Convert OS-REVOKE to flask dispatching
Convert OS-REVOKE to flask dispatching. Change-Id: I2504d4326b8c35fd6d9a0d929afc7e658e9c14f9 Partial-Bug: #1776504
This commit is contained in:
parent
d42e955203
commit
a4d9a4f13b
|
@ -12,7 +12,8 @@
|
||||||
|
|
||||||
from keystone.api import credentials
|
from keystone.api import credentials
|
||||||
from keystone.api import discovery
|
from keystone.api import discovery
|
||||||
|
from keystone.api import os_revoke
|
||||||
from keystone.api import trusts
|
from keystone.api import trusts
|
||||||
|
|
||||||
__all__ = ('discovery', 'credentials', 'trusts')
|
__all__ = ('discovery', 'credentials', 'os_revoke', 'trusts')
|
||||||
__apis__ = (discovery, credentials, trusts)
|
__apis__ = (discovery, credentials, os_revoke, trusts)
|
||||||
|
|
|
@ -0,0 +1,83 @@
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
# This file handles all flask-restful resources for /v3/OS-REVOKE/events
|
||||||
|
|
||||||
|
import functools
|
||||||
|
|
||||||
|
import flask
|
||||||
|
import flask_restful
|
||||||
|
from oslo_utils import timeutils
|
||||||
|
|
||||||
|
from keystone.common import json_home
|
||||||
|
from keystone.common import provider_api
|
||||||
|
from keystone.common import rbac_enforcer
|
||||||
|
from keystone import exception
|
||||||
|
from keystone.i18n import _
|
||||||
|
from keystone.server import flask as ks_flask
|
||||||
|
|
||||||
|
|
||||||
|
PROVIDERS = provider_api.ProviderAPIs
|
||||||
|
ENFORCER = rbac_enforcer.RBACEnforcer
|
||||||
|
|
||||||
|
|
||||||
|
_build_resource_relation = functools.partial(
|
||||||
|
json_home.build_v3_extension_resource_relation,
|
||||||
|
extension_name='OS-REVOKE', extension_version='1.0')
|
||||||
|
|
||||||
|
|
||||||
|
class OSRevokeResource(flask_restful.Resource):
|
||||||
|
def get(self):
|
||||||
|
ENFORCER.enforce_call(action='identity:list_revoke_events')
|
||||||
|
since = flask.request.args.get('since')
|
||||||
|
last_fetch = None
|
||||||
|
if since:
|
||||||
|
try:
|
||||||
|
last_fetch = timeutils.normalize_time(
|
||||||
|
timeutils.parse_isotime(since))
|
||||||
|
except ValueError:
|
||||||
|
raise exception.ValidationError(
|
||||||
|
message=_('invalidate date format %s') % since)
|
||||||
|
# FIXME(notmorgan): The revocation events cannot have resource options
|
||||||
|
# added to them or lazy-loaded relationships as long as to_dict
|
||||||
|
# is called outside of an active session context. This API is unused
|
||||||
|
# and should be deprecated in the near future. Fix this before adding
|
||||||
|
# resource_options or any lazy-loaded relationships to the revocation
|
||||||
|
# events themselves.
|
||||||
|
events = PROVIDERS.revoke_api.list_events(last_fetch=last_fetch)
|
||||||
|
# Build the links by hand as the standard controller calls require ids
|
||||||
|
response = {'events': [event.to_dict() for event in events],
|
||||||
|
'links': {
|
||||||
|
'next': None,
|
||||||
|
'self': '%s/v3/OS-REVOKE/events' % ks_flask.base_url(),
|
||||||
|
'previous': None}
|
||||||
|
}
|
||||||
|
return response
|
||||||
|
|
||||||
|
|
||||||
|
class OSRevokeAPI(ks_flask.APIBase):
|
||||||
|
_name = 'events'
|
||||||
|
_import_name = __name__
|
||||||
|
_api_url_prefix = '/OS-REVOKE'
|
||||||
|
resources = []
|
||||||
|
resource_mapping = [
|
||||||
|
ks_flask.construct_resource_map(
|
||||||
|
resource=OSRevokeResource,
|
||||||
|
url='/events',
|
||||||
|
resource_kwargs={},
|
||||||
|
rel='events',
|
||||||
|
resource_relation_func=_build_resource_relation
|
||||||
|
)
|
||||||
|
]
|
||||||
|
|
||||||
|
|
||||||
|
APIs = (OSRevokeAPI,)
|
|
@ -1,52 +0,0 @@
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
|
|
||||||
from oslo_utils import timeutils
|
|
||||||
|
|
||||||
from keystone.common import controller
|
|
||||||
from keystone.common import provider_api
|
|
||||||
from keystone import exception
|
|
||||||
from keystone.i18n import _
|
|
||||||
|
|
||||||
|
|
||||||
PROVIDERS = provider_api.ProviderAPIs
|
|
||||||
|
|
||||||
|
|
||||||
class RevokeController(controller.V3Controller):
|
|
||||||
@controller.protected()
|
|
||||||
def list_revoke_events(self, request):
|
|
||||||
since = request.params.get('since')
|
|
||||||
last_fetch = None
|
|
||||||
if since:
|
|
||||||
try:
|
|
||||||
last_fetch = timeutils.normalize_time(
|
|
||||||
timeutils.parse_isotime(since))
|
|
||||||
except ValueError:
|
|
||||||
raise exception.ValidationError(
|
|
||||||
message=_('invalid date format %s') % since)
|
|
||||||
# FIXME(notmorgan): The revocation events cannot have resource options
|
|
||||||
# added to them or lazy-loaded relationships as long as to_dict
|
|
||||||
# is called outside of an active session context. This API is unused
|
|
||||||
# and should be deprecated in the near future. Fix this before adding
|
|
||||||
# resource_options or any lazy-loaded relationships to the revocation
|
|
||||||
# events themselves.
|
|
||||||
events = PROVIDERS.revoke_api.list_events(last_fetch=last_fetch)
|
|
||||||
# Build the links by hand as the standard controller calls require ids
|
|
||||||
response = {'events': [event.to_dict() for event in events],
|
|
||||||
'links': {
|
|
||||||
'next': None,
|
|
||||||
'self': RevokeController.base_url(
|
|
||||||
request.context_dict,
|
|
||||||
path=request.context_dict['path']),
|
|
||||||
'previous': None}
|
|
||||||
}
|
|
||||||
return response
|
|
|
@ -1,31 +0,0 @@
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
|
|
||||||
from keystone.common import json_home
|
|
||||||
from keystone.common import wsgi
|
|
||||||
from keystone.revoke import controllers
|
|
||||||
|
|
||||||
|
|
||||||
class Routers(wsgi.RoutersBase):
|
|
||||||
|
|
||||||
PATH_PREFIX = '/OS-REVOKE'
|
|
||||||
|
|
||||||
_path_prefixes = ('OS-REVOKE',)
|
|
||||||
|
|
||||||
def append_v3_routers(self, mapper, routers):
|
|
||||||
revoke_controller = controllers.RevokeController()
|
|
||||||
self._add_resource(
|
|
||||||
mapper, revoke_controller,
|
|
||||||
path=self.PATH_PREFIX + '/events',
|
|
||||||
get_action='list_revoke_events',
|
|
||||||
rel=json_home.build_v3_extension_resource_relation(
|
|
||||||
'OS-REVOKE', '1.0', 'events'))
|
|
|
@ -38,12 +38,11 @@ from keystone.limit import routers as limit_routers
|
||||||
from keystone.oauth1 import routers as oauth1_routers
|
from keystone.oauth1 import routers as oauth1_routers
|
||||||
from keystone.policy import routers as policy_routers
|
from keystone.policy import routers as policy_routers
|
||||||
from keystone.resource import routers as resource_routers
|
from keystone.resource import routers as resource_routers
|
||||||
from keystone.revoke import routers as revoke_routers
|
|
||||||
from keystone.token import _simple_cert as simple_cert_ext
|
from keystone.token import _simple_cert as simple_cert_ext
|
||||||
|
|
||||||
# TODO(morgan): _MOVED_API_PREFIXES to be removed when the legacy dispatch
|
# TODO(morgan): _MOVED_API_PREFIXES to be removed when the legacy dispatch
|
||||||
# support is removed.
|
# support is removed.
|
||||||
_MOVED_API_PREFIXES = frozenset(['credentials', 'OS-TRUST'])
|
_MOVED_API_PREFIXES = frozenset(['credentials', 'OS-REVOKE', 'OS-TRUST'])
|
||||||
LOG = log.getLogger(__name__)
|
LOG = log.getLogger(__name__)
|
||||||
|
|
||||||
|
|
||||||
|
@ -55,7 +54,6 @@ ALL_API_ROUTERS = [auth_routers,
|
||||||
limit_routers,
|
limit_routers,
|
||||||
policy_routers,
|
policy_routers,
|
||||||
resource_routers,
|
resource_routers,
|
||||||
revoke_routers,
|
|
||||||
federation_routers,
|
federation_routers,
|
||||||
oauth1_routers,
|
oauth1_routers,
|
||||||
endpoint_policy_routers,
|
endpoint_policy_routers,
|
||||||
|
|
Loading…
Reference in New Issue