keystone.server.flask package¶
Subpackages¶
Submodules¶
- keystone.server.flask.application module
- keystone.server.flask.common module
APIBase
JsonHomeData
ResourceBase
ResourceBase.api_prefix
ResourceBase.audit_initiator
ResourceBase.auth_context
ResourceBase.build_driver_hints()
ResourceBase.collection_key
ResourceBase.filter_by_attributes()
ResourceBase.filter_params()
ResourceBase.get_token_ref()
ResourceBase.limit()
ResourceBase.member_key
ResourceBase.method_decorators
ResourceBase.oslo_context
ResourceBase.query_filter_is_true()
ResourceBase.request_body_json
ResourceBase.wrap_collection()
ResourceBase.wrap_member()
ResourceMap
base_url()
construct_json_home_data()
construct_resource_map()
full_url()
set_unenforced_ok()
unenforced_api()
- keystone.server.flask.core module
Module contents¶
- class keystone.server.flask.APIBase(blueprint_url_prefix='', api_url_prefix='', default_mediatype='application/json', decorators=None, errors=None)[source]¶
Bases:
object
- property api¶
- property blueprint¶
- classmethod instantiate_and_register_to_app(flask_app)[source]¶
Build the API object and register to the passed in flask_app.
This is a simplistic loader that makes assumptions about how the blueprint is loaded. Anything beyond defaults should be done explicitly via normal instantiation where more values may be passed via
__init__()
.- Returns:
- abstract property resource_mapping: list[ResourceMap]¶
An attr containing of an iterable of
ResourceMap
.Each
ResourceMap
is a NamedTuple with the following elements:resource: a
flask_restful.Resource
class or subclass- url: a url route to match for the resource, standard flask
routing rules apply. Any url variables will be passed to the resource method as args. (str)
- alternate_urls: an iterable of url routes to match for the
resource, standard flask routing rules apply. These rules are in addition (for API compat) to the primary url. Any url variables will be passed to the resource method as args. (iterable)
- json_home_data:
JsonHomeData
populated with relevant info for populated JSON Home Documents or None.
- json_home_data:
- kwargs: a dict of optional value(s) that can further modify the
handling of the routing.
- endpoint: endpoint name (defaults to
Resource.__name__.lower()
Can be used to reference this route infields.Url
fields (str)
- resource_class_args: args to be forwarded to the
constructor of the resource. (tuple)
- resource_class_kwargs: kwargs to be forwarded to the
constructor of the resource. (dict)
Additional keyword arguments not specified above will be passed as-is to
flask.Flask.add_url_rule()
.
- property resources: List[Type[ResourceBase]]¶
- class keystone.server.flask.JsonHomeData(rel, status, path_vars)¶
Bases:
tuple
- path_vars¶
Alias for field number 2
- rel¶
Alias for field number 0
- status¶
Alias for field number 1
- class keystone.server.flask.ResourceBase[source]¶
Bases:
Resource
- api_prefix: str = ''¶
- property audit_initiator¶
A pyCADF initiator describing the current authenticated context.
As a property.
- property auth_context¶
- static build_driver_hints(supported_filters)[source]¶
Build list hints based on the context query string.
- Parameters:
supported_filters – list of filters supported, so ignore any keys in query_dict that are not in this list.
- collection_key: str¶
- classmethod filter_by_attributes(refs, hints)[source]¶
Filter a list of references by filter values.
- classmethod filter_params(ref)[source]¶
Remove unspecified parameters from the dictionary.
This function removes unspecified parameters from the dictionary. This method checks only root-level keys from a ref dictionary.
- Parameters:
ref – a dictionary representing deserialized response to be serialized
- classmethod get_token_ref()[source]¶
Retrieve KeystoneToken object from the auth context and returns it.
- Raises:
keystone.exception.Unauthorized – If auth context cannot be found.
- Returns:
The KeystoneToken object.
- classmethod limit(refs, hints)[source]¶
Limit a list of entities.
The underlying driver layer may have already truncated the collection for us, but in case it was unable to handle truncation we check here.
- Parameters:
refs – the list of members of the collection
hints – hints, containing, among other things, the limit requested
- Returns:
boolean indicating whether the list was truncated, as well as the list of (truncated if necessary) entities.
- member_key: str¶
- method_decorators: list[Callable] = []¶
- property oslo_context¶
- static query_filter_is_true(filter_name)[source]¶
Determine if bool query param is ‘True’.
We treat this the same way as we do for policy enforcement:
{bool_param}=0 is treated as False
Any other value is considered to be equivalent to True, including the absence of a value (but existence as a parameter).
False Examples for param named p:
All other forms of the param ‘p’ would be result in a True value including: http://host/url?param.
- property request_body_json¶
- classmethod wrap_collection(refs, hints=None, collection_name=None)[source]¶
Wrap a collection, checking for filtering and pagination.
Returns the wrapped collection, which includes: - Executing any filtering not already carried out - Truncate to a set limit if necessary - Adds ‘self’ links in every member - Adds ‘next’, ‘self’ and ‘prev’ links for the whole collection.
- Parameters:
refs – the list of members of the collection
hints – list hints, containing any relevant filters and limit. Any filters already satisfied by managers will have been removed
collection_name – optional override for the ‘collection key’ class attribute. This is to be used when wrapping a collection for a different api, e.g. ‘roles’ from the ‘trust’ api.
- class keystone.server.flask.ResourceMap(resource, url, alternate_urls, kwargs, json_home_data)¶
Bases:
tuple
- alternate_urls¶
Alias for field number 2
- json_home_data¶
Alias for field number 4
- kwargs¶
Alias for field number 3
- resource¶
Alias for field number 0
- url¶
Alias for field number 1
- keystone.server.flask.construct_json_home_data(rel, status='stable', path_vars=None, resource_relation_func=<function build_v3_resource_relation>)[source]¶
- keystone.server.flask.construct_resource_map(resource, url, resource_kwargs, alternate_urls=None, rel=None, status='stable', path_vars=None, resource_relation_func=<function build_v3_resource_relation>)[source]¶
Construct the ResourceMap Named Tuple.
- Parameters:
resource (
ResourceMap
) – The flask-RESTful resource class implementing the methods for the API.url (str) – Flask-standard url route, all flask url routing rules apply. url variables will be passed to the Resource methods as arguments.
resource_kwargs –
a dict of optional value(s) that can further modify the handling of the routing.
- endpoint: endpoint name (defaults to
Resource.__name__.lower()
Can be used to reference this route infields.Url
fields (str)
- resource_class_args: args to be forwarded to the
constructor of the resource. (tuple)
- resource_class_kwargs: kwargs to be forwarded to
the constructor of the resource. (dict)
Additional keyword arguments not specified above will be passed as-is to
flask.Flask.add_url_rule()
.alternate_urls – An iterable (list) of dictionaries containing urls and associated json home REL data. Each element is expected to be a dictionary with a ‘url’ key and an optional ‘json_home’ key for a ‘JsonHomeData’ named tuple These urls will also map to the resource. These are used to ensure API compatibility when a “new” path is more correct for the API but old paths must continue to work. Example: /auth/domains being the new path for /OS-FEDERATION/domains. The OS-FEDERATION part would be listed as an alternate url. If a ‘json_home’ key is provided, the original path with the new json_home data will be added to the JSON Home Document.
rel (str or None)
status (str) – JSON Home API Status, e.g. “STABLE”
path_vars (dict or None) – JSON Home Path Var Data (arguments)
resource_relation_func (callable) – function to build expected resource rel data
- Type:
iterable or None
- Returns:
- keystone.server.flask.unenforced_api(f)[source]¶
Decorate a resource method to mark is as an unenforced API.
Explicitly exempts an API from receiving the enforced API check, specifically for cases such as user self-service password changes (or other APIs that must work without already having a token).
This decorator may also be used if the API has extended enforcement logic/varying enforcement logic (such as some of the AUTH paths) where the full enforcement will be implemented directly within the methods.