diff options
Diffstat (limited to 'keystone-moon/keystone')
-rw-r--r-- | keystone-moon/keystone/common/config.py | 27 | ||||
-rw-r--r-- | keystone-moon/keystone/contrib/moon/core.py | 106 | ||||
-rw-r--r-- | keystone-moon/keystone/contrib/moon/routers.py | 816 | ||||
-rw-r--r-- | keystone-moon/keystone/contrib/moon/service.py | 57 | ||||
-rw-r--r-- | keystone-moon/keystone/contrib/moon/wsgi.py | 8 |
5 files changed, 526 insertions, 488 deletions
diff --git a/keystone-moon/keystone/common/config.py b/keystone-moon/keystone/common/config.py index 4ba740fe..b42b29d6 100644 --- a/keystone-moon/keystone/common/config.py +++ b/keystone-moon/keystone/common/config.py @@ -1173,34 +1173,7 @@ FILE_OPTIONS = { deprecated_name='cert_required', deprecated_group='ssl', deprecated_for_removal=True, help='Require client certificate.'), - ], - 'moon': [ - cfg.StrOpt('configuration_driver', - default='keystone.contrib.moon.backends.memory.ConfigurationConnector', - help='Configuration backend driver.'), - cfg.StrOpt('tenant_driver', - default='keystone.contrib.moon.backends.sql.TenantConnector', - help='Tenant backend driver.'), - cfg.StrOpt('authz_driver', - default='keystone.contrib.moon.backends.flat.SuperExtensionConnector', - help='Authorisation backend driver.'), - cfg.StrOpt('intraextension_driver', - default='keystone.contrib.moon.backends.sql.IntraExtensionConnector', - help='IntraExtension backend driver.'), - cfg.StrOpt('interextension_driver', - default='keystone.contrib.moon.backends.sql.InterExtensionConnector', - help='InterExtension backend driver.'), - cfg.StrOpt('log_driver', - default='keystone.contrib.moon.backends.flat.LogConnector', - help='Logs backend driver.'), - cfg.StrOpt('policy_directory', - default='/etc/keystone/policies', - help='Local directory where all policies are stored.'), - cfg.StrOpt('root_policy_directory', - default='policy_root', - help='Local directory where Root IntraExtension configuration is stored.'), ] - } diff --git a/keystone-moon/keystone/contrib/moon/core.py b/keystone-moon/keystone/contrib/moon/core.py index 8e19ff81..ddc88fb8 100644 --- a/keystone-moon/keystone/contrib/moon/core.py +++ b/keystone-moon/keystone/contrib/moon/core.py @@ -27,20 +27,35 @@ from keystone.contrib.moon.algorithms import * CONF = cfg.CONF LOG = log.getLogger(__name__) -EXTENSION_DATA = { - 'name': 'OpenStack Moon APIs', - 'namespace': 'http://docs.openstack.org/identity/api/ext/' - 'OS-MOON', - 'alias': 'OS-MOON', - 'updated': '2015-09-02T12:00:0-00:00', - 'description': 'OpenStack Authorization Providers Mechanism.', - 'links': [{ - 'rel': 'describedby', - 'type': 'text/html', - 'href': 'https://git.opnfv.org/moon.git' - }]} -extension.register_admin_extension(EXTENSION_DATA['alias'], EXTENSION_DATA) -extension.register_public_extension(EXTENSION_DATA['alias'], EXTENSION_DATA) +OPTS = [ + cfg.StrOpt('configuration_driver', + default='keystone.contrib.moon.backends.memory.ConfigurationConnector', + help='Configuration backend driver.'), + cfg.StrOpt('tenant_driver', + default='keystone.contrib.moon.backends.sql.TenantConnector', + help='Tenant backend driver.'), + cfg.StrOpt('authz_driver', + default='keystone.contrib.moon.backends.flat.SuperExtensionConnector', + help='Authorisation backend driver.'), + cfg.StrOpt('intraextension_driver', + default='keystone.contrib.moon.backends.sql.IntraExtensionConnector', + help='IntraExtension backend driver.'), + cfg.StrOpt('interextension_driver', + default='keystone.contrib.moon.backends.sql.InterExtensionConnector', + help='InterExtension backend driver.'), + cfg.StrOpt('log_driver', + default='keystone.contrib.moon.backends.flat.LogConnector', + help='Logs backend driver.'), + cfg.StrOpt('policy_directory', + default='/etc/keystone/policies', + help='Local directory where all policies are stored.'), + cfg.StrOpt('root_policy_directory', + default='policy_root', + help='Local directory where Root IntraExtension configuration is stored.'), +] + +for option in OPTS: + CONF.register_opt(option, group="moon") def filter_input(func_or_str): @@ -150,7 +165,7 @@ def enforce(action_names, object_name, **extra): else: # id is not a known tenant ID, so we must check against the Root intra_extension intra_extension_id = intra_root_extension_id - LOG.warning("Cannot emanager because the intra-extension is unknown (fallback to the root intraextension)") + LOG.warning("Cannot manage because the intra-extension is unknown (fallback to the root intraextension)") for _tenant_id in tenants_dict: if tenants_dict[_tenant_id]['intra_authz_extension_id'] == intra_extension_id or \ tenants_dict[_tenant_id]['intra_admin_extension_id'] == intra_extension_id: @@ -369,18 +384,6 @@ class TenantManager(manager.Manager): self.moonlog_api.debug("add_tenant_dict {}".format(tenant_dict)) if 'intra_admin_extension_id' in tenant_dict and tenant_dict['intra_admin_extension_id']: if 'intra_authz_extension_id' in tenant_dict and tenant_dict['intra_authz_extension_id']: - # authz_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id']) - # admin_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id']) - # for _subject_id in authz_subjects_dict: - # if _subject_id not in admin_subjects_dict: - # self.admin_api.add_subject_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id'], authz_subjects_dict[_subject_id]) - # for _subject_id in admin_subjects_dict: - # if _subject_id not in authz_subjects_dict: - # self.admin_api.add_subject_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id'], admin_subjects_dict[_subject_id]) - - # TODO (ateroide): check whether we can replace the below code by the above one - # NOTE (ateroide): at a first glance: no, subject_id changes depending on which intra_extesion is used - # we must use name which is constant. authz_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.root_admin_id, tenant_dict['intra_authz_extension_id']) authz_subject_names_list = [authz_subjects_dict[subject_id]["name"] for subject_id in authz_subjects_dict] admin_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.root_admin_id, tenant_dict['intra_admin_extension_id']) @@ -440,10 +443,8 @@ class IntraExtensionManager(manager.Manager): def __init__(self): super(IntraExtensionManager, self).__init__(CONF.moon.intraextension_driver) - # self.root_admin_id = self.__compute_admin_id_for_root_extension() self._root_admin_id = None self._root_extension_id = None - # self.__init_aggregation_algorithm() def __init_root(self, root_extension_id=None): LOG.debug("__init_root {}".format(root_extension_id)) @@ -490,12 +491,6 @@ class IntraExtensionManager(manager.Manager): LOG.debug("self.driver.get_intra_extensions_dict()={}".format(self.driver.get_intra_extensions_dict())) return {self.root_extension_id: self.driver.get_intra_extensions_dict()[self.root_extension_id]} - # def __compute_admin_id_for_root_extension(self): - # for subject_id, subject_dict in self.driver.get_subjects_dict(self.root_extension_id).iteritems(): - # if subject_dict["name"] == "admin": - # return subject_id - # raise RootExtensionNotInitialized() - def get_root_extension_id(self): extensions = self.driver.get_intra_extensions_dict() for extension_id, extension_dict in extensions.iteritems(): @@ -507,15 +502,6 @@ class IntraExtensionManager(manager.Manager): raise IntraExtensionCreationError("The root extension is not created.") return extension['id'] - # def __init_aggregation_algorithm(self): - # try: - # self._root_extension_id = self.get_root_extension_id() - # self.aggregation_algorithm_dict = self.configuration_api.get_aggregation_algorithms_dict(self.root_extension_id) - # except AttributeError as e: - # LOG.warning("Error on init_aggregation_algorithm ({})".format(e)) - # self._root_extension_id = None - # self.aggregation_algorithm_dict = {} - def __get_authz_buffer(self, intra_extension_id, subject_id, object_id, action_id): """ :param intra_extension_id: @@ -602,8 +588,6 @@ class IntraExtensionManager(manager.Manager): meta_rule_dict[sub_meta_rule_id], self.driver.get_rules_dict(intra_extension_id, sub_meta_rule_id).values()) - # if not self.root_extension_id: - # self.__init_aggregation_algorithm() aggregation_algorithm_id = self.driver.get_aggregation_algorithm_id(intra_extension_id)['aggregation_algorithm'] if self.aggregation_algorithm_dict[aggregation_algorithm_id]['name'] == 'all_true': decision = all_true(decision_buffer) @@ -637,32 +621,15 @@ class IntraExtensionManager(manager.Manager): f = open(metadata_path) json_perimeter = json.load(f) - # subject_categories_dict = dict() for _cat in json_perimeter['subject_categories']: self.driver.set_subject_category_dict(intra_extension_dict["id"], uuid4().hex, {"name": _cat, "description": _cat}) - # Initialize scope categories - # for _cat in subject_categories_dict.keys(): - # self.driver.set_subject_scope_dict(intra_extension_dict["id"], _cat, {}) - # intra_extension_dict['subject_categories'] = subject_categories_dict - - # object_categories_dict = dict() for _cat in json_perimeter['object_categories']: self.driver.set_object_category_dict(intra_extension_dict["id"], uuid4().hex, {"name": _cat, "description": _cat}) - # Initialize scope categories - # for _cat in object_categories_dict.keys(): - # self.driver.set_object_scope_dict(intra_extension_dict["id"], _cat, {}) - # intra_extension_dict['object_categories'] = object_categories_dict - - # action_categories_dict = dict() for _cat in json_perimeter['action_categories']: self.driver.set_action_category_dict(intra_extension_dict["id"], uuid4().hex, {"name": _cat, "description": _cat}) - # Initialize scope categories - # for _cat in action_categories_dict.keys(): - # self.driver.set_action_scope_dict(intra_extension_dict["id"], _cat, {}) - # intra_extension_dict['action_categories'] = action_categories_dict def __load_perimeter_file(self, intra_extension_dict, policy_dir): @@ -805,7 +772,6 @@ class IntraExtensionManager(manager.Manager): metadata_path = os.path.join(policy_dir, 'metarule.json') f = open(metadata_path) json_metarule = json.load(f) - # ie["meta_rules"] = copy.deepcopy(json_metarule) metarule = dict() categories = { "subject_categories": self.driver.SUBJECT_CATEGORY, @@ -847,13 +813,10 @@ class IntraExtensionManager(manager.Manager): sub_rule_id = self.driver.get_uuid_from_name(intra_extension_dict["id"], sub_rule_name, self.driver.SUB_META_RULE) - # if sub_rule_name not in self.get_sub_meta_rule_relations("admin", ie["id"])["sub_meta_rule_relations"]: - # raise IntraExtensionException("Bad sub_rule_name name {} in rules".format(sub_rule_name)) rules[sub_rule_id] = list() for rule in json_rules[sub_rule_name]: subrule = list() _rule = list(rule) - # sub_rule_id = self.driver.get_uuid_from_name(intra_extension_dict["id"], sub_rule_name, self.driver.SUB_META_RULE) for category_uuid in sub_meta_rules[sub_rule_id]["subject_categories"]: scope_name = _rule.pop(0) scope_uuid = self.driver.get_uuid_from_name(intra_extension_dict["id"], @@ -881,7 +844,6 @@ class IntraExtensionManager(manager.Manager): else: # if value doesn't exist add a default value subrule.append(True) - # rules[sub_rule_id].append(subrule) self.driver.set_rule_dict(intra_extension_dict["id"], sub_rule_id, uuid4().hex, subrule) @enforce(("read", "write"), "intra_extensions") @@ -914,11 +876,6 @@ class IntraExtensionManager(manager.Manager): # Note (asteroide): Only one root Extension is authorized # and this extension is created at the very beginning of the server # so we don't need to use enforce here - # if self.get_root_extension_id(): - # # for ext in self.driver.get_intra_extensions_dict(): - # # Note (asteroide): if there is at least one Intra Extension, it implies that - # # the Root Intra Extension had already been created... - # return extensions = self.driver.get_intra_extensions_dict() for extension_id, extension_dict in extensions.iteritems(): if extension_dict["name"] == CONF.moon.root_policy_directory: @@ -930,10 +887,7 @@ class IntraExtensionManager(manager.Manager): ie_dict["genre"] = "admin" ie_dict["description"] = "policy_root" ref = self.driver.set_intra_extension_dict(ie_dict['id'], ie_dict) - # try: self.moonlog_api.debug("Creation of root IE: {}".format(ref)) - # except AttributeError: - # LOG.debug("Creation of root IE: {}".format(ref)) # read the template given by "model" and populate default variables template_dir = os.path.join(CONF.moon.policy_directory, ie_dict["model"]) diff --git a/keystone-moon/keystone/contrib/moon/routers.py b/keystone-moon/keystone/contrib/moon/routers.py index fd1c0adf..fd821a49 100644 --- a/keystone-moon/keystone/contrib/moon/routers.py +++ b/keystone-moon/keystone/contrib/moon/routers.py @@ -12,11 +12,14 @@ from oslo_log import log LOG = log.getLogger(__name__) -class Routers(wsgi.V3ExtensionRouter): +class Routers(wsgi.ComposableRouter): """API Endpoints for the Moon extension. """ - PATH_PREFIX = '/OS-MOON' + PATH_PREFIX = '' + + def __init__(self, description): + self.description = description @staticmethod def _get_rel(component): @@ -34,419 +37,462 @@ class Routers(wsgi.V3ExtensionRouter): tenants_controller = controllers.Tenants() logs_controller = controllers.Logs() inter_ext_controller = controllers.InterExtensions() + # Configuration route - self._add_resource( - mapper, configuration_controller, - path=self.PATH_PREFIX+'/configuration/templates', - get_action='get_policy_templates', - rel=self._get_rel('templates'), - path_vars={}) - self._add_resource( - mapper, configuration_controller, - path=self.PATH_PREFIX+'/configuration/aggregation_algorithms', - get_action='get_aggregation_algorithms', - rel=self._get_rel('aggregation_algorithms'), - path_vars={}) - self._add_resource( - mapper, configuration_controller, - path=self.PATH_PREFIX+'/configuration/sub_meta_rule_algorithms', - get_action='get_sub_meta_rule_algorithms', - rel=self._get_rel('sub_meta_rule_algorithms'), - path_vars={}) + mapper.connect( + self.PATH_PREFIX+'/configuration/templates', + controller=configuration_controller, + action='get_policy_templates', + conditions=dict(method=['GET'])) + mapper.connect( + self.PATH_PREFIX+'/configuration/aggregation_algorithms', + controller=configuration_controller, + action='get_aggregation_algorithms', + conditions=dict(method=['GET'])) + mapper.connect( + self.PATH_PREFIX+'/configuration/sub_meta_rule_algorithms', + controller=configuration_controller, + action='get_sub_meta_rule_algorithms', + conditions=dict(method=['GET'])) # Tenants route - self._add_resource( - mapper, tenants_controller, - path=self.PATH_PREFIX+'/tenants', - get_action='get_tenants', - post_action='add_tenant', - rel=self._get_rel('tenants'), - path_vars={}) - self._add_resource( - mapper, tenants_controller, - path=self.PATH_PREFIX+'/tenants/{tenant_id}', - get_action='get_tenant', - delete_action='del_tenant', - post_action='set_tenant', - rel=self._get_rel('tenants'), - path_vars={ - 'tenant_id': self._get_path('tenants'), - }) + mapper.connect( + self.PATH_PREFIX+'/tenants', + controller=tenants_controller, + action='get_tenants', + conditions=dict(method=['GET'])) + mapper.connect( + self.PATH_PREFIX+'/tenants', + controller=tenants_controller, + action='add_tenant', + conditions=dict(method=['POST'])) + mapper.connect( + self.PATH_PREFIX+'/tenants/{tenant_id}', + controller=tenants_controller, + action='get_tenant', + conditions=dict(method=['GET'])) + mapper.connect( + self.PATH_PREFIX+'/tenants/{tenant_id}', + controller=tenants_controller, + action='del_tenant', + conditions=dict(method=['DELETE'])) + mapper.connect( + self.PATH_PREFIX+'/tenants/{tenant_id}', + controller=tenants_controller, + action='set_tenant', + conditions=dict(method=['POST'])) # Authz route - self._add_resource( - mapper, authz_controller, - path=self.PATH_PREFIX+'/authz/{tenant_id}/{subject_k_id}/{object_name}/{action_name}', - get_action='get_authz', - rel=self._get_rel('authz'), - path_vars={ - 'tenant_id': self._get_path('tenants'), - 'subject_k_id': self._get_path('subjects'), - 'object_name': self._get_path('objects'), - 'action_name': self._get_path('actions'), - }) + mapper.connect( + self.PATH_PREFIX+'/authz/{tenant_id}/{subject_k_id}/{object_name}/{action_name}', + controller=authz_controller, + action='get_authz', + conditions=dict(method=['GET'])) # IntraExtensions/Admin route - self._add_resource( - mapper, intra_ext_controller, - path=self.PATH_PREFIX+'/intra_extensions/init', - get_action='load_root_intra_extension', - rel=self._get_rel('intra_extensions'), - path_vars={}) - self._add_resource( - mapper, intra_ext_controller, - path=self.PATH_PREFIX+'/intra_extensions', - get_action='get_intra_extensions', - post_action='add_intra_extension', - rel=self._get_rel('intra_extensions'), - path_vars={}) - self._add_resource( - mapper, intra_ext_controller, - path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}', - get_action='get_intra_extension', - delete_action='del_intra_extension', - post_action='set_intra_extension', - rel=self._get_rel('intra_extensions'), - path_vars={ - 'intra_extension_id': self._get_path('intra_extensions'), - }) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/init', + controller=intra_ext_controller, + action='load_root_intra_extension', + conditions=dict(method=['GET'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions', + controller=intra_ext_controller, + action='get_intra_extensions', + conditions=dict(method=['GET'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions', + controller=intra_ext_controller, + action='add_intra_extension', + conditions=dict(method=['POST'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}', + controller=intra_ext_controller, + action='get_intra_extension', + conditions=dict(method=['GET'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}', + controller=intra_ext_controller, + action='set_intra_extension', + conditions=dict(method=['POST'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}', + controller=intra_ext_controller, + action='del_intra_extension', + conditions=dict(method=['DELETE'])) # Metadata route - self._add_resource( - mapper, intra_ext_controller, - path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/subject_categories', - get_action='get_subject_categories', - post_action='add_subject_category', - rel=self._get_rel('subject_categories'), - path_vars={ - 'intra_extension_id': self._get_path('intra_extensions'), - }) - self._add_resource( - mapper, intra_ext_controller, - path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/subject_categories/{subject_category_id}', - get_action='get_subject_category', - delete_action='del_subject_category', - post_action='set_subject_category', - rel=self._get_rel('subject_categories'), - path_vars={ - 'intra_extension_id': self._get_path('intra_extensions'), - }) - self._add_resource( - mapper, intra_ext_controller, - path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/object_categories', - get_action='get_object_categories', - post_action='add_object_category', - rel=self._get_rel('object_categories'), - path_vars={ - 'intra_extension_id': self._get_path('intra_extensions'), - }) - self._add_resource( - mapper, intra_ext_controller, - path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/object_categories/{object_category_id}', - get_action='get_object_category', - delete_action='del_object_category', - post_action='set_object_category', - rel=self._get_rel('object_categories'), - path_vars={ - 'intra_extension_id': self._get_path('intra_extensions'), - }) - self._add_resource( - mapper, intra_ext_controller, - path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/action_categories', - get_action='get_action_categories', - post_action='add_action_category', - rel=self._get_rel('action_categories'), - path_vars={ - 'intra_extension_id': self._get_path('intra_extensions'), - }) - self._add_resource( - mapper, intra_ext_controller, - path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/action_categories/{action_category_id}', - get_action='get_action_category', - delete_action='del_action_category', - post_action='set_action_category', - rel=self._get_rel('action_categories'), - path_vars={ - 'intra_extension_id': self._get_path('intra_extensions'), - }) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/subject_categories', + controller=intra_ext_controller, + action='get_subject_categories', + conditions=dict(method=['GET'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/subject_categories', + controller=intra_ext_controller, + action='add_subject_category', + conditions=dict(method=['POST'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/subject_categories/{subject_category_id}', + controller=intra_ext_controller, + action='get_subject_category', + conditions=dict(method=['GET'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/subject_categories/{subject_category_id}', + controller=intra_ext_controller, + action='del_subject_category', + conditions=dict(method=['DELETE'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/subject_categories/{subject_category_id}', + controller=intra_ext_controller, + action='set_subject_category', + conditions=dict(method=['POST'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/object_categories', + controller=intra_ext_controller, + action='get_object_categories', + conditions=dict(method=['GET'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/object_categories', + controller=intra_ext_controller, + action='add_object_category', + conditions=dict(method=['POST'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/object_categories/{object_category_id}', + controller=intra_ext_controller, + action='get_object_category', + conditions=dict(method=['GET'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/object_categories/{object_category_id}', + controller=intra_ext_controller, + action='del_object_category', + conditions=dict(method=['DELETE'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/object_categories/{object_category_id}', + controller=intra_ext_controller, + action='set_object_category', + conditions=dict(method=['POST'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/action_categories', + controller=intra_ext_controller, + action='get_action_categories', + conditions=dict(method=['GET'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/action_categories', + controller=intra_ext_controller, + action='add_action_category', + conditions=dict(method=['POST'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/action_categories/{action_category_id}', + controller=intra_ext_controller, + action='get_action_category', + conditions=dict(method=['GET'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/action_categories/{action_category_id}', + controller=intra_ext_controller, + action='del_action_category', + conditions=dict(method=['DELETE'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/action_categories/{action_category_id}', + controller=intra_ext_controller, + action='set_action_category', + conditions=dict(method=['POST'])) # Perimeter route - self._add_resource( - mapper, intra_ext_controller, - path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/subjects', - get_action='get_subjects', - post_action='add_subject', - rel=self._get_rel('subjects'), - path_vars={ - 'intra_extension_id': self._get_path('intra_extensions'), - }) - self._add_resource( - mapper, intra_ext_controller, - path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/subjects/{subject_id}', - get_action='get_subject', - delete_action='del_subject', - post_action='set_subject', - rel=self._get_rel('subjects'), - path_vars={ - 'intra_extension_id': self._get_path('intra_extensions'), - }) - self._add_resource( - mapper, intra_ext_controller, - path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/objects', - get_action='get_objects', - post_action='add_object', - rel=self._get_rel('subjects'), - path_vars={ - 'intra_extension_id': self._get_path('intra_extensions'), - }) - self._add_resource( - mapper, intra_ext_controller, - path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/objects/{object_id}', - get_action='get_object', - delete_action='del_object', - post_action='set_object', - rel=self._get_rel('objects'), - path_vars={ - 'intra_extension_id': self._get_path('intra_extensions'), - }) - self._add_resource( - mapper, intra_ext_controller, - path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/actions', - get_action='get_actions', - post_action='add_action', - rel=self._get_rel('actions'), - path_vars={ - 'intra_extension_id': self._get_path('intra_extensions'), - }) - self._add_resource( - mapper, intra_ext_controller, - path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/actions/{action_id}', - get_action='get_action', - delete_action='del_action', - post_action='set_action', - rel=self._get_rel('actions'), - path_vars={ - 'intra_extension_id': self._get_path('intra_extensions'), - }) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/subjects', + controller=intra_ext_controller, + action='get_subjects', + conditions=dict(method=['GET'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/subjects', + controller=intra_ext_controller, + action='add_subject', + conditions=dict(method=['POST'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/subjects/{subject_id}', + controller=intra_ext_controller, + action='get_subject', + conditions=dict(method=['GET'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/subjects/{subject_id}', + controller=intra_ext_controller, + action='del_subject', + conditions=dict(method=['DELETE'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/subjects/{subject_id}', + controller=intra_ext_controller, + action='set_subject', + conditions=dict(method=['POST'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/objects', + controller=intra_ext_controller, + action='get_objects', + conditions=dict(method=['GET'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/objects', + controller=intra_ext_controller, + action='add_object', + conditions=dict(method=['POST'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/objects/{object_id}', + controller=intra_ext_controller, + action='get_object', + conditions=dict(method=['GET'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/objects/{object_id}', + controller=intra_ext_controller, + action='del_object', + conditions=dict(method=['DELETE'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/objects/{object_id}', + controller=intra_ext_controller, + action='set_object', + conditions=dict(method=['POST'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/actions', + controller=intra_ext_controller, + action='get_actions', + conditions=dict(method=['GET'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/actions', + controller=intra_ext_controller, + action='add_action', + conditions=dict(method=['POST'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/actions/{action_id}', + controller=intra_ext_controller, + action='get_action', + conditions=dict(method=['GET'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/actions/{action_id}', + controller=intra_ext_controller, + action='del_action', + conditions=dict(method=['DELETE'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/actions/{action_id}', + controller=intra_ext_controller, + action='set_action', + conditions=dict(method=['POST'])) # Scope route - self._add_resource( - mapper, intra_ext_controller, - path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/subject_scopes/{subject_category_id}', - get_action='get_subject_scopes', - post_action='add_subject_scope', - rel=self._get_rel('subject_scope'), - path_vars={ - 'intra_extension_id': self._get_path('intra_extensions'), - }) - self._add_resource( - mapper, intra_ext_controller, - path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/subject_scopes/{subject_category_id}/{subject_scope_id}', - get_action='get_subject_scope', - delete_action='del_subject_scope', - post_action='set_subject_scope', - rel=self._get_rel('subject_scope'), - path_vars={ - 'intra_extension_id': self._get_path('intra_extensions'), - }) - self._add_resource( - mapper, intra_ext_controller, - path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/object_scopes/{object_category_id}', - get_action='get_object_scopes', - post_action='add_object_scope', - rel=self._get_rel('object_scope'), - path_vars={ - 'intra_extension_id': self._get_path('intra_extensions'), - }) - self._add_resource( - mapper, intra_ext_controller, - path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/object_scopes/{object_category_id}/{object_scope_id}', - get_action='get_object_scope', - delete_action='del_object_scope', - post_action='set_object_scope', - rel=self._get_rel('object_scope'), - path_vars={ - 'intra_extension_id': self._get_path('intra_extensions'), - }) - self._add_resource( - mapper, intra_ext_controller, - path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/action_scopes/{action_category_id}', - get_action='get_action_scopes', - post_action='add_action_scope', - rel=self._get_rel('action_scope'), - path_vars={ - 'intra_extension_id': self._get_path('intra_extensions'), - }) - self._add_resource( - mapper, intra_ext_controller, - path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/action_scopes/{action_category_id}/{action_scope_id}', - get_action='get_action_scope', - delete_action='del_action_scope', - post_action='set_action_scope', - rel=self._get_rel('action_scope'), - path_vars={ - 'intra_extension_id': self._get_path('intra_extensions'), - }) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/subject_scopes/{subject_category_id}', + controller=intra_ext_controller, + action='get_subject_scopes', + conditions=dict(method=['GET'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/subject_scopes/{subject_category_id}', + controller=intra_ext_controller, + action='add_subject_scope', + conditions=dict(method=['POST'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/subject_scopes/{subject_category_id}/{subject_scope_id}', + controller=intra_ext_controller, + action='get_subject_scope', + conditions=dict(method=['GET'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/subject_scopes/{subject_category_id}/{subject_scope_id}', + controller=intra_ext_controller, + action='del_subject_scope', + conditions=dict(method=['DELETE'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/subject_scopes/{subject_category_id}/{subject_scope_id}', + controller=intra_ext_controller, + action='set_subject_scope', + conditions=dict(method=['POST'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/object_scopes/{object_category_id}', + controller=intra_ext_controller, + action='get_object_scopes', + conditions=dict(method=['GET'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/object_scopes/{object_category_id}', + controller=intra_ext_controller, + action='add_object_scope', + conditions=dict(method=['POST'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/object_scopes/{object_category_id}/{object_scope_id}', + controller=intra_ext_controller, + action='get_object_scope', + conditions=dict(method=['GET'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/object_scopes/{object_category_id}/{object_scope_id}', + controller=intra_ext_controller, + action='del_object_scope', + conditions=dict(method=['DELETE'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/object_scopes/{object_category_id}/{object_scope_id}', + controller=intra_ext_controller, + action='set_object_scope', + conditions=dict(method=['POST'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/action_scopes/{action_category_id}', + controller=intra_ext_controller, + action='get_action_scopes', + conditions=dict(method=['GET'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/action_scopes/{action_category_id}', + controller=intra_ext_controller, + action='add_action_scope', + conditions=dict(method=['POST'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/action_scopes/{action_category_id}/{action_scope_id}', + controller=intra_ext_controller, + action='get_action_scope', + conditions=dict(method=['GET'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/action_scopes/{action_category_id}/{action_scope_id}', + controller=intra_ext_controller, + action='del_action_scope', + conditions=dict(method=['DELETE'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/action_scopes/{action_category_id}/{action_scope_id}', + controller=intra_ext_controller, + action='set_action_scope', + conditions=dict(method=['POST'])) - self._add_resource( - mapper, intra_ext_controller, - path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/subject_assignments', - post_action='add_subject_assignment', - rel=self._get_rel('subject_assignments'), - path_vars={ - 'intra_extension_id': self._get_path('intra_extensions'), - }) - self._add_resource( - mapper, intra_ext_controller, - path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/' + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/subject_assignments', + controller=intra_ext_controller, + action='add_subject_assignment', + conditions=dict(method=['POST'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/' 'subject_assignments/{subject_id}/{subject_category_id}', - get_action='get_subject_assignment', - rel=self._get_rel('subject_assignments'), - path_vars={ - 'intra_extension_id': self._get_path('intra_extensions'), - }) - self._add_resource( - mapper, intra_ext_controller, - path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/' + controller=intra_ext_controller, + action='get_subject_assignment', + conditions=dict(method=['GET'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/' 'subject_assignments/{subject_id}/{subject_category_id}/{subject_scope_id}', - delete_action='del_subject_assignment', - rel=self._get_rel('subject_assignments'), - path_vars={ - 'intra_extension_id': self._get_path('intra_extensions'), - }) - self._add_resource( - mapper, intra_ext_controller, - path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/object_assignments', - post_action='add_object_assignment', - rel=self._get_rel('object_assignments'), - path_vars={ - 'intra_extension_id': self._get_path('intra_extensions'), - }) - self._add_resource( - mapper, intra_ext_controller, - path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/' + controller=intra_ext_controller, + action='del_subject_assignment', + conditions=dict(method=['DELETE'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/object_assignments', + controller=intra_ext_controller, + action='add_object_assignment', + conditions=dict(method=['POST'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/' 'object_assignments/{object_id}/{object_category_id}', - get_action='get_object_assignment', - rel=self._get_rel('object_assignments'), - path_vars={ - 'intra_extension_id': self._get_path('intra_extensions'), - }) - self._add_resource( - mapper, intra_ext_controller, - path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/' + controller=intra_ext_controller, + action='get_object_assignment', + conditions=dict(method=['GET'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/' 'object_assignments/{object_id}/{object_category_id}/{object_scope_id}', - delete_action='del_object_assignment', - rel=self._get_rel('object_assignments'), - path_vars={ - 'intra_extension_id': self._get_path('intra_extensions'), - }) - self._add_resource( - mapper, intra_ext_controller, - path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/action_assignments', - post_action='add_action_assignment', - rel=self._get_rel('action_assignments'), - path_vars={ - 'intra_extension_id': self._get_path('intra_extensions'), - }) - self._add_resource( - mapper, intra_ext_controller, - path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/' + controller=intra_ext_controller, + action='del_object_assignment', + conditions=dict(method=['DELETE'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/action_assignments', + controller=intra_ext_controller, + action='add_action_assignment', + conditions=dict(method=['POST'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/' 'action_assignments/{action_id}/{action_category_id}', - get_action='get_action_assignment', - rel=self._get_rel('action_assignments'), - path_vars={ - 'intra_extension_id': self._get_path('intra_extensions'), - }) - self._add_resource( - mapper, intra_ext_controller, - path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/' + controller=intra_ext_controller, + action='get_action_assignment', + conditions=dict(method=['GET'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/' 'action_assignments/{action_id}/{action_category_id}/{action_scope_id}', - delete_action='del_action_assignment', - rel=self._get_rel('action_assignments'), - path_vars={ - 'intra_extension_id': self._get_path('intra_extensions'), - }) + controller=intra_ext_controller, + action='del_action_assignment', + conditions=dict(method=['DELETE'])) # Metarule route - self._add_resource( - mapper, intra_ext_controller, - path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/aggregation_algorithm', - post_action='set_aggregation_algorithm', - get_action='get_aggregation_algorithm', - rel=self._get_rel('aggregation_algorithms'), - path_vars={ - 'intra_extension_id': self._get_path('intra_extensions'), - }) - self._add_resource( - mapper, intra_ext_controller, - path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/sub_meta_rules', - get_action='get_sub_meta_rules', - post_action='add_sub_meta_rule', - rel=self._get_rel('sub_meta_rules'), - path_vars={ - 'intra_extension_id': self._get_path('intra_extensions'), - }) - self._add_resource( - mapper, intra_ext_controller, - path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/sub_meta_rules/{sub_meta_rule_id}', - get_action='get_sub_meta_rule', - delete_action='del_sub_meta_rule', - post_action='set_sub_meta_rule', - rel=self._get_rel('sub_meta_rules'), - path_vars={ - 'intra_extension_id': self._get_path('intra_extensions'), - }) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/aggregation_algorithm', + controller=intra_ext_controller, + action='get_aggregation_algorithm', + conditions=dict(method=['GET'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/aggregation_algorithm', + controller=intra_ext_controller, + action='set_aggregation_algorithm', + conditions=dict(method=['POST'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/sub_meta_rules', + controller=intra_ext_controller, + action='get_sub_meta_rules', + conditions=dict(method=['GET'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/sub_meta_rules', + controller=intra_ext_controller, + action='add_sub_meta_rule', + conditions=dict(method=['POST'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/sub_meta_rules/{sub_meta_rule_id}', + controller=intra_ext_controller, + action='get_sub_meta_rule', + conditions=dict(method=['GET'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/sub_meta_rules/{sub_meta_rule_id}', + controller=intra_ext_controller, + action='del_sub_meta_rule', + conditions=dict(method=['DELETE'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/sub_meta_rules/{sub_meta_rule_id}', + controller=intra_ext_controller, + action='set_sub_meta_rule', + conditions=dict(method=['POST'])) # Rules route - self._add_resource( - mapper, intra_ext_controller, - path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/rule/{sub_meta_rule_id}', - get_action='get_rules', - post_action='add_rule', - rel=self._get_rel('rules'), - path_vars={ - 'intra_extension_id': self._get_path('intra_extensions'), - }) - self._add_resource( - mapper, intra_ext_controller, - path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/rule/{sub_meta_rule_id}/{rule_id}', - get_action='get_rule', - delete_action='del_rule', - post_action='set_rule', - rel=self._get_rel('rules'), - path_vars={ - 'intra_extension_id': self._get_path('intra_extensions'), - }) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/rule/{sub_meta_rule_id}', + controller=intra_ext_controller, + action='get_rules', + conditions=dict(method=['GET'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/rule/{sub_meta_rule_id}', + controller=intra_ext_controller, + action='add_rule', + conditions=dict(method=['POST'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/rule/{sub_meta_rule_id}/{rule_id}', + controller=intra_ext_controller, + action='get_rule', + conditions=dict(method=['GET'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/rule/{sub_meta_rule_id}/{rule_id}', + controller=intra_ext_controller, + action='del_rule', + conditions=dict(method=['DELETE'])) + mapper.connect( + self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/rule/{sub_meta_rule_id}/{rule_id}', + controller=intra_ext_controller, + action='set_rule', + conditions=dict(method=['POST'])) # Logs route - self._add_resource( - mapper, logs_controller, - path=self.PATH_PREFIX+'/logs', - get_action='get_logs', - rel=self._get_rel('logs'), - path_vars={ - }) - self._add_resource( - mapper, logs_controller, - path=self.PATH_PREFIX+'/logs/{options}', - get_action='get_logs', - rel=self._get_rel('logs'), - path_vars={ - }) + mapper.connect( + self.PATH_PREFIX+'/logs', + controller=logs_controller, + action='get_logs', + conditions=dict(method=['GET'])) + mapper.connect( + self.PATH_PREFIX+'/logs/{options}', + controller=logs_controller, + action='get_logs', + conditions=dict(method=['GET'])) # InterExtensions route - # self._add_resource( - # mapper, inter_ext_controller, - # path=self.PATH_PREFIX+'/inter_extensions', - # get_action='get_inter_extensions', - # post_action='create_inter_extension', + # mapper.connect( + # controller=inter_ext_controller, + # self.PATH_PREFIX+'/inter_extensions', + # action='get_inter_extensions', + # action='create_inter_extension', # rel=self._get_rel('inter_extensions'), # path_vars={}) - # self._add_resource( - # mapper, inter_ext_controller, - # path=self.PATH_PREFIX+'/inter_extensions/{inter_extension_id}', - # get_action='get_inter_extension', - # delete_action='delete_inter_extension', + # mapper.connect( + # controller=inter_ext_controller, + # self.PATH_PREFIX+'/inter_extensions/{inter_extension_id}', + # action='get_inter_extension', + # action='delete_inter_extension', # rel=self._get_rel('inter_extensions'), # path_vars={ # 'inter_extension_id': self._get_path('inter_extensions'), diff --git a/keystone-moon/keystone/contrib/moon/service.py b/keystone-moon/keystone/contrib/moon/service.py new file mode 100644 index 00000000..cd68e98a --- /dev/null +++ b/keystone-moon/keystone/contrib/moon/service.py @@ -0,0 +1,57 @@ +import functools +import sys + +from oslo_config import cfg +from oslo_log import log +from paste import deploy +import routes +from keystone.contrib.moon.routers import Routers + +from keystone import assignment +from keystone import auth +from keystone import catalog +from keystone.common import wsgi +from keystone import controllers +from keystone import credential +from keystone import endpoint_policy +from keystone import identity +from keystone import policy +from keystone import resource +from keystone import routers +from keystone import token +from keystone import trust + + +CONF = cfg.CONF +LOG = log.getLogger(__name__) + + +# def loadapp(conf, name): +# # NOTE(blk-u): Save the application being loaded in the controllers module. +# # This is similar to how public_app_factory() and v3_app_factory() +# # register the version with the controllers module. +# controllers.latest_app = deploy.loadapp(conf, name=name) +# return controllers.latest_app + + +def fail_gracefully(f): + """Logs exceptions and aborts.""" + @functools.wraps(f) + def wrapper(*args, **kw): + try: + return f(*args, **kw) + except Exception as e: + LOG.debug(e, exc_info=True) + + # exception message is printed to all logs + LOG.critical(e) + sys.exit(1) + + return wrapper + + +@fail_gracefully +def moon_app_factory(global_conf, **local_conf): + return wsgi.ComposingRouter(routes.Mapper(), + [Routers('moon_service')]) + diff --git a/keystone-moon/keystone/contrib/moon/wsgi.py b/keystone-moon/keystone/contrib/moon/wsgi.py new file mode 100644 index 00000000..f2a99633 --- /dev/null +++ b/keystone-moon/keystone/contrib/moon/wsgi.py @@ -0,0 +1,8 @@ +from keystone.server import wsgi +from oslo_log import log + +LOG = log.getLogger(__name__) + + +def initialize_moon_application(): + return wsgi.initialize_application('moon_service') |