Enable endpoint_policy, endpoint_filter and oauth by default

Include endpoint policy, oauth1 and endpoint filter in the pipeline by default, and automatically migrate the databases. implements bp: replace-extensions Change-Id: Ie12d220da149135755e15873807b4a551b243220
2015-02-08 02:49:10 -05:00 · 2015-02-08 02:49:10 -05:00 · bc6e6bd9f1
commit bc6e6bd9f1
parent 52b0b40535
5 changed files with 144 additions and 6 deletions
--- a/etc/keystone-paste.ini
+++ b/etc/keystone-paste.ini
@ -79,7 +79,7 @@ pipeline = sizelimit url_normalize request_id build_auth_context token_auth admi
 [pipeline:api_v3]
 # The last item in this pipeline must be service_v3 or an equivalent
 # application. It cannot be a filter.
-pipeline = sizelimit url_normalize request_id build_auth_context token_auth admin_token_auth json_body ec2_extension_v3 s3_extension simple_cert_extension revoke_extension federation_extension service_v3
+pipeline = sizelimit url_normalize request_id build_auth_context token_auth admin_token_auth json_body ec2_extension_v3 s3_extension simple_cert_extension revoke_extension federation_extension oauth1_extension endpoint_filter_extension endpoint_policy_extension service_v3

 [app:public_version_service]
 paste.app_factory = keystone.service:public_version_app_factory
--- a/keystone/backends.py
+++ b/keystone/backends.py
@ -17,6 +17,7 @@ from keystone.common import cache
 from keystone.contrib import endpoint_filter
 from keystone.contrib import endpoint_policy
 from keystone.contrib import federation
+from keystone.contrib import oauth1
 from keystone import credential
 from keystone import identity
 from keystone import policy
@ -47,6 +48,7 @@ def load_backends():
        id_generator_api=identity.generator.Manager(),
        id_mapping_api=identity.MappingManager(),
        identity_api=_IDENTITY_API,
+        oauth_api=oauth1.Manager(),
        policy_api=policy.Manager(),
        resource_api=resource.Manager(),
        role_api=assignment.RoleManager(),
--- a/keystone/common/sql/migration_helpers.py
+++ b/keystone/common/sql/migration_helpers.py
@ -34,7 +34,12 @@ from keystone.i18n import _


 CONF = cfg.CONF
-DEFAULT_EXTENSIONS = ['revoke', 'federation']
+DEFAULT_EXTENSIONS = ['endpoint_filter',
+                      'endpoint_policy',
+                      'federation',
+                      'oauth1',
+                      'revoke',
+                      ]


 def get_default_domain():
--- a/keystone/contrib/oauth1/routers.py
+++ b/keystone/contrib/oauth1/routers.py
@ -16,7 +16,6 @@ import functools

 from keystone.common import json_home
 from keystone.common import wsgi
-from keystone.contrib import oauth1
 from keystone.contrib.oauth1 import controllers


@ -65,9 +64,6 @@ class OAuth1Extension(wsgi.V3ExtensionRouter):
    """

    def add_routes(self, mapper):
-        # This is needed for dependency injection,
-        # it loads the OAuth driver which registers it as a dependency.
-        oauth1.Manager()
        consumer_controller = controllers.ConsumerCrudV3()
        access_token_controller = controllers.AccessTokenCrudV3()
        access_token_roles_controller = controllers.AccessTokenRolesV3()
--- a/keystone/tests/unit/test_versions.py
+++ b/keystone/tests/unit/test_versions.py
@ -116,6 +116,18 @@ _build_federation_rel = functools.partial(
    extension_name='OS-FEDERATION',
    extension_version='1.0')

+_build_oauth1_rel = functools.partial(
+    json_home.build_v3_extension_resource_relation,
+    extension_name='OS-OAUTH1', extension_version='1.0')
+
+_build_ep_policy_rel = functools.partial(
+    json_home.build_v3_extension_resource_relation,
+    extension_name='OS-ENDPOINT-POLICY', extension_version='1.0')
+
+_build_ep_filter_rel = functools.partial(
+    json_home.build_v3_extension_resource_relation,
+    extension_name='OS-EP-FILTER', extension_version='1.0')
+
 TRUST_ID_PARAMETER_RELATION = json_home.build_v3_extension_parameter_relation(
    'OS-TRUST', '1.0', 'trust_id')

@ -131,7 +143,27 @@ MAPPING_ID_PARAM_RELATION = json_home.build_v3_extension_parameter_relation(
 SP_ID_PARAMETER_RELATION = json_home.build_v3_extension_parameter_relation(
    'OS-FEDERATION', '1.0', 'sp_id')

+CONSUMER_ID_PARAMETER_RELATION = (
+    json_home.build_v3_extension_parameter_relation(
+        'OS-OAUTH1', '1.0', 'consumer_id'))
+
+REQUEST_TOKEN_ID_PARAMETER_RELATION = (
+    json_home.build_v3_extension_parameter_relation(
+        'OS-OAUTH1', '1.0', 'request_token_id'))
+
+ACCESS_TOKEN_ID_PARAMETER_RELATION = (
+    json_home.build_v3_extension_parameter_relation(
+        'OS-OAUTH1', '1.0', 'access_token_id'))
+
+ENDPOINT_GROUP_ID_PARAMETER_RELATION = (
+    json_home.build_v3_extension_parameter_relation(
+        'OS-EP-FILTER', '1.0', 'endpoint_group_id'))
+
 BASE_IDP_PROTOCOL = '/OS-FEDERATION/identity_providers/{idp_id}/protocols'
+BASE_EP_POLICY = '/policies/{policy_id}/OS-ENDPOINT-POLICY'
+BASE_EP_FILTER = '/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}'
+BASE_ACCESS_TOKEN = (
+    '/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}')

 # TODO(stevemar): Use BASE_IDP_PROTOCOL when bug 1420125 is resolved.
 FEDERATED_AUTH_URL = ('/OS-FEDERATION/identity_providers/{identity_provider}'
@ -355,6 +387,109 @@ V3_JSON_HOME_RESOURCES_INHERIT_DISABLED = {
        'href-vars': {
            'identity_provider': IDP_ID_PARAMETER_RELATION,
            'protocol': PROTOCOL_ID_PARAM_RELATION, }},
+    _build_oauth1_rel(resource_name='access_tokens'): {
+        'href': '/OS-OAUTH1/access_token'},
+    _build_oauth1_rel(resource_name='request_tokens'): {
+        'href': '/OS-OAUTH1/request_token'},
+    _build_oauth1_rel(resource_name='consumers'): {
+        'href': '/OS-OAUTH1/consumers'},
+    _build_oauth1_rel(resource_name='authorize_request_token'):
+    {
+        'href-template': '/OS-OAUTH1/authorize/{request_token_id}',
+        'href-vars': {'request_token_id':
+                      REQUEST_TOKEN_ID_PARAMETER_RELATION, }},
+    _build_oauth1_rel(resource_name='consumer'):
+    {
+        'href-template': '/OS-OAUTH1/consumers/{consumer_id}',
+        'href-vars': {'consumer_id': CONSUMER_ID_PARAMETER_RELATION, }},
+    _build_oauth1_rel(resource_name='user_access_token'):
+    {
+        'href-template': BASE_ACCESS_TOKEN,
+        'href-vars': {'user_id': json_home.Parameters.USER_ID,
+                      'access_token_id':
+                      ACCESS_TOKEN_ID_PARAMETER_RELATION, }},
+    _build_oauth1_rel(resource_name='user_access_tokens'):
+    {
+        'href-template': '/users/{user_id}/OS-OAUTH1/access_tokens',
+        'href-vars': {'user_id': json_home.Parameters.USER_ID, }},
+    _build_oauth1_rel(resource_name='user_access_token_role'):
+    {
+        'href-template': BASE_ACCESS_TOKEN + '/roles/{role_id}',
+        'href-vars': {'user_id': json_home.Parameters.USER_ID,
+                      'role_id': json_home.Parameters.ROLE_ID,
+                      'access_token_id':
+                      ACCESS_TOKEN_ID_PARAMETER_RELATION, }},
+    _build_oauth1_rel(resource_name='user_access_token_roles'):
+    {
+        'href-template': BASE_ACCESS_TOKEN + '/roles',
+        'href-vars': {'user_id': json_home.Parameters.USER_ID,
+                      'access_token_id':
+                      ACCESS_TOKEN_ID_PARAMETER_RELATION, }},
+    _build_ep_policy_rel(resource_name='endpoint_policy'):
+    {
+        'href-template': '/endpoints/{endpoint_id}/OS-ENDPOINT-POLICY/policy',
+        'href-vars': {'endpoint_id': json_home.Parameters.ENDPOINT_ID, }},
+    _build_ep_policy_rel(resource_name='endpoint_policy_association'):
+    {
+        'href-template': BASE_EP_POLICY + '/endpoints/{endpoint_id}',
+        'href-vars': {'endpoint_id': json_home.Parameters.ENDPOINT_ID,
+                      'policy_id': json_home.Parameters.POLICY_ID, }},
+    _build_ep_policy_rel(resource_name='policy_endpoints'):
+    {
+        'href-template': BASE_EP_POLICY + '/endpoints',
+        'href-vars': {'policy_id': json_home.Parameters.POLICY_ID, }},
+    _build_ep_policy_rel(
+        resource_name='region_and_service_policy_association'):
+    {
+        'href-template': (BASE_EP_POLICY +
+                          '/services/{service_id}/regions/{region_id}'),
+        'href-vars': {'policy_id': json_home.Parameters.POLICY_ID,
+                      'service_id': json_home.Parameters.SERVICE_ID,
+                      'region_id': json_home.Parameters.REGION_ID, }},
+    _build_ep_policy_rel(resource_name='service_policy_association'):
+    {
+        'href-template': BASE_EP_POLICY + '/services/{service_id}',
+        'href-vars': {'policy_id': json_home.Parameters.POLICY_ID,
+                      'service_id': json_home.Parameters.SERVICE_ID, }},
+    _build_ep_filter_rel(resource_name='endpoint_group'):
+    {
+        'href-template': '/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}',
+        'href-vars': {'endpoint_group_id':
+                      ENDPOINT_GROUP_ID_PARAMETER_RELATION, }},
+    _build_ep_filter_rel(
+        resource_name='endpoint_group_to_project_association'):
+    {
+        'href-template': BASE_EP_FILTER + '/projects/{project_id}',
+        'href-vars': {'endpoint_group_id':
+                      ENDPOINT_GROUP_ID_PARAMETER_RELATION,
+                      'project_id': json_home.Parameters.PROJECT_ID, }},
+    _build_ep_filter_rel(resource_name='endpoint_groups'):
+    {'href': '/OS-EP-FILTER/endpoint_groups'},
+    _build_ep_filter_rel(resource_name='endpoint_projects'):
+    {
+        'href-template': '/OS-EP-FILTER/endpoints/{endpoint_id}/projects',
+        'href-vars': {'endpoint_id': json_home.Parameters.ENDPOINT_ID, }},
+    _build_ep_filter_rel(resource_name='endpoints_in_endpoint_group'):
+    {
+        'href-template': BASE_EP_FILTER + '/endpoints',
+        'href-vars': {'endpoint_group_id':
+                      ENDPOINT_GROUP_ID_PARAMETER_RELATION, }},
+    _build_ep_filter_rel(resource_name='project_endpoint'):
+    {
+        'href-template': ('/OS-EP-FILTER/projects/{project_id}'
+                          '/endpoints/{endpoint_id}'),
+        'href-vars': {'endpoint_id': json_home.Parameters.ENDPOINT_ID,
+                      'project_id': json_home.Parameters.PROJECT_ID, }},
+    _build_ep_filter_rel(resource_name='project_endpoints'):
+    {
+        'href-template': '/OS-EP-FILTER/projects/{project_id}/endpoints',
+        'href-vars': {'project_id': json_home.Parameters.PROJECT_ID, }},
+    _build_ep_filter_rel(
+        resource_name='projects_associated_with_endpoint_group'):
+    {
+        'href-template': BASE_EP_FILTER + '/projects',
+        'href-vars': {'endpoint_group_id':
+                      ENDPOINT_GROUP_ID_PARAMETER_RELATION, }},
 }