"Fossies" - the Fresh Open Source Software Archive

Member "keystone-17.0.0/keystone/api/policy.py" (13 May 2020, 10810 Bytes) of package /linux/misc/openstack/keystone-17.0.0.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Python source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. For more information about "policy.py" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report: 16.0.1_vs_17.0.0.

    1 #    Licensed under the Apache License, Version 2.0 (the "License"); you may
    2 #    not use this file except in compliance with the License. You may obtain
    3 #    a copy of the License at
    4 #
    5 #         http://www.apache.org/licenses/LICENSE-2.0
    6 #
    7 #    Unless required by applicable law or agreed to in writing, software
    8 #    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
    9 #    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
   10 #    License for the specific language governing permissions and limitations
   11 #    under the License.
   12 
   13 # This file handles all flask-restful resources for /policy
   14 
   15 import flask_restful
   16 import http.client
   17 from oslo_log import versionutils
   18 
   19 from keystone.api._shared import json_home_relations
   20 from keystone.common import json_home
   21 from keystone.common import provider_api
   22 from keystone.common import rbac_enforcer
   23 from keystone.common import validation
   24 from keystone.policy import schema
   25 from keystone.server import flask as ks_flask
   26 
   27 ENFORCER = rbac_enforcer.RBACEnforcer
   28 PROVIDERS = provider_api.ProviderAPIs
   29 
   30 _resource_rel_func = json_home_relations.os_endpoint_policy_resource_rel_func
   31 
   32 
   33 class PolicyResource(ks_flask.ResourceBase):
   34     collection_key = 'policies'
   35     member_key = 'policy'
   36 
   37     def get(self, policy_id=None):
   38         if policy_id:
   39             return self._get_policy(policy_id)
   40         return self._list_policies()
   41 
   42     @versionutils.deprecated(
   43         as_of=versionutils.deprecated.QUEENS,
   44         what='identity:get_policy of the v3 Policy APIs'
   45     )
   46     def _get_policy(self, policy_id):
   47         ENFORCER.enforce_call(action='identity:get_policy')
   48         ref = PROVIDERS.policy_api.get_policy(policy_id)
   49         return self.wrap_member(ref)
   50 
   51     @versionutils.deprecated(
   52         as_of=versionutils.deprecated.QUEENS,
   53         what='identity:list_policies of the v3 Policy APIs'
   54     )
   55     def _list_policies(self):
   56         ENFORCER.enforce_call(action='identity:list_policies')
   57         filters = ['type']
   58         hints = self.build_driver_hints(filters)
   59         refs = PROVIDERS.policy_api.list_policies(hints=hints)
   60         return self.wrap_collection(refs, hints=hints)
   61 
   62     @versionutils.deprecated(
   63         as_of=versionutils.deprecated.QUEENS,
   64         what='identity:create_policy of the v3 Policy APIs'
   65     )
   66     def post(self):
   67         ENFORCER.enforce_call(action='identity:create_policy')
   68         policy_body = self.request_body_json.get('policy', {})
   69         validation.lazy_validate(schema.policy_create, policy_body)
   70         policy = self._assign_unique_id(self._normalize_dict(policy_body))
   71 
   72         ref = PROVIDERS.policy_api.create_policy(
   73             policy['id'], policy, initiator=self.audit_initiator
   74         )
   75         return self.wrap_member(ref), http.client.CREATED
   76 
   77     @versionutils.deprecated(
   78         as_of=versionutils.deprecated.QUEENS,
   79         what='identity:update_policy of the v3 Policy APIs'
   80     )
   81     def patch(self, policy_id):
   82         ENFORCER.enforce_call(action='identity:update_policy')
   83         policy_body = self.request_body_json.get('policy', {})
   84         validation.lazy_validate(schema.policy_update, policy_body)
   85 
   86         ref = PROVIDERS.policy_api.update_policy(
   87             policy_id, policy_body, initiator=self.audit_initiator
   88         )
   89         return self.wrap_member(ref)
   90 
   91     @versionutils.deprecated(
   92         as_of=versionutils.deprecated.QUEENS,
   93         what='identity:delete_policy of the v3 Policy APIs'
   94     )
   95     def delete(self, policy_id):
   96         ENFORCER.enforce_call(action='identity:delete_policy')
   97         res = PROVIDERS.policy_api.delete_policy(
   98             policy_id, initiator=self.audit_initiator
   99         )
  100         return (res, http.client.NO_CONTENT)
  101 
  102 
  103 class EndpointPolicyResource(flask_restful.Resource):
  104 
  105     def get(self, policy_id):
  106         ENFORCER.enforce_call(action='identity:list_endpoints_for_policy')
  107         PROVIDERS.policy_api.get_policy(policy_id)
  108         endpoints = PROVIDERS.endpoint_policy_api.list_endpoints_for_policy(
  109             policy_id
  110         )
  111         self._remove_legacy_ids(endpoints)
  112         return ks_flask.ResourceBase.wrap_collection(
  113             endpoints, collection_name='endpoints'
  114         )
  115 
  116     def _remove_legacy_ids(self, endpoints):
  117         for endpoint in endpoints:
  118             endpoint.pop('legacy_endpoint_id', None)
  119 
  120 
  121 class EndpointPolicyAssociations(flask_restful.Resource):
  122 
  123     def get(self, policy_id, endpoint_id):
  124         action = 'identity:check_policy_association_for_endpoint'
  125         ENFORCER.enforce_call(action=action)
  126         PROVIDERS.policy_api.get_policy(policy_id)
  127         PROVIDERS.catalog_api.get_endpoint(endpoint_id)
  128         PROVIDERS.endpoint_policy_api.check_policy_association(
  129             policy_id, endpoint_id=endpoint_id
  130         )
  131         return None, http.client.NO_CONTENT
  132 
  133     def put(self, policy_id, endpoint_id):
  134         action = 'identity:create_policy_association_for_endpoint'
  135         ENFORCER.enforce_call(action=action)
  136         PROVIDERS.policy_api.get_policy(policy_id)
  137         PROVIDERS.catalog_api.get_endpoint(endpoint_id)
  138         PROVIDERS.endpoint_policy_api.create_policy_association(
  139             policy_id, endpoint_id=endpoint_id
  140         )
  141         return None, http.client.NO_CONTENT
  142 
  143     def delete(self, policy_id, endpoint_id):
  144         action = 'identity:delete_policy_association_for_endpoint'
  145         ENFORCER.enforce_call(action=action)
  146         PROVIDERS.policy_api.get_policy(policy_id)
  147         PROVIDERS.catalog_api.get_endpoint(endpoint_id)
  148         PROVIDERS.endpoint_policy_api.delete_policy_association(
  149             policy_id, endpoint_id=endpoint_id
  150         )
  151         return None, http.client.NO_CONTENT
  152 
  153 
  154 class ServicePolicyAssociations(flask_restful.Resource):
  155 
  156     def get(self, policy_id, service_id):
  157         action = 'identity:check_policy_association_for_service'
  158         ENFORCER.enforce_call(action=action)
  159         PROVIDERS.policy_api.get_policy(policy_id)
  160         PROVIDERS.catalog_api.get_service(service_id)
  161         PROVIDERS.endpoint_policy_api.check_policy_association(
  162             policy_id, service_id=service_id
  163         )
  164         return None, http.client.NO_CONTENT
  165 
  166     def put(self, policy_id, service_id):
  167         action = 'identity:create_policy_association_for_service'
  168         ENFORCER.enforce_call(action=action)
  169         PROVIDERS.policy_api.get_policy(policy_id)
  170         PROVIDERS.catalog_api.get_service(service_id)
  171         PROVIDERS.endpoint_policy_api.create_policy_association(
  172             policy_id, service_id=service_id
  173         )
  174         return None, http.client.NO_CONTENT
  175 
  176     def delete(self, policy_id, service_id):
  177         action = 'identity:delete_policy_association_for_service'
  178         ENFORCER.enforce_call(action=action)
  179         PROVIDERS.policy_api.get_policy(policy_id)
  180         PROVIDERS.catalog_api.get_service(service_id)
  181         PROVIDERS.endpoint_policy_api.delete_policy_association(
  182             policy_id, service_id=service_id
  183         )
  184         return None, http.client.NO_CONTENT
  185 
  186 
  187 class ServiceRegionPolicyAssociations(flask_restful.Resource):
  188 
  189     def get(self, policy_id, service_id, region_id):
  190         action = 'identity:check_policy_association_for_region_and_service'
  191         ENFORCER.enforce_call(action=action)
  192         PROVIDERS.policy_api.get_policy(policy_id)
  193         PROVIDERS.catalog_api.get_service(service_id)
  194         PROVIDERS.catalog_api.get_region(region_id)
  195         PROVIDERS.endpoint_policy_api.check_policy_association(
  196             policy_id, service_id=service_id, region_id=region_id
  197         )
  198         return None, http.client.NO_CONTENT
  199 
  200     def put(self, policy_id, service_id, region_id):
  201         action = 'identity:create_policy_association_for_region_and_service'
  202         ENFORCER.enforce_call(action=action)
  203         PROVIDERS.policy_api.get_policy(policy_id)
  204         PROVIDERS.catalog_api.get_service(service_id)
  205         PROVIDERS.catalog_api.get_region(region_id)
  206         PROVIDERS.endpoint_policy_api.create_policy_association(
  207             policy_id, service_id=service_id, region_id=region_id
  208         )
  209         return None, http.client.NO_CONTENT
  210 
  211     def delete(self, policy_id, service_id, region_id):
  212         action = 'identity:delete_policy_association_for_region_and_service'
  213         ENFORCER.enforce_call(action=action)
  214         PROVIDERS.policy_api.get_policy(policy_id)
  215         PROVIDERS.catalog_api.get_service(service_id)
  216         PROVIDERS.catalog_api.get_region(region_id)
  217         PROVIDERS.endpoint_policy_api.delete_policy_association(
  218             policy_id, service_id=service_id, region_id=region_id
  219         )
  220         return None, http.client.NO_CONTENT
  221 
  222 
  223 class PolicyAPI(ks_flask.APIBase):
  224     _name = 'policy'
  225     _import_name = __name__
  226     resources = [PolicyResource]
  227     resource_mapping = [
  228         ks_flask.construct_resource_map(
  229             resource=EndpointPolicyResource,
  230             url='/policies/<string:policy_id>/OS-ENDPOINT-POLICY/endpoints',
  231             resource_kwargs={},
  232             rel='policy_endpoints',
  233             path_vars={'policy_id': json_home.Parameters.POLICY_ID},
  234             resource_relation_func=_resource_rel_func
  235         ),
  236         ks_flask.construct_resource_map(
  237             resource=EndpointPolicyAssociations,
  238             url=('/policies/<string:policy_id>/OS-ENDPOINT-POLICY/'
  239                  'endpoints/<string:endpoint_id>'),
  240             resource_kwargs={},
  241             rel='endpoint_policy_association',
  242             path_vars={
  243                 'policy_id': json_home.Parameters.POLICY_ID,
  244                 'endpoint_id': json_home.Parameters.ENDPOINT_ID
  245             },
  246             resource_relation_func=_resource_rel_func
  247         ),
  248         ks_flask.construct_resource_map(
  249             resource=ServicePolicyAssociations,
  250             url=('/policies/<string:policy_id>/OS-ENDPOINT-POLICY/'
  251                  'services/<string:service_id>'),
  252             resource_kwargs={},
  253             rel='service_policy_association',
  254             path_vars={
  255                 'policy_id': json_home.Parameters.POLICY_ID,
  256                 'service_id': json_home.Parameters.SERVICE_ID
  257             },
  258             resource_relation_func=_resource_rel_func
  259         ),
  260         ks_flask.construct_resource_map(
  261             resource=ServiceRegionPolicyAssociations,
  262             url=('/policies/<string:policy_id>/OS-ENDPOINT-POLICY/'
  263                  'services/<string:service_id>/regions/<string:region_id>'),
  264             resource_kwargs={},
  265             rel='region_and_service_policy_association',
  266             path_vars={
  267                 'policy_id': json_home.Parameters.POLICY_ID,
  268                 'service_id': json_home.Parameters.SERVICE_ID,
  269                 'region_id': json_home.Parameters.REGION_ID
  270             },
  271             resource_relation_func=_resource_rel_func
  272         )
  273     ]
  274 
  275 
  276 APIs = (PolicyAPI,)