"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "keystone/api/roles.py" between
keystone-16.0.1.tar.gz and keystone-17.0.0.tar.gz

About: OpenStack Keystone (Core Service: Identity) provides an authentication and authorization service for other OpenStack services. Provides a catalog of endpoints for all OpenStack services.
The "Ussuri" series (latest release).

roles.py  (keystone-16.0.1):roles.py  (keystone-17.0.0)
skipping to change at line 17 skipping to change at line 17
# Unless required by applicable law or agreed to in writing, software # Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations # License for the specific language governing permissions and limitations
# under the License. # under the License.
# This file handles all flask-restful resources for /v3/roles # This file handles all flask-restful resources for /v3/roles
import flask import flask
import flask_restful import flask_restful
from six.moves import http_client import http.client
from keystone.api._shared import implied_roles as shared from keystone.api._shared import implied_roles as shared
from keystone.assignment import schema from keystone.assignment import schema
from keystone.common import json_home from keystone.common import json_home
from keystone.common import provider_api from keystone.common import provider_api
from keystone.common import rbac_enforcer from keystone.common import rbac_enforcer
from keystone.common import validation from keystone.common import validation
import keystone.conf import keystone.conf
from keystone.server import flask as ks_flask from keystone.server import flask as ks_flask
skipping to change at line 115 skipping to change at line 115
role = self.request_body_json.get('role', {}) role = self.request_body_json.get('role', {})
if self._is_domain_role(role): if self._is_domain_role(role):
ENFORCER.enforce_call(action='identity:create_domain_role') ENFORCER.enforce_call(action='identity:create_domain_role')
else: else:
ENFORCER.enforce_call(action='identity:create_role') ENFORCER.enforce_call(action='identity:create_role')
validation.lazy_validate(schema.role_create, role) validation.lazy_validate(schema.role_create, role)
role = self._assign_unique_id(role) role = self._assign_unique_id(role)
role = self._normalize_dict(role) role = self._normalize_dict(role)
ref = PROVIDERS.role_api.create_role( ref = PROVIDERS.role_api.create_role(
role['id'], role, initiator=self.audit_initiator) role['id'], role, initiator=self.audit_initiator)
return self.wrap_member(ref), http_client.CREATED return self.wrap_member(ref), http.client.CREATED
def patch(self, role_id): def patch(self, role_id):
"""Update role. """Update role.
PATCH /v3/roles/{role_id} PATCH /v3/roles/{role_id}
""" """
err = None err = None
role = {} role = {}
try: try:
role = PROVIDERS.role_api.get_role(role_id) role = PROVIDERS.role_api.get_role(role_id)
skipping to change at line 171 skipping to change at line 171
finally: finally:
if err is not None or not self._is_domain_role(role): if err is not None or not self._is_domain_role(role):
ENFORCER.enforce_call(action='identity:delete_role') ENFORCER.enforce_call(action='identity:delete_role')
if err: if err:
raise err raise err
else: else:
ENFORCER.enforce_call(action='identity:delete_domain_role', ENFORCER.enforce_call(action='identity:delete_domain_role',
member_target_type='role', member_target_type='role',
member_target=role) member_target=role)
PROVIDERS.role_api.delete_role(role_id, initiator=self.audit_initiator) PROVIDERS.role_api.delete_role(role_id, initiator=self.audit_initiator)
return None, http_client.NO_CONTENT return None, http.client.NO_CONTENT
def _build_enforcement_target_ref(): def _build_enforcement_target_ref():
ref = {} ref = {}
if flask.request.view_args: if flask.request.view_args:
ref['prior_role'] = PROVIDERS.role_api.get_role( ref['prior_role'] = PROVIDERS.role_api.get_role(
flask.request.view_args.get('prior_role_id')) flask.request.view_args.get('prior_role_id'))
if flask.request.view_args.get('implied_role_id'): if flask.request.view_args.get('implied_role_id'):
ref['implied_role'] = PROVIDERS.role_api.get_role( ref['implied_role'] = PROVIDERS.role_api.get_role(
flask.request.view_args['implied_role_id']) flask.request.view_args['implied_role_id'])
return ref return ref
skipping to change at line 220 skipping to change at line 220
# consistent policy enforcement behavior even if it is superfluous. # consistent policy enforcement behavior even if it is superfluous.
# Alternatively we can keep check_implied_role and reference # Alternatively we can keep check_implied_role and reference
# ._get_implied_role instead. # ._get_implied_role instead.
ENFORCER.enforce_call(action='identity:check_implied_role', ENFORCER.enforce_call(action='identity:check_implied_role',
build_target=_build_enforcement_target_ref) build_target=_build_enforcement_target_ref)
self.get(prior_role_id, implied_role_id) self.get(prior_role_id, implied_role_id)
# NOTE(morgan): Our API here breaks HTTP Spec. This should be evaluated # NOTE(morgan): Our API here breaks HTTP Spec. This should be evaluated
# for a future fix. This should just return the above "get" however, # for a future fix. This should just return the above "get" however,
# we document and implment this as a NO_CONTENT response. NO_CONTENT # we document and implment this as a NO_CONTENT response. NO_CONTENT
# here is incorrect. It is maintained as is for API contract reasons. # here is incorrect. It is maintained as is for API contract reasons.
return None, http_client.NO_CONTENT return None, http.client.NO_CONTENT
def get(self, prior_role_id, implied_role_id): def get(self, prior_role_id, implied_role_id):
"""Get implied role. """Get implied role.
GET/HEAD /v3/roles/{prior_role_id}/implies/{implied_role_id} GET/HEAD /v3/roles/{prior_role_id}/implies/{implied_role_id}
""" """
ENFORCER.enforce_call( ENFORCER.enforce_call(
action='identity:get_implied_role', action='identity:get_implied_role',
build_target=_build_enforcement_target_ref) build_target=_build_enforcement_target_ref)
return self._get_implied_role(prior_role_id, implied_role_id) return self._get_implied_role(prior_role_id, implied_role_id)
skipping to change at line 256 skipping to change at line 256
def put(self, prior_role_id, implied_role_id): def put(self, prior_role_id, implied_role_id):
"""Create implied role. """Create implied role.
PUT /v3/roles/{prior_role_id}/implies/{implied_role_id} PUT /v3/roles/{prior_role_id}/implies/{implied_role_id}
""" """
ENFORCER.enforce_call(action='identity:create_implied_role', ENFORCER.enforce_call(action='identity:create_implied_role',
build_target=_build_enforcement_target_ref) build_target=_build_enforcement_target_ref)
PROVIDERS.role_api.create_implied_role(prior_role_id, implied_role_id) PROVIDERS.role_api.create_implied_role(prior_role_id, implied_role_id)
response_json = self._get_implied_role(prior_role_id, implied_role_id) response_json = self._get_implied_role(prior_role_id, implied_role_id)
return response_json, http_client.CREATED return response_json, http.client.CREATED
def delete(self, prior_role_id, implied_role_id): def delete(self, prior_role_id, implied_role_id):
"""Delete implied role. """Delete implied role.
DELETE /v3/roles/{prior_role_id}/implies/{implied_role_id} DELETE /v3/roles/{prior_role_id}/implies/{implied_role_id}
""" """
ENFORCER.enforce_call(action='identity:delete_implied_role', ENFORCER.enforce_call(action='identity:delete_implied_role',
build_target=_build_enforcement_target_ref) build_target=_build_enforcement_target_ref)
PROVIDERS.role_api.delete_implied_role(prior_role_id, implied_role_id) PROVIDERS.role_api.delete_implied_role(prior_role_id, implied_role_id)
return None, http_client.NO_CONTENT return None, http.client.NO_CONTENT
class RoleAPI(ks_flask.APIBase): class RoleAPI(ks_flask.APIBase):
_name = 'roles' _name = 'roles'
_import_name = __name__ _import_name = __name__
resources = [RoleResource] resources = [RoleResource]
resource_mapping = [ resource_mapping = [
ks_flask.construct_resource_map( ks_flask.construct_resource_map(
resource=RoleImplicationListResource, resource=RoleImplicationListResource,
url='/roles/<string:prior_role_id>/implies', url='/roles/<string:prior_role_id>/implies',
resource_kwargs={}, resource_kwargs={},
 End of changes. 6 change blocks. 
6 lines changed or deleted 6 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)