OpenStack Identity (Keystone)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

controllers.py 7.1KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160
  1. # Copyright 2014 IBM Corp.
  2. #
  3. # Licensed under the Apache License, Version 2.0 (the "License"); you may
  4. # not use this file except in compliance with the License. You may obtain
  5. # a copy of the License at
  6. #
  7. # http://www.apache.org/licenses/LICENSE-2.0
  8. #
  9. # Unless required by applicable law or agreed to in writing, software
  10. # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  11. # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
  12. # License for the specific language governing permissions and limitations
  13. # under the License.
  14. from keystone.common import controller
  15. from keystone.common import provider_api
  16. from keystone import notifications
  17. PROVIDERS = provider_api.ProviderAPIs
  18. class EndpointPolicyV3Controller(controller.V3Controller):
  19. collection_name = 'endpoints'
  20. member_name = 'endpoint'
  21. def __init__(self):
  22. super(EndpointPolicyV3Controller, self).__init__()
  23. notifications.register_event_callback(
  24. 'deleted', 'endpoint', self._on_endpoint_delete)
  25. notifications.register_event_callback(
  26. 'deleted', 'service', self._on_service_delete)
  27. notifications.register_event_callback(
  28. 'deleted', 'region', self._on_region_delete)
  29. notifications.register_event_callback(
  30. 'deleted', 'policy', self._on_policy_delete)
  31. def _on_endpoint_delete(self, service, resource_type, operation, payload):
  32. PROVIDERS.endpoint_policy_api.delete_association_by_endpoint(
  33. payload['resource_info'])
  34. def _on_service_delete(self, service, resource_type, operation, payload):
  35. PROVIDERS.endpoint_policy_api.delete_association_by_service(
  36. payload['resource_info'])
  37. def _on_region_delete(self, service, resource_type, operation, payload):
  38. PROVIDERS.endpoint_policy_api.delete_association_by_region(
  39. payload['resource_info'])
  40. def _on_policy_delete(self, service, resource_type, operation, payload):
  41. PROVIDERS.endpoint_policy_api.delete_association_by_policy(
  42. payload['resource_info'])
  43. @controller.protected()
  44. def create_policy_association_for_endpoint(self, request,
  45. policy_id, endpoint_id):
  46. """Create an association between a policy and an endpoint."""
  47. PROVIDERS.policy_api.get_policy(policy_id)
  48. PROVIDERS.catalog_api.get_endpoint(endpoint_id)
  49. PROVIDERS.endpoint_policy_api.create_policy_association(
  50. policy_id, endpoint_id=endpoint_id)
  51. @controller.protected()
  52. def check_policy_association_for_endpoint(self, request,
  53. policy_id, endpoint_id):
  54. """Check an association between a policy and an endpoint."""
  55. PROVIDERS.policy_api.get_policy(policy_id)
  56. PROVIDERS.catalog_api.get_endpoint(endpoint_id)
  57. PROVIDERS.endpoint_policy_api.check_policy_association(
  58. policy_id, endpoint_id=endpoint_id)
  59. @controller.protected()
  60. def delete_policy_association_for_endpoint(self, request,
  61. policy_id, endpoint_id):
  62. """Delete an association between a policy and an endpoint."""
  63. PROVIDERS.policy_api.get_policy(policy_id)
  64. PROVIDERS.catalog_api.get_endpoint(endpoint_id)
  65. PROVIDERS.endpoint_policy_api.delete_policy_association(
  66. policy_id, endpoint_id=endpoint_id)
  67. @controller.protected()
  68. def create_policy_association_for_service(self, request,
  69. policy_id, service_id):
  70. """Create an association between a policy and a service."""
  71. PROVIDERS.policy_api.get_policy(policy_id)
  72. PROVIDERS.catalog_api.get_service(service_id)
  73. PROVIDERS.endpoint_policy_api.create_policy_association(
  74. policy_id, service_id=service_id)
  75. @controller.protected()
  76. def check_policy_association_for_service(self, request,
  77. policy_id, service_id):
  78. """Check an association between a policy and a service."""
  79. PROVIDERS.policy_api.get_policy(policy_id)
  80. PROVIDERS.catalog_api.get_service(service_id)
  81. PROVIDERS.endpoint_policy_api.check_policy_association(
  82. policy_id, service_id=service_id)
  83. @controller.protected()
  84. def delete_policy_association_for_service(self, request,
  85. policy_id, service_id):
  86. """Delete an association between a policy and a service."""
  87. PROVIDERS.policy_api.get_policy(policy_id)
  88. PROVIDERS.catalog_api.get_service(service_id)
  89. PROVIDERS.endpoint_policy_api.delete_policy_association(
  90. policy_id, service_id=service_id)
  91. @controller.protected()
  92. def create_policy_association_for_region_and_service(
  93. self, request, policy_id, service_id, region_id):
  94. """Create an association between a policy and region+service."""
  95. PROVIDERS.policy_api.get_policy(policy_id)
  96. PROVIDERS.catalog_api.get_service(service_id)
  97. PROVIDERS.catalog_api.get_region(region_id)
  98. PROVIDERS.endpoint_policy_api.create_policy_association(
  99. policy_id, service_id=service_id, region_id=region_id)
  100. @controller.protected()
  101. def check_policy_association_for_region_and_service(
  102. self, request, policy_id, service_id, region_id):
  103. """Check an association between a policy and region+service."""
  104. PROVIDERS.policy_api.get_policy(policy_id)
  105. PROVIDERS.catalog_api.get_service(service_id)
  106. PROVIDERS.catalog_api.get_region(region_id)
  107. PROVIDERS.endpoint_policy_api.check_policy_association(
  108. policy_id, service_id=service_id, region_id=region_id)
  109. @controller.protected()
  110. def delete_policy_association_for_region_and_service(
  111. self, request, policy_id, service_id, region_id):
  112. """Delete an association between a policy and region+service."""
  113. PROVIDERS.policy_api.get_policy(policy_id)
  114. PROVIDERS.catalog_api.get_service(service_id)
  115. PROVIDERS.catalog_api.get_region(region_id)
  116. PROVIDERS.endpoint_policy_api.delete_policy_association(
  117. policy_id, service_id=service_id, region_id=region_id)
  118. # NOTE(henry-nash): As in the catalog controller, we must ensure that the
  119. # legacy_endpoint_id does not escape.
  120. @classmethod
  121. def filter_endpoint(cls, ref):
  122. if 'legacy_endpoint_id' in ref:
  123. ref.pop('legacy_endpoint_id')
  124. return ref
  125. @classmethod
  126. def wrap_member(cls, context, ref):
  127. ref = cls.filter_endpoint(ref)
  128. return super(EndpointPolicyV3Controller, cls).wrap_member(context, ref)
  129. @controller.protected()
  130. def list_endpoints_for_policy(self, request, policy_id):
  131. """List endpoints with the effective association to a policy."""
  132. PROVIDERS.policy_api.get_policy(policy_id)
  133. refs = PROVIDERS.endpoint_policy_api.list_endpoints_for_policy(
  134. policy_id
  135. )
  136. return EndpointPolicyV3Controller.wrap_collection(request.context_dict,
  137. refs)