openstack/python-keystoneclient
Code Issues Proposed changes
0d43c46ffa
python-keystoneclient/keystoneclient/v3/access_rules.py
Colleen Murphy 6c116ec084 Add support for app cred access rules 
This change adds access_rules as a parameter for creating application
credentials, and also adds the ability to list access rules and to
retrieve and delete individual rules. Directly creating an access rule
or updating one is not supported.

bp whitelist-extension-for-app-creds

Depends-On: https://review.opendev.org/671374
Change-Id: I490f1e6b421d4f36f588f83a511ce39b9b4204e2
2019-08-21 08:21:42 -07:00

119 lines
3.8 KiB
Python
Raw Blame History

# Copyright 2019 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from keystoneclient import base
from keystoneclient import exceptions
from keystoneclient.i18n import _
class AccessRule(base.Resource):
"""Represents an Identity access rule for application credentials.
Attributes:
* id: a uuid that identifies the access rule
* method: The request method that the application credential is
permitted to use for a given API endpoint
* path: The API path that the application credential is permitted to
access
* service: The service type identifier for the service that the
application credential is permitted to access
"""
pass
class AccessRuleManager(base.CrudManager):
"""Manager class for manipulating Identity access rules."""
resource_class = AccessRule
collection_key = 'access_rules'
key = 'access_rule'
def get(self, access_rule, user=None):
"""Retrieve an access rule.
:param access_rule: the access rule to be retrieved from the
server
:type access_rule: str or
:class:`keystoneclient.v3.access_rules.AccessRule`
:param string user: User ID
:returns: the specified access rule
:rtype:
:class:`keystoneclient.v3.access_rules.AccessRule`
"""
user = user or self.client.user_id
self.base_url = '/users/%(user)s' % {'user': user}
return super(AccessRuleManager, self).get(
access_rule_id=base.getid(access_rule))
def list(self, user=None, **kwargs):
"""List access rules.
:param string user: User ID
:returns: a list of access rules
:rtype: list of
:class:`keystoneclient.v3.access_rules.AccessRule`
"""
user = user or self.client.user_id
self.base_url = '/users/%(user)s' % {'user': user}
return super(AccessRuleManager, self).list(**kwargs)
def find(self, user=None, **kwargs):
"""Find an access rule with attributes matching ``**kwargs``.
:param string user: User ID
:returns: a list of matching access rules
:rtype: list of
:class:`keystoneclient.v3.access_rules.AccessRule`
"""
user = user or self.client.user_id
self.base_url = '/users/%(user)s' % {'user': user}
return super(AccessRuleManager, self).find(**kwargs)
def delete(self, access_rule, user=None):
"""Delete an access rule.
:param access_rule: the access rule to be deleted
:type access_rule: str or
:class:`keystoneclient.v3.access_rules.AccessRule`
:param string user: User ID
:returns: response object with 204 status
:rtype: :class:`requests.models.Response`
"""
user = user or self.client.user_id
self.base_url = '/users/%(user)s' % {'user': user}
return super(AccessRuleManager, self).delete(
access_rule_id=base.getid(access_rule))
def update(self):
raise exceptions.MethodNotImplemented(
_('Access rules are immutable, updating is not'
' supported.'))
def create(self):
raise exceptions.MethodNotImplemented(
_('Access rules can only be created as attributes of application '
'credentials.'))
View Git Blame Copy Permalink