Add API for /v3/access_rules_config
Add Flask resources for access rules config. This exposes listing all configured access rules or filtering by service type, which users can use to be informed about what rules are valid. It does not expose the ability to check a rule against the configured list, which is only used internally. This API is deliberately unprotected. bp whitelist-extension-for-app-creds Change-Id: I9e25087b2ddb6e76e39eb62893378678a5cbc03c
This commit is contained in:
parent
4d42e48ba2
commit
8d31705806
|
@ -10,6 +10,7 @@
|
||||||
# License for the specific language governing permissions and limitations
|
# License for the specific language governing permissions and limitations
|
||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
|
from keystone.api import access_rules_config
|
||||||
from keystone.api import auth
|
from keystone.api import auth
|
||||||
from keystone.api import credentials
|
from keystone.api import credentials
|
||||||
from keystone.api import discovery
|
from keystone.api import discovery
|
||||||
|
@ -38,6 +39,7 @@ from keystone.api import trusts
|
||||||
from keystone.api import users
|
from keystone.api import users
|
||||||
|
|
||||||
__all__ = (
|
__all__ = (
|
||||||
|
'access_rules_config',
|
||||||
'auth',
|
'auth',
|
||||||
'discovery',
|
'discovery',
|
||||||
'credentials',
|
'credentials',
|
||||||
|
@ -68,6 +70,7 @@ __all__ = (
|
||||||
|
|
||||||
__apis__ = (
|
__apis__ = (
|
||||||
discovery,
|
discovery,
|
||||||
|
access_rules_config,
|
||||||
auth,
|
auth,
|
||||||
credentials,
|
credentials,
|
||||||
domains,
|
domains,
|
||||||
|
|
|
@ -0,0 +1,51 @@
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
# This file handles all flask-restful resources for /v3/access_rules_config
|
||||||
|
|
||||||
|
from keystone.common import provider_api
|
||||||
|
import keystone.conf
|
||||||
|
from keystone.server import flask as ks_flask
|
||||||
|
|
||||||
|
|
||||||
|
CONF = keystone.conf.CONF
|
||||||
|
PROVIDERS = provider_api.ProviderAPIs
|
||||||
|
|
||||||
|
|
||||||
|
class AccessRulesConfigResource(ks_flask.ResourceBase):
|
||||||
|
collection_key = 'access_rules_config'
|
||||||
|
|
||||||
|
@ks_flask.unenforced_api
|
||||||
|
def get(self, service=None):
|
||||||
|
"""List all access rules config.
|
||||||
|
|
||||||
|
GET/HEAD /v3/access_rules_config
|
||||||
|
"""
|
||||||
|
refs = PROVIDERS.access_rules_config_api.list_access_rules_config(
|
||||||
|
service=service)
|
||||||
|
return refs
|
||||||
|
|
||||||
|
|
||||||
|
class AccessRulesConfigAPI(ks_flask.APIBase):
|
||||||
|
_name = 'access_rules_config'
|
||||||
|
_import_name = __name__
|
||||||
|
resources = []
|
||||||
|
resource_mapping = [
|
||||||
|
ks_flask.construct_resource_map(
|
||||||
|
resource=AccessRulesConfigResource,
|
||||||
|
url='/access_rules_config',
|
||||||
|
resource_kwargs={},
|
||||||
|
rel='access_rules_config')
|
||||||
|
]
|
||||||
|
|
||||||
|
|
||||||
|
APIs = (AccessRulesConfigAPI,)
|
|
@ -0,0 +1,41 @@
|
||||||
|
# Copyright 2019 SUSE Linux GmbH
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
from six.moves import http_client
|
||||||
|
|
||||||
|
from keystone.tests import unit
|
||||||
|
from keystone.tests.unit.ksfixtures import access_rules_config
|
||||||
|
from keystone.tests.unit import test_v3
|
||||||
|
|
||||||
|
|
||||||
|
class AccessRulesConfigTestCase(test_v3.RestfulTestCase):
|
||||||
|
"""Test list operation for access rules config."""
|
||||||
|
|
||||||
|
def setUp(self):
|
||||||
|
super(AccessRulesConfigTestCase, self).setUp()
|
||||||
|
rules_file = '%s/access_rules.json' % unit.TESTCONF
|
||||||
|
self.useFixture(access_rules_config.AccessRulesConfig(
|
||||||
|
self.config_fixture, rules_file=rules_file))
|
||||||
|
self.load_backends()
|
||||||
|
|
||||||
|
def test_list_access_rules_config(self):
|
||||||
|
with self.test_client() as c:
|
||||||
|
token = self.get_scoped_token()
|
||||||
|
resp = c.get('/v3/access_rules_config',
|
||||||
|
expected_status_code=http_client.OK,
|
||||||
|
headers={'X-Auth-Token': token})
|
||||||
|
self.assertIn("identity", resp.json)
|
||||||
|
self.assertIn("image", resp.json)
|
||||||
|
self.assertIn("block-storage", resp.json)
|
||||||
|
self.assertIn("compute", resp.json)
|
|
@ -641,7 +641,9 @@ V3_JSON_HOME_RESOURCES = {
|
||||||
'href-template': APPLICATION_CREDENTIAL,
|
'href-template': APPLICATION_CREDENTIAL,
|
||||||
'href-vars': {
|
'href-vars': {
|
||||||
'application_credential_id': APPLICATION_CREDENTIAL_RELATION,
|
'application_credential_id': APPLICATION_CREDENTIAL_RELATION,
|
||||||
'user_id': json_home.build_v3_parameter_relation('user_id')}}
|
'user_id': json_home.build_v3_parameter_relation('user_id')}},
|
||||||
|
json_home.build_v3_resource_relation('access_rules_config'): {
|
||||||
|
'href': '/access_rules_config'},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue