_authentication')
def add_routes(self, mapper):
# This is needed for dependency injection
# it loads the Federation driver which registers it as a dependency.
federation.Manager()
auth_controller = controllers.Auth()
idp_controller = controllers.IdentityProvider()
protocol_controller = controllers.FederationProtocol()
mapping_controller = controllers.MappingController()
project_controller = controllers.ProjectV3()
domain_controller = controllers.DomainV3()
# Identity Provider CRUD operations
mapper.connect(
self._construct_url('identity_providers/{idp_id}'),
controller=idp_controller,
action='create_identity_provider',
conditions=dict(method=['PUT']))
mapper.connect(
self._construct_url('identity_providers'),
controller=idp_controller,
action='list_identity_providers',
conditions=dict(method=['GET']))
mapper.connect(
self._construct_url('identity_providers/{idp_id}'),
controller=idp_controller,
action='get_identity_provider',
conditions=dict(method=['GET']))
mapper.connect(
self._construct_url('identity_providers/{idp_id}'),
controller=idp_controller,
action='delete_identity_provider',
conditions=dict(method=['DELETE']))
mapper.connect(
self._construct_url('identity_providers/{idp_id}'),
controller=idp_controller,
action='update_identity_provider',
conditions=dict(method=['PATCH']))
# Protocol CRUD operations
mapper.connect(
self._construct_url('identity_providers/{idp_id}/'
'protocols/{protocol_id}'),
controller=protocol_controller,
action='create_protocol',
conditions=dict(method=['PUT']))
mapper.connect(
self._construct_url('identity_providers/{idp_id}/'
'protocols/{protocol_id}'),
controller=protocol_controller,
action='update_protocol',
conditions=dict(method=['PATCH']))
mapper.connect(
self._construct_url('identity_providers/{idp_id}/'
'protocols/{protocol_id}'),
controller=protocol_controller,
action='get_protocol',
conditions=dict(method=['GET']))
mapper.connect(
self._construct_url('identity_providers/{idp_id}/'
'protocols'),
controller=protocol_controller,
action='list_protocols',
conditions=dict(method=['GET']))
mapper.connect(
self._construct_url('identity_providers/{idp_id}/'
'protocols/{protocol_id}'),
controller=protocol_controller,
action='delete_protocol',
conditions=dict(method=['DELETE']))
# Mapping CRUD operations
mapper.connect(
self._construct_url('mappings/{mapping_id}'),
controller=mapping_controller,
action='create_mapping',
conditions=dict(method=['PUT']))
mapper.connect(
self._construct_url('mappings'),
controller=mapping_controller,
action='list_mappings',
conditions=dict(method=['GET']))
mapper.connect(
self._construct_url('mappings/{mapping_id}'),
controller=mapping_controller,
action='get_mapping',
conditions=dict(method=['GET']))
mapper.connect(
self._construct_url('mappings/{mapping_id}'),
controller=mapping_controller,
action='delete_mapping',
conditions=dict(method=['DELETE']))
mapper.connect(
self._construct_url('mappings/{mapping_id}'),
controller=mapping_controller,
action='update_mapping',
conditions=dict(method=['PATCH']))
mapper.connect(
self._construct_url('domains'),
controller=domain_controller,
action='list_domains_for_groups',
conditions=dict(method=['GET']))
mapper.connect(
self._construct_url('projects'),
controller=project_controller,
action='list_projects_for_groups',
conditions=dict(method=['GET']))
mapper.connect(
self._construct_url('identity_providers/'
'{identity_provider}/protocols/'
'{protocol}/auth'),
controller=auth_controller,
action='federated_authentication',
conditions=dict(method=['GET', 'POST']))
def add_routes(self, mapper):
# This is needed for dependency injection
# it loads the Federation driver which registers it as a dependency.
federation.Manager()
auth_controller = controllers.Auth()
idp_controller = controllers.IdentityProvider()
protocol_controller = controllers.FederationProtocol()
mapping_controller = controllers.MappingController()
project_controller = controllers.ProjectV3()
domain_controller = controllers.DomainV3()
saml_metadata_controller = controllers.SAMLMetadataV3()
# Identity Provider CRUD operations
self._add_resource(
mapper,
idp_controller,
path=self._construct_url('identity_providers/{idp_id}'),
get_action='get_identity_provider',
put_action='create_identity_provider',
patch_action='update_identity_provider',
delete_action='delete_identity_provider',
rel=build_resource_relation(resource_name='identity_provider'),
path_vars={
'idp_id': IDP_ID_PARAMETER_RELATION,
})
self._add_resource(
mapper,
idp_controller,
path=self._construct_url('identity_providers'),
get_action='list_identity_providers',
rel=build_resource_relation(resource_name='identity_providers'))
# Protocol CRUD operations
self._add_resource(mapper,
protocol_controller,
path=self._construct_url(
'identity_providers/{idp_id}/protocols/'
'{protocol_id}'),
get_action='get_protocol',
put_action='create_protocol',
patch_action='update_protocol',
delete_action='delete_protocol',
rel=build_resource_relation(
resource_name='identity_provider_protocol'),
path_vars={
'idp_id': IDP_ID_PARAMETER_RELATION,
'protocol_id': PROTOCOL_ID_PARAMETER_RELATION,
})
self._add_resource(
mapper,
protocol_controller,
path=self._construct_url('identity_providers/{idp_id}/protocols'),
get_action='list_protocols',
rel=build_resource_relation(
resource_name='identity_provider_protocols'),
path_vars={
'idp_id': IDP_ID_PARAMETER_RELATION,
})
# Mapping CRUD operations
self._add_resource(
mapper,
mapping_controller,
path=self._construct_url('mappings/{mapping_id}'),
get_action='get_mapping',
put_action='create_mapping',
patch_action='update_mapping',
delete_action='delete_mapping',
rel=build_resource_relation(resource_name='mapping'),
path_vars={
'mapping_id':
build_parameter_relation(parameter_name='mapping_id'),
})
self._add_resource(
mapper,
mapping_controller,
path=self._construct_url('mappings'),
get_action='list_mappings',
rel=build_resource_relation(resource_name='mappings'))
self._add_resource(
mapper,
domain_controller,
path=self._construct_url('domains'),
get_action='list_domains_for_groups',
rel=build_resource_relation(resource_name='domains'))
self._add_resource(
mapper,
project_controller,
path=self._construct_url('projects'),
get_action='list_projects_for_groups',
rel=build_resource_relation(resource_name='projects'))
self._add_resource(
mapper,
auth_controller,
path=self._construct_url('identity_providers/{identity_provider}/'
'protocols/{protocol}/auth'),
get_post_action='federated_authentication',
rel=build_resource_relation(
resource_name='identity_provider_protocol_auth'),
path_vars={
'identity_provider': IDP_ID_PARAMETER_RELATION,
'protocol': PROTOCOL_ID_PARAMETER_RELATION,
})
# Auth operations
self._add_resource(mapper,
auth_controller,
path='/auth' + self._construct_url('saml2'),
post_action='create_saml_assertion',
rel=build_resource_relation(resource_name='saml2'))
# Keystone-Identity-Provider metadata endpoint
self._add_resource(
mapper,
saml_metadata_controller,
path=self._construct_url('saml2/metadata'),
get_action='get_metadata',
rel=build_resource_relation(resource_name='metadata'))
