OpenStack Identity (Keystone)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

os_ep_filter.py 13KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303
  1. # Licensed under the Apache License, Version 2.0 (the "License"); you may
  2. # not use this file except in compliance with the License. You may obtain
  3. # a copy of the License at
  4. #
  5. # http://www.apache.org/licenses/LICENSE-2.0
  6. #
  7. # Unless required by applicable law or agreed to in writing, software
  8. # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  9. # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
  10. # License for the specific language governing permissions and limitations
  11. # under the License.
  12. # This file handles all flask-restful resources for /OS-EP-FILTER
  13. import flask_restful
  14. import functools
  15. from six.moves import http_client
  16. from keystone.api import endpoints as _endpoints_api
  17. from keystone.catalog import schema
  18. from keystone.common import json_home
  19. from keystone.common import provider_api
  20. from keystone.common import rbac_enforcer
  21. from keystone.common import validation
  22. from keystone import exception
  23. from keystone.i18n import _
  24. from keystone.server import flask as ks_flask
  25. ENFORCER = rbac_enforcer.RBACEnforcer
  26. PROVIDERS = provider_api.ProviderAPIs
  27. _build_resource_relation = functools.partial(
  28. json_home.build_v3_extension_resource_relation,
  29. extension_name='OS-EP-FILTER', extension_version='1.0')
  30. _build_parameter_relation = functools.partial(
  31. json_home.build_v3_extension_parameter_relation,
  32. extension_name='OS-EP-FILTER', extension_version='1.0')
  33. _ENDPOINT_GROUP_PARAMETER_RELATION = _build_parameter_relation(
  34. parameter_name='endpoint_group_id')
  35. # NOTE(morgan): This is shared from keystone.api.endpoint, this is a special
  36. # case where cross-api code is used. This pattern should not be replicated.
  37. _filter_endpoint = _endpoints_api._filter_endpoint
  38. class EndpointGroupsResource(ks_flask.ResourceBase):
  39. collection_key = 'endpoint_groups'
  40. member_key = 'endpoint_group'
  41. api_prefix = '/OS-EP-FILTER'
  42. json_home_resource_rel_func = _build_resource_relation
  43. json_home_parameter_rel_func = _build_parameter_relation
  44. @staticmethod
  45. def _require_valid_filter(endpoint_group):
  46. valid_filter_keys = ['service_id', 'region_id', 'interface']
  47. filters = endpoint_group.get('filters')
  48. for key in filters.keys():
  49. if key not in valid_filter_keys:
  50. raise exception.ValidationError(
  51. attribute=' or '.join(valid_filter_keys),
  52. target='endpoint_group')
  53. def _get_endpoint_group(self, endpoint_group_id):
  54. ENFORCER.enforce_call(action='identity:get_endpoint_group')
  55. return self.wrap_member(
  56. PROVIDERS.catalog_api.get_endpoint_group(endpoint_group_id))
  57. def _list_endpoint_groups(self):
  58. ENFORCER.enforce_call(action='identity:list_endpoint_groups')
  59. return self.wrap_collection(
  60. PROVIDERS.catalog_api.list_endpoint_groups())
  61. def get(self, endpoint_group_id=None):
  62. if endpoint_group_id is not None:
  63. return self._get_endpoint_group(endpoint_group_id)
  64. return self._list_endpoint_groups()
  65. def post(self):
  66. ENFORCER.enforce_call(action='identity:create_endpoint_group')
  67. ep_group = self.request_body_json.get('endpoint_group', {})
  68. validation.lazy_validate(schema.endpoint_group_create, ep_group)
  69. if not ep_group.get('filters'):
  70. # TODO(morgan): Make this not require substitution. Substitution is
  71. # done here due to String Freeze in the Rocky release.
  72. msg = _('%s field is required and cannot be empty') % 'filters'
  73. raise exception.ValidationError(message=msg)
  74. self._require_valid_filter(ep_group)
  75. ep_group = self._assign_unique_id(ep_group)
  76. return self.wrap_member(PROVIDERS.catalog_api.create_endpoint_group(
  77. ep_group['id'], ep_group)), http_client.CREATED
  78. def patch(self, endpoint_group_id):
  79. ENFORCER.enforce_call(action='identity:update_endpoint_group')
  80. ep_group = self.request_body_json.get('endpoint_group', {})
  81. validation.lazy_validate(schema.endpoint_group_update, ep_group)
  82. if 'filters' in ep_group:
  83. self._require_valid_filter(ep_group)
  84. self._require_matching_id(ep_group)
  85. return self.wrap_member(PROVIDERS.catalog_api.update_endpoint_group(
  86. endpoint_group_id, ep_group))
  87. def delete(self, endpoint_group_id):
  88. ENFORCER.enforce_call(action='identity:delete_endpoint_group')
  89. return (PROVIDERS.catalog_api.delete_endpoint_group(endpoint_group_id),
  90. http_client.NO_CONTENT)
  91. class EPFilterEndpointProjectsResource(flask_restful.Resource):
  92. def get(self, endpoint_id):
  93. """"Return a list of projects associated with the endpoint."""
  94. ENFORCER.enforce_call(action='identity:list_projects_for_endpoint')
  95. PROVIDERS.catalog_api.get_endpoint(endpoint_id)
  96. refs = PROVIDERS.catalog_api.list_projects_for_endpoint(endpoint_id)
  97. projects = [PROVIDERS.resource_api.get_project(ref['project_id'])
  98. for ref in refs]
  99. return ks_flask.ResourceBase.wrap_collection(
  100. projects, collection_name='projects')
  101. class EPFilterProjectsEndpointsResource(flask_restful.Resource):
  102. def get(self, project_id, endpoint_id):
  103. ENFORCER.enforce_call(action='identity:check_endpoint_in_project')
  104. PROVIDERS.catalog_api.get_endpoint(endpoint_id)
  105. PROVIDERS.resource_api.get_project(project_id)
  106. PROVIDERS.catalog_api.check_endpoint_in_project(
  107. endpoint_id, project_id)
  108. return None, http_client.NO_CONTENT
  109. def put(self, project_id, endpoint_id):
  110. ENFORCER.enforce_call(action='identity:add_endpoint_to_project')
  111. PROVIDERS.catalog_api.get_endpoint(endpoint_id)
  112. PROVIDERS.resource_api.get_project(project_id)
  113. PROVIDERS.catalog_api.add_endpoint_to_project(endpoint_id, project_id)
  114. return None, http_client.NO_CONTENT
  115. def delete(self, project_id, endpoint_id):
  116. ENFORCER.enforce_call(action='identity:remove_endpoint_from_project')
  117. return (PROVIDERS.catalog_api.remove_endpoint_from_project(
  118. endpoint_id, project_id), http_client.NO_CONTENT)
  119. class EPFilterProjectEndpointsListResource(flask_restful.Resource):
  120. def get(self, project_id):
  121. ENFORCER.enforce_call(action='identity:list_endpoints_for_project')
  122. PROVIDERS.resource_api.get_project(project_id)
  123. filtered_endpoints = PROVIDERS.catalog_api.list_endpoints_for_project(
  124. project_id)
  125. return ks_flask.ResourceBase.wrap_collection(
  126. [_filter_endpoint(v) for v in filtered_endpoints.values()],
  127. collection_name='endpoints')
  128. class EndpointFilterProjectEndpointGroupsListResource(flask_restful.Resource):
  129. def get(self, project_id):
  130. ENFORCER.enforce_call(
  131. action='identity:list_endpoint_groups_for_project')
  132. return EndpointGroupsResource.wrap_collection(
  133. PROVIDERS.catalog_api.get_endpoint_groups_for_project(project_id))
  134. class EndpointFilterEPGroupsProjects(flask_restful.Resource):
  135. def get(self, endpoint_group_id):
  136. ENFORCER.enforce_call(
  137. action='identity:list_projects_associated_with_endpoint_group')
  138. endpoint_group_refs = (PROVIDERS.catalog_api.
  139. list_projects_associated_with_endpoint_group(
  140. endpoint_group_id))
  141. projects = []
  142. for endpoint_group_ref in endpoint_group_refs:
  143. project = PROVIDERS.resource_api.get_project(
  144. endpoint_group_ref['project_id'])
  145. if project:
  146. projects.append(project)
  147. return ks_flask.ResourceBase.wrap_collection(
  148. projects, collection_name='projects')
  149. class EndpointFilterEPGroupsEndpoints(flask_restful.Resource):
  150. def get(self, endpoint_group_id):
  151. ENFORCER.enforce_call(
  152. action='identity:list_endpoints_associated_with_endpoint_group')
  153. filtered_endpoints = (PROVIDERS.catalog_api.
  154. get_endpoints_filtered_by_endpoint_group(
  155. endpoint_group_id))
  156. return ks_flask.ResourceBase.wrap_collection(
  157. [_filter_endpoint(e) for e in filtered_endpoints],
  158. collection_name='endpoints')
  159. class EPFilterGroupsProjectsResource(ks_flask.ResourceBase):
  160. collection_key = 'project_endpoint_groups'
  161. member_key = 'project_endpoint_group'
  162. @classmethod
  163. def _add_self_referential_link(cls, ref, collection_name=None):
  164. url = ('/OS-EP-FILTER/endpoint_groups/%(endpoint_group_id)s'
  165. '/projects/%(project_id)s' % {
  166. 'endpoint_group_id': ref['endpoint_group_id'],
  167. 'project_id': ref['project_id']})
  168. ref.setdefault('links', {})
  169. ref['links']['self'] = url
  170. def get(self, endpoint_group_id, project_id):
  171. ENFORCER.enforce_call(action='identity:get_endpoint_group_in_project')
  172. PROVIDERS.resource_api.get_project(project_id)
  173. PROVIDERS.catalog_api.get_endpoint_group(endpoint_group_id)
  174. ref = PROVIDERS.catalog_api.get_endpoint_group_in_project(
  175. endpoint_group_id, project_id)
  176. return self.wrap_member(ref)
  177. def put(self, endpoint_group_id, project_id):
  178. ENFORCER.enforce_call(action='identity:add_endpoint_group_to_project')
  179. PROVIDERS.resource_api.get_project(project_id)
  180. PROVIDERS.catalog_api.get_endpoint_group(endpoint_group_id)
  181. PROVIDERS.catalog_api.add_endpoint_group_to_project(
  182. endpoint_group_id, project_id)
  183. return None, http_client.NO_CONTENT
  184. def delete(self, endpoint_group_id, project_id):
  185. ENFORCER.enforce_call(
  186. action='identity:remove_endpoint_group_from_project')
  187. PROVIDERS.resource_api.get_project(project_id)
  188. PROVIDERS.catalog_api.get_endpoint_group(endpoint_group_id)
  189. PROVIDERS.catalog_api.remove_endpoint_group_from_project(
  190. endpoint_group_id, project_id)
  191. return None, http_client.NO_CONTENT
  192. class EPFilterAPI(ks_flask.APIBase):
  193. _name = 'OS-EP-FILTER'
  194. _import_name = __name__
  195. _api_url_prefix = '/OS-EP-FILTER'
  196. resources = [EndpointGroupsResource]
  197. resource_mapping = [
  198. ks_flask.construct_resource_map(
  199. resource=EPFilterEndpointProjectsResource,
  200. url='/endpoints/<string:endpoint_id>/projects',
  201. resource_kwargs={},
  202. rel='endpoint_projects',
  203. resource_relation_func=_build_resource_relation,
  204. path_vars={
  205. 'endpoint_id': json_home.Parameters.ENDPOINT_ID
  206. }),
  207. ks_flask.construct_resource_map(
  208. resource=EPFilterProjectsEndpointsResource,
  209. url='/projects/<string:project_id>/endpoints/<string:endpoint_id>',
  210. resource_kwargs={},
  211. rel='project_endpoint',
  212. resource_relation_func=_build_resource_relation,
  213. path_vars={
  214. 'endpoint_id': json_home.Parameters.ENDPOINT_ID,
  215. 'project_id': json_home.Parameters.PROJECT_ID}),
  216. ks_flask.construct_resource_map(
  217. resource=EPFilterProjectEndpointsListResource,
  218. url='/projects/<string:project_id>/endpoints',
  219. resource_kwargs={},
  220. rel='project_endpoints',
  221. resource_relation_func=_build_resource_relation,
  222. path_vars={'project_id': json_home.Parameters.PROJECT_ID}),
  223. ks_flask.construct_resource_map(
  224. resource=EndpointFilterProjectEndpointGroupsListResource,
  225. url='/projects/<string:project_id>/endpoint_groups',
  226. resource_kwargs={},
  227. rel='project_endpoint_groups',
  228. resource_relation_func=_build_resource_relation,
  229. path_vars={'project_id': json_home.Parameters.PROJECT_ID}),
  230. ks_flask.construct_resource_map(
  231. resource=EndpointFilterEPGroupsEndpoints,
  232. url='/endpoint_groups/<string:endpoint_group_id>/endpoints',
  233. resource_kwargs={},
  234. rel='endpoints_in_endpoint_group',
  235. resource_relation_func=_build_resource_relation,
  236. path_vars={
  237. 'endpoint_group_id': _ENDPOINT_GROUP_PARAMETER_RELATION}),
  238. ks_flask.construct_resource_map(
  239. resource=EndpointFilterEPGroupsProjects,
  240. url='/endpoint_groups/<string:endpoint_group_id>/projects',
  241. resource_kwargs={},
  242. rel='projects_associated_with_endpoint_group',
  243. resource_relation_func=_build_resource_relation,
  244. path_vars={
  245. 'endpoint_group_id': _ENDPOINT_GROUP_PARAMETER_RELATION}),
  246. ks_flask.construct_resource_map(
  247. resource=EPFilterGroupsProjectsResource,
  248. url=('/endpoint_groups/<string:endpoint_group_id>/projects/'
  249. '<string:project_id>'),
  250. resource_kwargs={},
  251. rel='endpoint_group_to_project_association',
  252. resource_relation_func=_build_resource_relation,
  253. path_vars={'project_id': json_home.Parameters.PROJECT_ID,
  254. 'endpoint_group_id': _ENDPOINT_GROUP_PARAMETER_RELATION
  255. }),
  256. ]
  257. APIs = (EPFilterAPI,)