Move Assignment Controllers and Routers to be First Class
The assignment and identity controllers and routers have been intermixed since they were the same subsystem. The split of Identity and Assignment at the manager level has completed. This change continues the process and makes the Assignment controllers and router definitions part of the assignment subsystem instead of part of Identity. In part, this is also a continuation of clarifying where domain lookups (for per-domain-identity backend logic) occurs. Identity maintains a simple subclass-proxy of each Controller that was moved to maintain compatibility for clean deprecation until Icehouse has been released and development opens up for J. bp: assignment-controller-first-class bp: deprecated-as-of-icehouse related-bug: #1218094 Change-Id: If9a206692704005284e619679e1b6fe8b08bf8c9
This commit is contained in:
parent
dcefec5e0f
commit
3e2a26281c
|
@ -15,4 +15,6 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from keystone.assignment import controllers
|
||||
from keystone.assignment.core import *
|
||||
from keystone.assignment import routers
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,184 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
|
||||
# Copyright 2013 Metacloud, Inc.
|
||||
# Copyright 2012 OpenStack Foundation
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
"""WSGI Routers for the Assignment service."""
|
||||
|
||||
from keystone.assignment import controllers
|
||||
from keystone.common import router
|
||||
from keystone.common import wsgi
|
||||
from keystone import config
|
||||
|
||||
|
||||
class Public(wsgi.ComposableRouter):
|
||||
def add_routes(self, mapper):
|
||||
tenant_controller = controllers.Tenant()
|
||||
mapper.connect('/tenants',
|
||||
controller=tenant_controller,
|
||||
action='get_projects_for_token',
|
||||
conditions=dict(method=['GET']))
|
||||
|
||||
|
||||
class Admin(wsgi.ComposableRouter):
|
||||
def add_routes(self, mapper):
|
||||
# Tenant Operations
|
||||
tenant_controller = controllers.Tenant()
|
||||
mapper.connect('/tenants',
|
||||
controller=tenant_controller,
|
||||
action='get_all_projects',
|
||||
conditions=dict(method=['GET']))
|
||||
mapper.connect('/tenants/{tenant_id}',
|
||||
controller=tenant_controller,
|
||||
action='get_project',
|
||||
conditions=dict(method=['GET']))
|
||||
|
||||
# Role Operations
|
||||
roles_controller = controllers.Role()
|
||||
mapper.connect('/tenants/{tenant_id}/users/{user_id}/roles',
|
||||
controller=roles_controller,
|
||||
action='get_user_roles',
|
||||
conditions=dict(method=['GET']))
|
||||
mapper.connect('/users/{user_id}/roles',
|
||||
controller=roles_controller,
|
||||
action='get_user_roles',
|
||||
conditions=dict(method=['GET']))
|
||||
|
||||
|
||||
def append_v3_routers(mapper, routers):
|
||||
routers.append(
|
||||
router.Router(controllers.DomainV3(),
|
||||
'domains', 'domain'))
|
||||
|
||||
project_controller = controllers.ProjectV3()
|
||||
routers.append(
|
||||
router.Router(project_controller,
|
||||
'projects', 'project'))
|
||||
mapper.connect('/users/{user_id}/projects',
|
||||
controller=project_controller,
|
||||
action='list_user_projects',
|
||||
conditions=dict(method=['GET']))
|
||||
|
||||
role_controller = controllers.RoleV3()
|
||||
routers.append(router.Router(role_controller, 'roles', 'role'))
|
||||
mapper.connect('/projects/{project_id}/users/{user_id}/roles/{role_id}',
|
||||
controller=role_controller,
|
||||
action='create_grant',
|
||||
conditions=dict(method=['PUT']))
|
||||
mapper.connect('/projects/{project_id}/groups/{group_id}/roles/{role_id}',
|
||||
controller=role_controller,
|
||||
action='create_grant',
|
||||
conditions=dict(method=['PUT']))
|
||||
mapper.connect('/projects/{project_id}/users/{user_id}/roles/{role_id}',
|
||||
controller=role_controller,
|
||||
action='check_grant',
|
||||
conditions=dict(method=['HEAD']))
|
||||
mapper.connect('/projects/{project_id}/groups/{group_id}/roles/{role_id}',
|
||||
controller=role_controller,
|
||||
action='check_grant',
|
||||
conditions=dict(method=['HEAD']))
|
||||
mapper.connect('/projects/{project_id}/users/{user_id}/roles',
|
||||
controller=role_controller,
|
||||
action='list_grants',
|
||||
conditions=dict(method=['GET']))
|
||||
mapper.connect('/projects/{project_id}/groups/{group_id}/roles',
|
||||
controller=role_controller,
|
||||
action='list_grants',
|
||||
conditions=dict(method=['GET']))
|
||||
mapper.connect('/projects/{project_id}/users/{user_id}/roles/{role_id}',
|
||||
controller=role_controller,
|
||||
action='revoke_grant',
|
||||
conditions=dict(method=['DELETE']))
|
||||
mapper.connect('/projects/{project_id}/groups/{group_id}/roles/{role_id}',
|
||||
controller=role_controller,
|
||||
action='revoke_grant',
|
||||
conditions=dict(method=['DELETE']))
|
||||
mapper.connect('/domains/{domain_id}/users/{user_id}/roles/{role_id}',
|
||||
controller=role_controller,
|
||||
action='create_grant',
|
||||
conditions=dict(method=['PUT']))
|
||||
mapper.connect('/domains/{domain_id}/groups/{group_id}/roles/{role_id}',
|
||||
controller=role_controller,
|
||||
action='create_grant',
|
||||
conditions=dict(method=['PUT']))
|
||||
mapper.connect('/domains/{domain_id}/users/{user_id}/roles/{role_id}',
|
||||
controller=role_controller,
|
||||
action='check_grant',
|
||||
conditions=dict(method=['HEAD']))
|
||||
mapper.connect('/domains/{domain_id}/groups/{group_id}/roles/{role_id}',
|
||||
controller=role_controller,
|
||||
action='check_grant',
|
||||
conditions=dict(method=['HEAD']))
|
||||
mapper.connect('/domains/{domain_id}/users/{user_id}/roles',
|
||||
controller=role_controller,
|
||||
action='list_grants',
|
||||
conditions=dict(method=['GET']))
|
||||
mapper.connect('/domains/{domain_id}/groups/{group_id}/roles',
|
||||
controller=role_controller,
|
||||
action='list_grants',
|
||||
conditions=dict(method=['GET']))
|
||||
mapper.connect('/domains/{domain_id}/users/{user_id}/roles/{role_id}',
|
||||
controller=role_controller,
|
||||
action='revoke_grant',
|
||||
conditions=dict(method=['DELETE']))
|
||||
mapper.connect('/domains/{domain_id}/groups/{group_id}/roles/{role_id}',
|
||||
controller=role_controller,
|
||||
action='revoke_grant',
|
||||
conditions=dict(method=['DELETE']))
|
||||
|
||||
if config.CONF.os_inherit.enabled:
|
||||
mapper.connect(('/OS-INHERIT/domains/{domain_id}/users/{user_id}'
|
||||
'/roles/{role_id}/inherited_to_projects'),
|
||||
controller=role_controller,
|
||||
action='create_grant',
|
||||
conditions=dict(method=['PUT']))
|
||||
mapper.connect(('/OS-INHERIT/domains/{domain_id}/groups/{group_id}'
|
||||
'/roles/{role_id}/inherited_to_projects'),
|
||||
controller=role_controller,
|
||||
action='create_grant',
|
||||
conditions=dict(method=['PUT']))
|
||||
mapper.connect(('/OS-INHERIT/domains/{domain_id}/users/{user_id}'
|
||||
'/roles/{role_id}/inherited_to_projects'),
|
||||
controller=role_controller,
|
||||
action='check_grant',
|
||||
conditions=dict(method=['HEAD']))
|
||||
mapper.connect(('/OS-INHERIT/domains/{domain_id}/groups/{group_id}'
|
||||
'/roles/{role_id}/inherited_to_projects'),
|
||||
controller=role_controller,
|
||||
action='check_grant',
|
||||
conditions=dict(method=['HEAD']))
|
||||
mapper.connect(('/OS-INHERIT/domains/{domain_id}/users/{user_id}'
|
||||
'/roles/inherited_to_projects'),
|
||||
controller=role_controller,
|
||||
action='list_grants',
|
||||
conditions=dict(method=['GET']))
|
||||
mapper.connect(('/OS-INHERIT/domains/{domain_id}/groups/{group_id}'
|
||||
'/roles/inherited_to_projects'),
|
||||
controller=role_controller,
|
||||
action='list_grants',
|
||||
conditions=dict(method=['GET']))
|
||||
mapper.connect(('/OS-INHERIT/domains/{domain_id}/users/{user_id}'
|
||||
'/roles/{role_id}/inherited_to_projects'),
|
||||
controller=role_controller,
|
||||
action='revoke_grant',
|
||||
conditions=dict(method=['DELETE']))
|
||||
mapper.connect(('/OS-INHERIT/domains/{domain_id}/groups/{group_id}'
|
||||
'/roles/{role_id}/inherited_to_projects'),
|
||||
controller=role_controller,
|
||||
action='revoke_grant',
|
||||
conditions=dict(method=['DELETE']))
|
||||
routers.append(
|
||||
router.Router(controllers.RoleAssignmentV3(),
|
||||
'role_assignments', 'role_assignment'))
|
|
@ -13,6 +13,8 @@
|
|||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from keystone import assignment
|
||||
from keystone import catalog
|
||||
from keystone.common import extension
|
||||
from keystone.common import wsgi
|
||||
|
@ -47,9 +49,9 @@ class CrudExtension(wsgi.ExtensionRouter):
|
|||
"""
|
||||
|
||||
def add_routes(self, mapper):
|
||||
tenant_controller = identity.controllers.Tenant()
|
||||
tenant_controller = assignment.controllers.Tenant()
|
||||
user_controller = identity.controllers.User()
|
||||
role_controller = identity.controllers.Role()
|
||||
role_controller = assignment.controllers.Role()
|
||||
service_controller = catalog.controllers.Service()
|
||||
endpoint_controller = catalog.controllers.Endpoint()
|
||||
|
||||
|
|
|
@ -15,10 +15,10 @@
|
|||
# under the License.
|
||||
|
||||
|
||||
from keystone import assignment
|
||||
from keystone.catalog import controllers as catalog_controllers
|
||||
from keystone.common import controller
|
||||
from keystone.common import dependency
|
||||
from keystone.identity import controllers as identity_controllers
|
||||
|
||||
|
||||
@dependency.requires('assignment_api', 'catalog_api', 'endpoint_filter_api')
|
||||
|
@ -72,5 +72,5 @@ class EndpointFilterV3Controller(controller.V3Controller):
|
|||
|
||||
projects = [self.assignment_api.get_project(
|
||||
ref.project_id) for ref in refs]
|
||||
return identity_controllers.ProjectV3.wrap_collection(context,
|
||||
projects)
|
||||
return assignment.controllers.ProjectV3.wrap_collection(context,
|
||||
projects)
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -16,32 +16,11 @@
|
|||
"""WSGI Routers for the Identity service."""
|
||||
from keystone.common import router
|
||||
from keystone.common import wsgi
|
||||
from keystone import config
|
||||
from keystone.identity import controllers
|
||||
|
||||
|
||||
class Public(wsgi.ComposableRouter):
|
||||
def add_routes(self, mapper):
|
||||
tenant_controller = controllers.Tenant()
|
||||
mapper.connect('/tenants',
|
||||
controller=tenant_controller,
|
||||
action='get_projects_for_token',
|
||||
conditions=dict(method=['GET']))
|
||||
|
||||
|
||||
class Admin(wsgi.ComposableRouter):
|
||||
def add_routes(self, mapper):
|
||||
# Tenant Operations
|
||||
tenant_controller = controllers.Tenant()
|
||||
mapper.connect('/tenants',
|
||||
controller=tenant_controller,
|
||||
action='get_all_projects',
|
||||
conditions=dict(method=['GET']))
|
||||
mapper.connect('/tenants/{tenant_id}',
|
||||
controller=tenant_controller,
|
||||
action='get_project',
|
||||
conditions=dict(method=['GET']))
|
||||
|
||||
# User Operations
|
||||
user_controller = controllers.User()
|
||||
mapper.connect('/users/{user_id}',
|
||||
|
@ -49,32 +28,8 @@ class Admin(wsgi.ComposableRouter):
|
|||
action='get_user',
|
||||
conditions=dict(method=['GET']))
|
||||
|
||||
# Role Operations
|
||||
roles_controller = controllers.Role()
|
||||
mapper.connect('/tenants/{tenant_id}/users/{user_id}/roles',
|
||||
controller=roles_controller,
|
||||
action='get_user_roles',
|
||||
conditions=dict(method=['GET']))
|
||||
mapper.connect('/users/{user_id}/roles',
|
||||
controller=roles_controller,
|
||||
action='get_user_roles',
|
||||
conditions=dict(method=['GET']))
|
||||
|
||||
|
||||
def append_v3_routers(mapper, routers):
|
||||
routers.append(
|
||||
router.Router(controllers.DomainV3(),
|
||||
'domains', 'domain'))
|
||||
|
||||
project_controller = controllers.ProjectV3()
|
||||
routers.append(
|
||||
router.Router(project_controller,
|
||||
'projects', 'project'))
|
||||
mapper.connect('/users/{user_id}/projects',
|
||||
controller=project_controller,
|
||||
action='list_user_projects',
|
||||
conditions=dict(method=['GET']))
|
||||
|
||||
user_controller = controllers.UserV3()
|
||||
routers.append(
|
||||
router.Router(user_controller,
|
||||
|
@ -112,115 +67,3 @@ def append_v3_routers(mapper, routers):
|
|||
controller=group_controller,
|
||||
action='list_groups_for_user',
|
||||
conditions=dict(method=['GET']))
|
||||
|
||||
role_controller = controllers.RoleV3()
|
||||
routers.append(router.Router(role_controller, 'roles', 'role'))
|
||||
mapper.connect('/projects/{project_id}/users/{user_id}/roles/{role_id}',
|
||||
controller=role_controller,
|
||||
action='create_grant',
|
||||
conditions=dict(method=['PUT']))
|
||||
mapper.connect('/projects/{project_id}/groups/{group_id}/roles/{role_id}',
|
||||
controller=role_controller,
|
||||
action='create_grant',
|
||||
conditions=dict(method=['PUT']))
|
||||
mapper.connect('/projects/{project_id}/users/{user_id}/roles/{role_id}',
|
||||
controller=role_controller,
|
||||
action='check_grant',
|
||||
conditions=dict(method=['HEAD']))
|
||||
mapper.connect('/projects/{project_id}/groups/{group_id}/roles/{role_id}',
|
||||
controller=role_controller,
|
||||
action='check_grant',
|
||||
conditions=dict(method=['HEAD']))
|
||||
mapper.connect('/projects/{project_id}/users/{user_id}/roles',
|
||||
controller=role_controller,
|
||||
action='list_grants',
|
||||
conditions=dict(method=['GET']))
|
||||
mapper.connect('/projects/{project_id}/groups/{group_id}/roles',
|
||||
controller=role_controller,
|
||||
action='list_grants',
|
||||
conditions=dict(method=['GET']))
|
||||
mapper.connect('/projects/{project_id}/users/{user_id}/roles/{role_id}',
|
||||
controller=role_controller,
|
||||
action='revoke_grant',
|
||||
conditions=dict(method=['DELETE']))
|
||||
mapper.connect('/projects/{project_id}/groups/{group_id}/roles/{role_id}',
|
||||
controller=role_controller,
|
||||
action='revoke_grant',
|
||||
conditions=dict(method=['DELETE']))
|
||||
mapper.connect('/domains/{domain_id}/users/{user_id}/roles/{role_id}',
|
||||
controller=role_controller,
|
||||
action='create_grant',
|
||||
conditions=dict(method=['PUT']))
|
||||
mapper.connect('/domains/{domain_id}/groups/{group_id}/roles/{role_id}',
|
||||
controller=role_controller,
|
||||
action='create_grant',
|
||||
conditions=dict(method=['PUT']))
|
||||
mapper.connect('/domains/{domain_id}/users/{user_id}/roles/{role_id}',
|
||||
controller=role_controller,
|
||||
action='check_grant',
|
||||
conditions=dict(method=['HEAD']))
|
||||
mapper.connect('/domains/{domain_id}/groups/{group_id}/roles/{role_id}',
|
||||
controller=role_controller,
|
||||
action='check_grant',
|
||||
conditions=dict(method=['HEAD']))
|
||||
mapper.connect('/domains/{domain_id}/users/{user_id}/roles',
|
||||
controller=role_controller,
|
||||
action='list_grants',
|
||||
conditions=dict(method=['GET']))
|
||||
mapper.connect('/domains/{domain_id}/groups/{group_id}/roles',
|
||||
controller=role_controller,
|
||||
action='list_grants',
|
||||
conditions=dict(method=['GET']))
|
||||
mapper.connect('/domains/{domain_id}/users/{user_id}/roles/{role_id}',
|
||||
controller=role_controller,
|
||||
action='revoke_grant',
|
||||
conditions=dict(method=['DELETE']))
|
||||
mapper.connect('/domains/{domain_id}/groups/{group_id}/roles/{role_id}',
|
||||
controller=role_controller,
|
||||
action='revoke_grant',
|
||||
conditions=dict(method=['DELETE']))
|
||||
|
||||
if config.CONF.os_inherit.enabled:
|
||||
mapper.connect(('/OS-INHERIT/domains/{domain_id}/users/{user_id}'
|
||||
'/roles/{role_id}/inherited_to_projects'),
|
||||
controller=role_controller,
|
||||
action='create_grant',
|
||||
conditions=dict(method=['PUT']))
|
||||
mapper.connect(('/OS-INHERIT/domains/{domain_id}/groups/{group_id}'
|
||||
'/roles/{role_id}/inherited_to_projects'),
|
||||
controller=role_controller,
|
||||
action='create_grant',
|
||||
conditions=dict(method=['PUT']))
|
||||
mapper.connect(('/OS-INHERIT/domains/{domain_id}/users/{user_id}'
|
||||
'/roles/{role_id}/inherited_to_projects'),
|
||||
controller=role_controller,
|
||||
action='check_grant',
|
||||
conditions=dict(method=['HEAD']))
|
||||
mapper.connect(('/OS-INHERIT/domains/{domain_id}/groups/{group_id}'
|
||||
'/roles/{role_id}/inherited_to_projects'),
|
||||
controller=role_controller,
|
||||
action='check_grant',
|
||||
conditions=dict(method=['HEAD']))
|
||||
mapper.connect(('/OS-INHERIT/domains/{domain_id}/users/{user_id}'
|
||||
'/roles/inherited_to_projects'),
|
||||
controller=role_controller,
|
||||
action='list_grants',
|
||||
conditions=dict(method=['GET']))
|
||||
mapper.connect(('/OS-INHERIT/domains/{domain_id}/groups/{group_id}'
|
||||
'/roles/inherited_to_projects'),
|
||||
controller=role_controller,
|
||||
action='list_grants',
|
||||
conditions=dict(method=['GET']))
|
||||
mapper.connect(('/OS-INHERIT/domains/{domain_id}/users/{user_id}'
|
||||
'/roles/{role_id}/inherited_to_projects'),
|
||||
controller=role_controller,
|
||||
action='revoke_grant',
|
||||
conditions=dict(method=['DELETE']))
|
||||
mapper.connect(('/OS-INHERIT/domains/{domain_id}/groups/{group_id}'
|
||||
'/roles/{role_id}/inherited_to_projects'),
|
||||
controller=role_controller,
|
||||
action='revoke_grant',
|
||||
conditions=dict(method=['DELETE']))
|
||||
routers.append(
|
||||
router.Router(controllers.RoleAssignmentV3(),
|
||||
'role_assignments', 'role_assignment'))
|
||||
|
|
|
@ -83,7 +83,7 @@ def public_app_factory(global_conf, **local_conf):
|
|||
conf = global_conf.copy()
|
||||
conf.update(local_conf)
|
||||
return wsgi.ComposingRouter(routes.Mapper(),
|
||||
[identity.routers.Public(),
|
||||
[assignment.routers.Public(),
|
||||
token.routers.Router(),
|
||||
routers.VersionV2('public'),
|
||||
routers.Extension(False)])
|
||||
|
@ -95,6 +95,7 @@ def admin_app_factory(global_conf, **local_conf):
|
|||
conf.update(local_conf)
|
||||
return wsgi.ComposingRouter(routes.Mapper(),
|
||||
[identity.routers.Admin(),
|
||||
assignment.routers.Admin(),
|
||||
token.routers.Router(),
|
||||
routers.VersionV2('admin'),
|
||||
routers.Extension()])
|
||||
|
@ -123,7 +124,7 @@ def v3_app_factory(global_conf, **local_conf):
|
|||
conf.update(local_conf)
|
||||
mapper = routes.Mapper()
|
||||
v3routers = []
|
||||
for module in [auth, catalog, credential, identity, policy]:
|
||||
for module in [assignment, auth, catalog, credential, identity, policy]:
|
||||
module.routers.append_v3_routers(mapper, v3routers)
|
||||
|
||||
if CONF.trust.enabled:
|
||||
|
|
|
@ -16,10 +16,10 @@ import copy
|
|||
import datetime
|
||||
import uuid
|
||||
|
||||
from keystone import assignment
|
||||
from keystone import auth
|
||||
from keystone import config
|
||||
from keystone import exception
|
||||
from keystone import identity
|
||||
from keystone.openstack.common import timeutils
|
||||
from keystone import tests
|
||||
from keystone.tests import default_fixtures
|
||||
|
@ -409,7 +409,7 @@ class AuthWithToken(AuthTest):
|
|||
self.assertEqual(bind['kerberos'], 'FOO')
|
||||
|
||||
def test_deleting_role_revokes_token(self):
|
||||
role_controller = identity.controllers.Role()
|
||||
role_controller = assignment.controllers.Role()
|
||||
project1 = {'id': 'Project1', 'name': uuid.uuid4().hex,
|
||||
'domain_id': DEFAULT_DOMAIN_ID}
|
||||
self.assignment_api.create_project(project1['id'], project1)
|
||||
|
|
|
@ -16,11 +16,11 @@
|
|||
|
||||
import uuid
|
||||
|
||||
from keystone import assignment
|
||||
from keystone.common import controller
|
||||
from keystone.common import dependency
|
||||
from keystone import config
|
||||
from keystone import exception
|
||||
from keystone import identity
|
||||
from keystone.openstack.common import log as logging
|
||||
from keystone.openstack.common import timeutils
|
||||
|
||||
|
@ -105,7 +105,7 @@ class TrustV3(controller.V3Controller):
|
|||
matching_roles = [x for x in global_roles
|
||||
if x['id'] == trust_role['id']]
|
||||
if matching_roles:
|
||||
full_role = identity.controllers.RoleV3.wrap_member(
|
||||
full_role = assignment.controllers.RoleV3.wrap_member(
|
||||
context, matching_roles[0])['role']
|
||||
trust_full_roles.append(full_role)
|
||||
trust['roles'] = trust_full_roles
|
||||
|
@ -265,7 +265,7 @@ class TrustV3(controller.V3Controller):
|
|||
matching_roles = [x for x in global_roles
|
||||
if x['id'] == role_id]
|
||||
if matching_roles:
|
||||
full_role = (identity.controllers.
|
||||
full_role = (assignment.controllers.
|
||||
RoleV3.wrap_member(context, matching_roles[0]))
|
||||
return full_role
|
||||
else:
|
||||
|
|
Loading…
Reference in New Issue