Merge "Class for V3 router packages"

This commit is contained in:
Jenkins 2014-08-09 09:04:38 +00:00 committed by Gerrit Code Review
commit 41ae15795e
9 changed files with 253 additions and 212 deletions

View File

@ -55,128 +55,139 @@ class Admin(wsgi.ComposableRouter):
conditions=dict(method=['GET']))
def append_v3_routers(mapper, routers):
routers.append(
router.Router(controllers.DomainV3(),
'domains', 'domain'))
class Routers(wsgi.RoutersBase):
project_controller = controllers.ProjectV3()
routers.append(
router.Router(project_controller,
'projects', 'project'))
mapper.connect('/users/{user_id}/projects',
controller=project_controller,
action='list_user_projects',
conditions=dict(method=['GET']))
def append_v3_routers(self, mapper, routers):
routers.append(
router.Router(controllers.DomainV3(),
'domains', 'domain'))
role_controller = controllers.RoleV3()
routers.append(router.Router(role_controller, 'roles', 'role'))
mapper.connect('/projects/{project_id}/users/{user_id}/roles/{role_id}',
controller=role_controller,
action='create_grant',
conditions=dict(method=['PUT']))
mapper.connect('/projects/{project_id}/groups/{group_id}/roles/{role_id}',
controller=role_controller,
action='create_grant',
conditions=dict(method=['PUT']))
mapper.connect('/projects/{project_id}/users/{user_id}/roles/{role_id}',
controller=role_controller,
action='check_grant',
conditions=dict(method=['GET', 'HEAD']))
mapper.connect('/projects/{project_id}/groups/{group_id}/roles/{role_id}',
controller=role_controller,
action='check_grant',
conditions=dict(method=['GET', 'HEAD']))
mapper.connect('/projects/{project_id}/users/{user_id}/roles',
controller=role_controller,
action='list_grants',
conditions=dict(method=['GET']))
mapper.connect('/projects/{project_id}/groups/{group_id}/roles',
controller=role_controller,
action='list_grants',
conditions=dict(method=['GET']))
mapper.connect('/projects/{project_id}/users/{user_id}/roles/{role_id}',
controller=role_controller,
action='revoke_grant',
conditions=dict(method=['DELETE']))
mapper.connect('/projects/{project_id}/groups/{group_id}/roles/{role_id}',
controller=role_controller,
action='revoke_grant',
conditions=dict(method=['DELETE']))
mapper.connect('/domains/{domain_id}/users/{user_id}/roles/{role_id}',
controller=role_controller,
action='create_grant',
conditions=dict(method=['PUT']))
mapper.connect('/domains/{domain_id}/groups/{group_id}/roles/{role_id}',
controller=role_controller,
action='create_grant',
conditions=dict(method=['PUT']))
mapper.connect('/domains/{domain_id}/users/{user_id}/roles/{role_id}',
controller=role_controller,
action='check_grant',
conditions=dict(method=['GET', 'HEAD']))
mapper.connect('/domains/{domain_id}/groups/{group_id}/roles/{role_id}',
controller=role_controller,
action='check_grant',
conditions=dict(method=['GET', 'HEAD']))
mapper.connect('/domains/{domain_id}/users/{user_id}/roles',
controller=role_controller,
action='list_grants',
conditions=dict(method=['GET']))
mapper.connect('/domains/{domain_id}/groups/{group_id}/roles',
controller=role_controller,
action='list_grants',
conditions=dict(method=['GET']))
mapper.connect('/domains/{domain_id}/users/{user_id}/roles/{role_id}',
controller=role_controller,
action='revoke_grant',
conditions=dict(method=['DELETE']))
mapper.connect('/domains/{domain_id}/groups/{group_id}/roles/{role_id}',
controller=role_controller,
action='revoke_grant',
conditions=dict(method=['DELETE']))
project_controller = controllers.ProjectV3()
routers.append(
router.Router(project_controller,
'projects', 'project'))
mapper.connect('/users/{user_id}/projects',
controller=project_controller,
action='list_user_projects',
conditions=dict(method=['GET']))
if config.CONF.os_inherit.enabled:
mapper.connect(('/OS-INHERIT/domains/{domain_id}/users/{user_id}'
'/roles/{role_id}/inherited_to_projects'),
role_controller = controllers.RoleV3()
routers.append(router.Router(role_controller, 'roles', 'role'))
mapper.connect('/projects/{project_id}/users/{user_id}/roles/'
'{role_id}',
controller=role_controller,
action='create_grant',
conditions=dict(method=['PUT']))
mapper.connect(('/OS-INHERIT/domains/{domain_id}/groups/{group_id}'
'/roles/{role_id}/inherited_to_projects'),
mapper.connect('/projects/{project_id}/groups/{group_id}/roles/'
'{role_id}',
controller=role_controller,
action='create_grant',
conditions=dict(method=['PUT']))
mapper.connect(('/OS-INHERIT/domains/{domain_id}/users/{user_id}'
'/roles/{role_id}/inherited_to_projects'),
mapper.connect('/projects/{project_id}/users/{user_id}/roles/'
'{role_id}',
controller=role_controller,
action='check_grant',
conditions=dict(method=['GET', 'HEAD']))
mapper.connect(('/OS-INHERIT/domains/{domain_id}/groups/{group_id}'
'/roles/{role_id}/inherited_to_projects'),
mapper.connect('/projects/{project_id}/groups/{group_id}/roles/'
'{role_id}',
controller=role_controller,
action='check_grant',
conditions=dict(method=['GET', 'HEAD']))
mapper.connect(('/OS-INHERIT/domains/{domain_id}/users/{user_id}'
'/roles/inherited_to_projects'),
mapper.connect('/projects/{project_id}/users/{user_id}/roles',
controller=role_controller,
action='list_grants',
conditions=dict(method=['GET']))
mapper.connect(('/OS-INHERIT/domains/{domain_id}/groups/{group_id}'
'/roles/inherited_to_projects'),
mapper.connect('/projects/{project_id}/groups/{group_id}/roles',
controller=role_controller,
action='list_grants',
conditions=dict(method=['GET']))
mapper.connect(('/OS-INHERIT/domains/{domain_id}/users/{user_id}'
'/roles/{role_id}/inherited_to_projects'),
mapper.connect('/projects/{project_id}/users/{user_id}/roles/'
'{role_id}',
controller=role_controller,
action='revoke_grant',
conditions=dict(method=['DELETE']))
mapper.connect(('/OS-INHERIT/domains/{domain_id}/groups/{group_id}'
'/roles/{role_id}/inherited_to_projects'),
mapper.connect('/projects/{project_id}/groups/{group_id}/roles/'
'{role_id}',
controller=role_controller,
action='revoke_grant',
conditions=dict(method=['DELETE']))
routers.append(
router.Router(controllers.RoleAssignmentV3(),
'role_assignments', 'role_assignment'))
mapper.connect('/domains/{domain_id}/users/{user_id}/roles/{role_id}',
controller=role_controller,
action='create_grant',
conditions=dict(method=['PUT']))
mapper.connect('/domains/{domain_id}/groups/{group_id}/roles/'
'{role_id}',
controller=role_controller,
action='create_grant',
conditions=dict(method=['PUT']))
mapper.connect('/domains/{domain_id}/users/{user_id}/roles/{role_id}',
controller=role_controller,
action='check_grant',
conditions=dict(method=['GET', 'HEAD']))
mapper.connect('/domains/{domain_id}/groups/{group_id}/roles/'
'{role_id}',
controller=role_controller,
action='check_grant',
conditions=dict(method=['GET', 'HEAD']))
mapper.connect('/domains/{domain_id}/users/{user_id}/roles',
controller=role_controller,
action='list_grants',
conditions=dict(method=['GET']))
mapper.connect('/domains/{domain_id}/groups/{group_id}/roles',
controller=role_controller,
action='list_grants',
conditions=dict(method=['GET']))
mapper.connect('/domains/{domain_id}/users/{user_id}/roles/{role_id}',
controller=role_controller,
action='revoke_grant',
conditions=dict(method=['DELETE']))
mapper.connect('/domains/{domain_id}/groups/{group_id}/roles/'
'{role_id}',
controller=role_controller,
action='revoke_grant',
conditions=dict(method=['DELETE']))
if config.CONF.os_inherit.enabled:
mapper.connect(('/OS-INHERIT/domains/{domain_id}/users/{user_id}'
'/roles/{role_id}/inherited_to_projects'),
controller=role_controller,
action='create_grant',
conditions=dict(method=['PUT']))
mapper.connect(('/OS-INHERIT/domains/{domain_id}/groups/{group_id}'
'/roles/{role_id}/inherited_to_projects'),
controller=role_controller,
action='create_grant',
conditions=dict(method=['PUT']))
mapper.connect(('/OS-INHERIT/domains/{domain_id}/users/{user_id}'
'/roles/{role_id}/inherited_to_projects'),
controller=role_controller,
action='check_grant',
conditions=dict(method=['GET', 'HEAD']))
mapper.connect(('/OS-INHERIT/domains/{domain_id}/groups/{group_id}'
'/roles/{role_id}/inherited_to_projects'),
controller=role_controller,
action='check_grant',
conditions=dict(method=['GET', 'HEAD']))
mapper.connect(('/OS-INHERIT/domains/{domain_id}/users/{user_id}'
'/roles/inherited_to_projects'),
controller=role_controller,
action='list_grants',
conditions=dict(method=['GET']))
mapper.connect(('/OS-INHERIT/domains/{domain_id}/groups/{group_id}'
'/roles/inherited_to_projects'),
controller=role_controller,
action='list_grants',
conditions=dict(method=['GET']))
mapper.connect(('/OS-INHERIT/domains/{domain_id}/users/{user_id}'
'/roles/{role_id}/inherited_to_projects'),
controller=role_controller,
action='revoke_grant',
conditions=dict(method=['DELETE']))
mapper.connect(('/OS-INHERIT/domains/{domain_id}/groups/{group_id}'
'/roles/{role_id}/inherited_to_projects'),
controller=role_controller,
action='revoke_grant',
conditions=dict(method=['DELETE']))
routers.append(
router.Router(controllers.RoleAssignmentV3(),
'role_assignments', 'role_assignment'))

View File

@ -13,32 +13,35 @@
# under the License.
from keystone.auth import controllers
from keystone.common import wsgi
def append_v3_routers(mapper, routers):
auth_controller = controllers.Auth()
class Routers(wsgi.RoutersBase):
mapper.connect('/auth/tokens',
controller=auth_controller,
action='authenticate_for_token',
conditions=dict(method=['POST']))
# NOTE(morganfainberg): For policy enforcement reasons, the
# ``validate_token_head`` method is still used for HEAD requests.
# The controller method makes the same call as the validate_token
# call and lets wsgi.render_response remove the body data.
mapper.connect('/auth/tokens',
controller=auth_controller,
action='check_token',
conditions=dict(method=['HEAD']))
mapper.connect('/auth/tokens',
controller=auth_controller,
action='revoke_token',
conditions=dict(method=['DELETE']))
mapper.connect('/auth/tokens',
controller=auth_controller,
action='validate_token',
conditions=dict(method=['GET']))
mapper.connect('/auth/tokens/OS-PKI/revoked',
controller=auth_controller,
action='revocation_list',
conditions=dict(method=['GET']))
def append_v3_routers(self, mapper, routers):
auth_controller = controllers.Auth()
mapper.connect('/auth/tokens',
controller=auth_controller,
action='authenticate_for_token',
conditions=dict(method=['POST']))
# NOTE(morganfainberg): For policy enforcement reasons, the
# ``validate_token_head`` method is still used for HEAD requests.
# The controller method makes the same call as the validate_token
# call and lets wsgi.render_response remove the body data.
mapper.connect('/auth/tokens',
controller=auth_controller,
action='check_token',
conditions=dict(method=['HEAD']))
mapper.connect('/auth/tokens',
controller=auth_controller,
action='revoke_token',
conditions=dict(method=['DELETE']))
mapper.connect('/auth/tokens',
controller=auth_controller,
action='validate_token',
conditions=dict(method=['GET']))
mapper.connect('/auth/tokens/OS-PKI/revoked',
controller=auth_controller,
action='revocation_list',
conditions=dict(method=['GET']))

View File

@ -14,27 +14,30 @@
from keystone.catalog import controllers
from keystone.common import router
from keystone.common import wsgi
def append_v3_routers(mapper, routers):
regions_controller = controllers.RegionV3()
routers.append(router.Router(regions_controller,
'regions', 'region'))
class Routers(wsgi.RoutersBase):
# Need to add an additional route to support PUT /regions/{region_id}
mapper.connect(
'/regions/{region_id}',
controller=regions_controller,
action='create_region_with_id',
conditions=dict(method=['PUT']))
def append_v3_routers(self, mapper, routers):
regions_controller = controllers.RegionV3()
routers.append(router.Router(regions_controller,
'regions', 'region'))
routers.append(router.Router(controllers.ServiceV3(),
'services', 'service'))
routers.append(router.Router(controllers.EndpointV3(),
'endpoints', 'endpoint'))
# Need to add an additional route to support PUT /regions/{region_id}
mapper.connect(
'/regions/{region_id}',
controller=regions_controller,
action='create_region_with_id',
conditions=dict(method=['PUT']))
mapper.connect(
'/catalog',
controller=controllers.CatalogV3(),
action='get_catalog',
conditions=dict(method=['GET']))
routers.append(router.Router(controllers.ServiceV3(),
'services', 'service'))
routers.append(router.Router(controllers.EndpointV3(),
'endpoints', 'endpoint'))
mapper.connect(
'/catalog',
controller=controllers.CatalogV3(),
action='get_catalog',
conditions=dict(method=['GET']))

View File

@ -604,6 +604,16 @@ class ExtensionRouter(Router):
return _factory
class RoutersBase(object):
"""Base class for Routers."""
def append_v3_routers(self, mapper, routers):
"""Append v3 routers.
Subclasses should override this method to map its routes.
"""
def render_response(body=None, status=None, headers=None, method=None):
"""Forms a WSGI response."""
if headers is None:

View File

@ -15,10 +15,13 @@
"""WSGI Routers for the Credentials service."""
from keystone.common import router
from keystone.common import wsgi
from keystone.credential import controllers
def append_v3_routers(mapper, routers):
routers.append(
router.Router(controllers.CredentialV3(),
'credentials', 'credential'))
class Routers(wsgi.RoutersBase):
def append_v3_routers(self, mapper, routers):
routers.append(
router.Router(controllers.CredentialV3(),
'credentials', 'credential'))

View File

@ -27,41 +27,43 @@ class Admin(wsgi.ComposableRouter):
conditions=dict(method=['GET']))
def append_v3_routers(mapper, routers):
user_controller = controllers.UserV3()
routers.append(
router.Router(user_controller,
'users', 'user'))
mapper.connect('/users/{user_id}/password',
controller=user_controller,
action='change_password',
conditions=dict(method=['POST']))
class Routers(wsgi.RoutersBase):
mapper.connect('/groups/{group_id}/users',
controller=user_controller,
action='list_users_in_group',
conditions=dict(method=['GET']))
def append_v3_routers(self, mapper, routers):
user_controller = controllers.UserV3()
routers.append(
router.Router(user_controller,
'users', 'user'))
mapper.connect('/users/{user_id}/password',
controller=user_controller,
action='change_password',
conditions=dict(method=['POST']))
mapper.connect('/groups/{group_id}/users/{user_id}',
controller=user_controller,
action='add_user_to_group',
conditions=dict(method=['PUT']))
mapper.connect('/groups/{group_id}/users',
controller=user_controller,
action='list_users_in_group',
conditions=dict(method=['GET']))
mapper.connect('/groups/{group_id}/users/{user_id}',
controller=user_controller,
action='check_user_in_group',
conditions=dict(method=['GET', 'HEAD']))
mapper.connect('/groups/{group_id}/users/{user_id}',
controller=user_controller,
action='add_user_to_group',
conditions=dict(method=['PUT']))
mapper.connect('/groups/{group_id}/users/{user_id}',
controller=user_controller,
action='remove_user_from_group',
conditions=dict(method=['DELETE']))
mapper.connect('/groups/{group_id}/users/{user_id}',
controller=user_controller,
action='check_user_in_group',
conditions=dict(method=['GET', 'HEAD']))
group_controller = controllers.GroupV3()
routers.append(
router.Router(group_controller,
'groups', 'group'))
mapper.connect('/users/{user_id}/groups',
controller=group_controller,
action='list_groups_for_user',
conditions=dict(method=['GET']))
mapper.connect('/groups/{group_id}/users/{user_id}',
controller=user_controller,
action='remove_user_from_group',
conditions=dict(method=['DELETE']))
group_controller = controllers.GroupV3()
routers.append(
router.Router(group_controller,
'groups', 'group'))
mapper.connect('/users/{user_id}/groups',
controller=group_controller,
action='list_groups_for_user',
conditions=dict(method=['GET']))

View File

@ -12,9 +12,12 @@
# License for the specific language governing permissions and limitations
# under the License.
from keystone.common import router
from keystone.common import wsgi
from keystone.policy import controllers
def append_v3_routers(mapper, routers):
policy_controller = controllers.PolicyV3()
routers.append(router.Router(policy_controller, 'policies', 'policy'))
class Routers(wsgi.RoutersBase):
def append_v3_routers(self, mapper, routers):
policy_controller = controllers.PolicyV3()
routers.append(router.Router(policy_controller, 'policies', 'policy'))

View File

@ -89,11 +89,14 @@ def v3_app_factory(global_conf, **local_conf):
controllers.register_version('v3')
mapper = routes.Mapper()
v3routers = []
for module in [assignment, auth, catalog, credential, identity, policy]:
module.routers.append_v3_routers(mapper, v3routers)
router_modules = [assignment, auth, catalog, credential, identity, policy]
if CONF.trust.enabled:
trust.routers.append_v3_routers(mapper, v3routers)
router_modules.append(trust)
for module in router_modules:
routers_instance = module.routers.Routers()
routers_instance.append_v3_routers(mapper, v3routers)
# Add in the v3 version api
v3routers.append(routers.VersionV3('admin'))

View File

@ -13,38 +13,41 @@
# under the License.
"""WSGI Routers for the Identity service."""
from keystone.common import wsgi
from keystone.trust import controllers
def append_v3_routers(mapper, routers):
trust_controller = controllers.TrustV3()
class Routers(wsgi.RoutersBase):
mapper.connect('/OS-TRUST/trusts',
controller=trust_controller,
action='create_trust',
conditions=dict(method=['POST']))
def append_v3_routers(self, mapper, routers):
trust_controller = controllers.TrustV3()
mapper.connect('/OS-TRUST/trusts',
controller=trust_controller,
action='list_trusts',
conditions=dict(method=['GET']))
mapper.connect('/OS-TRUST/trusts',
controller=trust_controller,
action='create_trust',
conditions=dict(method=['POST']))
mapper.connect('/OS-TRUST/trusts/{trust_id}',
controller=trust_controller,
action='delete_trust',
conditions=dict(method=['DELETE']))
mapper.connect('/OS-TRUST/trusts',
controller=trust_controller,
action='list_trusts',
conditions=dict(method=['GET']))
mapper.connect('/OS-TRUST/trusts/{trust_id}',
controller=trust_controller,
action='get_trust',
conditions=dict(method=['GET']))
mapper.connect('/OS-TRUST/trusts/{trust_id}',
controller=trust_controller,
action='delete_trust',
conditions=dict(method=['DELETE']))
mapper.connect('/OS-TRUST/trusts/{trust_id}/roles',
controller=trust_controller,
action='list_roles_for_trust',
conditions=dict(method=['GET']))
mapper.connect('/OS-TRUST/trusts/{trust_id}',
controller=trust_controller,
action='get_trust',
conditions=dict(method=['GET']))
mapper.connect('/OS-TRUST/trusts/{trust_id}/roles/{role_id}',
controller=trust_controller,
action='get_role_for_trust',
conditions=dict(method=['GET', 'HEAD']))
mapper.connect('/OS-TRUST/trusts/{trust_id}/roles',
controller=trust_controller,
action='list_roles_for_trust',
conditions=dict(method=['GET']))
mapper.connect('/OS-TRUST/trusts/{trust_id}/roles/{role_id}',
controller=trust_controller,
action='get_role_for_trust',
conditions=dict(method=['GET', 'HEAD']))