From a4d9a4f13b21fbdd8feacd07085c77602b4123d9 Mon Sep 17 00:00:00 2001
From: Morgan Fainberg <morgan.fainberg@gmail.com>
Date: Tue, 31 Jul 2018 15:05:15 -0700
Subject: [PATCH] Convert OS-REVOKE to flask dispatching

Convert OS-REVOKE to flask dispatching.

Change-Id: I2504d4326b8c35fd6d9a0d929afc7e658e9c14f9
Partial-Bug: #1776504
---
 keystone/api/__init__.py             |  5 +-
 keystone/api/os_revoke.py            | 83 ++++++++++++++++++++++++++++
 keystone/revoke/controllers.py       | 52 -----------------
 keystone/revoke/routers.py           | 31 -----------
 keystone/server/flask/application.py |  4 +-
 5 files changed, 87 insertions(+), 88 deletions(-)
 create mode 100644 keystone/api/os_revoke.py
 delete mode 100644 keystone/revoke/controllers.py
 delete mode 100644 keystone/revoke/routers.py

diff --git a/keystone/api/__init__.py b/keystone/api/__init__.py
index 92a01c2b5a..eb2ae59c8b 100644
--- a/keystone/api/__init__.py
+++ b/keystone/api/__init__.py
@@ -12,7 +12,8 @@
 
 from keystone.api import credentials
 from keystone.api import discovery
+from keystone.api import os_revoke
 from keystone.api import trusts
 
-__all__ = ('discovery', 'credentials', 'trusts')
-__apis__ = (discovery, credentials, trusts)
+__all__ = ('discovery', 'credentials', 'os_revoke', 'trusts')
+__apis__ = (discovery, credentials, os_revoke, trusts)
diff --git a/keystone/api/os_revoke.py b/keystone/api/os_revoke.py
new file mode 100644
index 0000000000..6bcafe7126
--- /dev/null
+++ b/keystone/api/os_revoke.py
@@ -0,0 +1,83 @@
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+# This file handles all flask-restful resources for /v3/OS-REVOKE/events
+
+import functools
+
+import flask
+import flask_restful
+from oslo_utils import timeutils
+
+from keystone.common import json_home
+from keystone.common import provider_api
+from keystone.common import rbac_enforcer
+from keystone import exception
+from keystone.i18n import _
+from keystone.server import flask as ks_flask
+
+
+PROVIDERS = provider_api.ProviderAPIs
+ENFORCER = rbac_enforcer.RBACEnforcer
+
+
+_build_resource_relation = functools.partial(
+    json_home.build_v3_extension_resource_relation,
+    extension_name='OS-REVOKE', extension_version='1.0')
+
+
+class OSRevokeResource(flask_restful.Resource):
+    def get(self):
+        ENFORCER.enforce_call(action='identity:list_revoke_events')
+        since = flask.request.args.get('since')
+        last_fetch = None
+        if since:
+            try:
+                last_fetch = timeutils.normalize_time(
+                    timeutils.parse_isotime(since))
+            except ValueError:
+                raise exception.ValidationError(
+                    message=_('invalidate date format %s') % since)
+        # FIXME(notmorgan): The revocation events cannot have resource options
+        # added to them or lazy-loaded relationships as long as to_dict
+        # is called outside of an active session context. This API is unused
+        # and should be deprecated in the near future. Fix this before adding
+        # resource_options or any lazy-loaded relationships to the revocation
+        # events themselves.
+        events = PROVIDERS.revoke_api.list_events(last_fetch=last_fetch)
+        # Build the links by hand as the standard controller calls require ids
+        response = {'events': [event.to_dict() for event in events],
+                    'links': {
+                        'next': None,
+                        'self': '%s/v3/OS-REVOKE/events' % ks_flask.base_url(),
+                        'previous': None}
+                    }
+        return response
+
+
+class OSRevokeAPI(ks_flask.APIBase):
+    _name = 'events'
+    _import_name = __name__
+    _api_url_prefix = '/OS-REVOKE'
+    resources = []
+    resource_mapping = [
+        ks_flask.construct_resource_map(
+            resource=OSRevokeResource,
+            url='/events',
+            resource_kwargs={},
+            rel='events',
+            resource_relation_func=_build_resource_relation
+        )
+    ]
+
+
+APIs = (OSRevokeAPI,)
diff --git a/keystone/revoke/controllers.py b/keystone/revoke/controllers.py
deleted file mode 100644
index 7b0d5e1770..0000000000
--- a/keystone/revoke/controllers.py
+++ /dev/null
@@ -1,52 +0,0 @@
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from oslo_utils import timeutils
-
-from keystone.common import controller
-from keystone.common import provider_api
-from keystone import exception
-from keystone.i18n import _
-
-
-PROVIDERS = provider_api.ProviderAPIs
-
-
-class RevokeController(controller.V3Controller):
-    @controller.protected()
-    def list_revoke_events(self, request):
-        since = request.params.get('since')
-        last_fetch = None
-        if since:
-            try:
-                last_fetch = timeutils.normalize_time(
-                    timeutils.parse_isotime(since))
-            except ValueError:
-                raise exception.ValidationError(
-                    message=_('invalid date format %s') % since)
-        # FIXME(notmorgan): The revocation events cannot have resource options
-        # added to them or lazy-loaded relationships as long as to_dict
-        # is called outside of an active session context. This API is unused
-        # and should be deprecated in the near future. Fix this before adding
-        # resource_options or any lazy-loaded relationships to the revocation
-        # events themselves.
-        events = PROVIDERS.revoke_api.list_events(last_fetch=last_fetch)
-        # Build the links by hand as the standard controller calls require ids
-        response = {'events': [event.to_dict() for event in events],
-                    'links': {
-                        'next': None,
-                        'self': RevokeController.base_url(
-                            request.context_dict,
-                            path=request.context_dict['path']),
-                        'previous': None}
-                    }
-        return response
diff --git a/keystone/revoke/routers.py b/keystone/revoke/routers.py
deleted file mode 100644
index 735db85ad1..0000000000
--- a/keystone/revoke/routers.py
+++ /dev/null
@@ -1,31 +0,0 @@
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from keystone.common import json_home
-from keystone.common import wsgi
-from keystone.revoke import controllers
-
-
-class Routers(wsgi.RoutersBase):
-
-    PATH_PREFIX = '/OS-REVOKE'
-
-    _path_prefixes = ('OS-REVOKE',)
-
-    def append_v3_routers(self, mapper, routers):
-        revoke_controller = controllers.RevokeController()
-        self._add_resource(
-            mapper, revoke_controller,
-            path=self.PATH_PREFIX + '/events',
-            get_action='list_revoke_events',
-            rel=json_home.build_v3_extension_resource_relation(
-                'OS-REVOKE', '1.0', 'events'))
diff --git a/keystone/server/flask/application.py b/keystone/server/flask/application.py
index c76a6c59df..72caf326fd 100644
--- a/keystone/server/flask/application.py
+++ b/keystone/server/flask/application.py
@@ -38,12 +38,11 @@ from keystone.limit import routers as limit_routers
 from keystone.oauth1 import routers as oauth1_routers
 from keystone.policy import routers as policy_routers
 from keystone.resource import routers as resource_routers
-from keystone.revoke import routers as revoke_routers
 from keystone.token import _simple_cert as simple_cert_ext
 
 # TODO(morgan): _MOVED_API_PREFIXES to be removed when the legacy dispatch
 # support is removed.
-_MOVED_API_PREFIXES = frozenset(['credentials', 'OS-TRUST'])
+_MOVED_API_PREFIXES = frozenset(['credentials', 'OS-REVOKE', 'OS-TRUST'])
 LOG = log.getLogger(__name__)
 
 
@@ -55,7 +54,6 @@ ALL_API_ROUTERS = [auth_routers,
                    limit_routers,
                    policy_routers,
                    resource_routers,
-                   revoke_routers,
                    federation_routers,
                    oauth1_routers,
                    endpoint_policy_routers,