"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "keystone/api/os_inherit.py" between
keystone-16.0.1.tar.gz and keystone-17.0.0.tar.gz

About: OpenStack Keystone (Core Service: Identity) provides an authentication and authorization service for other OpenStack services. Provides a catalog of endpoints for all OpenStack services.
The "Ussuri" series (latest release).

os_inherit.py  (keystone-16.0.1):os_inherit.py  (keystone-17.0.0)
skipping to change at line 17 skipping to change at line 17
# Unless required by applicable law or agreed to in writing, software # Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations # License for the specific language governing permissions and limitations
# under the License. # under the License.
# This file handles all flask-restful resources for /v3/OS-INHERIT # This file handles all flask-restful resources for /v3/OS-INHERIT
import flask_restful import flask_restful
import functools import functools
import http.client
from oslo_log import log from oslo_log import log
from six.moves import http_client
from keystone.api._shared import json_home_relations from keystone.api._shared import json_home_relations
from keystone.common import json_home from keystone.common import json_home
from keystone.common import provider_api from keystone.common import provider_api
from keystone.common import rbac_enforcer from keystone.common import rbac_enforcer
from keystone import exception from keystone import exception
from keystone.server import flask as ks_flask from keystone.server import flask as ks_flask
ENFORCER = rbac_enforcer.RBACEnforcer ENFORCER = rbac_enforcer.RBACEnforcer
PROVIDERS = provider_api.ProviderAPIs PROVIDERS = provider_api.ProviderAPIs
skipping to change at line 118 skipping to change at line 118
""" """
ENFORCER.enforce_call( ENFORCER.enforce_call(
action='identity:check_grant', action='identity:check_grant',
build_target=functools.partial(_build_enforcement_target_attr, build_target=functools.partial(_build_enforcement_target_attr,
domain_id=domain_id, domain_id=domain_id,
group_id=group_id, group_id=group_id,
role_id=role_id)) role_id=role_id))
PROVIDERS.assignment_api.get_grant( PROVIDERS.assignment_api.get_grant(
domain_id=domain_id, group_id=group_id, role_id=role_id, domain_id=domain_id, group_id=group_id, role_id=role_id,
inherited_to_projects=True) inherited_to_projects=True)
return None, http_client.NO_CONTENT return None, http.client.NO_CONTENT
def put(self, domain_id, group_id, role_id): def put(self, domain_id, group_id, role_id):
"""Create an inherited grant for a group on a domain. """Create an inherited grant for a group on a domain.
PUT /OS-INHERIT/domains/{domain_id}/groups/{group_id} PUT /OS-INHERIT/domains/{domain_id}/groups/{group_id}
/roles/{role_id}/inherited_to_projects /roles/{role_id}/inherited_to_projects
""" """
ENFORCER.enforce_call( ENFORCER.enforce_call(
action='identity:create_grant', action='identity:create_grant',
build_target=functools.partial(_build_enforcement_target_attr, build_target=functools.partial(_build_enforcement_target_attr,
domain_id=domain_id, domain_id=domain_id,
group_id=group_id, group_id=group_id,
role_id=role_id)) role_id=role_id))
PROVIDERS.assignment_api.create_grant( PROVIDERS.assignment_api.create_grant(
domain_id=domain_id, group_id=group_id, role_id=role_id, domain_id=domain_id, group_id=group_id, role_id=role_id,
inherited_to_projects=True) inherited_to_projects=True)
return None, http_client.NO_CONTENT return None, http.client.NO_CONTENT
def delete(self, domain_id, group_id, role_id): def delete(self, domain_id, group_id, role_id):
"""Revoke an inherited grant for a group on a domain. """Revoke an inherited grant for a group on a domain.
DELETE /OS-INHERIT/domains/{domain_id}/groups/{group_id} DELETE /OS-INHERIT/domains/{domain_id}/groups/{group_id}
/roles/{role_id}/inherited_to_projects /roles/{role_id}/inherited_to_projects
""" """
ENFORCER.enforce_call( ENFORCER.enforce_call(
action='identity:revoke_grant', action='identity:revoke_grant',
build_target=functools.partial(_build_enforcement_target_attr, build_target=functools.partial(_build_enforcement_target_attr,
domain_id=domain_id, domain_id=domain_id,
group_id=group_id, group_id=group_id,
role_id=role_id)) role_id=role_id))
PROVIDERS.assignment_api.delete_grant( PROVIDERS.assignment_api.delete_grant(
domain_id=domain_id, group_id=group_id, role_id=role_id, domain_id=domain_id, group_id=group_id, role_id=role_id,
inherited_to_projects=True) inherited_to_projects=True)
return None, http_client.NO_CONTENT return None, http.client.NO_CONTENT
class OSInheritDomainGroupRolesListResource(flask_restful.Resource): class OSInheritDomainGroupRolesListResource(flask_restful.Resource):
def get(self, domain_id, group_id): def get(self, domain_id, group_id):
"""List roles (inherited) for a group on a domain. """List roles (inherited) for a group on a domain.
GET/HEAD /OS-INHERIT/domains/{domain_id}/groups/{group_id} GET/HEAD /OS-INHERIT/domains/{domain_id}/groups/{group_id}
/roles/inherited_to_projects /roles/inherited_to_projects
""" """
ENFORCER.enforce_call( ENFORCER.enforce_call(
action='identity:list_grants', action='identity:list_grants',
skipping to change at line 187 skipping to change at line 187
""" """
ENFORCER.enforce_call( ENFORCER.enforce_call(
action='identity:check_grant', action='identity:check_grant',
build_target=functools.partial(_build_enforcement_target_attr, build_target=functools.partial(_build_enforcement_target_attr,
domain_id=domain_id, domain_id=domain_id,
user_id=user_id, user_id=user_id,
role_id=role_id)) role_id=role_id))
PROVIDERS.assignment_api.get_grant( PROVIDERS.assignment_api.get_grant(
domain_id=domain_id, user_id=user_id, role_id=role_id, domain_id=domain_id, user_id=user_id, role_id=role_id,
inherited_to_projects=True) inherited_to_projects=True)
return None, http_client.NO_CONTENT return None, http.client.NO_CONTENT
def put(self, domain_id, user_id, role_id): def put(self, domain_id, user_id, role_id):
"""Create an inherited grant for a user on a domain. """Create an inherited grant for a user on a domain.
PUT /OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/{role_id} PUT /OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/{role_id}
/inherited_to_projects /inherited_to_projects
""" """
ENFORCER.enforce_call( ENFORCER.enforce_call(
action='identity:create_grant', action='identity:create_grant',
build_target=functools.partial(_build_enforcement_target_attr, build_target=functools.partial(_build_enforcement_target_attr,
domain_id=domain_id, domain_id=domain_id,
user_id=user_id, user_id=user_id,
role_id=role_id)) role_id=role_id))
PROVIDERS.assignment_api.create_grant( PROVIDERS.assignment_api.create_grant(
domain_id=domain_id, user_id=user_id, role_id=role_id, domain_id=domain_id, user_id=user_id, role_id=role_id,
inherited_to_projects=True) inherited_to_projects=True)
return None, http_client.NO_CONTENT return None, http.client.NO_CONTENT
def delete(self, domain_id, user_id, role_id): def delete(self, domain_id, user_id, role_id):
"""Revoke a grant from a user on a domain. """Revoke a grant from a user on a domain.
DELETE /OS-INHERIT/domains/{domain_id}/users/{user_id}/roles DELETE /OS-INHERIT/domains/{domain_id}/users/{user_id}/roles
/{role_id}/inherited_to_projects /{role_id}/inherited_to_projects
""" """
ENFORCER.enforce_call( ENFORCER.enforce_call(
action='identity:revoke_grant', action='identity:revoke_grant',
build_target=functools.partial(_build_enforcement_target_attr, build_target=functools.partial(_build_enforcement_target_attr,
domain_id=domain_id, domain_id=domain_id,
user_id=user_id, user_id=user_id,
role_id=role_id)) role_id=role_id))
PROVIDERS.assignment_api.delete_grant( PROVIDERS.assignment_api.delete_grant(
domain_id=domain_id, user_id=user_id, role_id=role_id, domain_id=domain_id, user_id=user_id, role_id=role_id,
inherited_to_projects=True) inherited_to_projects=True)
return None, http_client.NO_CONTENT return None, http.client.NO_CONTENT
class OSInheritDomainUserRolesListResource(flask_restful.Resource): class OSInheritDomainUserRolesListResource(flask_restful.Resource):
def get(self, domain_id, user_id): def get(self, domain_id, user_id):
"""List roles (inherited) for a user on a domain. """List roles (inherited) for a user on a domain.
GET/HEAD /OS-INHERIT/domains/{domain_id}/users/{user_id} GET/HEAD /OS-INHERIT/domains/{domain_id}/users/{user_id}
/roles/inherited_to_projects /roles/inherited_to_projects
""" """
ENFORCER.enforce_call( ENFORCER.enforce_call(
action='identity:list_grants', action='identity:list_grants',
skipping to change at line 256 skipping to change at line 256
""" """
ENFORCER.enforce_call( ENFORCER.enforce_call(
action='identity:check_grant', action='identity:check_grant',
build_target=functools.partial(_build_enforcement_target_attr, build_target=functools.partial(_build_enforcement_target_attr,
project_id=project_id, project_id=project_id,
user_id=user_id, user_id=user_id,
role_id=role_id)) role_id=role_id))
PROVIDERS.assignment_api.get_grant( PROVIDERS.assignment_api.get_grant(
project_id=project_id, user_id=user_id, role_id=role_id, project_id=project_id, user_id=user_id, role_id=role_id,
inherited_to_projects=True) inherited_to_projects=True)
return None, http_client.NO_CONTENT return None, http.client.NO_CONTENT
def put(self, project_id, user_id, role_id): def put(self, project_id, user_id, role_id):
"""Create an inherited grant for a user on a project. """Create an inherited grant for a user on a project.
PUT /OS-INHERIT/projects/{project_id}/users/{user_id} PUT /OS-INHERIT/projects/{project_id}/users/{user_id}
/roles/{role_id}/inherited_to_projects /roles/{role_id}/inherited_to_projects
""" """
ENFORCER.enforce_call( ENFORCER.enforce_call(
action='identity:create_grant', action='identity:create_grant',
build_target=functools.partial(_build_enforcement_target_attr, build_target=functools.partial(_build_enforcement_target_attr,
project_id=project_id, project_id=project_id,
user_id=user_id, user_id=user_id,
role_id=role_id)) role_id=role_id))
PROVIDERS.assignment_api.create_grant( PROVIDERS.assignment_api.create_grant(
project_id=project_id, user_id=user_id, role_id=role_id, project_id=project_id, user_id=user_id, role_id=role_id,
inherited_to_projects=True) inherited_to_projects=True)
return None, http_client.NO_CONTENT return None, http.client.NO_CONTENT
def delete(self, project_id, user_id, role_id): def delete(self, project_id, user_id, role_id):
"""Revoke an inherited grant for a user on a project. """Revoke an inherited grant for a user on a project.
DELETE /OS-INHERIT/projects/{project_id}/users/{user_id} DELETE /OS-INHERIT/projects/{project_id}/users/{user_id}
/roles/{role_id}/inherited_to_projects /roles/{role_id}/inherited_to_projects
""" """
ENFORCER.enforce_call( ENFORCER.enforce_call(
action='identity:revoke_grant', action='identity:revoke_grant',
build_target=functools.partial(_build_enforcement_target_attr, build_target=functools.partial(_build_enforcement_target_attr,
project_id=project_id, project_id=project_id,
user_id=user_id, user_id=user_id,
role_id=role_id)) role_id=role_id))
PROVIDERS.assignment_api.delete_grant( PROVIDERS.assignment_api.delete_grant(
project_id=project_id, user_id=user_id, role_id=role_id, project_id=project_id, user_id=user_id, role_id=role_id,
inherited_to_projects=True) inherited_to_projects=True)
return None, http_client.NO_CONTENT return None, http.client.NO_CONTENT
class OSInheritProjectGroupResource(flask_restful.Resource): class OSInheritProjectGroupResource(flask_restful.Resource):
def get(self, project_id, group_id, role_id): def get(self, project_id, group_id, role_id):
"""Check for an inherited grant for a group on a project. """Check for an inherited grant for a group on a project.
GET/HEAD /OS-INHERIT/projects/{project_id}/groups/{group_id} GET/HEAD /OS-INHERIT/projects/{project_id}/groups/{group_id}
/roles/{role_id}/inherited_to_projects /roles/{role_id}/inherited_to_projects
""" """
ENFORCER.enforce_call( ENFORCER.enforce_call(
action='identity:check_grant', action='identity:check_grant',
build_target=functools.partial(_build_enforcement_target_attr, build_target=functools.partial(_build_enforcement_target_attr,
project_id=project_id, project_id=project_id,
group_id=group_id, group_id=group_id,
role_id=role_id)) role_id=role_id))
PROVIDERS.assignment_api.get_grant( PROVIDERS.assignment_api.get_grant(
project_id=project_id, group_id=group_id, role_id=role_id, project_id=project_id, group_id=group_id, role_id=role_id,
inherited_to_projects=True) inherited_to_projects=True)
return None, http_client.NO_CONTENT return None, http.client.NO_CONTENT
def put(self, project_id, group_id, role_id): def put(self, project_id, group_id, role_id):
"""Create an inherited grant for a group on a project. """Create an inherited grant for a group on a project.
PUT /OS-INHERIT/projects/{project_id}/groups/{group_id} PUT /OS-INHERIT/projects/{project_id}/groups/{group_id}
/roles/{role_id}/inherited_to_projects /roles/{role_id}/inherited_to_projects
""" """
ENFORCER.enforce_call( ENFORCER.enforce_call(
action='identity:create_grant', action='identity:create_grant',
build_target=functools.partial(_build_enforcement_target_attr, build_target=functools.partial(_build_enforcement_target_attr,
project_id=project_id, project_id=project_id,
group_id=group_id, group_id=group_id,
role_id=role_id)) role_id=role_id))
PROVIDERS.assignment_api.create_grant( PROVIDERS.assignment_api.create_grant(
project_id=project_id, group_id=group_id, role_id=role_id, project_id=project_id, group_id=group_id, role_id=role_id,
inherited_to_projects=True) inherited_to_projects=True)
return None, http_client.NO_CONTENT return None, http.client.NO_CONTENT
def delete(self, project_id, group_id, role_id): def delete(self, project_id, group_id, role_id):
"""Revoke an inherited grant for a group on a project. """Revoke an inherited grant for a group on a project.
DELETE /OS-INHERIT/projects/{project_id}/groups/{group_id} DELETE /OS-INHERIT/projects/{project_id}/groups/{group_id}
/roles/{role_id}/inherited_to_projects /roles/{role_id}/inherited_to_projects
""" """
ENFORCER.enforce_call( ENFORCER.enforce_call(
action='identity:revoke_grant', action='identity:revoke_grant',
build_target=functools.partial(_build_enforcement_target_attr, build_target=functools.partial(_build_enforcement_target_attr,
project_id=project_id, project_id=project_id,
group_id=group_id, group_id=group_id,
role_id=role_id)) role_id=role_id))
PROVIDERS.assignment_api.delete_grant( PROVIDERS.assignment_api.delete_grant(
project_id=project_id, group_id=group_id, role_id=role_id, project_id=project_id, group_id=group_id, role_id=role_id,
inherited_to_projects=True) inherited_to_projects=True)
return None, http_client.NO_CONTENT return None, http.client.NO_CONTENT
class OSInheritAPI(ks_flask.APIBase): class OSInheritAPI(ks_flask.APIBase):
_name = "OS-INHERIT" _name = "OS-INHERIT"
_import_name = __name__ _import_name = __name__
_api_url_prefix = '/OS-INHERIT' _api_url_prefix = '/OS-INHERIT'
resources = [] resources = []
resource_mapping = [ resource_mapping = [
ks_flask.construct_resource_map( ks_flask.construct_resource_map(
resource=OSInheritDomainGroupRolesResource, resource=OSInheritDomainGroupRolesResource,
url=('/domains/<string:domain_id>/groups/<string:group_id>/roles' url=('/domains/<string:domain_id>/groups/<string:group_id>/roles'
 End of changes. 14 change blocks. 
13 lines changed or deleted 13 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)