Source code for keystone.api.role_inferences

#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

# This file handles all flask-restful resources for /v3/role_inferences

import flask_restful

from keystone.api._shared import implied_roles as shared
from keystone.common import provider_api
from keystone.common import rbac_enforcer
from keystone.server import flask as ks_flask


ENFORCER = rbac_enforcer.RBACEnforcer
PROVIDERS = provider_api.ProviderAPIs


[docs]class RoleInferencesResource(flask_restful.Resource):
[docs] def get(self): """List role inference rules. GET/HEAD /v3/role_inferences """ ENFORCER.enforce_call(action='identity:list_role_inference_rules') refs = PROVIDERS.role_api.list_role_inference_rules() role_dict = {role_ref['id']: role_ref for role_ref in PROVIDERS.role_api.list_roles()} rules = dict() for ref in refs: implied_role_id = ref['implied_role_id'] prior_role_id = ref['prior_role_id'] implied = rules.get(prior_role_id, []) implied.append( shared.build_implied_role_response_data( role_dict[implied_role_id])) rules[prior_role_id] = implied inferences = [] for prior_id, implied, in rules.items(): prior_response = shared.build_prior_role_response_data( prior_id, role_dict[prior_id]['name']) inferences.append({'prior_role': prior_response, 'implies': implied}) results = {'role_inferences': inferences} return results
[docs]class RoleInferencesAPI(ks_flask.APIBase): _name = 'role_inferences' _import_name = __name__ resources = [] resource_mapping = [ ks_flask.construct_resource_map( resource=RoleInferencesResource, url='/role_inferences', resource_kwargs={}, rel='role_inferences') ]
APIs = (RoleInferencesAPI,)