aboutsummaryrefslogtreecommitdiffstats
path: root/keystone-moon/keystone/contrib/endpoint_policy
diff options
context:
space:
mode:
authorRHE <rebirthmonkey@gmail.com>2017-11-24 13:54:26 +0100
committerRHE <rebirthmonkey@gmail.com>2017-11-24 13:54:26 +0100
commit920a49cfa055733d575282973e23558c33087a4a (patch)
treed371dab34efa5028600dad2e7ca58063626e7ba4 /keystone-moon/keystone/contrib/endpoint_policy
parentef3eefca70d8abb4a00dafb9419ad32738e934b2 (diff)
remove keystone-moon
Change-Id: I80d7c9b669f19d5f6607e162de8e0e55c2f80fdd Signed-off-by: RHE <rebirthmonkey@gmail.com>
Diffstat (limited to 'keystone-moon/keystone/contrib/endpoint_policy')
-rw-r--r--keystone-moon/keystone/contrib/endpoint_policy/__init__.py0
-rw-r--r--keystone-moon/keystone/contrib/endpoint_policy/backends/__init__.py0
-rw-r--r--keystone-moon/keystone/contrib/endpoint_policy/backends/sql.py28
-rw-r--r--keystone-moon/keystone/contrib/endpoint_policy/controllers.py166
-rw-r--r--keystone-moon/keystone/contrib/endpoint_policy/core.py430
-rw-r--r--keystone-moon/keystone/contrib/endpoint_policy/migrate_repo/__init__.py0
-rw-r--r--keystone-moon/keystone/contrib/endpoint_policy/migrate_repo/migrate.cfg25
-rw-r--r--keystone-moon/keystone/contrib/endpoint_policy/migrate_repo/versions/001_add_endpoint_policy_table.py19
-rw-r--r--keystone-moon/keystone/contrib/endpoint_policy/migrate_repo/versions/__init__.py0
-rw-r--r--keystone-moon/keystone/contrib/endpoint_policy/routers.py28
10 files changed, 0 insertions, 696 deletions
diff --git a/keystone-moon/keystone/contrib/endpoint_policy/__init__.py b/keystone-moon/keystone/contrib/endpoint_policy/__init__.py
deleted file mode 100644
index e69de29b..00000000
--- a/keystone-moon/keystone/contrib/endpoint_policy/__init__.py
+++ /dev/null
diff --git a/keystone-moon/keystone/contrib/endpoint_policy/backends/__init__.py b/keystone-moon/keystone/contrib/endpoint_policy/backends/__init__.py
deleted file mode 100644
index e69de29b..00000000
--- a/keystone-moon/keystone/contrib/endpoint_policy/backends/__init__.py
+++ /dev/null
diff --git a/keystone-moon/keystone/contrib/endpoint_policy/backends/sql.py b/keystone-moon/keystone/contrib/endpoint_policy/backends/sql.py
deleted file mode 100644
index 93331779..00000000
--- a/keystone-moon/keystone/contrib/endpoint_policy/backends/sql.py
+++ /dev/null
@@ -1,28 +0,0 @@
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from oslo_log import versionutils
-
-from keystone.endpoint_policy.backends import sql
-
-_OLD = 'keystone.contrib.endpoint_policy.backends.sql.EndpointPolicy'
-_NEW = 'keystone.endpoint_policy.backends.sql.EndpointPolicy'
-
-
-class EndpointPolicy(sql.EndpointPolicy):
-
- @versionutils.deprecated(versionutils.deprecated.LIBERTY,
- in_favor_of=_NEW,
- remove_in=1,
- what=_OLD)
- def __init__(self, *args, **kwargs):
- super(EndpointPolicy, self).__init__(*args, **kwargs)
diff --git a/keystone-moon/keystone/contrib/endpoint_policy/controllers.py b/keystone-moon/keystone/contrib/endpoint_policy/controllers.py
deleted file mode 100644
index b96834dc..00000000
--- a/keystone-moon/keystone/contrib/endpoint_policy/controllers.py
+++ /dev/null
@@ -1,166 +0,0 @@
-# Copyright 2014 IBM Corp.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from keystone.common import controller
-from keystone.common import dependency
-from keystone import notifications
-
-
-@dependency.requires('policy_api', 'catalog_api', 'endpoint_policy_api')
-class EndpointPolicyV3Controller(controller.V3Controller):
- collection_name = 'endpoints'
- member_name = 'endpoint'
-
- def __init__(self):
- super(EndpointPolicyV3Controller, self).__init__()
- notifications.register_event_callback(
- 'deleted', 'endpoint', self._on_endpoint_delete)
- notifications.register_event_callback(
- 'deleted', 'service', self._on_service_delete)
- notifications.register_event_callback(
- 'deleted', 'region', self._on_region_delete)
- notifications.register_event_callback(
- 'deleted', 'policy', self._on_policy_delete)
-
- def _on_endpoint_delete(self, service, resource_type, operation, payload):
- self.endpoint_policy_api.delete_association_by_endpoint(
- payload['resource_info'])
-
- def _on_service_delete(self, service, resource_type, operation, payload):
- self.endpoint_policy_api.delete_association_by_service(
- payload['resource_info'])
-
- def _on_region_delete(self, service, resource_type, operation, payload):
- self.endpoint_policy_api.delete_association_by_region(
- payload['resource_info'])
-
- def _on_policy_delete(self, service, resource_type, operation, payload):
- self.endpoint_policy_api.delete_association_by_policy(
- payload['resource_info'])
-
- @controller.protected()
- def create_policy_association_for_endpoint(self, context,
- policy_id, endpoint_id):
- """Create an association between a policy and an endpoint."""
- self.policy_api.get_policy(policy_id)
- self.catalog_api.get_endpoint(endpoint_id)
- self.endpoint_policy_api.create_policy_association(
- policy_id, endpoint_id=endpoint_id)
-
- @controller.protected()
- def check_policy_association_for_endpoint(self, context,
- policy_id, endpoint_id):
- """Check an association between a policy and an endpoint."""
- self.policy_api.get_policy(policy_id)
- self.catalog_api.get_endpoint(endpoint_id)
- self.endpoint_policy_api.check_policy_association(
- policy_id, endpoint_id=endpoint_id)
-
- @controller.protected()
- def delete_policy_association_for_endpoint(self, context,
- policy_id, endpoint_id):
- """Delete an association between a policy and an endpoint."""
- self.policy_api.get_policy(policy_id)
- self.catalog_api.get_endpoint(endpoint_id)
- self.endpoint_policy_api.delete_policy_association(
- policy_id, endpoint_id=endpoint_id)
-
- @controller.protected()
- def create_policy_association_for_service(self, context,
- policy_id, service_id):
- """Create an association between a policy and a service."""
- self.policy_api.get_policy(policy_id)
- self.catalog_api.get_service(service_id)
- self.endpoint_policy_api.create_policy_association(
- policy_id, service_id=service_id)
-
- @controller.protected()
- def check_policy_association_for_service(self, context,
- policy_id, service_id):
- """Check an association between a policy and a service."""
- self.policy_api.get_policy(policy_id)
- self.catalog_api.get_service(service_id)
- self.endpoint_policy_api.check_policy_association(
- policy_id, service_id=service_id)
-
- @controller.protected()
- def delete_policy_association_for_service(self, context,
- policy_id, service_id):
- """Delete an association between a policy and a service."""
- self.policy_api.get_policy(policy_id)
- self.catalog_api.get_service(service_id)
- self.endpoint_policy_api.delete_policy_association(
- policy_id, service_id=service_id)
-
- @controller.protected()
- def create_policy_association_for_region_and_service(
- self, context, policy_id, service_id, region_id):
- """Create an association between a policy and region+service."""
- self.policy_api.get_policy(policy_id)
- self.catalog_api.get_service(service_id)
- self.catalog_api.get_region(region_id)
- self.endpoint_policy_api.create_policy_association(
- policy_id, service_id=service_id, region_id=region_id)
-
- @controller.protected()
- def check_policy_association_for_region_and_service(
- self, context, policy_id, service_id, region_id):
- """Check an association between a policy and region+service."""
- self.policy_api.get_policy(policy_id)
- self.catalog_api.get_service(service_id)
- self.catalog_api.get_region(region_id)
- self.endpoint_policy_api.check_policy_association(
- policy_id, service_id=service_id, region_id=region_id)
-
- @controller.protected()
- def delete_policy_association_for_region_and_service(
- self, context, policy_id, service_id, region_id):
- """Delete an association between a policy and region+service."""
- self.policy_api.get_policy(policy_id)
- self.catalog_api.get_service(service_id)
- self.catalog_api.get_region(region_id)
- self.endpoint_policy_api.delete_policy_association(
- policy_id, service_id=service_id, region_id=region_id)
-
- @controller.protected()
- def get_policy_for_endpoint(self, context, endpoint_id):
- """Get the effective policy for an endpoint."""
- self.catalog_api.get_endpoint(endpoint_id)
- ref = self.endpoint_policy_api.get_policy_for_endpoint(endpoint_id)
- # NOTE(henry-nash): since the collection and member for this class is
- # set to endpoints, we have to handle wrapping this policy entity
- # ourselves.
- self._add_self_referential_link(context, ref)
- return {'policy': ref}
-
- # NOTE(henry-nash): As in the catalog controller, we must ensure that the
- # legacy_endpoint_id does not escape.
-
- @classmethod
- def filter_endpoint(cls, ref):
- if 'legacy_endpoint_id' in ref:
- ref.pop('legacy_endpoint_id')
- return ref
-
- @classmethod
- def wrap_member(cls, context, ref):
- ref = cls.filter_endpoint(ref)
- return super(EndpointPolicyV3Controller, cls).wrap_member(context, ref)
-
- @controller.protected()
- def list_endpoints_for_policy(self, context, policy_id):
- """List endpoints with the effective association to a policy."""
- self.policy_api.get_policy(policy_id)
- refs = self.endpoint_policy_api.list_endpoints_for_policy(policy_id)
- return EndpointPolicyV3Controller.wrap_collection(context, refs)
diff --git a/keystone-moon/keystone/contrib/endpoint_policy/core.py b/keystone-moon/keystone/contrib/endpoint_policy/core.py
deleted file mode 100644
index 1aa03267..00000000
--- a/keystone-moon/keystone/contrib/endpoint_policy/core.py
+++ /dev/null
@@ -1,430 +0,0 @@
-# Copyright 2014 IBM Corp.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-import abc
-
-from oslo_config import cfg
-from oslo_log import log
-import six
-
-from keystone.common import dependency
-from keystone.common import manager
-from keystone import exception
-from keystone.i18n import _, _LE, _LW
-
-CONF = cfg.CONF
-LOG = log.getLogger(__name__)
-
-
-@dependency.provider('endpoint_policy_api')
-@dependency.requires('catalog_api', 'policy_api')
-class Manager(manager.Manager):
- """Default pivot point for the Endpoint Policy backend.
-
- See :mod:`keystone.common.manager.Manager` for more details on how this
- dynamically calls the backend.
-
- """
-
- def __init__(self):
- super(Manager, self).__init__(CONF.endpoint_policy.driver)
-
- def _assert_valid_association(self, endpoint_id, service_id, region_id):
- """Assert that the association is supported.
-
- There are three types of association supported:
-
- - Endpoint (in which case service and region must be None)
- - Service and region (in which endpoint must be None)
- - Service (in which case endpoint and region must be None)
-
- """
- if (endpoint_id is not None and
- service_id is None and region_id is None):
- return
- if (service_id is not None and region_id is not None and
- endpoint_id is None):
- return
- if (service_id is not None and
- endpoint_id is None and region_id is None):
- return
-
- raise exception.InvalidPolicyAssociation(endpoint_id=endpoint_id,
- service_id=service_id,
- region_id=region_id)
-
- def create_policy_association(self, policy_id, endpoint_id=None,
- service_id=None, region_id=None):
- self._assert_valid_association(endpoint_id, service_id, region_id)
- self.driver.create_policy_association(policy_id, endpoint_id,
- service_id, region_id)
-
- def check_policy_association(self, policy_id, endpoint_id=None,
- service_id=None, region_id=None):
- self._assert_valid_association(endpoint_id, service_id, region_id)
- self.driver.check_policy_association(policy_id, endpoint_id,
- service_id, region_id)
-
- def delete_policy_association(self, policy_id, endpoint_id=None,
- service_id=None, region_id=None):
- self._assert_valid_association(endpoint_id, service_id, region_id)
- self.driver.delete_policy_association(policy_id, endpoint_id,
- service_id, region_id)
-
- def list_endpoints_for_policy(self, policy_id):
-
- def _get_endpoint(endpoint_id, policy_id):
- try:
- return self.catalog_api.get_endpoint(endpoint_id)
- except exception.EndpointNotFound:
- msg = _LW('Endpoint %(endpoint_id)s referenced in '
- 'association for policy %(policy_id)s not found.')
- LOG.warning(msg, {'policy_id': policy_id,
- 'endpoint_id': endpoint_id})
- raise
-
- def _get_endpoints_for_service(service_id, endpoints):
- # TODO(henry-nash): Consider optimizing this in the future by
- # adding an explicit list_endpoints_for_service to the catalog API.
- return [ep for ep in endpoints if ep['service_id'] == service_id]
-
- def _get_endpoints_for_service_and_region(
- service_id, region_id, endpoints, regions):
- # TODO(henry-nash): Consider optimizing this in the future.
- # The lack of a two-way pointer in the region tree structure
- # makes this somewhat inefficient.
-
- def _recursively_get_endpoints_for_region(
- region_id, service_id, endpoint_list, region_list,
- endpoints_found, regions_examined):
- """Recursively search down a region tree for endpoints.
-
- :param region_id: the point in the tree to examine
- :param service_id: the service we are interested in
- :param endpoint_list: list of all endpoints
- :param region_list: list of all regions
- :param endpoints_found: list of matching endpoints found so
- far - which will be updated if more are
- found in this iteration
- :param regions_examined: list of regions we have already looked
- at - used to spot illegal circular
- references in the tree to avoid never
- completing search
- :returns: list of endpoints that match
-
- """
-
- if region_id in regions_examined:
- msg = _LE('Circular reference or a repeated entry found '
- 'in region tree - %(region_id)s.')
- LOG.error(msg, {'region_id': ref.region_id})
- return
-
- regions_examined.append(region_id)
- endpoints_found += (
- [ep for ep in endpoint_list if
- ep['service_id'] == service_id and
- ep['region_id'] == region_id])
-
- for region in region_list:
- if region['parent_region_id'] == region_id:
- _recursively_get_endpoints_for_region(
- region['id'], service_id, endpoints, regions,
- endpoints_found, regions_examined)
-
- endpoints_found = []
- regions_examined = []
-
- # Now walk down the region tree
- _recursively_get_endpoints_for_region(
- region_id, service_id, endpoints, regions,
- endpoints_found, regions_examined)
-
- return endpoints_found
-
- matching_endpoints = []
- endpoints = self.catalog_api.list_endpoints()
- regions = self.catalog_api.list_regions()
- for ref in self.driver.list_associations_for_policy(policy_id):
- if ref.get('endpoint_id') is not None:
- matching_endpoints.append(
- _get_endpoint(ref['endpoint_id'], policy_id))
- continue
-
- if (ref.get('service_id') is not None and
- ref.get('region_id') is None):
- matching_endpoints += _get_endpoints_for_service(
- ref['service_id'], endpoints)
- continue
-
- if (ref.get('service_id') is not None and
- ref.get('region_id') is not None):
- matching_endpoints += (
- _get_endpoints_for_service_and_region(
- ref['service_id'], ref['region_id'],
- endpoints, regions))
- continue
-
- msg = _LW('Unsupported policy association found - '
- 'Policy %(policy_id)s, Endpoint %(endpoint_id)s, '
- 'Service %(service_id)s, Region %(region_id)s, ')
- LOG.warning(msg, {'policy_id': policy_id,
- 'endpoint_id': ref['endpoint_id'],
- 'service_id': ref['service_id'],
- 'region_id': ref['region_id']})
-
- return matching_endpoints
-
- def get_policy_for_endpoint(self, endpoint_id):
-
- def _get_policy(policy_id, endpoint_id):
- try:
- return self.policy_api.get_policy(policy_id)
- except exception.PolicyNotFound:
- msg = _LW('Policy %(policy_id)s referenced in association '
- 'for endpoint %(endpoint_id)s not found.')
- LOG.warning(msg, {'policy_id': policy_id,
- 'endpoint_id': endpoint_id})
- raise
-
- def _look_for_policy_for_region_and_service(endpoint):
- """Look in the region and its parents for a policy.
-
- Examine the region of the endpoint for a policy appropriate for
- the service of the endpoint. If there isn't a match, then chase up
- the region tree to find one.
-
- """
- region_id = endpoint['region_id']
- regions_examined = []
- while region_id is not None:
- try:
- ref = self.driver.get_policy_association(
- service_id=endpoint['service_id'],
- region_id=region_id)
- return ref['policy_id']
- except exception.PolicyAssociationNotFound:
- pass
-
- # There wasn't one for that region & service, let's
- # chase up the region tree
- regions_examined.append(region_id)
- region = self.catalog_api.get_region(region_id)
- region_id = None
- if region.get('parent_region_id') is not None:
- region_id = region['parent_region_id']
- if region_id in regions_examined:
- msg = _LE('Circular reference or a repeated entry '
- 'found in region tree - %(region_id)s.')
- LOG.error(msg, {'region_id': region_id})
- break
-
- # First let's see if there is a policy explicitly defined for
- # this endpoint.
-
- try:
- ref = self.driver.get_policy_association(endpoint_id=endpoint_id)
- return _get_policy(ref['policy_id'], endpoint_id)
- except exception.PolicyAssociationNotFound:
- pass
-
- # There wasn't a policy explicitly defined for this endpoint, so
- # now let's see if there is one for the Region & Service.
-
- endpoint = self.catalog_api.get_endpoint(endpoint_id)
- policy_id = _look_for_policy_for_region_and_service(endpoint)
- if policy_id is not None:
- return _get_policy(policy_id, endpoint_id)
-
- # Finally, just check if there is one for the service.
- try:
- ref = self.driver.get_policy_association(
- service_id=endpoint['service_id'])
- return _get_policy(ref['policy_id'], endpoint_id)
- except exception.PolicyAssociationNotFound:
- pass
-
- msg = _('No policy is associated with endpoint '
- '%(endpoint_id)s.') % {'endpoint_id': endpoint_id}
- raise exception.NotFound(msg)
-
-
-@six.add_metaclass(abc.ABCMeta)
-class Driver(object):
- """Interface description for an Endpoint Policy driver."""
-
- @abc.abstractmethod
- def create_policy_association(self, policy_id, endpoint_id=None,
- service_id=None, region_id=None):
- """Creates a policy association.
-
- :param policy_id: identity of policy that is being associated
- :type policy_id: string
- :param endpoint_id: identity of endpoint to associate
- :type endpoint_id: string
- :param service_id: identity of the service to associate
- :type service_id: string
- :param region_id: identity of the region to associate
- :type region_id: string
- :returns: None
-
- There are three types of association permitted:
-
- - Endpoint (in which case service and region must be None)
- - Service and region (in which endpoint must be None)
- - Service (in which case endpoint and region must be None)
-
- """
- raise exception.NotImplemented() # pragma: no cover
-
- @abc.abstractmethod
- def check_policy_association(self, policy_id, endpoint_id=None,
- service_id=None, region_id=None):
- """Checks existence a policy association.
-
- :param policy_id: identity of policy that is being associated
- :type policy_id: string
- :param endpoint_id: identity of endpoint to associate
- :type endpoint_id: string
- :param service_id: identity of the service to associate
- :type service_id: string
- :param region_id: identity of the region to associate
- :type region_id: string
- :raises: keystone.exception.PolicyAssociationNotFound if there is no
- match for the specified association
- :returns: None
-
- """
- raise exception.NotImplemented() # pragma: no cover
-
- @abc.abstractmethod
- def delete_policy_association(self, policy_id, endpoint_id=None,
- service_id=None, region_id=None):
- """Deletes a policy association.
-
- :param policy_id: identity of policy that is being associated
- :type policy_id: string
- :param endpoint_id: identity of endpoint to associate
- :type endpoint_id: string
- :param service_id: identity of the service to associate
- :type service_id: string
- :param region_id: identity of the region to associate
- :type region_id: string
- :returns: None
-
- """
- raise exception.NotImplemented() # pragma: no cover
-
- @abc.abstractmethod
- def get_policy_association(self, endpoint_id=None,
- service_id=None, region_id=None):
- """Gets the policy for an explicit association.
-
- This method is not exposed as a public API, but is used by
- get_policy_for_endpoint().
-
- :param endpoint_id: identity of endpoint
- :type endpoint_id: string
- :param service_id: identity of the service
- :type service_id: string
- :param region_id: identity of the region
- :type region_id: string
- :raises: keystone.exception.PolicyAssociationNotFound if there is no
- match for the specified association
- :returns: dict containing policy_id
-
- """
- raise exception.NotImplemented() # pragma: no cover
-
- @abc.abstractmethod
- def list_associations_for_policy(self, policy_id):
- """List the associations for a policy.
-
- This method is not exposed as a public API, but is used by
- list_endpoints_for_policy().
-
- :param policy_id: identity of policy
- :type policy_id: string
- :returns: List of association dicts
-
- """
- raise exception.NotImplemented() # pragma: no cover
-
- @abc.abstractmethod
- def list_endpoints_for_policy(self, policy_id):
- """List all the endpoints using a given policy.
-
- :param policy_id: identity of policy that is being associated
- :type policy_id: string
- :returns: list of endpoints that have an effective association with
- that policy
-
- """
- raise exception.NotImplemented() # pragma: no cover
-
- @abc.abstractmethod
- def get_policy_for_endpoint(self, endpoint_id):
- """Get the appropriate policy for a given endpoint.
-
- :param endpoint_id: identity of endpoint
- :type endpoint_id: string
- :returns: Policy entity for the endpoint
-
-
- """
- raise exception.NotImplemented() # pragma: no cover
-
- @abc.abstractmethod
- def delete_association_by_endpoint(self, endpoint_id):
- """Removes all the policy associations with the specific endpoint.
-
- :param endpoint_id: identity of endpoint to check
- :type endpoint_id: string
- :returns: None
-
- """
- raise exception.NotImplemented() # pragma: no cover
-
- @abc.abstractmethod
- def delete_association_by_service(self, service_id):
- """Removes all the policy associations with the specific service.
-
- :param service_id: identity of endpoint to check
- :type service_id: string
- :returns: None
-
- """
- raise exception.NotImplemented() # pragma: no cover
-
- @abc.abstractmethod
- def delete_association_by_region(self, region_id):
- """Removes all the policy associations with the specific region.
-
- :param region_id: identity of endpoint to check
- :type region_id: string
- :returns: None
-
- """
- raise exception.NotImplemented() # pragma: no cover
-
- @abc.abstractmethod
- def delete_association_by_policy(self, policy_id):
- """Removes all the policy associations with the specific policy.
-
- :param policy_id: identity of endpoint to check
- :type policy_id: string
- :returns: None
-
- """
- raise exception.NotImplemented() # pragma: no cover
diff --git a/keystone-moon/keystone/contrib/endpoint_policy/migrate_repo/__init__.py b/keystone-moon/keystone/contrib/endpoint_policy/migrate_repo/__init__.py
deleted file mode 100644
index e69de29b..00000000
--- a/keystone-moon/keystone/contrib/endpoint_policy/migrate_repo/__init__.py
+++ /dev/null
diff --git a/keystone-moon/keystone/contrib/endpoint_policy/migrate_repo/migrate.cfg b/keystone-moon/keystone/contrib/endpoint_policy/migrate_repo/migrate.cfg
deleted file mode 100644
index 62895d6f..00000000
--- a/keystone-moon/keystone/contrib/endpoint_policy/migrate_repo/migrate.cfg
+++ /dev/null
@@ -1,25 +0,0 @@
-[db_settings]
-# Used to identify which repository this database is versioned under.
-# You can use the name of your project.
-repository_id=endpoint_policy
-
-# The name of the database table used to track the schema version.
-# This name shouldn't already be used by your project.
-# If this is changed once a database is under version control, you'll need to
-# change the table name in each database too.
-version_table=migrate_version
-
-# When committing a change script, Migrate will attempt to generate the
-# sql for all supported databases; normally, if one of them fails - probably
-# because you don't have that database installed - it is ignored and the
-# commit continues, perhaps ending successfully.
-# Databases in this list MUST compile successfully during a commit, or the
-# entire commit will fail. List the databases your application will actually
-# be using to ensure your updates to that database work properly.
-# This must be a list; example: ['postgres','sqlite']
-required_dbs=[]
-
-# When creating new change scripts, Migrate will stamp the new script with
-# a version number. By default this is latest_version + 1. You can set this
-# to 'true' to tell Migrate to use the UTC timestamp instead.
-use_timestamp_numbering=False
diff --git a/keystone-moon/keystone/contrib/endpoint_policy/migrate_repo/versions/001_add_endpoint_policy_table.py b/keystone-moon/keystone/contrib/endpoint_policy/migrate_repo/versions/001_add_endpoint_policy_table.py
deleted file mode 100644
index 32bdabdd..00000000
--- a/keystone-moon/keystone/contrib/endpoint_policy/migrate_repo/versions/001_add_endpoint_policy_table.py
+++ /dev/null
@@ -1,19 +0,0 @@
-# Copyright 2014 IBM Corp.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from keystone import exception
-
-
-def upgrade(migrate_engine):
- raise exception.MigrationMovedFailure(extension='endpoint_policy')
diff --git a/keystone-moon/keystone/contrib/endpoint_policy/migrate_repo/versions/__init__.py b/keystone-moon/keystone/contrib/endpoint_policy/migrate_repo/versions/__init__.py
deleted file mode 100644
index e69de29b..00000000
--- a/keystone-moon/keystone/contrib/endpoint_policy/migrate_repo/versions/__init__.py
+++ /dev/null
diff --git a/keystone-moon/keystone/contrib/endpoint_policy/routers.py b/keystone-moon/keystone/contrib/endpoint_policy/routers.py
deleted file mode 100644
index c8f7f154..00000000
--- a/keystone-moon/keystone/contrib/endpoint_policy/routers.py
+++ /dev/null
@@ -1,28 +0,0 @@
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from oslo_log import versionutils
-
-from keystone.common import wsgi
-
-_OLD = 'keystone.contrib.endpoint_policy.routers.EndpointPolicyExtension'
-_NEW = 'keystone.endpoint_policy.routers.Routers'
-
-
-class EndpointPolicyExtension(wsgi.Middleware):
-
- @versionutils.deprecated(versionutils.deprecated.LIBERTY,
- in_favor_of=_NEW,
- remove_in=1,
- what=_OLD)
- def __init__(self, *args, **kwargs):
- super(EndpointPolicyExtension, self).__init__(*args, **kwargs)