"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "keystone/api/policy.py" between
keystone-16.0.1.tar.gz and keystone-17.0.0.tar.gz

About: OpenStack Keystone (Core Service: Identity) provides an authentication and authorization service for other OpenStack services. Provides a catalog of endpoints for all OpenStack services.
The "Ussuri" series (latest release).

policy.py  (keystone-16.0.1):policy.py  (keystone-17.0.0)
skipping to change at line 16 skipping to change at line 16
# #
# Unless required by applicable law or agreed to in writing, software # Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations # License for the specific language governing permissions and limitations
# under the License. # under the License.
# This file handles all flask-restful resources for /policy # This file handles all flask-restful resources for /policy
import flask_restful import flask_restful
import http.client
from oslo_log import versionutils from oslo_log import versionutils
from six.moves import http_client
from keystone.api._shared import json_home_relations from keystone.api._shared import json_home_relations
from keystone.common import json_home from keystone.common import json_home
from keystone.common import provider_api from keystone.common import provider_api
from keystone.common import rbac_enforcer from keystone.common import rbac_enforcer
from keystone.common import validation from keystone.common import validation
from keystone.policy import schema from keystone.policy import schema
from keystone.server import flask as ks_flask from keystone.server import flask as ks_flask
ENFORCER = rbac_enforcer.RBACEnforcer ENFORCER = rbac_enforcer.RBACEnforcer
skipping to change at line 74 skipping to change at line 74
) )
def post(self): def post(self):
ENFORCER.enforce_call(action='identity:create_policy') ENFORCER.enforce_call(action='identity:create_policy')
policy_body = self.request_body_json.get('policy', {}) policy_body = self.request_body_json.get('policy', {})
validation.lazy_validate(schema.policy_create, policy_body) validation.lazy_validate(schema.policy_create, policy_body)
policy = self._assign_unique_id(self._normalize_dict(policy_body)) policy = self._assign_unique_id(self._normalize_dict(policy_body))
ref = PROVIDERS.policy_api.create_policy( ref = PROVIDERS.policy_api.create_policy(
policy['id'], policy, initiator=self.audit_initiator policy['id'], policy, initiator=self.audit_initiator
) )
return self.wrap_member(ref), http_client.CREATED return self.wrap_member(ref), http.client.CREATED
@versionutils.deprecated( @versionutils.deprecated(
as_of=versionutils.deprecated.QUEENS, as_of=versionutils.deprecated.QUEENS,
what='identity:update_policy of the v3 Policy APIs' what='identity:update_policy of the v3 Policy APIs'
) )
def patch(self, policy_id): def patch(self, policy_id):
ENFORCER.enforce_call(action='identity:update_policy') ENFORCER.enforce_call(action='identity:update_policy')
policy_body = self.request_body_json.get('policy', {}) policy_body = self.request_body_json.get('policy', {})
validation.lazy_validate(schema.policy_update, policy_body) validation.lazy_validate(schema.policy_update, policy_body)
skipping to change at line 99 skipping to change at line 99
@versionutils.deprecated( @versionutils.deprecated(
as_of=versionutils.deprecated.QUEENS, as_of=versionutils.deprecated.QUEENS,
what='identity:delete_policy of the v3 Policy APIs' what='identity:delete_policy of the v3 Policy APIs'
) )
def delete(self, policy_id): def delete(self, policy_id):
ENFORCER.enforce_call(action='identity:delete_policy') ENFORCER.enforce_call(action='identity:delete_policy')
res = PROVIDERS.policy_api.delete_policy( res = PROVIDERS.policy_api.delete_policy(
policy_id, initiator=self.audit_initiator policy_id, initiator=self.audit_initiator
) )
return (res, http_client.NO_CONTENT) return (res, http.client.NO_CONTENT)
class EndpointPolicyResource(flask_restful.Resource): class EndpointPolicyResource(flask_restful.Resource):
def get(self, policy_id): def get(self, policy_id):
ENFORCER.enforce_call(action='identity:list_endpoints_for_policy') ENFORCER.enforce_call(action='identity:list_endpoints_for_policy')
PROVIDERS.policy_api.get_policy(policy_id) PROVIDERS.policy_api.get_policy(policy_id)
endpoints = PROVIDERS.endpoint_policy_api.list_endpoints_for_policy( endpoints = PROVIDERS.endpoint_policy_api.list_endpoints_for_policy(
policy_id policy_id
) )
self._remove_legacy_ids(endpoints) self._remove_legacy_ids(endpoints)
skipping to change at line 128 skipping to change at line 128
class EndpointPolicyAssociations(flask_restful.Resource): class EndpointPolicyAssociations(flask_restful.Resource):
def get(self, policy_id, endpoint_id): def get(self, policy_id, endpoint_id):
action = 'identity:check_policy_association_for_endpoint' action = 'identity:check_policy_association_for_endpoint'
ENFORCER.enforce_call(action=action) ENFORCER.enforce_call(action=action)
PROVIDERS.policy_api.get_policy(policy_id) PROVIDERS.policy_api.get_policy(policy_id)
PROVIDERS.catalog_api.get_endpoint(endpoint_id) PROVIDERS.catalog_api.get_endpoint(endpoint_id)
PROVIDERS.endpoint_policy_api.check_policy_association( PROVIDERS.endpoint_policy_api.check_policy_association(
policy_id, endpoint_id=endpoint_id policy_id, endpoint_id=endpoint_id
) )
return None, http_client.NO_CONTENT return None, http.client.NO_CONTENT
def put(self, policy_id, endpoint_id): def put(self, policy_id, endpoint_id):
action = 'identity:create_policy_association_for_endpoint' action = 'identity:create_policy_association_for_endpoint'
ENFORCER.enforce_call(action=action) ENFORCER.enforce_call(action=action)
PROVIDERS.policy_api.get_policy(policy_id) PROVIDERS.policy_api.get_policy(policy_id)
PROVIDERS.catalog_api.get_endpoint(endpoint_id) PROVIDERS.catalog_api.get_endpoint(endpoint_id)
PROVIDERS.endpoint_policy_api.create_policy_association( PROVIDERS.endpoint_policy_api.create_policy_association(
policy_id, endpoint_id=endpoint_id policy_id, endpoint_id=endpoint_id
) )
return None, http_client.NO_CONTENT return None, http.client.NO_CONTENT
def delete(self, policy_id, endpoint_id): def delete(self, policy_id, endpoint_id):
action = 'identity:delete_policy_association_for_endpoint' action = 'identity:delete_policy_association_for_endpoint'
ENFORCER.enforce_call(action=action) ENFORCER.enforce_call(action=action)
PROVIDERS.policy_api.get_policy(policy_id) PROVIDERS.policy_api.get_policy(policy_id)
PROVIDERS.catalog_api.get_endpoint(endpoint_id) PROVIDERS.catalog_api.get_endpoint(endpoint_id)
PROVIDERS.endpoint_policy_api.delete_policy_association( PROVIDERS.endpoint_policy_api.delete_policy_association(
policy_id, endpoint_id=endpoint_id policy_id, endpoint_id=endpoint_id
) )
return None, http_client.NO_CONTENT return None, http.client.NO_CONTENT
class ServicePolicyAssociations(flask_restful.Resource): class ServicePolicyAssociations(flask_restful.Resource):
def get(self, policy_id, service_id): def get(self, policy_id, service_id):
action = 'identity:check_policy_association_for_service' action = 'identity:check_policy_association_for_service'
ENFORCER.enforce_call(action=action) ENFORCER.enforce_call(action=action)
PROVIDERS.policy_api.get_policy(policy_id) PROVIDERS.policy_api.get_policy(policy_id)
PROVIDERS.catalog_api.get_service(service_id) PROVIDERS.catalog_api.get_service(service_id)
PROVIDERS.endpoint_policy_api.check_policy_association( PROVIDERS.endpoint_policy_api.check_policy_association(
policy_id, service_id=service_id policy_id, service_id=service_id
) )
return None, http_client.NO_CONTENT return None, http.client.NO_CONTENT
def put(self, policy_id, service_id): def put(self, policy_id, service_id):
action = 'identity:create_policy_association_for_service' action = 'identity:create_policy_association_for_service'
ENFORCER.enforce_call(action=action) ENFORCER.enforce_call(action=action)
PROVIDERS.policy_api.get_policy(policy_id) PROVIDERS.policy_api.get_policy(policy_id)
PROVIDERS.catalog_api.get_service(service_id) PROVIDERS.catalog_api.get_service(service_id)
PROVIDERS.endpoint_policy_api.create_policy_association( PROVIDERS.endpoint_policy_api.create_policy_association(
policy_id, service_id=service_id policy_id, service_id=service_id
) )
return None, http_client.NO_CONTENT return None, http.client.NO_CONTENT
def delete(self, policy_id, service_id): def delete(self, policy_id, service_id):
action = 'identity:delete_policy_association_for_service' action = 'identity:delete_policy_association_for_service'
ENFORCER.enforce_call(action=action) ENFORCER.enforce_call(action=action)
PROVIDERS.policy_api.get_policy(policy_id) PROVIDERS.policy_api.get_policy(policy_id)
PROVIDERS.catalog_api.get_service(service_id) PROVIDERS.catalog_api.get_service(service_id)
PROVIDERS.endpoint_policy_api.delete_policy_association( PROVIDERS.endpoint_policy_api.delete_policy_association(
policy_id, service_id=service_id policy_id, service_id=service_id
) )
return None, http_client.NO_CONTENT return None, http.client.NO_CONTENT
class ServiceRegionPolicyAssociations(flask_restful.Resource): class ServiceRegionPolicyAssociations(flask_restful.Resource):
def get(self, policy_id, service_id, region_id): def get(self, policy_id, service_id, region_id):
action = 'identity:check_policy_association_for_region_and_service' action = 'identity:check_policy_association_for_region_and_service'
ENFORCER.enforce_call(action=action) ENFORCER.enforce_call(action=action)
PROVIDERS.policy_api.get_policy(policy_id) PROVIDERS.policy_api.get_policy(policy_id)
PROVIDERS.catalog_api.get_service(service_id) PROVIDERS.catalog_api.get_service(service_id)
PROVIDERS.catalog_api.get_region(region_id) PROVIDERS.catalog_api.get_region(region_id)
PROVIDERS.endpoint_policy_api.check_policy_association( PROVIDERS.endpoint_policy_api.check_policy_association(
policy_id, service_id=service_id, region_id=region_id policy_id, service_id=service_id, region_id=region_id
) )
return None, http_client.NO_CONTENT return None, http.client.NO_CONTENT
def put(self, policy_id, service_id, region_id): def put(self, policy_id, service_id, region_id):
action = 'identity:create_policy_association_for_region_and_service' action = 'identity:create_policy_association_for_region_and_service'
ENFORCER.enforce_call(action=action) ENFORCER.enforce_call(action=action)
PROVIDERS.policy_api.get_policy(policy_id) PROVIDERS.policy_api.get_policy(policy_id)
PROVIDERS.catalog_api.get_service(service_id) PROVIDERS.catalog_api.get_service(service_id)
PROVIDERS.catalog_api.get_region(region_id) PROVIDERS.catalog_api.get_region(region_id)
PROVIDERS.endpoint_policy_api.create_policy_association( PROVIDERS.endpoint_policy_api.create_policy_association(
policy_id, service_id=service_id, region_id=region_id policy_id, service_id=service_id, region_id=region_id
) )
return None, http_client.NO_CONTENT return None, http.client.NO_CONTENT
def delete(self, policy_id, service_id, region_id): def delete(self, policy_id, service_id, region_id):
action = 'identity:delete_policy_association_for_region_and_service' action = 'identity:delete_policy_association_for_region_and_service'
ENFORCER.enforce_call(action=action) ENFORCER.enforce_call(action=action)
PROVIDERS.policy_api.get_policy(policy_id) PROVIDERS.policy_api.get_policy(policy_id)
PROVIDERS.catalog_api.get_service(service_id) PROVIDERS.catalog_api.get_service(service_id)
PROVIDERS.catalog_api.get_region(region_id) PROVIDERS.catalog_api.get_region(region_id)
PROVIDERS.endpoint_policy_api.delete_policy_association( PROVIDERS.endpoint_policy_api.delete_policy_association(
policy_id, service_id=service_id, region_id=region_id policy_id, service_id=service_id, region_id=region_id
) )
return None, http_client.NO_CONTENT return None, http.client.NO_CONTENT
class PolicyAPI(ks_flask.APIBase): class PolicyAPI(ks_flask.APIBase):
_name = 'policy' _name = 'policy'
_import_name = __name__ _import_name = __name__
resources = [PolicyResource] resources = [PolicyResource]
resource_mapping = [ resource_mapping = [
ks_flask.construct_resource_map( ks_flask.construct_resource_map(
resource=EndpointPolicyResource, resource=EndpointPolicyResource,
url='/policies/<string:policy_id>/OS-ENDPOINT-POLICY/endpoints', url='/policies/<string:policy_id>/OS-ENDPOINT-POLICY/endpoints',
resource_kwargs={}, resource_kwargs={},
 End of changes. 13 change blocks. 
12 lines changed or deleted 12 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)