keystone  18.0.0
About: OpenStack Keystone (Core Service: Identity) provides an authentication and authorization service for other OpenStack services. Provides a catalog of endpoints for all OpenStack services.
The "Victoria" series (maintained release).
  Fossies Dox: keystone-18.0.0.tar.gz  ("unofficial" and yet experimental doxygen-generated source code documentation)  

limits.py
Go to the documentation of this file.
1 # Licensed under the Apache License, Version 2.0 (the "License"); you may
2 # not use this file except in compliance with the License. You may obtain
3 # a copy of the License at
4 #
5 # http://www.apache.org/licenses/LICENSE-2.0
6 #
7 # Unless required by applicable law or agreed to in writing, software
8 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
9 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
10 # License for the specific language governing permissions and limitations
11 # under the License.
12 
13 # This file handles all flask-restful resources for /v3/limits
14 
15 import flask
16 import flask_restful
17 import http.client
18 
19 from keystone.common import json_home
20 from keystone.common import provider_api
21 from keystone.common import rbac_enforcer
22 from keystone.common import validation
23 from keystone import exception
24 from keystone.limit import schema
25 from keystone.server import flask as ks_flask
26 
27 
28 PROVIDERS = provider_api.ProviderAPIs
29 ENFORCER = rbac_enforcer.RBACEnforcer
30 
31 
33  target = {}
34  try:
35  limit = PROVIDERS.unified_limit_api.get_limit(
36  flask.request.view_args.get('limit_id')
37  )
38  target['limit'] = limit
39  if limit.get('project_id'):
40  project = PROVIDERS.resource_api.get_project(limit['project_id'])
41  target['limit']['project'] = project
42  elif limit.get('domain_id'):
43  domain = PROVIDERS.resource_api.get_domain(limit['domain_id'])
44  target['limit']['domain'] = domain
45  except exception.NotFound: # nosec
46  # Defer the existence check in the event the limit doesn't exist, this
47  # is checked later anyway.
48  pass
49 
50  return target
51 
52 
53 class LimitsResource(ks_flask.ResourceBase):
54  collection_key = 'limits'
55  member_key = 'limit'
56  json_home_resource_status = json_home.Status.EXPERIMENTAL
57  get_member_from_driver = PROVIDERS.deferred_provider_lookup(
58  api='unified_limit_api', method='get_limit')
59 
60  def _list_limits(self):
61  filters = ['service_id', 'region_id', 'resource_name', 'project_id',
62  'domain_id']
63 
64  ENFORCER.enforce_call(action='identity:list_limits', filters=filters)
65 
66  hints = self.build_driver_hints(filters)
67 
68  filtered_refs = []
69  if self.oslo_context.system_scope:
70  refs = PROVIDERS.unified_limit_api.list_limits(hints)
71  filtered_refs = refs
72  elif self.oslo_context.domain_id:
73  refs = PROVIDERS.unified_limit_api.list_limits(hints)
74  projects = PROVIDERS.resource_api.list_projects_in_domain(
75  self.oslo_context.domain_id
76  )
77  project_ids = [project['id'] for project in projects]
78  for limit in refs:
79  if limit.get('project_id'):
80  if limit['project_id'] in project_ids:
81  filtered_refs.append(limit)
82  elif limit.get('domain_id'):
83  if limit['domain_id'] == self.oslo_context.domain_id:
84  filtered_refs.append(limit)
85  elif self.oslo_context.project_id:
86  hints.add_filter('project_id', self.oslo_context.project_id)
87  refs = PROVIDERS.unified_limit_api.list_limits(hints)
88  filtered_refs = refs
89 
90  return self.wrap_collection(filtered_refs, hints=hints)
91 
92  def _get_limit(self, limit_id):
93  ENFORCER.enforce_call(action='identity:get_limit',
94  build_target=_build_limit_enforcement_target)
95  ref = PROVIDERS.unified_limit_api.get_limit(limit_id)
96  return self.wrap_member(ref)
97 
98  def get(self, limit_id=None):
99  if limit_id is not None:
100  return self._get_limit(limit_id)
101  return self._list_limits()
102 
103  def post(self):
104  ENFORCER.enforce_call(action='identity:create_limits')
105  limits_b = (flask.request.get_json(silent=True, force=True) or {}).get(
106  'limits', {})
107  validation.lazy_validate(schema.limit_create, limits_b)
108  limits = [self._assign_unique_id(self._normalize_dict(limit))
109  for limit in limits_b]
110  refs = PROVIDERS.unified_limit_api.create_limits(limits)
111  refs = self.wrap_collection(refs)
112  refs.pop('links')
113  return refs, http.client.CREATED
114 
115  def patch(self, limit_id):
116  ENFORCER.enforce_call(action='identity:update_limit')
117  limit = (flask.request.get_json(silent=True, force=True) or {}).get(
118  'limit', {})
119  validation.lazy_validate(schema.limit_update, limit)
120  self._require_matching_id(limit)
121  ref = PROVIDERS.unified_limit_api.update_limit(limit_id, limit)
122  return self.wrap_member(ref)
123 
124  def delete(self, limit_id):
125  ENFORCER.enforce_call(action='identity:delete_limit')
126  return (PROVIDERS.unified_limit_api.delete_limit(limit_id),
127  http.client.NO_CONTENT)
128 
129 
130 class LimitModelResource(flask_restful.Resource):
131  def get(self):
132  ENFORCER.enforce_call(action='identity:get_limit_model')
133  model = PROVIDERS.unified_limit_api.get_model()
134  return {'model': model}
135 
136 
137 class LimitsAPI(ks_flask.APIBase):
138  _name = 'limits'
139  _import_name = __name__
140  resources = [LimitsResource]
141  resource_mapping = [
142  ks_flask.construct_resource_map(
143  resource=LimitModelResource,
144  resource_kwargs={},
145  url='/limits/model',
146  rel='limit_model',
147  status=json_home.Status.EXPERIMENTAL
148  )
149  ]
150 
151 
152 APIs = (LimitsAPI,)
keystone.limit
Definition: __init__.py:1
keystone.api.limits._build_limit_enforcement_target
def _build_limit_enforcement_target()
Definition: limits.py:32
keystone.exception.NotFound
Definition: exception.py:395
keystone.api.limits.LimitsAPI
Definition: limits.py:137
keystone.api.limits.LimitsResource.patch
def patch(self, limit_id)
Definition: limits.py:115
keystone.api.limits.LimitsResource.post
def post(self)
Definition: limits.py:103
keystone.api.limits.LimitModelResource
Definition: limits.py:130
keystone.api.limits.LimitsResource.get
def get(self, limit_id=None)
Definition: limits.py:98
keystone.api.limits.LimitsResource._list_limits
def _list_limits(self)
Definition: limits.py:60
keystone.api.limits.LimitModelResource.get
def get(self)
Definition: limits.py:131
keystone.api.limits.LimitsResource._get_limit
def _get_limit(self, limit_id)
Definition: limits.py:92
keystone.server
Definition: __init__.py:1
keystone.api.limits.LimitsResource.delete
def delete(self, limit_id)
Definition: limits.py:124
keystone.common
Definition: __init__.py:1
keystone.api.limits.LimitsResource
Definition: limits.py:53