Change V3 router classes to use resources
The V3 router classes are changed to use the resource-oriented method to map paths. bp json-home Change-Id: I81957c5b2fc41d6f46e4913afa1073c58a040c45
This commit is contained in:
Brant Knudson
parent
1b7b496a4f
commit
5bb875804d
|
|
@ -66,128 +66,83 @@ class Routers(wsgi.RoutersBase):
|
|||
routers.append(
|
||||
router.Router(project_controller,
|
||||
'projects', 'project'))
|
||||
mapper.connect('/users/{user_id}/projects',
|
||||
controller=project_controller,
|
||||
action='list_user_projects',
|
||||
conditions=dict(method=['GET']))
|
||||
|
||||
self._add_resource(
|
||||
mapper, project_controller,
|
||||
path='/users/{user_id}/projects',
|
||||
get_action='list_user_projects')
|
||||
|
||||
role_controller = controllers.RoleV3()
|
||||
routers.append(router.Router(role_controller, 'roles', 'role'))
|
||||
mapper.connect('/projects/{project_id}/users/{user_id}/roles/'
|
||||
'{role_id}',
|
||||
controller=role_controller,
|
||||
action='create_grant',
|
||||
conditions=dict(method=['PUT']))
|
||||
mapper.connect('/projects/{project_id}/groups/{group_id}/roles/'
|
||||
'{role_id}',
|
||||
controller=role_controller,
|
||||
action='create_grant',
|
||||
conditions=dict(method=['PUT']))
|
||||
mapper.connect('/projects/{project_id}/users/{user_id}/roles/'
|
||||
'{role_id}',
|
||||
controller=role_controller,
|
||||
action='check_grant',
|
||||
conditions=dict(method=['GET', 'HEAD']))
|
||||
mapper.connect('/projects/{project_id}/groups/{group_id}/roles/'
|
||||
'{role_id}',
|
||||
controller=role_controller,
|
||||
action='check_grant',
|
||||
conditions=dict(method=['GET', 'HEAD']))
|
||||
mapper.connect('/projects/{project_id}/users/{user_id}/roles',
|
||||
controller=role_controller,
|
||||
action='list_grants',
|
||||
conditions=dict(method=['GET']))
|
||||
mapper.connect('/projects/{project_id}/groups/{group_id}/roles',
|
||||
controller=role_controller,
|
||||
action='list_grants',
|
||||
conditions=dict(method=['GET']))
|
||||
mapper.connect('/projects/{project_id}/users/{user_id}/roles/'
|
||||
'{role_id}',
|
||||
controller=role_controller,
|
||||
action='revoke_grant',
|
||||
conditions=dict(method=['DELETE']))
|
||||
mapper.connect('/projects/{project_id}/groups/{group_id}/roles/'
|
||||
'{role_id}',
|
||||
controller=role_controller,
|
||||
action='revoke_grant',
|
||||
conditions=dict(method=['DELETE']))
|
||||
mapper.connect('/domains/{domain_id}/users/{user_id}/roles/{role_id}',
|
||||
controller=role_controller,
|
||||
action='create_grant',
|
||||
conditions=dict(method=['PUT']))
|
||||
mapper.connect('/domains/{domain_id}/groups/{group_id}/roles/'
|
||||
'{role_id}',
|
||||
controller=role_controller,
|
||||
action='create_grant',
|
||||
conditions=dict(method=['PUT']))
|
||||
mapper.connect('/domains/{domain_id}/users/{user_id}/roles/{role_id}',
|
||||
controller=role_controller,
|
||||
action='check_grant',
|
||||
conditions=dict(method=['GET', 'HEAD']))
|
||||
mapper.connect('/domains/{domain_id}/groups/{group_id}/roles/'
|
||||
'{role_id}',
|
||||
controller=role_controller,
|
||||
action='check_grant',
|
||||
conditions=dict(method=['GET', 'HEAD']))
|
||||
mapper.connect('/domains/{domain_id}/users/{user_id}/roles',
|
||||
controller=role_controller,
|
||||
action='list_grants',
|
||||
conditions=dict(method=['GET']))
|
||||
mapper.connect('/domains/{domain_id}/groups/{group_id}/roles',
|
||||
controller=role_controller,
|
||||
action='list_grants',
|
||||
conditions=dict(method=['GET']))
|
||||
mapper.connect('/domains/{domain_id}/users/{user_id}/roles/{role_id}',
|
||||
controller=role_controller,
|
||||
action='revoke_grant',
|
||||
conditions=dict(method=['DELETE']))
|
||||
mapper.connect('/domains/{domain_id}/groups/{group_id}/roles/'
|
||||
'{role_id}',
|
||||
controller=role_controller,
|
||||
action='revoke_grant',
|
||||
conditions=dict(method=['DELETE']))
|
||||
routers.append(
|
||||
router.Router(role_controller, 'roles', 'role'))
|
||||
|
||||
self._add_resource(
|
||||
mapper, role_controller,
|
||||
path='/projects/{project_id}/users/{user_id}/roles/{role_id}',
|
||||
get_head_action='check_grant',
|
||||
put_action='create_grant',
|
||||
delete_action='revoke_grant')
|
||||
self._add_resource(
|
||||
mapper, role_controller,
|
||||
path='/projects/{project_id}/groups/{group_id}/roles/{role_id}',
|
||||
get_head_action='check_grant',
|
||||
put_action='create_grant',
|
||||
delete_action='revoke_grant')
|
||||
self._add_resource(
|
||||
mapper, role_controller,
|
||||
path='/projects/{project_id}/users/{user_id}/roles',
|
||||
get_action='list_grants')
|
||||
self._add_resource(
|
||||
mapper, role_controller,
|
||||
path='/projects/{project_id}/groups/{group_id}/roles',
|
||||
get_action='list_grants')
|
||||
self._add_resource(
|
||||
mapper, role_controller,
|
||||
path='/domains/{domain_id}/users/{user_id}/roles/{role_id}',
|
||||
get_head_action='check_grant',
|
||||
put_action='create_grant',
|
||||
delete_action='revoke_grant')
|
||||
self._add_resource(
|
||||
mapper, role_controller,
|
||||
path='/domains/{domain_id}/groups/{group_id}/roles/{role_id}',
|
||||
get_head_action='check_grant',
|
||||
put_action='create_grant',
|
||||
delete_action='revoke_grant')
|
||||
self._add_resource(
|
||||
mapper, role_controller,
|
||||
path='/domains/{domain_id}/users/{user_id}/roles',
|
||||
get_action='list_grants')
|
||||
self._add_resource(
|
||||
mapper, role_controller,
|
||||
path='/domains/{domain_id}/groups/{group_id}/roles',
|
||||
get_action='list_grants')
|
||||
|
||||
if config.CONF.os_inherit.enabled:
|
||||
mapper.connect(('/OS-INHERIT/domains/{domain_id}/users/{user_id}'
|
||||
'/roles/{role_id}/inherited_to_projects'),
|
||||
controller=role_controller,
|
||||
action='create_grant',
|
||||
conditions=dict(method=['PUT']))
|
||||
mapper.connect(('/OS-INHERIT/domains/{domain_id}/groups/{group_id}'
|
||||
'/roles/{role_id}/inherited_to_projects'),
|
||||
controller=role_controller,
|
||||
action='create_grant',
|
||||
conditions=dict(method=['PUT']))
|
||||
mapper.connect(('/OS-INHERIT/domains/{domain_id}/users/{user_id}'
|
||||
'/roles/{role_id}/inherited_to_projects'),
|
||||
controller=role_controller,
|
||||
action='check_grant',
|
||||
conditions=dict(method=['GET', 'HEAD']))
|
||||
mapper.connect(('/OS-INHERIT/domains/{domain_id}/groups/{group_id}'
|
||||
'/roles/{role_id}/inherited_to_projects'),
|
||||
controller=role_controller,
|
||||
action='check_grant',
|
||||
conditions=dict(method=['GET', 'HEAD']))
|
||||
mapper.connect(('/OS-INHERIT/domains/{domain_id}/users/{user_id}'
|
||||
'/roles/inherited_to_projects'),
|
||||
controller=role_controller,
|
||||
action='list_grants',
|
||||
conditions=dict(method=['GET']))
|
||||
mapper.connect(('/OS-INHERIT/domains/{domain_id}/groups/{group_id}'
|
||||
'/roles/inherited_to_projects'),
|
||||
controller=role_controller,
|
||||
action='list_grants',
|
||||
conditions=dict(method=['GET']))
|
||||
mapper.connect(('/OS-INHERIT/domains/{domain_id}/users/{user_id}'
|
||||
'/roles/{role_id}/inherited_to_projects'),
|
||||
controller=role_controller,
|
||||
action='revoke_grant',
|
||||
conditions=dict(method=['DELETE']))
|
||||
mapper.connect(('/OS-INHERIT/domains/{domain_id}/groups/{group_id}'
|
||||
'/roles/{role_id}/inherited_to_projects'),
|
||||
controller=role_controller,
|
||||
action='revoke_grant',
|
||||
conditions=dict(method=['DELETE']))
|
||||
routers.append(
|
||||
router.Router(controllers.RoleAssignmentV3(),
|
||||
'role_assignments', 'role_assignment'))
|
||||
|
||||
if config.CONF.os_inherit.enabled:
|
||||
self._add_resource(
|
||||
mapper, role_controller,
|
||||
path='/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/'
|
||||
'{role_id}/inherited_to_projects',
|
||||
get_head_action='check_grant',
|
||||
put_action='create_grant',
|
||||
delete_action='revoke_grant')
|
||||
self._add_resource(
|
||||
mapper, role_controller,
|
||||
path='/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/'
|
||||
'{role_id}/inherited_to_projects',
|
||||
get_head_action='check_grant',
|
||||
put_action='create_grant',
|
||||
delete_action='revoke_grant')
|
||||
self._add_resource(
|
||||
mapper, role_controller,
|
||||
path='/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/'
|
||||
'inherited_to_projects',
|
||||
get_action='list_grants')
|
||||
self._add_resource(
|
||||
mapper, role_controller,
|
||||
path='/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/'
|
||||
'inherited_to_projects',
|
||||
get_action='list_grants')
|
||||
|
|
|
|||
|
|
@ -21,27 +21,19 @@ class Routers(wsgi.RoutersBase):
|
|||
def append_v3_routers(self, mapper, routers):
|
||||
auth_controller = controllers.Auth()
|
||||
|
||||
mapper.connect('/auth/tokens',
|
||||
controller=auth_controller,
|
||||
action='authenticate_for_token',
|
||||
conditions=dict(method=['POST']))
|
||||
# NOTE(morganfainberg): For policy enforcement reasons, the
|
||||
# ``validate_token_head`` method is still used for HEAD requests.
|
||||
# The controller method makes the same call as the validate_token
|
||||
# call and lets wsgi.render_response remove the body data.
|
||||
mapper.connect('/auth/tokens',
|
||||
controller=auth_controller,
|
||||
action='check_token',
|
||||
conditions=dict(method=['HEAD']))
|
||||
mapper.connect('/auth/tokens',
|
||||
controller=auth_controller,
|
||||
action='revoke_token',
|
||||
conditions=dict(method=['DELETE']))
|
||||
mapper.connect('/auth/tokens',
|
||||
controller=auth_controller,
|
||||
action='validate_token',
|
||||
conditions=dict(method=['GET']))
|
||||
mapper.connect('/auth/tokens/OS-PKI/revoked',
|
||||
controller=auth_controller,
|
||||
action='revocation_list',
|
||||
conditions=dict(method=['GET']))
|
||||
self._add_resource(
|
||||
mapper, auth_controller,
|
||||
path='/auth/tokens',
|
||||
get_action='validate_token',
|
||||
head_action='check_token',
|
||||
post_action='authenticate_for_token',
|
||||
delete_action='revoke_token')
|
||||
|
||||
self._add_resource(
|
||||
mapper, auth_controller,
|
||||
path='/auth/tokens/OS-PKI/revoked',
|
||||
get_action='revocation_list')
|
||||
|
|
|
|||
|
|
@ -36,8 +36,7 @@ class Routers(wsgi.RoutersBase):
|
|||
routers.append(router.Router(controllers.EndpointV3(),
|
||||
'endpoints', 'endpoint'))
|
||||
|
||||
mapper.connect(
|
||||
'/catalog',
|
||||
controller=controllers.CatalogV3(),
|
||||
action='get_catalog',
|
||||
conditions=dict(method=['GET']))
|
||||
self._add_resource(
|
||||
mapper, controllers.CatalogV3(),
|
||||
path='/catalog',
|
||||
get_action='get_catalog')
|
||||
|
|
|
|||
|
|
@ -34,36 +34,30 @@ class Routers(wsgi.RoutersBase):
|
|||
routers.append(
|
||||
router.Router(user_controller,
|
||||
'users', 'user'))
|
||||
mapper.connect('/users/{user_id}/password',
|
||||
controller=user_controller,
|
||||
action='change_password',
|
||||
conditions=dict(method=['POST']))
|
||||
|
||||
mapper.connect('/groups/{group_id}/users',
|
||||
controller=user_controller,
|
||||
action='list_users_in_group',
|
||||
conditions=dict(method=['GET']))
|
||||
self._add_resource(
|
||||
mapper, user_controller,
|
||||
path='/users/{user_id}/password',
|
||||
post_action='change_password')
|
||||
|
||||
mapper.connect('/groups/{group_id}/users/{user_id}',
|
||||
controller=user_controller,
|
||||
action='add_user_to_group',
|
||||
conditions=dict(method=['PUT']))
|
||||
self._add_resource(
|
||||
mapper, user_controller,
|
||||
path='/groups/{group_id}/users',
|
||||
get_action='list_users_in_group')
|
||||
|
||||
mapper.connect('/groups/{group_id}/users/{user_id}',
|
||||
controller=user_controller,
|
||||
action='check_user_in_group',
|
||||
conditions=dict(method=['GET', 'HEAD']))
|
||||
|
||||
mapper.connect('/groups/{group_id}/users/{user_id}',
|
||||
controller=user_controller,
|
||||
action='remove_user_from_group',
|
||||
conditions=dict(method=['DELETE']))
|
||||
self._add_resource(
|
||||
mapper, user_controller,
|
||||
path='/groups/{group_id}/users/{user_id}',
|
||||
put_action='add_user_to_group',
|
||||
get_head_action='check_user_in_group',
|
||||
delete_action='remove_user_from_group')
|
||||
|
||||
group_controller = controllers.GroupV3()
|
||||
routers.append(
|
||||
router.Router(group_controller,
|
||||
'groups', 'group'))
|
||||
mapper.connect('/users/{user_id}/groups',
|
||||
controller=group_controller,
|
||||
action='list_groups_for_user',
|
||||
conditions=dict(method=['GET']))
|
||||
|
||||
self._add_resource(
|
||||
mapper, group_controller,
|
||||
path='/users/{user_id}/groups',
|
||||
get_action='list_groups_for_user')
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@
|
|||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
"""WSGI Routers for the Identity service."""
|
||||
"""WSGI Routers for the Trust service."""
|
||||
|
||||
from keystone.common import wsgi
|
||||
from keystone.trust import controllers
|
||||
|
|
@ -22,32 +22,21 @@ class Routers(wsgi.RoutersBase):
|
|||
def append_v3_routers(self, mapper, routers):
|
||||
trust_controller = controllers.TrustV3()
|
||||
|
||||
mapper.connect('/OS-TRUST/trusts',
|
||||
controller=trust_controller,
|
||||
action='create_trust',
|
||||
conditions=dict(method=['POST']))
|
||||
|
||||
mapper.connect('/OS-TRUST/trusts',
|
||||
controller=trust_controller,
|
||||
action='list_trusts',
|
||||
conditions=dict(method=['GET']))
|
||||
|
||||
mapper.connect('/OS-TRUST/trusts/{trust_id}',
|
||||
controller=trust_controller,
|
||||
action='delete_trust',
|
||||
conditions=dict(method=['DELETE']))
|
||||
|
||||
mapper.connect('/OS-TRUST/trusts/{trust_id}',
|
||||
controller=trust_controller,
|
||||
action='get_trust',
|
||||
conditions=dict(method=['GET']))
|
||||
|
||||
mapper.connect('/OS-TRUST/trusts/{trust_id}/roles',
|
||||
controller=trust_controller,
|
||||
action='list_roles_for_trust',
|
||||
conditions=dict(method=['GET']))
|
||||
|
||||
mapper.connect('/OS-TRUST/trusts/{trust_id}/roles/{role_id}',
|
||||
controller=trust_controller,
|
||||
action='get_role_for_trust',
|
||||
conditions=dict(method=['GET', 'HEAD']))
|
||||
self._add_resource(
|
||||
mapper, trust_controller,
|
||||
path='/OS-TRUST/trusts',
|
||||
get_action='list_trusts',
|
||||
post_action='create_trust')
|
||||
self._add_resource(
|
||||
mapper, trust_controller,
|
||||
path='/OS-TRUST/trusts/{trust_id}',
|
||||
get_action='get_trust',
|
||||
delete_action='delete_trust')
|
||||
self._add_resource(
|
||||
mapper, trust_controller,
|
||||
path='/OS-TRUST/trusts/{trust_id}/roles',
|
||||
get_action='list_roles_for_trust')
|
||||
self._add_resource(
|
||||
mapper, trust_controller,
|
||||
path='/OS-TRUST/trusts/{trust_id}/roles/{role_id}',
|
||||
get_head_action='get_role_for_trust')
|
||||
|
|
|
|||
Loading…
Reference in New Issue