keystone  18.0.0
About: OpenStack Keystone (Core Service: Identity) provides an authentication and authorization service for other OpenStack services. Provides a catalog of endpoints for all OpenStack services.
The "Victoria" series (maintained release).
  Fossies Dox: keystone-18.0.0.tar.gz  ("unofficial" and yet experimental doxygen-generated source code documentation)  

role_inferences.py
Go to the documentation of this file.
1 # Licensed under the Apache License, Version 2.0 (the "License"); you may
2 # not use this file except in compliance with the License. You may obtain
3 # a copy of the License at
4 #
5 # http://www.apache.org/licenses/LICENSE-2.0
6 #
7 # Unless required by applicable law or agreed to in writing, software
8 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
9 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
10 # License for the specific language governing permissions and limitations
11 # under the License.
12 
13 # This file handles all flask-restful resources for /v3/role_inferences
14 
15 import flask_restful
16 
17 from keystone.api._shared import implied_roles as shared
18 from keystone.common import provider_api
19 from keystone.common import rbac_enforcer
20 from keystone.server import flask as ks_flask
21 
22 
23 ENFORCER = rbac_enforcer.RBACEnforcer
24 PROVIDERS = provider_api.ProviderAPIs
25 
26 
27 class RoleInferencesResource(flask_restful.Resource):
28  def get(self):
29  """List role inference rules.
30 
31  GET/HEAD /v3/role_inferences
32  """
33  ENFORCER.enforce_call(action='identity:list_role_inference_rules')
34  refs = PROVIDERS.role_api.list_role_inference_rules()
35  role_dict = {role_ref['id']: role_ref
36  for role_ref in PROVIDERS.role_api.list_roles()}
37 
38  rules = dict()
39  for ref in refs:
40  implied_role_id = ref['implied_role_id']
41  prior_role_id = ref['prior_role_id']
42  implied = rules.get(prior_role_id, [])
43  implied.append(
44  shared.build_implied_role_response_data(
45  role_dict[implied_role_id]))
46  rules[prior_role_id] = implied
47 
48  inferences = []
49  for prior_id, implied, in rules.items():
50  prior_response = shared.build_prior_role_response_data(
51  prior_id, role_dict[prior_id]['name'])
52  inferences.append({'prior_role': prior_response,
53  'implies': implied})
54  results = {'role_inferences': inferences}
55  return results
56 
57 
58 class RoleInferencesAPI(ks_flask.APIBase):
59  _name = 'role_inferences'
60  _import_name = __name__
61  resources = []
62  resource_mapping = [
63  ks_flask.construct_resource_map(
64  resource=RoleInferencesResource,
65  url='/role_inferences',
66  resource_kwargs={},
67  rel='role_inferences')
68  ]
69 
70 
71 APIs = (RoleInferencesAPI,)
keystone.api.role_inferences.RoleInferencesAPI
Definition: role_inferences.py:58
keystone.api.role_inferences.RoleInferencesResource
Definition: role_inferences.py:27
keystone.api.role_inferences.RoleInferencesResource.get
def get(self)
Definition: role_inferences.py:28
keystone.server
Definition: __init__.py:1
keystone.common
Definition: __init__.py:1
keystone.api._shared
Definition: __init__.py:1