Source code for keystone.api.os_ep_filter

#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

# This file handles all flask-restful resources for /OS-EP-FILTER

import http.client

import flask_restful

from keystone.api._shared import json_home_relations
from keystone.api import endpoints as _endpoints_api
from keystone.api import validation
from keystone.catalog import schema
from keystone.common import json_home
from keystone.common import provider_api
from keystone.common import rbac_enforcer
from keystone import exception
from keystone.i18n import _
from keystone.server import flask as ks_flask

ENFORCER = rbac_enforcer.RBACEnforcer
PROVIDERS = provider_api.ProviderAPIs

_build_resource_relation = json_home_relations.os_ep_filter_resource_rel_func
_build_parameter_relation = json_home_relations.os_ep_filter_parameter_rel_func

_ENDPOINT_GROUP_PARAMETER_RELATION = _build_parameter_relation(
    parameter_name='endpoint_group_id'
)


# NOTE(morgan): This is shared from keystone.api.endpoint, this is a special
# case where cross-api code is used. This pattern should not be replicated.
_filter_endpoint = _endpoints_api._filter_endpoint


def _require_valid_filter(endpoint_group):
    valid_filter_keys = ['service_id', 'region_id', 'interface']

    filters = endpoint_group.get('filters', {})
    for key in filters.keys():
        if key not in valid_filter_keys:
            raise exception.ValidationError(
                attribute=' or '.join(valid_filter_keys),
                target='endpoint_group',
            )


[docs] class EndpointGroupsResource(ks_flask.ResourceBase): collection_key = 'endpoint_groups' member_key = 'endpoint_group' api_prefix = '/OS-EP-FILTER' json_home_resource_rel_func = _build_resource_relation json_home_parameter_rel_func = _build_parameter_relation
[docs] @validation.request_query_schema(schema.endpoint_group_index_request_query) @validation.response_body_schema(schema.endpoint_group_index_response_body) def get(self): """List all endpoint groups. GET /v3/OS-EP-FILTER/endpoint_groups """ filters = 'name' ENFORCER.enforce_call( action='identity:list_endpoint_groups', filters=filters ) hints = self.build_driver_hints(filters) refs = PROVIDERS.catalog_api.list_endpoint_groups(hints) return self.wrap_collection(refs, hints=hints)
[docs] @validation.request_body_schema(schema.endpoint_group_create_request_body) @validation.response_body_schema(schema.endpoint_group_response_body) def post(self): """Create new endpoint groups. POST /v3/OS-EP-FILTER/endpoint_groups """ ENFORCER.enforce_call(action='identity:create_endpoint_group') ep_group = self.request_body_json.get('endpoint_group', {}) if not ep_group.get('filters'): # TODO(morgan): Make this not require substitution. Substitution is # done here due to String Freeze in the Rocky release. msg = _('%s field is required and cannot be empty') % 'filters' raise exception.ValidationError(message=msg) _require_valid_filter(ep_group) ep_group = self._assign_unique_id(ep_group) return ( self.wrap_member( PROVIDERS.catalog_api.create_endpoint_group( ep_group['id'], ep_group ) ), http.client.CREATED, )
[docs] class EndpointGroupResource(ks_flask.ResourceBase): collection_key = 'endpoint_groups' member_key = 'endpoint_group' api_prefix = '/OS-EP-FILTER'
[docs] @validation.request_query_schema(None) @validation.response_body_schema(schema.endpoint_group_response_body) def get(self, endpoint_group_id=None): """Get Endpoint Group GET /v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id} """ ENFORCER.enforce_call(action='identity:get_endpoint_group') return self.wrap_member( PROVIDERS.catalog_api.get_endpoint_group(endpoint_group_id) )
[docs] @validation.request_body_schema(schema.endpoint_group_update_request_body) @validation.response_body_schema(schema.endpoint_group_response_body) def patch(self, endpoint_group_id): """Update existing endpoint groups PATCH /v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id} """ ENFORCER.enforce_call(action='identity:update_endpoint_group') ep_group = self.request_body_json.get('endpoint_group', {}) if 'filters' in ep_group: _require_valid_filter(ep_group) self._require_matching_id(ep_group) return self.wrap_member( PROVIDERS.catalog_api.update_endpoint_group( endpoint_group_id, ep_group ) )
[docs] def delete(self, endpoint_group_id): ENFORCER.enforce_call(action='identity:delete_endpoint_group') return ( PROVIDERS.catalog_api.delete_endpoint_group(endpoint_group_id), http.client.NO_CONTENT, )
[docs] class EPFilterEndpointProjectsResource(flask_restful.Resource):
[docs] def get(self, endpoint_id): """Return a list of projects associated with the endpoint.""" ENFORCER.enforce_call(action='identity:list_projects_for_endpoint') PROVIDERS.catalog_api.get_endpoint(endpoint_id) refs = PROVIDERS.catalog_api.list_projects_for_endpoint(endpoint_id) projects = [ PROVIDERS.resource_api.get_project(ref['project_id']) for ref in refs ] return ks_flask.ResourceBase.wrap_collection( projects, collection_name='projects' )
[docs] class EPFilterProjectsEndpointsResource(flask_restful.Resource):
[docs] def get(self, project_id, endpoint_id): ENFORCER.enforce_call(action='identity:check_endpoint_in_project') PROVIDERS.catalog_api.get_endpoint(endpoint_id) PROVIDERS.resource_api.get_project(project_id) PROVIDERS.catalog_api.check_endpoint_in_project( endpoint_id, project_id ) return None, http.client.NO_CONTENT
[docs] def put(self, project_id, endpoint_id): ENFORCER.enforce_call(action='identity:add_endpoint_to_project') PROVIDERS.catalog_api.get_endpoint(endpoint_id) PROVIDERS.resource_api.get_project(project_id) PROVIDERS.catalog_api.add_endpoint_to_project(endpoint_id, project_id) return None, http.client.NO_CONTENT
[docs] def delete(self, project_id, endpoint_id): ENFORCER.enforce_call(action='identity:remove_endpoint_from_project') return ( PROVIDERS.catalog_api.remove_endpoint_from_project( endpoint_id, project_id ), http.client.NO_CONTENT, )
[docs] class EPFilterProjectEndpointsListResource(flask_restful.Resource):
[docs] def get(self, project_id): ENFORCER.enforce_call(action='identity:list_endpoints_for_project') PROVIDERS.resource_api.get_project(project_id) filtered_endpoints = PROVIDERS.catalog_api.list_endpoints_for_project( project_id ) return ks_flask.ResourceBase.wrap_collection( [_filter_endpoint(v) for v in filtered_endpoints.values()], collection_name='endpoints', )
[docs] class EndpointFilterProjectEndpointGroupsListResource(flask_restful.Resource):
[docs] def get(self, project_id): ENFORCER.enforce_call( action='identity:list_endpoint_groups_for_project' ) return EndpointGroupsResource.wrap_collection( PROVIDERS.catalog_api.get_endpoint_groups_for_project(project_id) )
[docs] class EndpointFilterEPGroupsProjects(flask_restful.Resource):
[docs] def get(self, endpoint_group_id): ENFORCER.enforce_call( action='identity:list_projects_associated_with_endpoint_group' ) endpoint_group_refs = ( PROVIDERS.catalog_api.list_projects_associated_with_endpoint_group( endpoint_group_id ) ) projects = [] for endpoint_group_ref in endpoint_group_refs: project = PROVIDERS.resource_api.get_project( endpoint_group_ref['project_id'] ) if project: projects.append(project) return ks_flask.ResourceBase.wrap_collection( projects, collection_name='projects' )
[docs] class EndpointFilterEPGroupsEndpoints(flask_restful.Resource):
[docs] def get(self, endpoint_group_id): ENFORCER.enforce_call( action='identity:list_endpoints_associated_with_endpoint_group' ) filtered_endpoints = ( PROVIDERS.catalog_api.get_endpoints_filtered_by_endpoint_group( endpoint_group_id ) ) return ks_flask.ResourceBase.wrap_collection( [_filter_endpoint(e) for e in filtered_endpoints], collection_name='endpoints', )
[docs] class EPFilterGroupsProjectsResource(ks_flask.ResourceBase): collection_key = 'project_endpoint_groups' member_key = 'project_endpoint_group' @classmethod def _add_self_referential_link(cls, ref, collection_name=None): url = ( '/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}' '/projects/{project_id}'.format( endpoint_group_id=ref['endpoint_group_id'], project_id=ref['project_id'], ) ) ref.setdefault('links', {}) ref['links']['self'] = url
[docs] def get(self, endpoint_group_id, project_id): ENFORCER.enforce_call(action='identity:get_endpoint_group_in_project') PROVIDERS.resource_api.get_project(project_id) PROVIDERS.catalog_api.get_endpoint_group(endpoint_group_id) ref = PROVIDERS.catalog_api.get_endpoint_group_in_project( endpoint_group_id, project_id ) return self.wrap_member(ref)
[docs] def put(self, endpoint_group_id, project_id): ENFORCER.enforce_call(action='identity:add_endpoint_group_to_project') PROVIDERS.resource_api.get_project(project_id) PROVIDERS.catalog_api.get_endpoint_group(endpoint_group_id) PROVIDERS.catalog_api.add_endpoint_group_to_project( endpoint_group_id, project_id ) return None, http.client.NO_CONTENT
[docs] def delete(self, endpoint_group_id, project_id): ENFORCER.enforce_call( action='identity:remove_endpoint_group_from_project' ) PROVIDERS.resource_api.get_project(project_id) PROVIDERS.catalog_api.get_endpoint_group(endpoint_group_id) PROVIDERS.catalog_api.remove_endpoint_group_from_project( endpoint_group_id, project_id ) return None, http.client.NO_CONTENT
[docs] class EPFilterAPI(ks_flask.APIBase): _name = 'OS-EP-FILTER' _import_name = __name__ _api_url_prefix = '/OS-EP-FILTER' resource_mapping = [ ks_flask.construct_resource_map( resource=EndpointGroupsResource, url='/endpoint_groups', resource_kwargs={}, rel="endpoint_groups", resource_relation_func=_build_resource_relation, path_vars=None, ), ks_flask.construct_resource_map( resource=EndpointGroupResource, url='/endpoint_groups/<string:endpoint_group_id>', resource_kwargs={}, rel="endpoint_group", resource_relation_func=_build_resource_relation, path_vars={ 'endpoint_group_id': _ENDPOINT_GROUP_PARAMETER_RELATION }, ), ks_flask.construct_resource_map( resource=EPFilterEndpointProjectsResource, url='/endpoints/<string:endpoint_id>/projects', resource_kwargs={}, rel='endpoint_projects', resource_relation_func=_build_resource_relation, path_vars={'endpoint_id': json_home.Parameters.ENDPOINT_ID}, ), ks_flask.construct_resource_map( resource=EPFilterProjectsEndpointsResource, url='/projects/<string:project_id>/endpoints/<string:endpoint_id>', resource_kwargs={}, rel='project_endpoint', resource_relation_func=_build_resource_relation, path_vars={ 'endpoint_id': json_home.Parameters.ENDPOINT_ID, 'project_id': json_home.Parameters.PROJECT_ID, }, ), ks_flask.construct_resource_map( resource=EPFilterProjectEndpointsListResource, url='/projects/<string:project_id>/endpoints', resource_kwargs={}, rel='project_endpoints', resource_relation_func=_build_resource_relation, path_vars={'project_id': json_home.Parameters.PROJECT_ID}, ), ks_flask.construct_resource_map( resource=EndpointFilterProjectEndpointGroupsListResource, url='/projects/<string:project_id>/endpoint_groups', resource_kwargs={}, rel='project_endpoint_groups', resource_relation_func=_build_resource_relation, path_vars={'project_id': json_home.Parameters.PROJECT_ID}, ), ks_flask.construct_resource_map( resource=EndpointFilterEPGroupsEndpoints, url='/endpoint_groups/<string:endpoint_group_id>/endpoints', resource_kwargs={}, rel='endpoints_in_endpoint_group', resource_relation_func=_build_resource_relation, path_vars={ 'endpoint_group_id': _ENDPOINT_GROUP_PARAMETER_RELATION }, ), ks_flask.construct_resource_map( resource=EndpointFilterEPGroupsProjects, url='/endpoint_groups/<string:endpoint_group_id>/projects', resource_kwargs={}, rel='projects_associated_with_endpoint_group', resource_relation_func=_build_resource_relation, path_vars={ 'endpoint_group_id': _ENDPOINT_GROUP_PARAMETER_RELATION }, ), ks_flask.construct_resource_map( resource=EPFilterGroupsProjectsResource, url=( '/endpoint_groups/<string:endpoint_group_id>/projects/' '<string:project_id>' ), resource_kwargs={}, rel='endpoint_group_to_project_association', resource_relation_func=_build_resource_relation, path_vars={ 'project_id': json_home.Parameters.PROJECT_ID, 'endpoint_group_id': _ENDPOINT_GROUP_PARAMETER_RELATION, }, ), ]
APIs = (EPFilterAPI,)