Merge "Revert "Add manager for access rules config""
This commit is contained in:
commit
0fbd0639e1
|
@ -1,15 +0,0 @@
|
||||||
# Copyright 2019 SUSE Linux GmbH
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
|
|
||||||
from keystone.access_rules_config.core import * # noqa
|
|
|
@ -1,59 +0,0 @@
|
||||||
# Copyright 2019 SUSE Linux GmbH
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
|
|
||||||
"""List access rules."""
|
|
||||||
|
|
||||||
from keystone.common import cache
|
|
||||||
from keystone.common import manager
|
|
||||||
import keystone.conf
|
|
||||||
|
|
||||||
|
|
||||||
CONF = keystone.conf.CONF
|
|
||||||
MEMOIZE = cache.get_memoization_decorator(group='access_rules_config')
|
|
||||||
|
|
||||||
|
|
||||||
class Manager(manager.Manager):
|
|
||||||
|
|
||||||
driver_namespace = 'keystone.access_rules_config'
|
|
||||||
_provides_api = 'access_rules_config_api'
|
|
||||||
|
|
||||||
def __init__(self):
|
|
||||||
super(Manager, self).__init__(CONF.access_rules_config.driver)
|
|
||||||
|
|
||||||
def list_access_rules_config(self, service=None):
|
|
||||||
"""List access rules config.
|
|
||||||
|
|
||||||
:param str service: filter by service type
|
|
||||||
|
|
||||||
:returns: a list of configured access rules. Access rules are
|
|
||||||
permission objects composing of a service, a URL path, and an
|
|
||||||
HTTP method.
|
|
||||||
|
|
||||||
"""
|
|
||||||
return self.driver.list_access_rules_config(service)
|
|
||||||
|
|
||||||
@MEMOIZE
|
|
||||||
def check_access_rule(self, service, request_path, request_method):
|
|
||||||
"""Check access rule.
|
|
||||||
|
|
||||||
:param str service: service type of rule to check
|
|
||||||
:param str request_path: endpoint path to check
|
|
||||||
:param str request_method: API HTTP method to check
|
|
||||||
|
|
||||||
:returns: boolean indicating whether the rule matches one of the
|
|
||||||
configured access rules
|
|
||||||
|
|
||||||
"""
|
|
||||||
return self.driver.check_access_rule(service, request_path,
|
|
||||||
request_method)
|
|
|
@ -13,7 +13,6 @@ import sys
|
||||||
|
|
||||||
from oslo_log import log
|
from oslo_log import log
|
||||||
|
|
||||||
from keystone import access_rules_config
|
|
||||||
from keystone import application_credential
|
from keystone import application_credential
|
||||||
from keystone import assignment
|
from keystone import assignment
|
||||||
from keystone import auth
|
from keystone import auth
|
||||||
|
@ -49,8 +48,7 @@ def load_backends():
|
||||||
cache.configure_cache(region=identity.ID_MAPPING_REGION)
|
cache.configure_cache(region=identity.ID_MAPPING_REGION)
|
||||||
cache.configure_invalidation_region()
|
cache.configure_invalidation_region()
|
||||||
|
|
||||||
managers = [access_rules_config.Manager,
|
managers = [application_credential.Manager, assignment.Manager,
|
||||||
application_credential.Manager, assignment.Manager,
|
|
||||||
catalog.Manager, credential.Manager,
|
catalog.Manager, credential.Manager,
|
||||||
credential.provider.Manager, resource.DomainConfigManager,
|
credential.provider.Manager, resource.DomainConfigManager,
|
||||||
endpoint_policy.Manager, federation.Manager,
|
endpoint_policy.Manager, federation.Manager,
|
||||||
|
|
|
@ -1,45 +0,0 @@
|
||||||
# Copyright 2019 SUSE Linux GmbH
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
|
|
||||||
from keystone.common import provider_api
|
|
||||||
from keystone.tests import unit
|
|
||||||
from keystone.tests.unit.ksfixtures import access_rules_config
|
|
||||||
|
|
||||||
PROVIDERS = provider_api.ProviderAPIs
|
|
||||||
|
|
||||||
|
|
||||||
class AccessRulesConfigTest(unit.TestCase):
|
|
||||||
|
|
||||||
def setUp(self):
|
|
||||||
super(AccessRulesConfigTest, self).setUp()
|
|
||||||
rules_file = '%s/access_rules.json' % unit.TESTCONF
|
|
||||||
self.useFixture(access_rules_config.AccessRulesConfig(
|
|
||||||
self.config_fixture, rules_file=rules_file))
|
|
||||||
self.load_backends()
|
|
||||||
|
|
||||||
def test_list_access_rules_config(self):
|
|
||||||
rules = PROVIDERS.access_rules_config_api.list_access_rules_config()
|
|
||||||
self.assertIn('identity', rules)
|
|
||||||
self.assertIn('image', rules)
|
|
||||||
|
|
||||||
def test_list_access_rules_config_for_service(self):
|
|
||||||
rules = PROVIDERS.access_rules_config_api.list_access_rules_config(
|
|
||||||
service='image')
|
|
||||||
self.assertNotIn('identity', rules)
|
|
||||||
self.assertIn('image', rules)
|
|
||||||
|
|
||||||
def test_check_access_rule(self):
|
|
||||||
result = PROVIDERS.access_rules_config_api.check_access_rule(
|
|
||||||
'identity', '/v3/users', 'GET')
|
|
||||||
self.assertTrue(result)
|
|
Loading…
Reference in New Issue