keystone.common.controller module¶

class keystone.common.controller.V3Controller[source]¶

Bases: keystone.common.provider_api.ProviderAPIMixin, keystone.common.wsgi.Application

Base controller class for Identity API v3.

Child classes should set the collection_name and member_name class attributes, representing the collection of entities they are exposing to the API. This is required for supporting self-referential links, pagination, etc.

Class parameters:

• _public_parameters - set of parameters that are exposed to the user.

  Usually used by cls.filter_params()

classmethod base_url(context, path=None)[source]¶

classmethod build_driver_hints(request, supported_filters)[source]¶

Build list hints based on the context query string.

Parameters:	request – the current request supported_filters – list of filters supported, so ignore any keys in query_dict that are not in this list.

check_protection(request, prep_info, target_attr=None)[source]¶

Provide call protection for complex target attributes.

As well as including the standard parameters from the original API call (which is passed in prep_info), this call will add in any additional entities or attributes (passed in target_attr), so that they can be referenced by policy rules.

collection_name = 'entities'¶

classmethod filter_by_attributes(refs, hints)[source]¶

Filter a list of references by filter values.

classmethod filter_params(ref)[source]¶

Remove unspecified parameters from the dictionary.

This function removes unspecified parameters from the dictionary. This method checks only root-level keys from a ref dictionary.

Parameters:	ref – a dictionary representing deserialized response to be serialized

classmethod full_url(context, path=None)[source]¶

get_member_from_driver = None¶

classmethod limit(refs, hints)[source]¶

Limit a list of entities.

The underlying driver layer may have already truncated the collection for us, but in case it was unable to handle truncation we check here.

Parameters:	refs – the list of members of the collection hints – hints, containing, among other things, the limit requested
Returns:	boolean indicating whether the list was truncated, as well as the list of (truncated if necessary) entities.

member_name = 'entity'¶

classmethod query_filter_is_true(filter_value)[source]¶

Determine if bool query param is ‘True’.

We treat this the same way as we do for policy enforcement:

{bool_param}=0 is treated as False

Any other value is considered to be equivalent to True, including the absence of a value

classmethod wrap_collection(context, refs, hints=None)[source]¶

Wrap a collection, checking for filtering and pagination.

Returns the wrapped collection, which includes: - Executing any filtering not already carried out - Truncate to a set limit if necessary - Adds ‘self’ links in every member - Adds ‘next’, ‘self’ and ‘prev’ links for the whole collection.

Parameters:	context – the current context, containing the original url path and query string refs – the list of members of the collection hints – list hints, containing any relevant filters and limit. Any filters already satisfied by managers will have been removed

classmethod wrap_member(context, ref)[source]¶

keystone.common.controller.filterprotected(*filters, **callback)[source]¶

Wrap API list calls with role based access controls (RBAC).

This handles both the protection of the API parameters as well as any filters supplied.

More complex API list calls (for example that need to examine the contents of an entity referenced by one of the filters) should pass in a callback function, that will be subsequently called to check protection for these multiple entities. This callback function should gather the appropriate entities needed and then call check_protection() in the V3Controller class.

keystone.common.controller.protected(callback=None)[source]¶

Wrap API calls with role based access controls (RBAC).

This handles both the protection of the API parameters as well as any target entities for single-entity API calls.

More complex API calls (for example that deal with several different entities) should pass in a callback function, that will be subsequently called to check protection for these multiple entities. This callback function should gather the appropriate entities needed and then call check_protection() in the V3Controller class.

keystone.common.controller.protected_wrapper(self, f, check_function, request, filter_attr, *args, **kwargs)[source]¶

keystone.common.controller.render_token_response_from_model(token, include_catalog=True)[source]¶