diff --git a/keystone/endpoint_policy/controllers.py b/keystone/endpoint_policy/controllers.py index 9bde3b32d1..52c721ca9d 100644 --- a/keystone/endpoint_policy/controllers.py +++ b/keystone/endpoint_policy/controllers.py @@ -13,9 +13,13 @@ # under the License. from keystone.common import controller +from keystone.common import provider_api from keystone import notifications +PROVIDERS = provider_api.ProviderAPIs + + class EndpointPolicyV3Controller(controller.V3Controller): collection_name = 'endpoints' member_name = 'endpoint' @@ -32,110 +36,112 @@ class EndpointPolicyV3Controller(controller.V3Controller): 'deleted', 'policy', self._on_policy_delete) def _on_endpoint_delete(self, service, resource_type, operation, payload): - self.endpoint_policy_api.delete_association_by_endpoint( + PROVIDERS.endpoint_policy_api.delete_association_by_endpoint( payload['resource_info']) def _on_service_delete(self, service, resource_type, operation, payload): - self.endpoint_policy_api.delete_association_by_service( + PROVIDERS.endpoint_policy_api.delete_association_by_service( payload['resource_info']) def _on_region_delete(self, service, resource_type, operation, payload): - self.endpoint_policy_api.delete_association_by_region( + PROVIDERS.endpoint_policy_api.delete_association_by_region( payload['resource_info']) def _on_policy_delete(self, service, resource_type, operation, payload): - self.endpoint_policy_api.delete_association_by_policy( + PROVIDERS.endpoint_policy_api.delete_association_by_policy( payload['resource_info']) @controller.protected() def create_policy_association_for_endpoint(self, request, policy_id, endpoint_id): """Create an association between a policy and an endpoint.""" - self.policy_api.get_policy(policy_id) - self.catalog_api.get_endpoint(endpoint_id) - self.endpoint_policy_api.create_policy_association( + PROVIDERS.policy_api.get_policy(policy_id) + PROVIDERS.catalog_api.get_endpoint(endpoint_id) + PROVIDERS.endpoint_policy_api.create_policy_association( policy_id, endpoint_id=endpoint_id) @controller.protected() def check_policy_association_for_endpoint(self, request, policy_id, endpoint_id): """Check an association between a policy and an endpoint.""" - self.policy_api.get_policy(policy_id) - self.catalog_api.get_endpoint(endpoint_id) - self.endpoint_policy_api.check_policy_association( + PROVIDERS.policy_api.get_policy(policy_id) + PROVIDERS.catalog_api.get_endpoint(endpoint_id) + PROVIDERS.endpoint_policy_api.check_policy_association( policy_id, endpoint_id=endpoint_id) @controller.protected() def delete_policy_association_for_endpoint(self, request, policy_id, endpoint_id): """Delete an association between a policy and an endpoint.""" - self.policy_api.get_policy(policy_id) - self.catalog_api.get_endpoint(endpoint_id) - self.endpoint_policy_api.delete_policy_association( + PROVIDERS.policy_api.get_policy(policy_id) + PROVIDERS.catalog_api.get_endpoint(endpoint_id) + PROVIDERS.endpoint_policy_api.delete_policy_association( policy_id, endpoint_id=endpoint_id) @controller.protected() def create_policy_association_for_service(self, request, policy_id, service_id): """Create an association between a policy and a service.""" - self.policy_api.get_policy(policy_id) - self.catalog_api.get_service(service_id) - self.endpoint_policy_api.create_policy_association( + PROVIDERS.policy_api.get_policy(policy_id) + PROVIDERS.catalog_api.get_service(service_id) + PROVIDERS.endpoint_policy_api.create_policy_association( policy_id, service_id=service_id) @controller.protected() def check_policy_association_for_service(self, request, policy_id, service_id): """Check an association between a policy and a service.""" - self.policy_api.get_policy(policy_id) - self.catalog_api.get_service(service_id) - self.endpoint_policy_api.check_policy_association( + PROVIDERS.policy_api.get_policy(policy_id) + PROVIDERS.catalog_api.get_service(service_id) + PROVIDERS.endpoint_policy_api.check_policy_association( policy_id, service_id=service_id) @controller.protected() def delete_policy_association_for_service(self, request, policy_id, service_id): """Delete an association between a policy and a service.""" - self.policy_api.get_policy(policy_id) - self.catalog_api.get_service(service_id) - self.endpoint_policy_api.delete_policy_association( + PROVIDERS.policy_api.get_policy(policy_id) + PROVIDERS.catalog_api.get_service(service_id) + PROVIDERS.endpoint_policy_api.delete_policy_association( policy_id, service_id=service_id) @controller.protected() def create_policy_association_for_region_and_service( self, request, policy_id, service_id, region_id): """Create an association between a policy and region+service.""" - self.policy_api.get_policy(policy_id) - self.catalog_api.get_service(service_id) - self.catalog_api.get_region(region_id) - self.endpoint_policy_api.create_policy_association( + PROVIDERS.policy_api.get_policy(policy_id) + PROVIDERS.catalog_api.get_service(service_id) + PROVIDERS.catalog_api.get_region(region_id) + PROVIDERS.endpoint_policy_api.create_policy_association( policy_id, service_id=service_id, region_id=region_id) @controller.protected() def check_policy_association_for_region_and_service( self, request, policy_id, service_id, region_id): """Check an association between a policy and region+service.""" - self.policy_api.get_policy(policy_id) - self.catalog_api.get_service(service_id) - self.catalog_api.get_region(region_id) - self.endpoint_policy_api.check_policy_association( + PROVIDERS.policy_api.get_policy(policy_id) + PROVIDERS.catalog_api.get_service(service_id) + PROVIDERS.catalog_api.get_region(region_id) + PROVIDERS.endpoint_policy_api.check_policy_association( policy_id, service_id=service_id, region_id=region_id) @controller.protected() def delete_policy_association_for_region_and_service( self, request, policy_id, service_id, region_id): """Delete an association between a policy and region+service.""" - self.policy_api.get_policy(policy_id) - self.catalog_api.get_service(service_id) - self.catalog_api.get_region(region_id) - self.endpoint_policy_api.delete_policy_association( + PROVIDERS.policy_api.get_policy(policy_id) + PROVIDERS.catalog_api.get_service(service_id) + PROVIDERS.catalog_api.get_region(region_id) + PROVIDERS.endpoint_policy_api.delete_policy_association( policy_id, service_id=service_id, region_id=region_id) @controller.protected() def get_policy_for_endpoint(self, request, endpoint_id): """Get the effective policy for an endpoint.""" - self.catalog_api.get_endpoint(endpoint_id) - ref = self.endpoint_policy_api.get_policy_for_endpoint(endpoint_id) + PROVIDERS.catalog_api.get_endpoint(endpoint_id) + ref = PROVIDERS.endpoint_policy_api.get_policy_for_endpoint( + endpoint_id + ) # NOTE(henry-nash): since the collection and member for this class is # set to endpoints, we have to handle wrapping this policy entity # ourselves. @@ -159,7 +165,9 @@ class EndpointPolicyV3Controller(controller.V3Controller): @controller.protected() def list_endpoints_for_policy(self, request, policy_id): """List endpoints with the effective association to a policy.""" - self.policy_api.get_policy(policy_id) - refs = self.endpoint_policy_api.list_endpoints_for_policy(policy_id) + PROVIDERS.policy_api.get_policy(policy_id) + refs = PROVIDERS.endpoint_policy_api.list_endpoints_for_policy( + policy_id + ) return EndpointPolicyV3Controller.wrap_collection(request.context_dict, refs) diff --git a/keystone/endpoint_policy/core.py b/keystone/endpoint_policy/core.py index 04c5d4b6e4..7d640cce39 100644 --- a/keystone/endpoint_policy/core.py +++ b/keystone/endpoint_policy/core.py @@ -15,6 +15,7 @@ from oslo_log import log from keystone.common import manager +from keystone.common import provider_api import keystone.conf from keystone import exception from keystone.i18n import _ @@ -22,6 +23,7 @@ from keystone.i18n import _ CONF = keystone.conf.CONF LOG = log.getLogger(__name__) +PROVIDERS = provider_api.ProviderAPIs class Manager(manager.Manager): @@ -84,7 +86,7 @@ class Manager(manager.Manager): def _get_endpoint(endpoint_id, policy_id): try: - return self.catalog_api.get_endpoint(endpoint_id) + return PROVIDERS.catalog_api.get_endpoint(endpoint_id) except exception.EndpointNotFound: msg = ('Endpoint %(endpoint_id)s referenced in ' 'association for policy %(policy_id)s not found.') @@ -151,8 +153,8 @@ class Manager(manager.Manager): return endpoints_found matching_endpoints = [] - endpoints = self.catalog_api.list_endpoints() - regions = self.catalog_api.list_regions() + endpoints = PROVIDERS.catalog_api.list_endpoints() + regions = PROVIDERS.catalog_api.list_regions() for ref in self.list_associations_for_policy(policy_id): if ref.get('endpoint_id') is not None: matching_endpoints.append( @@ -187,7 +189,7 @@ class Manager(manager.Manager): def _get_policy(policy_id, endpoint_id): try: - return self.policy_api.get_policy(policy_id) + return PROVIDERS.policy_api.get_policy(policy_id) except exception.PolicyNotFound: msg = ('Policy %(policy_id)s referenced in association ' 'for endpoint %(endpoint_id)s not found.') @@ -218,7 +220,7 @@ class Manager(manager.Manager): # There wasn't one for that region & service, let's # chase up the region tree regions_examined.append(region_id) - region = self.catalog_api.get_region(region_id) + region = PROVIDERS.catalog_api.get_region(region_id) region_id = None if region.get('parent_region_id') is not None: region_id = region['parent_region_id'] @@ -242,7 +244,7 @@ class Manager(manager.Manager): # There wasn't a policy explicitly defined for this endpoint, so # now let's see if there is one for the Region & Service. - endpoint = self.catalog_api.get_endpoint(endpoint_id) + endpoint = PROVIDERS.catalog_api.get_endpoint(endpoint_id) policy_id = _look_for_policy_for_region_and_service(endpoint) if policy_id is not None: return _get_policy(policy_id, endpoint_id)