Convert OS-SIMPLE-CERT to flask dispatching

Convert OS-SIMPLE-CERT to flask native dispatching. Change-Id: I7b58c50f1ef870c5966645045efdde2e6c9fd34d Partial-Bug: #1776504
2018-08-06 13:40:13 -07:00 · 2018-08-06 13:40:13 -07:00 · 637990bf71
parent 8eaf0854ff
commit 637990bf71
4 changed files with 103 additions and 82 deletions
--- a/keystone/api/init.py
+++ b/keystone/api/init.py
@ -16,10 +16,30 @@ from keystone.api import limits
 from keystone.api import os_ep_filter
 from keystone.api import os_oauth1
 from keystone.api import os_revoke
+from keystone.api import os_simple_cert
 from keystone.api import registered_limits
 from keystone.api import trusts

-__all__ = ('discovery', 'credentials', 'limits', 'os_ep_filter', 'os_oauth1',
-           'os_revoke', 'registered_limits', 'trusts')
-__apis__ = (discovery, credentials, limits, os_ep_filter, os_oauth1, os_revoke,
-            registered_limits, trusts)
+__all__ = (
+    'discovery',
+    'credentials',
+    'limits',
+    'os_ep_filter',
+    'os_oauth1',
+    'os_revoke',
+    'os_simple_cert',
+    'registered_limits',
+    'trusts',
+)
+
+__apis__ = (
+    discovery,
+    credentials,
+    limits,
+    os_ep_filter,
+    os_oauth1,
+    os_revoke,
+    os_simple_cert,
+    registered_limits,
+    trusts,
+)
--- a/keystone/api/os_simple_cert.py
+++ b/keystone/api/os_simple_cert.py
@ -0,0 +1,77 @@
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+# This file handles all flask-restful resources for /v3/OS-SIMPLE-CERT
+
+import flask
+import flask_restful
+import functools
+from six.moves import http_client
+
+from keystone.common import json_home
+import keystone.conf
+from keystone import exception
+from keystone.server import flask as ks_flask
+
+
+CONF = keystone.conf.CONF
+
+
+_build_resource_relation = functools.partial(
+    json_home.build_v3_extension_resource_relation,
+    extension_name='OS-SIMPLE-CERT', extension_version='1.0')
+
+
+def _get_certificate(name):
+    try:
+        with open(name, 'r') as f:
+            body = f.read()
+    except IOError:
+        raise exception.CertificateFilesUnavailable()
+    resp = flask.make_response(body, http_client.OK)
+    resp.headers['Content-Type'] = 'application/x-pem-file'
+    return resp
+
+
+class SimpleCertCAResource(flask_restful.Resource):
+    @ks_flask.unenforced_api
+    def get(self):
+        return _get_certificate(CONF.signing.ca_certs)
+
+
+class SimpleCertListResource(flask_restful.Resource):
+    @ks_flask.unenforced_api
+    def get(self):
+        return _get_certificate(CONF.signing.certfile)
+
+
+class SimpleCertAPI(ks_flask.APIBase):
+    _name = 'OS-SIMPLE-CERT'
+    _import_name = __name__
+    resources = []
+    resource_mapping = [
+        ks_flask.construct_resource_map(
+            resource=SimpleCertCAResource,
+            url='/OS-SIMPLE-CERT/ca',
+            resource_kwargs={},
+            rel='ca_certificate',
+            resource_relation_func=_build_resource_relation),
+        ks_flask.construct_resource_map(
+            resource=SimpleCertListResource,
+            url='/OS-SIMPLE-CERT/certificates',
+            resource_kwargs={},
+            rel='certificates',
+            resource_relation_func=_build_resource_relation),
+    ]
+
+
+APIs = (SimpleCertAPI,)
--- a/keystone/server/flask/application.py
+++ b/keystone/server/flask/application.py
@ -37,7 +37,6 @@ from keystone.identity import routers as identity_routers
 from keystone.oauth1 import routers as oauth1_routers
 from keystone.policy import routers as policy_routers
 from keystone.resource import routers as resource_routers
-from keystone.token import _simple_cert as simple_cert_ext

 # TODO(morgan): _MOVED_API_PREFIXES to be removed when the legacy dispatch
 # support is removed.
@ -46,6 +45,7 @@ _MOVED_API_PREFIXES = frozenset(
     'OS-OAUTH1',
     'OS-EP-FILTER',
     'OS-REVOKE',
+     'OS-SIMPLE-CERT',
     'OS-TRUST',
     'limits',
     'registered_limits',
@ -66,9 +66,7 @@ ALL_API_ROUTERS = [auth_routers,
                   oauth1_routers,
                   endpoint_policy_routers,
                   ec2_routers,
-                   s3_routers,
-                   # TODO(morganfainberg): Remove the simple_cert router
-                   simple_cert_ext]
+                   s3_routers]


 def fail_gracefully(f):
--- a/keystone/token/_simple_cert.py
+++ b/keystone/token/_simple_cert.py
@ -1,74 +0,0 @@
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-# TODO(morganfainberg): Remove this file and extension in the "O" release as
-# it is only used in support of the PKI/PKIz token providers.
-import functools
-
-import webob
-
-from keystone.common import controller
-from keystone.common import json_home
-from keystone.common import wsgi
-import keystone.conf
-from keystone import exception
-
-
-CONF = keystone.conf.CONF
-
-build_resource_relation = functools.partial(
-    json_home.build_v3_extension_resource_relation,
-    extension_name='OS-SIMPLE-CERT', extension_version='1.0')
-
-
-class Routers(wsgi.RoutersBase):
-
-    _path_prefixes = ('OS-SIMPLE-CERT',)
-
-    def _construct_url(self, suffix):
-        return "/OS-SIMPLE-CERT/%s" % suffix
-
-    def append_v3_routers(self, mapper, routers):
-        controller = SimpleCert()
-
-        self._add_resource(
-            mapper, controller,
-            path=self._construct_url('ca'),
-            get_head_action='get_ca_certificate',
-            rel=build_resource_relation(resource_name='ca_certificate'))
-        self._add_resource(
-            mapper, controller,
-            path=self._construct_url('certificates'),
-            get_head_action='list_certificates',
-            rel=build_resource_relation(resource_name='certificates'))
-
-
-class SimpleCert(controller.V3Controller):
-
-    def _get_certificate(self, name):
-        try:
-            with open(name, 'r') as f:
-                body = f.read()
-        except IOError:
-            raise exception.CertificateFilesUnavailable()
-
-        # NOTE(jamielennox): We construct the webob Response ourselves here so
-        # that we don't pass through the JSON encoding process.
-        headers = [('Content-Type', 'application/x-pem-file')]
-        return webob.Response(body=body, headerlist=headers,
-                              status="200 OK", charset='utf-8')
-
-    def get_ca_certificate(self, context):
-        return self._get_certificate(CONF.signing.ca_certs)
-
-    def list_certificates(self, context):
-        return self._get_certificate(CONF.signing.certfile)