Merge "make federation part of keystone core"
This commit is contained in:
commit
0e2579dd22
|
@ -76,7 +76,7 @@ pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_aut
|
|||
[pipeline:api_v3]
|
||||
# The last item in this pipeline must be service_v3 or an equivalent
|
||||
# application. It cannot be a filter.
|
||||
pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth json_body ec2_extension_v3 s3_extension simple_cert_extension revoke_extension service_v3
|
||||
pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth json_body ec2_extension_v3 s3_extension simple_cert_extension revoke_extension federation_extension service_v3
|
||||
|
||||
[app:public_version_service]
|
||||
paste.app_factory = keystone.service:public_version_app_factory
|
||||
|
|
|
@ -16,6 +16,7 @@ from keystone import catalog
|
|||
from keystone.common import cache
|
||||
from keystone.contrib import endpoint_filter
|
||||
from keystone.contrib import endpoint_policy
|
||||
from keystone.contrib import federation
|
||||
from keystone import credential
|
||||
from keystone import identity
|
||||
from keystone import policy
|
||||
|
@ -42,6 +43,7 @@ def load_backends():
|
|||
credential_api=credential.Manager(),
|
||||
endpoint_filter_api=endpoint_filter.Manager(),
|
||||
endpoint_policy_api=endpoint_policy.Manager(),
|
||||
federation_api=federation.Manager(),
|
||||
id_generator_api=identity.generator.Manager(),
|
||||
id_mapping_api=identity.MappingManager(),
|
||||
identity_api=_IDENTITY_API,
|
||||
|
|
|
@ -34,7 +34,7 @@ from keystone.i18n import _
|
|||
|
||||
|
||||
CONF = config.CONF
|
||||
DEFAULT_EXTENSIONS = ['revoke']
|
||||
DEFAULT_EXTENSIONS = ['revoke', 'federation']
|
||||
|
||||
|
||||
def get_default_domain():
|
||||
|
|
|
@ -111,9 +111,32 @@ _build_trust_relation = functools.partial(
|
|||
json_home.build_v3_extension_resource_relation, extension_name='OS-TRUST',
|
||||
extension_version='1.0')
|
||||
|
||||
_build_federation_rel = functools.partial(
|
||||
json_home.build_v3_extension_resource_relation,
|
||||
extension_name='OS-FEDERATION',
|
||||
extension_version='1.0')
|
||||
|
||||
TRUST_ID_PARAMETER_RELATION = json_home.build_v3_extension_parameter_relation(
|
||||
'OS-TRUST', '1.0', 'trust_id')
|
||||
|
||||
IDP_ID_PARAMETER_RELATION = json_home.build_v3_extension_parameter_relation(
|
||||
'OS-FEDERATION', '1.0', 'idp_id')
|
||||
|
||||
PROTOCOL_ID_PARAM_RELATION = json_home.build_v3_extension_parameter_relation(
|
||||
'OS-FEDERATION', '1.0', 'protocol_id')
|
||||
|
||||
MAPPING_ID_PARAM_RELATION = json_home.build_v3_extension_parameter_relation(
|
||||
'OS-FEDERATION', '1.0', 'mapping_id')
|
||||
|
||||
SP_ID_PARAMETER_RELATION = json_home.build_v3_extension_parameter_relation(
|
||||
'OS-FEDERATION', '1.0', 'sp_id')
|
||||
|
||||
BASE_IDP_PROTOCOL = '/OS-FEDERATION/identity_providers/{idp_id}/protocols'
|
||||
|
||||
# TODO(stevemar): Use BASE_IDP_PROTOCOL when bug 1420125 is resolved.
|
||||
FEDERATED_AUTH_URL = ('/OS-FEDERATION/identity_providers/{identity_provider}'
|
||||
'/protocols/{protocol}/auth')
|
||||
|
||||
V3_JSON_HOME_RESOURCES_INHERIT_DISABLED = {
|
||||
json_home.build_v3_resource_relation('auth_tokens'): {
|
||||
'href': '/auth/tokens'},
|
||||
|
@ -287,6 +310,47 @@ V3_JSON_HOME_RESOURCES_INHERIT_DISABLED = {
|
|||
'href-template': '/users/{user_id}/projects',
|
||||
'href-vars': {'user_id': json_home.Parameters.USER_ID, }},
|
||||
json_home.build_v3_resource_relation('users'): {'href': '/users'},
|
||||
_build_federation_rel(resource_name='domains'): {
|
||||
'href': '/OS-FEDERATION/domains'},
|
||||
_build_federation_rel(resource_name='projects'): {
|
||||
'href': '/OS-FEDERATION/projects'},
|
||||
_build_federation_rel(resource_name='saml2'): {
|
||||
'href': '/auth/OS-FEDERATION/saml2'},
|
||||
_build_federation_rel(resource_name='metadata'): {
|
||||
'href': '/OS-FEDERATION/saml2/metadata'},
|
||||
_build_federation_rel(resource_name='identity_providers'): {
|
||||
'href': '/OS-FEDERATION/identity_providers'},
|
||||
_build_federation_rel(resource_name='service_providers'): {
|
||||
'href': '/OS-FEDERATION/service_providers'},
|
||||
_build_federation_rel(resource_name='mappings'): {
|
||||
'href': '/OS-FEDERATION/mappings'},
|
||||
_build_federation_rel(resource_name='identity_provider'):
|
||||
{
|
||||
'href-template': '/OS-FEDERATION/identity_providers/{idp_id}',
|
||||
'href-vars': {'idp_id': IDP_ID_PARAMETER_RELATION, }},
|
||||
_build_federation_rel(resource_name='service_provider'):
|
||||
{
|
||||
'href-template': '/OS-FEDERATION/service_providers/{sp_id}',
|
||||
'href-vars': {'sp_id': SP_ID_PARAMETER_RELATION, }},
|
||||
_build_federation_rel(resource_name='mapping'):
|
||||
{
|
||||
'href-template': '/OS-FEDERATION/mappings/{mapping_id}',
|
||||
'href-vars': {'mapping_id': MAPPING_ID_PARAM_RELATION, }},
|
||||
_build_federation_rel(resource_name='identity_provider_protocol'): {
|
||||
'href-template': BASE_IDP_PROTOCOL + '/{protocol_id}',
|
||||
'href-vars': {
|
||||
'idp_id': IDP_ID_PARAMETER_RELATION,
|
||||
'protocol_id': PROTOCOL_ID_PARAM_RELATION, }},
|
||||
_build_federation_rel(resource_name='identity_provider_protocols'): {
|
||||
'href-template': BASE_IDP_PROTOCOL,
|
||||
'href-vars': {
|
||||
'idp_id': IDP_ID_PARAMETER_RELATION}},
|
||||
# TODO(stevemar): Update href-vars when bug 1420125 is resolved.
|
||||
_build_federation_rel(resource_name='identity_provider_protocol_auth'): {
|
||||
'href-template': FEDERATED_AUTH_URL,
|
||||
'href-vars': {
|
||||
'identity_provider': IDP_ID_PARAMETER_RELATION,
|
||||
'protocol': PROTOCOL_ID_PARAM_RELATION, }},
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -27,6 +27,7 @@ oslo.middleware>=0.3.0 # Apache-2.0
|
|||
oslo.serialization>=1.2.0 # Apache-2.0
|
||||
oslo.utils>=1.2.0 # Apache-2.0
|
||||
oauthlib>=0.6
|
||||
pysaml2
|
||||
dogpile.cache>=0.5.3
|
||||
jsonschema>=2.0.0,<3.0.0
|
||||
pycadf>=0.6.0
|
||||
|
|
|
@ -19,10 +19,6 @@ pymongo>=2.5
|
|||
python-ldap>=2.4
|
||||
ldappool>=1.0 # MPL
|
||||
|
||||
# Required for federation extension (although used only for federating multiple
|
||||
# Keystones)
|
||||
pysaml2
|
||||
|
||||
# Testing
|
||||
# computes code coverage percentages
|
||||
coverage>=3.6
|
||||
|
|
Loading…
Reference in New Issue