keystone.server.flask package

Subpackages

Submodules

Module contents

class keystone.server.flask.APIBase(blueprint_url_prefix='', api_url_prefix='', default_mediatype='application/json', decorators=None, errors=None)[source]

Bases: object

property api
property blueprint
classmethod instantiate_and_register_to_app(flask_app)[source]

Build the API object and register to the passed in flask_app.

This is a simplistic loader that makes assumptions about how the blueprint is loaded. Anything beyond defaults should be done explicitly via normal instantiation where more values may be passed via __init__().

Returns:

keystone.server.flask.common.APIBase

abstract property resource_mapping: list[ResourceMap]

An attr containing of an iterable of ResourceMap.

Each ResourceMap is a NamedTuple with the following elements:

  • resource: a flask_restful.Resource class or subclass

  • url: a url route to match for the resource, standard flask

    routing rules apply. Any url variables will be passed to the resource method as args. (str)

  • alternate_urls: an iterable of url routes to match for the

    resource, standard flask routing rules apply. These rules are in addition (for API compat) to the primary url. Any url variables will be passed to the resource method as args. (iterable)

  • json_home_data: JsonHomeData populated with relevant

    info for populated JSON Home Documents or None.

  • kwargs: a dict of optional value(s) that can further modify the

    handling of the routing.

    • endpoint: endpoint name (defaults to

      Resource.__name__.lower() Can be used to reference this route in fields.Url fields (str)

    • resource_class_args: args to be forwarded to the

      constructor of the resource. (tuple)

    • resource_class_kwargs: kwargs to be forwarded to the

      constructor of the resource. (dict)

    Additional keyword arguments not specified above will be passed as-is to flask.Flask.add_url_rule().

property resources: List[Type[ResourceBase]]
class keystone.server.flask.JsonHomeData(rel, status, path_vars)

Bases: tuple

path_vars

Alias for field number 2

rel

Alias for field number 0

status

Alias for field number 1

class keystone.server.flask.ResourceBase[source]

Bases: Resource

api_prefix: str = ''
property audit_initiator

A pyCADF initiator describing the current authenticated context.

As a property.

property auth_context
static build_driver_hints(supported_filters, default_limit: int | None = None)[source]

Build list hints based on the context query string.

Parameters:
  • supported_filters – list of filters supported, so ignore any keys in query_dict that are not in this list.

  • default_limit – default page size (PROVIDER._get_list_limit)

collection_key: str
classmethod filter_by_attributes(refs, hints)[source]

Filter a list of references by filter values.

classmethod filter_params(ref)[source]

Remove unspecified parameters from the dictionary.

This function removes unspecified parameters from the dictionary. This method checks only root-level keys from a ref dictionary.

Parameters:

ref – a dictionary representing deserialized response to be serialized

classmethod get_token_ref()[source]

Retrieve KeystoneToken object from the auth context and returns it.

Raises:

keystone.exception.Unauthorized – If auth context cannot be found.

Returns:

The KeystoneToken object.

classmethod limit(refs, hints)[source]

Limit a list of entities.

The underlying driver layer may have already truncated the collection for us, but in case it was unable to handle truncation we check here.

Parameters:
  • refs – the list of members of the collection

  • hints – hints, containing, among other things, the limit requested

Returns:

boolean indicating whether the list was truncated, as well as the list of (truncated if necessary) entities.

member_key: str
method_decorators: list[Callable] = []
property oslo_context
static query_filter_is_true(filter_name)[source]

Determine if bool query param is ‘True’.

We treat this the same way as we do for policy enforcement:

{bool_param}=0 is treated as False

Any other value is considered to be equivalent to True, including the absence of a value (but existence as a parameter).

False Examples for param named p:

All other forms of the param ‘p’ would be result in a True value including: http://host/url?param.

property request_body_json
classmethod wrap_collection(refs, hints=None, collection_name=None)[source]

Wrap a collection, checking for filtering and pagination.

Returns the wrapped collection, which includes: - Executing any filtering not already carried out - Truncate to a set limit if necessary - Adds ‘self’ links in every member - Adds ‘next’, ‘self’ and ‘prev’ links for the whole collection.

Parameters:
  • refs – the list of members of the collection

  • hints – list hints, containing any relevant filters and limit. Any filters already satisfied by managers will have been removed

  • collection_name – optional override for the ‘collection key’ class attribute. This is to be used when wrapping a collection for a different api, e.g. ‘roles’ from the ‘trust’ api.

classmethod wrap_member(ref, collection_name=None, member_name=None)[source]
class keystone.server.flask.ResourceMap(resource, url, alternate_urls, kwargs, json_home_data)

Bases: tuple

alternate_urls

Alias for field number 2

json_home_data

Alias for field number 4

kwargs

Alias for field number 3

resource

Alias for field number 0

url

Alias for field number 1

keystone.server.flask.base_url(path='')[source]
keystone.server.flask.construct_json_home_data(rel, status='stable', path_vars=None, resource_relation_func=<function build_v3_resource_relation>)[source]
keystone.server.flask.construct_resource_map(resource, url, resource_kwargs, alternate_urls=None, rel=None, status='stable', path_vars=None, resource_relation_func=<function build_v3_resource_relation>)[source]

Construct the ResourceMap Named Tuple.

Parameters:
  • resource (ResourceMap) – The flask-RESTful resource class implementing the methods for the API.

  • url (str) – Flask-standard url route, all flask url routing rules apply. url variables will be passed to the Resource methods as arguments.

  • resource_kwargs

    a dict of optional value(s) that can further modify the handling of the routing.

    • endpoint: endpoint name (defaults to

      Resource.__name__.lower() Can be used to reference this route in fields.Url fields (str)

    • resource_class_args: args to be forwarded to the

      constructor of the resource. (tuple)

    • resource_class_kwargs: kwargs to be forwarded to

      the constructor of the resource. (dict)

    Additional keyword arguments not specified above will be passed as-is to flask.Flask.add_url_rule().

  • alternate_urls – An iterable (list) of dictionaries containing urls and associated json home REL data. Each element is expected to be a dictionary with a ‘url’ key and an optional ‘json_home’ key for a ‘JsonHomeData’ named tuple These urls will also map to the resource. These are used to ensure API compatibility when a “new” path is more correct for the API but old paths must continue to work. Example: /auth/domains being the new path for /OS-FEDERATION/domains. The OS-FEDERATION part would be listed as an alternate url. If a ‘json_home’ key is provided, the original path with the new json_home data will be added to the JSON Home Document.

  • rel (str or None)

  • status (str) – JSON Home API Status, e.g. “STABLE”

  • path_vars (dict or None) – JSON Home Path Var Data (arguments)

  • resource_relation_func (callable) – function to build expected resource rel data

Type:

iterable or None

Returns:

keystone.server.flask.full_url(path='')[source]
keystone.server.flask.unenforced_api(f)[source]

Decorate a resource method to mark is as an unenforced API.

Explicitly exempts an API from receiving the enforced API check, specifically for cases such as user self-service password changes (or other APIs that must work without already having a token).

This decorator may also be used if the API has extended enforcement logic/varying enforcement logic (such as some of the AUTH paths) where the full enforcement will be implemented directly within the methods.