"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "doc/source/getting-started/architecture.rst" between
keystone-17.0.0.tar.gz and keystone-18.0.0.tar.gz

About: OpenStack Keystone (Core Service: Identity) provides an authentication and authorization service for other OpenStack services. Provides a catalog of endpoints for all OpenStack services.
The "Victoria" series (latest release).

architecture.rst  (keystone-17.0.0):architecture.rst  (keystone-18.0.0)
skipping to change at line 128 skipping to change at line 128
once a user's credentials have already been verified. once a user's credentials have already been verified.
Catalog Catalog
------- -------
The Catalog service provides an endpoint registry used for endpoint discovery. The Catalog service provides an endpoint registry used for endpoint discovery.
Application Construction Application Construction
======================== ========================
Keystone is an HTTP front-end to several services. Like other OpenStack Keystone is an HTTP front-end to several services. Since the Rocky release Keyst
applications, this is done using python WSGI interfaces and applications are one
configured together using Paste_. The application's HTTP endpoints are made up uses the `Flask-RESTful`_ library to provide a REST API interface to these servi
of pipelines of WSGI middleware, such as: ces.
.. code-block:: ini .. _`Flask-RESTful`: https://flask-restful.readthedocs.io/en/latest/
[pipeline:api_v3] Keystone defines functions related to `Flask-RESTful`_ in
pipeline = healthcheck cors sizelimit http_proxy_to_wsgi osprofiler url_norm :mod:`keystone.server.flask.common`. Keystone creates API resources which
alize request_id build_auth_context json_body ec2_extension_v3 s3_extension serv inherit from class :mod:`keystone.server.flask.common.ResourceBase` and exposes
ice_v3 methods
for each supported HTTP methods GET, PUT , POST, PATCH and DELETE. For example,
These in turn use a subclass of :mod:`keystone.common.wsgi.ComposingRouter` to the User
link URLs to controllers (a subclass of resource will look like:
:mod:`keystone.common.wsgi.Application`). Within each controller, one or more
managers are loaded (for example, see :mod:`keystone.catalog.core.Manager`), .. code-block:: python
which are thin wrapper classes which load the appropriate service driver based
on the keystone configuration. class UserResource(ks_flask.ResourceBase):
collection_key = 'users'
member_key = 'user'
get_member_from_driver = PROVIDERS.deferred_provider_lookup(
api='identity_api', method='get_user')
def get(self, user_id=None):
"""Get a user resource or list users.
GET/HEAD /v3/users
GET/HEAD /v3/users/{user_id}
"""
...
def post(self):
"""Create a user.
POST /v3/users
"""
...
class UserChangePasswordResource(ks_flask.ResourceBase):
@ks_flask.unenforced_api
def post(self, user_id):
...
Routes for each API resource are defined by classes which inherit from
:mod:`keystone.server.flask.common.APIBase`. For example, the UserAPI will
look like:
.. code-block:: python
class UserAPI(ks_flask.APIBase):
_name = 'users'
_import_name = __name__
resources = [UserResource]
resource_mapping = [
ks_flask.construct_resource_map(
resource=UserChangePasswordResource,
url='/users/<string:user_id>/password',
resource_kwargs={},
rel='user_change_password',
path_vars={'user_id': json_home.Parameters.USER_ID}
),
...
The methods ``_add_resources()`` or ``_add_mapped_resources()`` in
:mod:`keystone.server.flask.common.APIBase` bind the resources with the APIs.
Within each API, one or more managers are loaded (for example, see
:mod:`keystone.catalog.core.Manager`), which are thin wrapper classes which load
the appropriate service driver based on the keystone configuration.
* Assignment * Assignment
* :mod:`keystone.assignment.controllers.GrantAssignmentV3` * :mod:`keystone.api.role_assignments`
* :mod:`keystone.assignment.controllers.ImpliedRolesV3` * :mod:`keystone.api.role_inferences`
* :mod:`keystone.assignment.controllers.ProjectAssignmentV3` * :mod:`keystone.api.roles`
* :mod:`keystone.assignment.controllers.TenantAssignment` * :mod:`keystone.api.os_inherit`
* :mod:`keystone.assignment.controllers.RoleAssignmentV3` * :mod:`keystone.api.system`
* :mod:`keystone.assignment.controllers.RoleV3`
* Authentication * Authentication
* :mod:`keystone.auth.controllers.Auth` * :mod:`keystone.api.auth`
* :mod:`keystone.api.ec2tokens`
* :mod:`keystone.api.s3tokens`
* Catalog * Catalog
* :mod:`keystone.catalog.controllers.EndpointFilterV3Controller` * :mod:`keystone.api.endpoints`
* :mod:`keystone.catalog.controllers.EndpointGroupV3Controller` * :mod:`keystone.api.os_ep_filter`
* :mod:`keystone.catalog.controllers.EndpointV3` * :mod:`keystone.api.regions`
* :mod:`keystone.catalog.controllers.ProjectEndpointGroupV3Controller` * :mod:`keystone.api.services`
* :mod:`keystone.catalog.controllers.RegionV3`
* :mod:`keystone.catalog.controllers.ServiceV3`
* Credentials * Credentials
* :mod:`keystone.contrib.ec2.controllers.Ec2ControllerV3` * :mod:`keystone.api.credentials`
* :mod:`keystone.credential.controllers.CredentialV3`
* Federation * Federation
* :mod:`keystone.federation.controllers.IdentityProvider` * :mod:`keystone.api.os_federation`
* :mod:`keystone.federation.controllers.FederationProtocol`
* :mod:`keystone.federation.controllers.MappingController`
* :mod:`keystone.federation.controllers.Auth`
* :mod:`keystone.federation.controllers.DomainV3`
* :mod:`keystone.federation.controllers.ProjectAssignmentV3`
* :mod:`keystone.federation.controllers.ServiceProvider`
* :mod:`keystone.federation.controllers.SAMLMetadataV3`
* Identity * Identity
* :mod:`keystone.identity.controllers.GroupV3` * :mod:`keystone.api.groups`
* :mod:`keystone.identity.controllers.UserV3` * :mod:`keystone.api.users`
* Limits
* :mod:`keystone.api.registered_limits`
* :mod:`keystone.api.limits`
* Oauth1 * Oauth1
* :mod:`keystone.oauth1.controllers.ConsumerCrudV3` * :mod:`keystone.api.os_oauth1`
* :mod:`keystone.oauth1.controllers.AccessTokenCrudV3`
* :mod:`keystone.oauth1.controllers.AccessTokenRolesV3`
* :mod:`keystone.oauth1.controllers.OAuthControllerV3`
* Policy * Policy
* :mod:`keystone.policy.controllers.PolicyV3` * :mod:`keystone.api.policy`
* Resource * Resource
* :mod:`keystone.resource.controllers.DomainV3` * :mod:`keystone.api.domains`
* :mod:`keystone.resource.controllers.DomainConfigV3` * :mod:`keystone.api.projects`
* :mod:`keystone.resource.controllers.ProjectV3`
* :mod:`keystone.resource.controllers.ProjectTagV3`
* Revoke * Revoke
* :mod:`keystone.revoke.controllers.RevokeController` * :mod:`keystone.api.os_revoke`
* Trust * Trust
* :mod:`keystone.trust.controllers.TrustV3` * :mod:`keystone.api.trusts`
.. _Paste: http://pythonpaste.org/
Service Backends Service Backends
================ ================
Each of the services can be configured to use a backend to allow keystone to Each of the services can be configured to use a backend to allow keystone to
fit a variety of environments and needs. The backend for each service is fit a variety of environments and needs. The backend for each service is
defined in the keystone.conf file with the key ``driver`` under a group defined in the keystone.conf file with the key ``driver`` under a group
associated with each service. associated with each service.
A general class exists under each backend to provide an abstract base class A general class exists under each backend to provide an abstract base class
 End of changes. 12 change blocks. 
56 lines changed or deleted 93 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)