Convert OS-SIMPLE-CERT to flask dispatching
Convert OS-SIMPLE-CERT to flask native dispatching. Change-Id: I7b58c50f1ef870c5966645045efdde2e6c9fd34d Partial-Bug: #1776504
This commit is contained in:
parent
8eaf0854ff
commit
637990bf71
|
@ -16,10 +16,30 @@ from keystone.api import limits
|
|||
from keystone.api import os_ep_filter
|
||||
from keystone.api import os_oauth1
|
||||
from keystone.api import os_revoke
|
||||
from keystone.api import os_simple_cert
|
||||
from keystone.api import registered_limits
|
||||
from keystone.api import trusts
|
||||
|
||||
__all__ = ('discovery', 'credentials', 'limits', 'os_ep_filter', 'os_oauth1',
|
||||
'os_revoke', 'registered_limits', 'trusts')
|
||||
__apis__ = (discovery, credentials, limits, os_ep_filter, os_oauth1, os_revoke,
|
||||
registered_limits, trusts)
|
||||
__all__ = (
|
||||
'discovery',
|
||||
'credentials',
|
||||
'limits',
|
||||
'os_ep_filter',
|
||||
'os_oauth1',
|
||||
'os_revoke',
|
||||
'os_simple_cert',
|
||||
'registered_limits',
|
||||
'trusts',
|
||||
)
|
||||
|
||||
__apis__ = (
|
||||
discovery,
|
||||
credentials,
|
||||
limits,
|
||||
os_ep_filter,
|
||||
os_oauth1,
|
||||
os_revoke,
|
||||
os_simple_cert,
|
||||
registered_limits,
|
||||
trusts,
|
||||
)
|
||||
|
|
|
@ -0,0 +1,77 @@
|
|||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
# This file handles all flask-restful resources for /v3/OS-SIMPLE-CERT
|
||||
|
||||
import flask
|
||||
import flask_restful
|
||||
import functools
|
||||
from six.moves import http_client
|
||||
|
||||
from keystone.common import json_home
|
||||
import keystone.conf
|
||||
from keystone import exception
|
||||
from keystone.server import flask as ks_flask
|
||||
|
||||
|
||||
CONF = keystone.conf.CONF
|
||||
|
||||
|
||||
_build_resource_relation = functools.partial(
|
||||
json_home.build_v3_extension_resource_relation,
|
||||
extension_name='OS-SIMPLE-CERT', extension_version='1.0')
|
||||
|
||||
|
||||
def _get_certificate(name):
|
||||
try:
|
||||
with open(name, 'r') as f:
|
||||
body = f.read()
|
||||
except IOError:
|
||||
raise exception.CertificateFilesUnavailable()
|
||||
resp = flask.make_response(body, http_client.OK)
|
||||
resp.headers['Content-Type'] = 'application/x-pem-file'
|
||||
return resp
|
||||
|
||||
|
||||
class SimpleCertCAResource(flask_restful.Resource):
|
||||
@ks_flask.unenforced_api
|
||||
def get(self):
|
||||
return _get_certificate(CONF.signing.ca_certs)
|
||||
|
||||
|
||||
class SimpleCertListResource(flask_restful.Resource):
|
||||
@ks_flask.unenforced_api
|
||||
def get(self):
|
||||
return _get_certificate(CONF.signing.certfile)
|
||||
|
||||
|
||||
class SimpleCertAPI(ks_flask.APIBase):
|
||||
_name = 'OS-SIMPLE-CERT'
|
||||
_import_name = __name__
|
||||
resources = []
|
||||
resource_mapping = [
|
||||
ks_flask.construct_resource_map(
|
||||
resource=SimpleCertCAResource,
|
||||
url='/OS-SIMPLE-CERT/ca',
|
||||
resource_kwargs={},
|
||||
rel='ca_certificate',
|
||||
resource_relation_func=_build_resource_relation),
|
||||
ks_flask.construct_resource_map(
|
||||
resource=SimpleCertListResource,
|
||||
url='/OS-SIMPLE-CERT/certificates',
|
||||
resource_kwargs={},
|
||||
rel='certificates',
|
||||
resource_relation_func=_build_resource_relation),
|
||||
]
|
||||
|
||||
|
||||
APIs = (SimpleCertAPI,)
|
|
@ -37,7 +37,6 @@ from keystone.identity import routers as identity_routers
|
|||
from keystone.oauth1 import routers as oauth1_routers
|
||||
from keystone.policy import routers as policy_routers
|
||||
from keystone.resource import routers as resource_routers
|
||||
from keystone.token import _simple_cert as simple_cert_ext
|
||||
|
||||
# TODO(morgan): _MOVED_API_PREFIXES to be removed when the legacy dispatch
|
||||
# support is removed.
|
||||
|
@ -46,6 +45,7 @@ _MOVED_API_PREFIXES = frozenset(
|
|||
'OS-OAUTH1',
|
||||
'OS-EP-FILTER',
|
||||
'OS-REVOKE',
|
||||
'OS-SIMPLE-CERT',
|
||||
'OS-TRUST',
|
||||
'limits',
|
||||
'registered_limits',
|
||||
|
@ -66,9 +66,7 @@ ALL_API_ROUTERS = [auth_routers,
|
|||
oauth1_routers,
|
||||
endpoint_policy_routers,
|
||||
ec2_routers,
|
||||
s3_routers,
|
||||
# TODO(morganfainberg): Remove the simple_cert router
|
||||
simple_cert_ext]
|
||||
s3_routers]
|
||||
|
||||
|
||||
def fail_gracefully(f):
|
||||
|
|
|
@ -1,74 +0,0 @@
|
|||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
# TODO(morganfainberg): Remove this file and extension in the "O" release as
|
||||
# it is only used in support of the PKI/PKIz token providers.
|
||||
import functools
|
||||
|
||||
import webob
|
||||
|
||||
from keystone.common import controller
|
||||
from keystone.common import json_home
|
||||
from keystone.common import wsgi
|
||||
import keystone.conf
|
||||
from keystone import exception
|
||||
|
||||
|
||||
CONF = keystone.conf.CONF
|
||||
|
||||
build_resource_relation = functools.partial(
|
||||
json_home.build_v3_extension_resource_relation,
|
||||
extension_name='OS-SIMPLE-CERT', extension_version='1.0')
|
||||
|
||||
|
||||
class Routers(wsgi.RoutersBase):
|
||||
|
||||
_path_prefixes = ('OS-SIMPLE-CERT',)
|
||||
|
||||
def _construct_url(self, suffix):
|
||||
return "/OS-SIMPLE-CERT/%s" % suffix
|
||||
|
||||
def append_v3_routers(self, mapper, routers):
|
||||
controller = SimpleCert()
|
||||
|
||||
self._add_resource(
|
||||
mapper, controller,
|
||||
path=self._construct_url('ca'),
|
||||
get_head_action='get_ca_certificate',
|
||||
rel=build_resource_relation(resource_name='ca_certificate'))
|
||||
self._add_resource(
|
||||
mapper, controller,
|
||||
path=self._construct_url('certificates'),
|
||||
get_head_action='list_certificates',
|
||||
rel=build_resource_relation(resource_name='certificates'))
|
||||
|
||||
|
||||
class SimpleCert(controller.V3Controller):
|
||||
|
||||
def _get_certificate(self, name):
|
||||
try:
|
||||
with open(name, 'r') as f:
|
||||
body = f.read()
|
||||
except IOError:
|
||||
raise exception.CertificateFilesUnavailable()
|
||||
|
||||
# NOTE(jamielennox): We construct the webob Response ourselves here so
|
||||
# that we don't pass through the JSON encoding process.
|
||||
headers = [('Content-Type', 'application/x-pem-file')]
|
||||
return webob.Response(body=body, headerlist=headers,
|
||||
status="200 OK", charset='utf-8')
|
||||
|
||||
def get_ca_certificate(self, context):
|
||||
return self._get_certificate(CONF.signing.ca_certs)
|
||||
|
||||
def list_certificates(self, context):
|
||||
return self._get_certificate(CONF.signing.certfile)
|
Loading…
Reference in New Issue