"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "keystone/api/projects.py" between
keystone-16.0.1.tar.gz and keystone-17.0.0.tar.gz

About: OpenStack Keystone (Core Service: Identity) provides an authentication and authorization service for other OpenStack services. Provides a catalog of endpoints for all OpenStack services.
The "Ussuri" series (latest release).

projects.py  (keystone-16.0.1):projects.py  (keystone-17.0.0)
skipping to change at line 18 skipping to change at line 18
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations # License for the specific language governing permissions and limitations
# under the License. # under the License.
# This file handles all flask-restful resources for /v3/projects # This file handles all flask-restful resources for /v3/projects
import functools import functools
import flask import flask
from six.moves import http_client import http.client
from keystone.common import json_home from keystone.common import json_home
from keystone.common import provider_api from keystone.common import provider_api
from keystone.common import rbac_enforcer from keystone.common import rbac_enforcer
from keystone.common import validation from keystone.common import validation
import keystone.conf import keystone.conf
from keystone import exception from keystone import exception
from keystone.i18n import _ from keystone.i18n import _
from keystone.resource import schema from keystone.resource import schema
from keystone.server import flask as ks_flask from keystone.server import flask as ks_flask
skipping to change at line 180 skipping to change at line 180
if not project.get('parent_id'): if not project.get('parent_id'):
project['parent_id'] = project.get('domain_id') project['parent_id'] = project.get('domain_id')
project = self._normalize_dict(project) project = self._normalize_dict(project)
try: try:
ref = PROVIDERS.resource_api.create_project( ref = PROVIDERS.resource_api.create_project(
project['id'], project['id'],
project, project,
initiator=self.audit_initiator) initiator=self.audit_initiator)
except (exception.DomainNotFound, exception.ProjectNotFound) as e: except (exception.DomainNotFound, exception.ProjectNotFound) as e:
raise exception.ValidationError(e) raise exception.ValidationError(e)
return self.wrap_member(ref), http_client.CREATED return self.wrap_member(ref), http.client.CREATED
def patch(self, project_id): def patch(self, project_id):
"""Update project. """Update project.
PATCH /v3/projects/{project_id} PATCH /v3/projects/{project_id}
""" """
ENFORCER.enforce_call( ENFORCER.enforce_call(
action='identity:update_project', action='identity:update_project',
build_target=_build_project_target_enforcement build_target=_build_project_target_enforcement
) )
skipping to change at line 212 skipping to change at line 212
DELETE /v3/projects/{project_id} DELETE /v3/projects/{project_id}
""" """
ENFORCER.enforce_call( ENFORCER.enforce_call(
action='identity:delete_project', action='identity:delete_project',
build_target=_build_project_target_enforcement build_target=_build_project_target_enforcement
) )
PROVIDERS.resource_api.delete_project( PROVIDERS.resource_api.delete_project(
project_id, project_id,
initiator=self.audit_initiator) initiator=self.audit_initiator)
return None, http_client.NO_CONTENT return None, http.client.NO_CONTENT
class _ProjectTagResourceBase(ks_flask.ResourceBase): class _ProjectTagResourceBase(ks_flask.ResourceBase):
collection_key = 'projects' collection_key = 'projects'
member_key = 'tags' member_key = 'tags'
get_member_from_driver = PROVIDERS.deferred_provider_lookup( get_member_from_driver = PROVIDERS.deferred_provider_lookup(
api='resource_api', method='get_project_tag') api='resource_api', method='get_project_tag')
@classmethod @classmethod
def wrap_member(cls, ref, collection_name=None, member_name=None): def wrap_member(cls, ref, collection_name=None, member_name=None):
member_name = member_name or cls.member_key member_name = member_name or cls.member_key
skipping to change at line 267 skipping to change at line 267
def delete(self, project_id): def delete(self, project_id):
"""Delete all tags associated with a given project. """Delete all tags associated with a given project.
DELETE /v3/projects/{project_id}/tags DELETE /v3/projects/{project_id}/tags
""" """
ENFORCER.enforce_call( ENFORCER.enforce_call(
action='identity:delete_project_tags', action='identity:delete_project_tags',
build_target=_build_project_target_enforcement build_target=_build_project_target_enforcement
) )
PROVIDERS.resource_api.update_project_tags(project_id, []) PROVIDERS.resource_api.update_project_tags(project_id, [])
return None, http_client.NO_CONTENT return None, http.client.NO_CONTENT
class ProjectTagResource(_ProjectTagResourceBase): class ProjectTagResource(_ProjectTagResourceBase):
def get(self, project_id, value): def get(self, project_id, value):
"""Get information for a single tag associated with a given project. """Get information for a single tag associated with a given project.
GET /v3/projects/{project_id}/tags/{value} GET /v3/projects/{project_id}/tags/{value}
""" """
ENFORCER.enforce_call( ENFORCER.enforce_call(
action='identity:get_project_tag', action='identity:get_project_tag',
build_target=_build_project_target_enforcement, build_target=_build_project_target_enforcement,
) )
PROVIDERS.resource_api.get_project_tag(project_id, value) PROVIDERS.resource_api.get_project_tag(project_id, value)
return None, http_client.NO_CONTENT return None, http.client.NO_CONTENT
def put(self, project_id, value): def put(self, project_id, value):
"""Add a single tag to a project. """Add a single tag to a project.
PUT /v3/projects/{project_id}/tags/{value} PUT /v3/projects/{project_id}/tags/{value}
""" """
ENFORCER.enforce_call( ENFORCER.enforce_call(
action='identity:create_project_tag', action='identity:create_project_tag',
build_target=_build_project_target_enforcement build_target=_build_project_target_enforcement
) )
skipping to change at line 302 skipping to change at line 302
# Check if we will exceed the max number of tags on this project # Check if we will exceed the max number of tags on this project
tags = PROVIDERS.resource_api.list_project_tags(project_id) tags = PROVIDERS.resource_api.list_project_tags(project_id)
tags.append(value) tags.append(value)
validation.lazy_validate(schema.project_tags_update, tags) validation.lazy_validate(schema.project_tags_update, tags)
PROVIDERS.resource_api.create_project_tag( PROVIDERS.resource_api.create_project_tag(
project_id, project_id,
value, value,
initiator=self.audit_initiator initiator=self.audit_initiator
) )
url = '/'.join((ks_flask.base_url(), project_id, 'tags', value)) url = '/'.join((ks_flask.base_url(), project_id, 'tags', value))
response = flask.make_response('', http_client.CREATED) response = flask.make_response('', http.client.CREATED)
response.headers['Location'] = url response.headers['Location'] = url
return response return response
def delete(self, project_id, value): def delete(self, project_id, value):
"""Delete a single tag from a project. """Delete a single tag from a project.
/v3/projects/{project_id}/tags/{value} /v3/projects/{project_id}/tags/{value}
""" """
ENFORCER.enforce_call( ENFORCER.enforce_call(
action='identity:delete_project_tag', action='identity:delete_project_tag',
build_target=_build_project_target_enforcement build_target=_build_project_target_enforcement
) )
PROVIDERS.resource_api.delete_project_tag(project_id, value) PROVIDERS.resource_api.delete_project_tag(project_id, value)
return None, http_client.NO_CONTENT return None, http.client.NO_CONTENT
class _ProjectGrantResourceBase(ks_flask.ResourceBase): class _ProjectGrantResourceBase(ks_flask.ResourceBase):
collection_key = 'roles' collection_key = 'roles'
member_key = 'role' member_key = 'role'
get_member_from_driver = PROVIDERS.deferred_provider_lookup( get_member_from_driver = PROVIDERS.deferred_provider_lookup(
api='role_api', method='get_role') api='role_api', method='get_role')
@staticmethod @staticmethod
def _check_if_inherited(): def _check_if_inherited():
return flask.request.path.endswith('/inherited_to_projects') return flask.request.path.endswith('/inherited_to_projects')
skipping to change at line 371 skipping to change at line 371
ENFORCER.enforce_call( ENFORCER.enforce_call(
action='identity:check_grant', action='identity:check_grant',
build_target=functools.partial( build_target=functools.partial(
self._build_enforcement_target_attr, role_id=role_id, self._build_enforcement_target_attr, role_id=role_id,
project_id=project_id, user_id=user_id) project_id=project_id, user_id=user_id)
) )
inherited = self._check_if_inherited() inherited = self._check_if_inherited()
PROVIDERS.assignment_api.get_grant( PROVIDERS.assignment_api.get_grant(
role_id=role_id, user_id=user_id, project_id=project_id, role_id=role_id, user_id=user_id, project_id=project_id,
inherited_to_projects=inherited) inherited_to_projects=inherited)
return None, http_client.NO_CONTENT return None, http.client.NO_CONTENT
def put(self, project_id, user_id, role_id): def put(self, project_id, user_id, role_id):
"""Grant role for user on project. """Grant role for user on project.
PUT /v3/projects/{project_id}/users/{user_id}/roles/{role_id} PUT /v3/projects/{project_id}/users/{user_id}/roles/{role_id}
""" """
ENFORCER.enforce_call( ENFORCER.enforce_call(
action='identity:create_grant', action='identity:create_grant',
build_target=functools.partial( build_target=functools.partial(
self._build_enforcement_target_attr, self._build_enforcement_target_attr,
role_id=role_id, project_id=project_id, user_id=user_id) role_id=role_id, project_id=project_id, user_id=user_id)
) )
inherited = self._check_if_inherited() inherited = self._check_if_inherited()
PROVIDERS.assignment_api.create_grant( PROVIDERS.assignment_api.create_grant(
role_id=role_id, user_id=user_id, project_id=project_id, role_id=role_id, user_id=user_id, project_id=project_id,
inherited_to_projects=inherited, initiator=self.audit_initiator) inherited_to_projects=inherited, initiator=self.audit_initiator)
return None, http_client.NO_CONTENT return None, http.client.NO_CONTENT
def delete(self, project_id, user_id, role_id): def delete(self, project_id, user_id, role_id):
"""Delete grant of role for user on project. """Delete grant of role for user on project.
DELETE /v3/projects/{project_id}/users/{user_id}/roles/{role_id} DELETE /v3/projects/{project_id}/users/{user_id}/roles/{role_id}
""" """
ENFORCER.enforce_call( ENFORCER.enforce_call(
action='identity:revoke_grant', action='identity:revoke_grant',
build_target=functools.partial( build_target=functools.partial(
self._build_enforcement_target_attr, self._build_enforcement_target_attr,
role_id=role_id, user_id=user_id, project_id=project_id, role_id=role_id, user_id=user_id, project_id=project_id,
allow_non_existing=True) allow_non_existing=True)
) )
inherited = self._check_if_inherited() inherited = self._check_if_inherited()
PROVIDERS.assignment_api.delete_grant( PROVIDERS.assignment_api.delete_grant(
role_id=role_id, user_id=user_id, project_id=project_id, role_id=role_id, user_id=user_id, project_id=project_id,
inherited_to_projects=inherited, initiator=self.audit_initiator) inherited_to_projects=inherited, initiator=self.audit_initiator)
return None, http_client.NO_CONTENT return None, http.client.NO_CONTENT
class ProjectUserListGrantResource(_ProjectGrantResourceBase): class ProjectUserListGrantResource(_ProjectGrantResourceBase):
def get(self, project_id, user_id): def get(self, project_id, user_id):
"""List grants for user on project. """List grants for user on project.
GET/HEAD /v3/projects/{project_id}/users/{user_id} GET/HEAD /v3/projects/{project_id}/users/{user_id}
""" """
ENFORCER.enforce_call( ENFORCER.enforce_call(
action='identity:list_grants', action='identity:list_grants',
build_target=functools.partial( build_target=functools.partial(
skipping to change at line 442 skipping to change at line 442
ENFORCER.enforce_call( ENFORCER.enforce_call(
action='identity:check_grant', action='identity:check_grant',
build_target=functools.partial( build_target=functools.partial(
self._build_enforcement_target_attr, role_id=role_id, self._build_enforcement_target_attr, role_id=role_id,
project_id=project_id, group_id=group_id) project_id=project_id, group_id=group_id)
) )
inherited = self._check_if_inherited() inherited = self._check_if_inherited()
PROVIDERS.assignment_api.get_grant( PROVIDERS.assignment_api.get_grant(
role_id=role_id, group_id=group_id, project_id=project_id, role_id=role_id, group_id=group_id, project_id=project_id,
inherited_to_projects=inherited) inherited_to_projects=inherited)
return None, http_client.NO_CONTENT return None, http.client.NO_CONTENT
def put(self, project_id, group_id, role_id): def put(self, project_id, group_id, role_id):
"""Grant role for group on project. """Grant role for group on project.
PUT /v3/projects/{project_id}/groups/{group_id}/roles/{role_id} PUT /v3/projects/{project_id}/groups/{group_id}/roles/{role_id}
""" """
ENFORCER.enforce_call( ENFORCER.enforce_call(
action='identity:create_grant', action='identity:create_grant',
build_target=functools.partial( build_target=functools.partial(
self._build_enforcement_target_attr, self._build_enforcement_target_attr,
role_id=role_id, project_id=project_id, group_id=group_id) role_id=role_id, project_id=project_id, group_id=group_id)
) )
inherited = self._check_if_inherited() inherited = self._check_if_inherited()
PROVIDERS.assignment_api.create_grant( PROVIDERS.assignment_api.create_grant(
role_id=role_id, group_id=group_id, project_id=project_id, role_id=role_id, group_id=group_id, project_id=project_id,
inherited_to_projects=inherited, initiator=self.audit_initiator) inherited_to_projects=inherited, initiator=self.audit_initiator)
return None, http_client.NO_CONTENT return None, http.client.NO_CONTENT
def delete(self, project_id, group_id, role_id): def delete(self, project_id, group_id, role_id):
"""Delete grant of role for group on project. """Delete grant of role for group on project.
DELETE /v3/projects/{project_id}/groups/{group_id}/roles/{role_id} DELETE /v3/projects/{project_id}/groups/{group_id}/roles/{role_id}
""" """
ENFORCER.enforce_call( ENFORCER.enforce_call(
action='identity:revoke_grant', action='identity:revoke_grant',
build_target=functools.partial( build_target=functools.partial(
self._build_enforcement_target_attr, self._build_enforcement_target_attr,
role_id=role_id, group_id=group_id, project_id=project_id, role_id=role_id, group_id=group_id, project_id=project_id,
allow_non_existing=True) allow_non_existing=True)
) )
inherited = self._check_if_inherited() inherited = self._check_if_inherited()
PROVIDERS.assignment_api.delete_grant( PROVIDERS.assignment_api.delete_grant(
role_id=role_id, group_id=group_id, project_id=project_id, role_id=role_id, group_id=group_id, project_id=project_id,
inherited_to_projects=inherited, initiator=self.audit_initiator) inherited_to_projects=inherited, initiator=self.audit_initiator)
return None, http_client.NO_CONTENT return None, http.client.NO_CONTENT
class ProjectGroupListGrantResource(_ProjectGrantResourceBase): class ProjectGroupListGrantResource(_ProjectGrantResourceBase):
def get(self, project_id, group_id): def get(self, project_id, group_id):
"""List grants for group on project. """List grants for group on project.
GET/HEAD /v3/projects/{project_id}/groups/{group_id} GET/HEAD /v3/projects/{project_id}/groups/{group_id}
""" """
ENFORCER.enforce_call( ENFORCER.enforce_call(
action='identity:list_grants', action='identity:list_grants',
build_target=functools.partial( build_target=functools.partial(
 End of changes. 13 change blocks. 
13 lines changed or deleted 13 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)