Source code for keystone.api.limits

#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

# This file handles all flask-restful resources for /v3/limits

import http.client

import flask
import flask_restful

from keystone.common import json_home
from keystone.common import provider_api
from keystone.common import rbac_enforcer
from keystone.common import validation
from keystone import exception
from keystone.limit import schema
from keystone.server import flask as ks_flask

PROVIDERS = provider_api.ProviderAPIs
ENFORCER = rbac_enforcer.RBACEnforcer


def _build_limit_enforcement_target():
    target = {}
    try:
        limit = PROVIDERS.unified_limit_api.get_limit(
            flask.request.view_args.get('limit_id')
        )
        target['limit'] = limit
        if limit.get('project_id'):
            project = PROVIDERS.resource_api.get_project(limit['project_id'])
            target['limit']['project'] = project
        elif limit.get('domain_id'):
            domain = PROVIDERS.resource_api.get_domain(limit['domain_id'])
            target['limit']['domain'] = domain
    except exception.NotFound:  # nosec
        # Defer the existence check in the event the limit doesn't exist, this
        # is checked later anyway.
        pass

    return target


[docs] class LimitsResource(ks_flask.ResourceBase): collection_key = 'limits' member_key = 'limit' json_home_resource_status = json_home.Status.EXPERIMENTAL get_member_from_driver = PROVIDERS.deferred_provider_lookup( api='unified_limit_api', method='get_limit' ) def _list_limits(self): filters = [ 'service_id', 'region_id', 'resource_name', 'project_id', 'domain_id', ] ENFORCER.enforce_call(action='identity:list_limits', filters=filters) hints = self.build_driver_hints(filters) filtered_refs = [] if self.oslo_context.system_scope: refs = PROVIDERS.unified_limit_api.list_limits(hints) filtered_refs = refs elif self.oslo_context.domain_id: refs = PROVIDERS.unified_limit_api.list_limits(hints) projects = PROVIDERS.resource_api.list_projects_in_domain( self.oslo_context.domain_id ) project_ids = [project['id'] for project in projects] for limit in refs: if limit.get('project_id'): if limit['project_id'] in project_ids: filtered_refs.append(limit) elif limit.get('domain_id'): if limit['domain_id'] == self.oslo_context.domain_id: filtered_refs.append(limit) elif self.oslo_context.project_id: hints.add_filter('project_id', self.oslo_context.project_id) refs = PROVIDERS.unified_limit_api.list_limits(hints) filtered_refs = refs return self.wrap_collection(filtered_refs, hints=hints) def _get_limit(self, limit_id): ENFORCER.enforce_call( action='identity:get_limit', build_target=_build_limit_enforcement_target, ) ref = PROVIDERS.unified_limit_api.get_limit(limit_id) return self.wrap_member(ref)
[docs] def get(self, limit_id=None): if limit_id is not None: return self._get_limit(limit_id) return self._list_limits()
[docs] def post(self): ENFORCER.enforce_call(action='identity:create_limits') limits_b = (flask.request.get_json(silent=True, force=True) or {}).get( 'limits', {} ) validation.lazy_validate(schema.limit_create, limits_b) limits = [ self._assign_unique_id(self._normalize_dict(limit)) for limit in limits_b ] refs = PROVIDERS.unified_limit_api.create_limits(limits) refs = self.wrap_collection(refs) refs.pop('links') return refs, http.client.CREATED
[docs] def patch(self, limit_id): ENFORCER.enforce_call(action='identity:update_limit') limit = (flask.request.get_json(silent=True, force=True) or {}).get( 'limit', {} ) validation.lazy_validate(schema.limit_update, limit) self._require_matching_id(limit) ref = PROVIDERS.unified_limit_api.update_limit(limit_id, limit) return self.wrap_member(ref)
[docs] def delete(self, limit_id): ENFORCER.enforce_call(action='identity:delete_limit') return ( PROVIDERS.unified_limit_api.delete_limit(limit_id), http.client.NO_CONTENT, )
[docs] class LimitModelResource(flask_restful.Resource):
[docs] def get(self): ENFORCER.enforce_call(action='identity:get_limit_model') model = PROVIDERS.unified_limit_api.get_model() return {'model': model}
[docs] class LimitsAPI(ks_flask.APIBase): _name = 'limits' _import_name = __name__ resources = [LimitsResource] resource_mapping = [ ks_flask.construct_resource_map( resource=LimitModelResource, resource_kwargs={}, url='/limits/model', rel='limit_model', status=json_home.Status.EXPERIMENTAL, ) ]
APIs = (LimitsAPI,)