summaryrefslogtreecommitdiffstats
path: root/keystone-moon/keystone/assignment/routers.py
diff options
context:
space:
mode:
Diffstat (limited to 'keystone-moon/keystone/assignment/routers.py')
-rw-r--r--keystone-moon/keystone/assignment/routers.py246
1 files changed, 246 insertions, 0 deletions
diff --git a/keystone-moon/keystone/assignment/routers.py b/keystone-moon/keystone/assignment/routers.py
new file mode 100644
index 00000000..49549a0b
--- /dev/null
+++ b/keystone-moon/keystone/assignment/routers.py
@@ -0,0 +1,246 @@
+# Copyright 2013 Metacloud, Inc.
+# Copyright 2012 OpenStack Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+"""WSGI Routers for the Assignment service."""
+
+import functools
+
+from oslo_config import cfg
+
+from keystone.assignment import controllers
+from keystone.common import json_home
+from keystone.common import router
+from keystone.common import wsgi
+
+
+CONF = cfg.CONF
+
+build_os_inherit_relation = functools.partial(
+ json_home.build_v3_extension_resource_relation,
+ extension_name='OS-INHERIT', extension_version='1.0')
+
+
+class Public(wsgi.ComposableRouter):
+ def add_routes(self, mapper):
+ tenant_controller = controllers.TenantAssignment()
+ mapper.connect('/tenants',
+ controller=tenant_controller,
+ action='get_projects_for_token',
+ conditions=dict(method=['GET']))
+
+
+class Admin(wsgi.ComposableRouter):
+ def add_routes(self, mapper):
+ # Role Operations
+ roles_controller = controllers.RoleAssignmentV2()
+ mapper.connect('/tenants/{tenant_id}/users/{user_id}/roles',
+ controller=roles_controller,
+ action='get_user_roles',
+ conditions=dict(method=['GET']))
+ mapper.connect('/users/{user_id}/roles',
+ controller=roles_controller,
+ action='get_user_roles',
+ conditions=dict(method=['GET']))
+
+
+class Routers(wsgi.RoutersBase):
+
+ def append_v3_routers(self, mapper, routers):
+
+ project_controller = controllers.ProjectAssignmentV3()
+ self._add_resource(
+ mapper, project_controller,
+ path='/users/{user_id}/projects',
+ get_action='list_user_projects',
+ rel=json_home.build_v3_resource_relation('user_projects'),
+ path_vars={
+ 'user_id': json_home.Parameters.USER_ID,
+ })
+
+ routers.append(
+ router.Router(controllers.RoleV3(), 'roles', 'role',
+ resource_descriptions=self.v3_resources))
+
+ grant_controller = controllers.GrantAssignmentV3()
+ self._add_resource(
+ mapper, grant_controller,
+ path='/projects/{project_id}/users/{user_id}/roles/{role_id}',
+ get_head_action='check_grant',
+ put_action='create_grant',
+ delete_action='revoke_grant',
+ rel=json_home.build_v3_resource_relation('project_user_role'),
+ path_vars={
+ 'project_id': json_home.Parameters.PROJECT_ID,
+ 'role_id': json_home.Parameters.ROLE_ID,
+ 'user_id': json_home.Parameters.USER_ID,
+ })
+ self._add_resource(
+ mapper, grant_controller,
+ path='/projects/{project_id}/groups/{group_id}/roles/{role_id}',
+ get_head_action='check_grant',
+ put_action='create_grant',
+ delete_action='revoke_grant',
+ rel=json_home.build_v3_resource_relation('project_group_role'),
+ path_vars={
+ 'group_id': json_home.Parameters.GROUP_ID,
+ 'project_id': json_home.Parameters.PROJECT_ID,
+ 'role_id': json_home.Parameters.ROLE_ID,
+ })
+ self._add_resource(
+ mapper, grant_controller,
+ path='/projects/{project_id}/users/{user_id}/roles',
+ get_action='list_grants',
+ rel=json_home.build_v3_resource_relation('project_user_roles'),
+ path_vars={
+ 'project_id': json_home.Parameters.PROJECT_ID,
+ 'user_id': json_home.Parameters.USER_ID,
+ })
+ self._add_resource(
+ mapper, grant_controller,
+ path='/projects/{project_id}/groups/{group_id}/roles',
+ get_action='list_grants',
+ rel=json_home.build_v3_resource_relation('project_group_roles'),
+ path_vars={
+ 'group_id': json_home.Parameters.GROUP_ID,
+ 'project_id': json_home.Parameters.PROJECT_ID,
+ })
+ self._add_resource(
+ mapper, grant_controller,
+ path='/domains/{domain_id}/users/{user_id}/roles/{role_id}',
+ get_head_action='check_grant',
+ put_action='create_grant',
+ delete_action='revoke_grant',
+ rel=json_home.build_v3_resource_relation('domain_user_role'),
+ path_vars={
+ 'domain_id': json_home.Parameters.DOMAIN_ID,
+ 'role_id': json_home.Parameters.ROLE_ID,
+ 'user_id': json_home.Parameters.USER_ID,
+ })
+ self._add_resource(
+ mapper, grant_controller,
+ path='/domains/{domain_id}/groups/{group_id}/roles/{role_id}',
+ get_head_action='check_grant',
+ put_action='create_grant',
+ delete_action='revoke_grant',
+ rel=json_home.build_v3_resource_relation('domain_group_role'),
+ path_vars={
+ 'domain_id': json_home.Parameters.DOMAIN_ID,
+ 'group_id': json_home.Parameters.GROUP_ID,
+ 'role_id': json_home.Parameters.ROLE_ID,
+ })
+ self._add_resource(
+ mapper, grant_controller,
+ path='/domains/{domain_id}/users/{user_id}/roles',
+ get_action='list_grants',
+ rel=json_home.build_v3_resource_relation('domain_user_roles'),
+ path_vars={
+ 'domain_id': json_home.Parameters.DOMAIN_ID,
+ 'user_id': json_home.Parameters.USER_ID,
+ })
+ self._add_resource(
+ mapper, grant_controller,
+ path='/domains/{domain_id}/groups/{group_id}/roles',
+ get_action='list_grants',
+ rel=json_home.build_v3_resource_relation('domain_group_roles'),
+ path_vars={
+ 'domain_id': json_home.Parameters.DOMAIN_ID,
+ 'group_id': json_home.Parameters.GROUP_ID,
+ })
+
+ routers.append(
+ router.Router(controllers.RoleAssignmentV3(),
+ 'role_assignments', 'role_assignment',
+ resource_descriptions=self.v3_resources,
+ is_entity_implemented=False))
+
+ if CONF.os_inherit.enabled:
+ self._add_resource(
+ mapper, grant_controller,
+ path='/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/'
+ '{role_id}/inherited_to_projects',
+ get_head_action='check_grant',
+ put_action='create_grant',
+ delete_action='revoke_grant',
+ rel=build_os_inherit_relation(
+ resource_name='domain_user_role_inherited_to_projects'),
+ path_vars={
+ 'domain_id': json_home.Parameters.DOMAIN_ID,
+ 'role_id': json_home.Parameters.ROLE_ID,
+ 'user_id': json_home.Parameters.USER_ID,
+ })
+ self._add_resource(
+ mapper, grant_controller,
+ path='/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/'
+ '{role_id}/inherited_to_projects',
+ get_head_action='check_grant',
+ put_action='create_grant',
+ delete_action='revoke_grant',
+ rel=build_os_inherit_relation(
+ resource_name='domain_group_role_inherited_to_projects'),
+ path_vars={
+ 'domain_id': json_home.Parameters.DOMAIN_ID,
+ 'group_id': json_home.Parameters.GROUP_ID,
+ 'role_id': json_home.Parameters.ROLE_ID,
+ })
+ self._add_resource(
+ mapper, grant_controller,
+ path='/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/'
+ 'inherited_to_projects',
+ get_action='list_grants',
+ rel=build_os_inherit_relation(
+ resource_name='domain_group_roles_inherited_to_projects'),
+ path_vars={
+ 'domain_id': json_home.Parameters.DOMAIN_ID,
+ 'group_id': json_home.Parameters.GROUP_ID,
+ })
+ self._add_resource(
+ mapper, grant_controller,
+ path='/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/'
+ 'inherited_to_projects',
+ get_action='list_grants',
+ rel=build_os_inherit_relation(
+ resource_name='domain_user_roles_inherited_to_projects'),
+ path_vars={
+ 'domain_id': json_home.Parameters.DOMAIN_ID,
+ 'user_id': json_home.Parameters.USER_ID,
+ })
+ self._add_resource(
+ mapper, grant_controller,
+ path='/OS-INHERIT/projects/{project_id}/users/{user_id}/roles/'
+ '{role_id}/inherited_to_projects',
+ get_head_action='check_grant',
+ put_action='create_grant',
+ delete_action='revoke_grant',
+ rel=build_os_inherit_relation(
+ resource_name='project_user_role_inherited_to_projects'),
+ path_vars={
+ 'project_id': json_home.Parameters.PROJECT_ID,
+ 'user_id': json_home.Parameters.USER_ID,
+ 'role_id': json_home.Parameters.ROLE_ID,
+ })
+ self._add_resource(
+ mapper, grant_controller,
+ path='/OS-INHERIT/projects/{project_id}/groups/{group_id}/'
+ 'roles/{role_id}/inherited_to_projects',
+ get_head_action='check_grant',
+ put_action='create_grant',
+ delete_action='revoke_grant',
+ rel=build_os_inherit_relation(
+ resource_name='project_group_role_inherited_to_projects'),
+ path_vars={
+ 'project_id': json_home.Parameters.PROJECT_ID,
+ 'group_id': json_home.Parameters.GROUP_ID,
+ 'role_id': json_home.Parameters.ROLE_ID,
+ })