Convert regions API to flask native dispatching

Convert regions API to flask native dispatching. Change-Id: Ic38065441adb33f1f0550a6ae4cb1bd94ff2e079 Partial-Bug: #1776504
2018-08-07 13:35:48 -07:00 · 2018-08-07 13:35:48 -07:00 · 84c074f28c
parent 72b59b0ccb
commit 84c074f28c
5 changed files with 108 additions and 81 deletions
--- a/keystone/api/init.py
+++ b/keystone/api/init.py
@ -17,6 +17,7 @@ from keystone.api import os_ep_filter
 from keystone.api import os_oauth1
 from keystone.api import os_revoke
 from keystone.api import os_simple_cert
+from keystone.api import regions
 from keystone.api import registered_limits
 from keystone.api import trusts

@ -28,6 +29,7 @@ __all__ = (
    'os_oauth1',
    'os_revoke',
    'os_simple_cert',
+    'regions',
    'registered_limits',
    'trusts',
 )
@ -40,6 +42,7 @@ __apis__ = (
    os_oauth1,
    os_revoke,
    os_simple_cert,
+    regions,
    registered_limits,
    trusts,
 )
--- a/keystone/api/regions.py
+++ b/keystone/api/regions.py
@ -0,0 +1,103 @@
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+# This file handles all flask-restful resources for /v3/regions
+
+from six.moves import http_client
+
+from keystone.catalog import schema
+from keystone.common import provider_api
+from keystone.common import rbac_enforcer
+from keystone.common import validation
+from keystone import exception
+from keystone.i18n import _
+from keystone.server import flask as ks_flask
+
+
+ENFORCER = rbac_enforcer.RBACEnforcer
+PROVIDERS = provider_api.ProviderAPIs
+
+
+class RegionResource(ks_flask.ResourceBase):
+    collection_key = 'regions'
+    member_key = 'region'
+
+    def _get_region(self, region_id):
+        ENFORCER.enforce_call(action='identity:get_region')
+        return self.wrap_member(PROVIDERS.catalog_api.get_region(region_id))
+
+    def _list_regions(self):
+        filters = ['parent_region_id']
+        ENFORCER.enforce_call(action='identity:list_regions', filters=filters)
+        hints = self.build_driver_hints(filters)
+        refs = PROVIDERS.catalog_api.list_regions(hints)
+        return self.wrap_collection(refs, hints=hints)
+
+    def get(self, region_id=None):
+        if region_id is not None:
+            return self._get_region(region_id)
+        return self._list_regions()
+
+    def post(self):
+        ENFORCER.enforce_call(action='identity:create_region')
+        region = self.request_body_json.get('region')
+        validation.lazy_validate(schema.region_create, region)
+        region = self._normalize_dict(region)
+        if not region.get('id'):
+            # NOTE(morgan): even though we officially only support 'id' setting
+            # via the PUT mechanism, this is historical and we need to support
+            # both ways.
+            region = self._assign_unique_id(region)
+        ref = PROVIDERS.catalog_api.create_region(
+            region, initiator=self.audit_initiator)
+        return self.wrap_member(ref), http_client.CREATED
+
+    def put(self, region_id):
+        ENFORCER.enforce_call(action='identity:create_region')
+        region = self.request_body_json.get('region')
+        validation.lazy_validate(schema.region_create, region)
+        region = self._normalize_dict(region)
+        if 'id' not in region:
+            region['id'] = region_id
+        elif region_id != region.get('id'):
+            raise exception.ValidationError(
+                _('Conflicting region IDs specified: '
+                  '"%(url_id)s" != "%(ref_id)s"') % {
+                      'url_id': region_id,
+                      'ref_id': region['id']})
+
+        ref = PROVIDERS.catalog_api.create_region(
+            region, initiator=self.audit_initiator)
+        return self.wrap_member(ref), http_client.CREATED
+
+    def patch(self, region_id):
+        ENFORCER.enforce_call(action='identity:update_region')
+        region = self.request_body_json.get('region')
+        validation.lazy_validate(schema.region_update, region)
+        self._require_matching_id(region)
+        return self.wrap_member(PROVIDERS.catalog_api.update_region(
+            region_id, region, initiator=self.audit_initiator))
+
+    def delete(self, region_id):
+        ENFORCER.enforce_call(action='identity:delete_region')
+        return PROVIDERS.catalog_api.delete_region(
+            region_id, initiator=self.audit_initiator), http_client.NO_CONTENT
+
+
+class RegionAPI(ks_flask.APIBase):
+    _name = 'regions'
+    _import_name = __name__
+    resources = [RegionResource]
+    resource_mapping = []
+
+
+APIs = (RegionAPI,)
--- a/keystone/catalog/controllers.py
+++ b/keystone/catalog/controllers.py
@ -13,86 +13,18 @@
 # License for the specific language governing permissions and limitations
 # under the License.

-from six.moves import http_client
-
 from keystone.catalog import schema
 from keystone.common import controller
 from keystone.common import provider_api
 from keystone.common import utils
 from keystone.common import validation
-from keystone.common import wsgi
 from keystone import exception
-from keystone.i18n import _


 INTERFACES = ['public', 'internal', 'admin']
 PROVIDERS = provider_api.ProviderAPIs


-class RegionV3(controller.V3Controller):
-    collection_name = 'regions'
-    member_name = 'region'
-
-    def create_region_with_id(self, request, region_id, region):
-        """Create a region with a user-specified ID.
-
-        This method is unprotected because it depends on ``self.create_region``
-        to enforce policy.
-        """
-        if 'id' in region and region_id != region['id']:
-            raise exception.ValidationError(
-                _('Conflicting region IDs specified: '
-                  '"%(url_id)s" != "%(ref_id)s"') % {
-                      'url_id': region_id,
-                      'ref_id': region['id']})
-        region['id'] = region_id
-        return self.create_region(request, region)
-
-    @controller.protected()
-    def create_region(self, request, region):
-        validation.lazy_validate(schema.region_create, region)
-        ref = self._normalize_dict(region)
-
-        if not ref.get('id'):
-            ref = self._assign_unique_id(ref)
-
-        ref = PROVIDERS.catalog_api.create_region(
-            ref, initiator=request.audit_initiator
-        )
-        return wsgi.render_response(
-            RegionV3.wrap_member(request.context_dict, ref),
-            status=(http_client.CREATED,
-                    http_client.responses[http_client.CREATED]))
-
-    @controller.filterprotected('parent_region_id')
-    def list_regions(self, request, filters):
-        hints = RegionV3.build_driver_hints(request, filters)
-        refs = PROVIDERS.catalog_api.list_regions(hints)
-        return RegionV3.wrap_collection(request.context_dict,
-                                        refs,
-                                        hints=hints)
-
-    @controller.protected()
-    def get_region(self, request, region_id):
-        ref = PROVIDERS.catalog_api.get_region(region_id)
-        return RegionV3.wrap_member(request.context_dict, ref)
-
-    @controller.protected()
-    def update_region(self, request, region_id, region):
-        validation.lazy_validate(schema.region_update, region)
-        self._require_matching_id(region_id, region)
-        ref = PROVIDERS.catalog_api.update_region(
-            region_id, region, initiator=request.audit_initiator
-        )
-        return RegionV3.wrap_member(request.context_dict, ref)
-
-    @controller.protected()
-    def delete_region(self, request, region_id):
-        return PROVIDERS.catalog_api.delete_region(
-            region_id, initiator=request.audit_initiator
-        )
-
-
 class ServiceV3(controller.V3Controller):
    collection_name = 'services'
    member_name = 'service'
--- a/keystone/catalog/routers.py
+++ b/keystone/catalog/routers.py
@ -20,21 +20,9 @@ from keystone.common import wsgi
 class Routers(wsgi.RoutersBase):
    """API for the keystone catalog."""

-    _path_prefixes = ('regions', 'endpoints', 'services')
+    _path_prefixes = ('endpoints', 'services')

    def append_v3_routers(self, mapper, routers):
-        regions_controller = controllers.RegionV3()
-        routers.append(router.Router(regions_controller,
-                                     'regions', 'region',
-                                     resource_descriptions=self.v3_resources))
-
-        # Need to add an additional route to support PUT /regions/{region_id}
-        mapper.connect(
-            '/regions/{region_id}',
-            controller=regions_controller,
-            action='create_region_with_id',
-            conditions=dict(method=['PUT']))
-
        routers.append(router.Router(controllers.ServiceV3(),
                                     'services', 'service',
                                     resource_descriptions=self.v3_resources))
--- a/keystone/server/flask/application.py
+++ b/keystone/server/flask/application.py
@ -48,6 +48,7 @@ _MOVED_API_PREFIXES = frozenset(
     'OS-SIMPLE-CERT',
     'OS-TRUST',
     'limits',
+     'regions',
     'registered_limits',
     ]
 )