aboutsummaryrefslogtreecommitdiffstats
path: root/keystone-moon/keystone/oauth1/routers.py
diff options
context:
space:
mode:
authorRuan HE <ruan.he@orange.com>2016-06-09 08:12:34 +0000
committerGerrit Code Review <gerrit@172.30.200.206>2016-06-09 08:12:34 +0000
commit4bc079a2664f9a407e332291f34d174625a9d5ea (patch)
tree7481cd5d0a9b3ce37c44c797a1e0d39881221cbe /keystone-moon/keystone/oauth1/routers.py
parent2f179c5790fbbf6144205d3c6e5089e6eb5f048a (diff)
parent2e7b4f2027a1147ca28301e4f88adf8274b39a1f (diff)
Merge "Update Keystone core to Mitaka."
Diffstat (limited to 'keystone-moon/keystone/oauth1/routers.py')
-rw-r--r--keystone-moon/keystone/oauth1/routers.py154
1 files changed, 154 insertions, 0 deletions
diff --git a/keystone-moon/keystone/oauth1/routers.py b/keystone-moon/keystone/oauth1/routers.py
new file mode 100644
index 00000000..0575b107
--- /dev/null
+++ b/keystone-moon/keystone/oauth1/routers.py
@@ -0,0 +1,154 @@
+# Copyright 2013 OpenStack Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import functools
+
+from keystone.common import json_home
+from keystone.common import wsgi
+from keystone.oauth1 import controllers
+
+
+build_resource_relation = functools.partial(
+ json_home.build_v3_extension_resource_relation,
+ extension_name='OS-OAUTH1', extension_version='1.0')
+
+build_parameter_relation = functools.partial(
+ json_home.build_v3_extension_parameter_relation,
+ extension_name='OS-OAUTH1', extension_version='1.0')
+
+ACCESS_TOKEN_ID_PARAMETER_RELATION = build_parameter_relation(
+ parameter_name='access_token_id')
+
+
+class Routers(wsgi.RoutersBase):
+ """API Endpoints for the OAuth1 extension.
+
+ The goal of this extension is to allow third-party service providers
+ to acquire tokens with a limited subset of a user's roles for acting
+ on behalf of that user. This is done using an oauth-similar flow and
+ api.
+
+ The API looks like::
+
+ # Basic admin-only consumer crud
+ POST /OS-OAUTH1/consumers
+ GET /OS-OAUTH1/consumers
+ PATCH /OS-OAUTH1/consumers/{consumer_id}
+ GET /OS-OAUTH1/consumers/{consumer_id}
+ DELETE /OS-OAUTH1/consumers/{consumer_id}
+
+ # User access token crud
+ GET /users/{user_id}/OS-OAUTH1/access_tokens
+ GET /users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}
+ GET /users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}/roles
+ GET /users/{user_id}/OS-OAUTH1/access_tokens
+ /{access_token_id}/roles/{role_id}
+ DELETE /users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}
+
+ # OAuth interfaces
+ POST /OS-OAUTH1/request_token # create a request token
+ PUT /OS-OAUTH1/authorize # authorize a request token
+ POST /OS-OAUTH1/access_token # create an access token
+
+ """
+
+ def append_v3_routers(self, mapper, routers):
+ consumer_controller = controllers.ConsumerCrudV3()
+ access_token_controller = controllers.AccessTokenCrudV3()
+ access_token_roles_controller = controllers.AccessTokenRolesV3()
+ oauth_controller = controllers.OAuthControllerV3()
+
+ # basic admin-only consumer crud
+ self._add_resource(
+ mapper, consumer_controller,
+ path='/OS-OAUTH1/consumers',
+ get_action='list_consumers',
+ post_action='create_consumer',
+ rel=build_resource_relation(resource_name='consumers'))
+ self._add_resource(
+ mapper, consumer_controller,
+ path='/OS-OAUTH1/consumers/{consumer_id}',
+ get_action='get_consumer',
+ patch_action='update_consumer',
+ delete_action='delete_consumer',
+ rel=build_resource_relation(resource_name='consumer'),
+ path_vars={
+ 'consumer_id':
+ build_parameter_relation(parameter_name='consumer_id'),
+ })
+
+ # user access token crud
+ self._add_resource(
+ mapper, access_token_controller,
+ path='/users/{user_id}/OS-OAUTH1/access_tokens',
+ get_action='list_access_tokens',
+ rel=build_resource_relation(resource_name='user_access_tokens'),
+ path_vars={
+ 'user_id': json_home.Parameters.USER_ID,
+ })
+ self._add_resource(
+ mapper, access_token_controller,
+ path='/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}',
+ get_action='get_access_token',
+ delete_action='delete_access_token',
+ rel=build_resource_relation(resource_name='user_access_token'),
+ path_vars={
+ 'access_token_id': ACCESS_TOKEN_ID_PARAMETER_RELATION,
+ 'user_id': json_home.Parameters.USER_ID,
+ })
+ self._add_resource(
+ mapper, access_token_roles_controller,
+ path='/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}/'
+ 'roles',
+ get_action='list_access_token_roles',
+ rel=build_resource_relation(
+ resource_name='user_access_token_roles'),
+ path_vars={
+ 'access_token_id': ACCESS_TOKEN_ID_PARAMETER_RELATION,
+ 'user_id': json_home.Parameters.USER_ID,
+ })
+ self._add_resource(
+ mapper, access_token_roles_controller,
+ path='/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}/'
+ 'roles/{role_id}',
+ get_action='get_access_token_role',
+ rel=build_resource_relation(
+ resource_name='user_access_token_role'),
+ path_vars={
+ 'access_token_id': ACCESS_TOKEN_ID_PARAMETER_RELATION,
+ 'role_id': json_home.Parameters.ROLE_ID,
+ 'user_id': json_home.Parameters.USER_ID,
+ })
+
+ # oauth flow calls
+ self._add_resource(
+ mapper, oauth_controller,
+ path='/OS-OAUTH1/request_token',
+ post_action='create_request_token',
+ rel=build_resource_relation(resource_name='request_tokens'))
+ self._add_resource(
+ mapper, oauth_controller,
+ path='/OS-OAUTH1/access_token',
+ post_action='create_access_token',
+ rel=build_resource_relation(resource_name='access_tokens'))
+ self._add_resource(
+ mapper, oauth_controller,
+ path='/OS-OAUTH1/authorize/{request_token_id}',
+ path_vars={
+ 'request_token_id':
+ build_parameter_relation(parameter_name='request_token_id')
+ },
+ put_action='authorize_request_token',
+ rel=build_resource_relation(
+ resource_name='authorize_request_token'))