Update keystone architecture doc
This patch removes the old wsgi concept and updates to the flask adopted by keystone in rocky. Change-Id: I6509a0d9480973c625ea4a0fdac17045f23dd27b
This commit is contained in:
Vishakha Agarwal
@@ -130,95 +130,128 @@ The Catalog service provides an endpoint registry used for endpoint discovery.
|
|||||||
Application Construction
|
Application Construction
|
||||||
========================
|
========================
|
||||||
|
|
||||||
Keystone is an HTTP front-end to several services. Like other OpenStack
|
Keystone is an HTTP front-end to several services. Since the Rocky release Keystone
|
||||||
applications, this is done using python WSGI interfaces and applications are
|
uses the `Flask-RESTful`_ library to provide a REST API interface to these services.
|
||||||
configured together using Paste_. The application's HTTP endpoints are made up
|
|
||||||
of pipelines of WSGI middleware, such as:
|
|
||||||
|
|
||||||
.. code-block:: ini
|
.. _`Flask-RESTful`: https://flask-restful.readthedocs.io/en/latest/
|
||||||
|
|
||||||
[pipeline:api_v3]
|
Keystone defines functions related to `Flask-RESTful`_ in
|
||||||
pipeline = healthcheck cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id build_auth_context json_body ec2_extension_v3 s3_extension service_v3
|
:mod:`keystone.server.flask.common`. Keystone creates API resources which
|
||||||
|
inherit from class :mod:`keystone.server.flask.common.ResourceBase` and exposes methods
|
||||||
|
for each supported HTTP methods GET, PUT , POST, PATCH and DELETE. For example, the User
|
||||||
|
resource will look like:
|
||||||
|
|
||||||
|
.. code-block:: python
|
||||||
|
|
||||||
These in turn use a subclass of :mod:`keystone.common.wsgi.ComposingRouter` to
|
class UserResource(ks_flask.ResourceBase):
|
||||||
link URLs to controllers (a subclass of
|
collection_key = 'users'
|
||||||
:mod:`keystone.common.wsgi.Application`). Within each controller, one or more
|
member_key = 'user'
|
||||||
managers are loaded (for example, see :mod:`keystone.catalog.core.Manager`),
|
get_member_from_driver = PROVIDERS.deferred_provider_lookup(
|
||||||
which are thin wrapper classes which load the appropriate service driver based
|
api='identity_api', method='get_user')
|
||||||
on the keystone configuration.
|
|
||||||
|
def get(self, user_id=None):
|
||||||
|
"""Get a user resource or list users.
|
||||||
|
GET/HEAD /v3/users
|
||||||
|
GET/HEAD /v3/users/{user_id}
|
||||||
|
"""
|
||||||
|
...
|
||||||
|
|
||||||
|
def post(self):
|
||||||
|
"""Create a user.
|
||||||
|
POST /v3/users
|
||||||
|
"""
|
||||||
|
...
|
||||||
|
|
||||||
|
class UserChangePasswordResource(ks_flask.ResourceBase):
|
||||||
|
@ks_flask.unenforced_api
|
||||||
|
def post(self, user_id):
|
||||||
|
...
|
||||||
|
|
||||||
|
Routes for each API resource are defined by classes which inherit from
|
||||||
|
:mod:`keystone.server.flask.common.APIBase`. For example, the UserAPI will
|
||||||
|
look like:
|
||||||
|
|
||||||
|
.. code-block:: python
|
||||||
|
|
||||||
|
class UserAPI(ks_flask.APIBase):
|
||||||
|
_name = 'users'
|
||||||
|
_import_name = __name__
|
||||||
|
resources = [UserResource]
|
||||||
|
resource_mapping = [
|
||||||
|
ks_flask.construct_resource_map(
|
||||||
|
resource=UserChangePasswordResource,
|
||||||
|
url='/users/<string:user_id>/password',
|
||||||
|
resource_kwargs={},
|
||||||
|
rel='user_change_password',
|
||||||
|
path_vars={'user_id': json_home.Parameters.USER_ID}
|
||||||
|
),
|
||||||
|
...
|
||||||
|
|
||||||
|
The methods ``_add_resources()`` or ``_add_mapped_resources()`` in
|
||||||
|
:mod:`keystone.server.flask.common.APIBase` bind the resources with the APIs.
|
||||||
|
Within each API, one or more managers are loaded (for example, see
|
||||||
|
:mod:`keystone.catalog.core.Manager`), which are thin wrapper classes which load
|
||||||
|
the appropriate service driver based on the keystone configuration.
|
||||||
|
|
||||||
* Assignment
|
* Assignment
|
||||||
|
|
||||||
* :mod:`keystone.assignment.controllers.GrantAssignmentV3`
|
* :mod:`keystone.api.role_assignments`
|
||||||
* :mod:`keystone.assignment.controllers.ImpliedRolesV3`
|
* :mod:`keystone.api.role_inferences`
|
||||||
* :mod:`keystone.assignment.controllers.ProjectAssignmentV3`
|
* :mod:`keystone.api.roles`
|
||||||
* :mod:`keystone.assignment.controllers.TenantAssignment`
|
* :mod:`keystone.api.os_inherit`
|
||||||
* :mod:`keystone.assignment.controllers.RoleAssignmentV3`
|
* :mod:`keystone.api.system`
|
||||||
* :mod:`keystone.assignment.controllers.RoleV3`
|
|
||||||
|
|
||||||
* Authentication
|
* Authentication
|
||||||
|
|
||||||
* :mod:`keystone.auth.controllers.Auth`
|
* :mod:`keystone.api.auth`
|
||||||
|
* :mod:`keystone.api.ec2tokens`
|
||||||
|
* :mod:`keystone.api.s3tokens`
|
||||||
|
|
||||||
* Catalog
|
* Catalog
|
||||||
|
|
||||||
* :mod:`keystone.catalog.controllers.EndpointFilterV3Controller`
|
* :mod:`keystone.api.endpoints`
|
||||||
* :mod:`keystone.catalog.controllers.EndpointGroupV3Controller`
|
* :mod:`keystone.api.os_ep_filter`
|
||||||
* :mod:`keystone.catalog.controllers.EndpointV3`
|
* :mod:`keystone.api.regions`
|
||||||
* :mod:`keystone.catalog.controllers.ProjectEndpointGroupV3Controller`
|
* :mod:`keystone.api.services`
|
||||||
* :mod:`keystone.catalog.controllers.RegionV3`
|
|
||||||
* :mod:`keystone.catalog.controllers.ServiceV3`
|
|
||||||
|
|
||||||
* Credentials
|
* Credentials
|
||||||
|
|
||||||
* :mod:`keystone.contrib.ec2.controllers.Ec2ControllerV3`
|
* :mod:`keystone.api.credentials`
|
||||||
* :mod:`keystone.credential.controllers.CredentialV3`
|
|
||||||
|
|
||||||
* Federation
|
* Federation
|
||||||
|
|
||||||
* :mod:`keystone.federation.controllers.IdentityProvider`
|
* :mod:`keystone.api.os_federation`
|
||||||
* :mod:`keystone.federation.controllers.FederationProtocol`
|
|
||||||
* :mod:`keystone.federation.controllers.MappingController`
|
|
||||||
* :mod:`keystone.federation.controllers.Auth`
|
|
||||||
* :mod:`keystone.federation.controllers.DomainV3`
|
|
||||||
* :mod:`keystone.federation.controllers.ProjectAssignmentV3`
|
|
||||||
* :mod:`keystone.federation.controllers.ServiceProvider`
|
|
||||||
* :mod:`keystone.federation.controllers.SAMLMetadataV3`
|
|
||||||
|
|
||||||
* Identity
|
* Identity
|
||||||
|
|
||||||
* :mod:`keystone.identity.controllers.GroupV3`
|
* :mod:`keystone.api.groups`
|
||||||
* :mod:`keystone.identity.controllers.UserV3`
|
* :mod:`keystone.api.users`
|
||||||
|
|
||||||
|
* Limits
|
||||||
|
|
||||||
|
* :mod:`keystone.api.registered_limits`
|
||||||
|
* :mod:`keystone.api.limits`
|
||||||
|
|
||||||
* Oauth1
|
* Oauth1
|
||||||
|
|
||||||
* :mod:`keystone.oauth1.controllers.ConsumerCrudV3`
|
* :mod:`keystone.api.os_oauth1`
|
||||||
* :mod:`keystone.oauth1.controllers.AccessTokenCrudV3`
|
|
||||||
* :mod:`keystone.oauth1.controllers.AccessTokenRolesV3`
|
|
||||||
* :mod:`keystone.oauth1.controllers.OAuthControllerV3`
|
|
||||||
|
|
||||||
* Policy
|
* Policy
|
||||||
|
|
||||||
* :mod:`keystone.policy.controllers.PolicyV3`
|
* :mod:`keystone.api.policy`
|
||||||
|
|
||||||
* Resource
|
* Resource
|
||||||
|
|
||||||
* :mod:`keystone.resource.controllers.DomainV3`
|
* :mod:`keystone.api.domains`
|
||||||
* :mod:`keystone.resource.controllers.DomainConfigV3`
|
* :mod:`keystone.api.projects`
|
||||||
* :mod:`keystone.resource.controllers.ProjectV3`
|
|
||||||
* :mod:`keystone.resource.controllers.ProjectTagV3`
|
|
||||||
|
|
||||||
* Revoke
|
* Revoke
|
||||||
|
|
||||||
* :mod:`keystone.revoke.controllers.RevokeController`
|
* :mod:`keystone.api.os_revoke`
|
||||||
|
|
||||||
* Trust
|
* Trust
|
||||||
|
|
||||||
* :mod:`keystone.trust.controllers.TrustV3`
|
* :mod:`keystone.api.trusts`
|
||||||
|
|
||||||
.. _Paste: http://pythonpaste.org/
|
|
||||||
|
|
||||||
|
|
||||||
Service Backends
|
Service Backends
|
||||||
================
|
================
|
||||||
|
|||||||
Reference in New Issue
Block a user