Update Keystone core to Mitaka.

Change-Id: Ia10d6add16f4a9d25d1f42d420661c46332e69db

4 files changed, 25 insertions, 34 deletions

diff --git a/keystone-moon/keystone/policy/__init__.py b/keystone-moon/keystone/policy/__init__.py
index 4cd96793..a95aac1f 100644
--- a/keystone-moon/keystone/policy/__init__.py
+++ b/keystone-moon/keystone/policy/__init__.py
@@ -14,4 +14,3 @@
 
 from keystone.policy import controllers  # noqa
 from keystone.policy.core import *  # noqa
-from keystone.policy import routers  # noqa
diff --git a/keystone-moon/keystone/policy/backends/rules.py b/keystone-moon/keystone/policy/backends/rules.py
index a4150575..5a13287d 100644
--- a/keystone-moon/keystone/policy/backends/rules.py
+++ b/keystone-moon/keystone/policy/backends/rules.py
@@ -44,18 +44,18 @@ def init():
 def enforce(credentials, action, target, do_raise=True):
     """Verifies that the action is valid on the target in this context.
 
-       :param credentials: user credentials
-       :param action: string representing the action to be checked, which
-                      should be colon separated for clarity.
-       :param target: dictionary representing the object of the action
-                      for object creation this should be a dictionary
-                      representing the location of the object e.g.
-                      {'project_id': object.project_id}
-       :raises: `exception.Forbidden` if verification fails.
-
-       Actions should be colon separated for clarity. For example:
-
-        * identity:list_users
+    :param credentials: user credentials
+    :param action: string representing the action to be checked, which should
+                   be colon separated for clarity.
+    :param target: dictionary representing the object of the action for object
+                   creation this should be a dictionary representing the
+                   location of the object e.g. {'project_id':
+                   object.project_id}
+    :raises keystone.exception.Forbidden: If verification fails.
+
+    Actions should be colon separated for clarity. For example:
+
+    * identity:list_users
 
     """
     init()
diff --git a/keystone-moon/keystone/policy/backends/sql.py b/keystone-moon/keystone/policy/backends/sql.py
index b2cccd01..94763f0d 100644
--- a/keystone-moon/keystone/policy/backends/sql.py
+++ b/keystone-moon/keystone/policy/backends/sql.py
@@ -30,19 +30,16 @@ class Policy(rules.Policy):
 
     @sql.handle_conflicts(conflict_type='policy')
     def create_policy(self, policy_id, policy):
-        session = sql.get_session()
-
-        with session.begin():
+        with sql.session_for_write() as session:
             ref = PolicyModel.from_dict(policy)
             session.add(ref)
 
-        return ref.to_dict()
+            return ref.to_dict()
 
     def list_policies(self):
-        session = sql.get_session()
-
-        refs = session.query(PolicyModel).all()
-        return [ref.to_dict() for ref in refs]
+        with sql.session_for_read() as session:
+            refs = session.query(PolicyModel).all()
+            return [ref.to_dict() for ref in refs]
 
     def _get_policy(self, session, policy_id):
         """Private method to get a policy model object (NOT a dictionary)."""
@@ -52,15 +49,12 @@ class Policy(rules.Policy):
         return ref
 
     def get_policy(self, policy_id):
-        session = sql.get_session()
-
-        return self._get_policy(session, policy_id).to_dict()
+        with sql.session_for_read() as session:
+            return self._get_policy(session, policy_id).to_dict()
 
     @sql.handle_conflicts(conflict_type='policy')
     def update_policy(self, policy_id, policy):
-        session = sql.get_session()
-
-        with session.begin():
+        with sql.session_for_write() as session:
             ref = self._get_policy(session, policy_id)
             old_dict = ref.to_dict()
             old_dict.update(policy)
@@ -72,8 +66,6 @@ class Policy(rules.Policy):
         return ref.to_dict()
 
     def delete_policy(self, policy_id):
-        session = sql.get_session()
-
-        with session.begin():
+        with sql.session_for_write() as session:
             ref = self._get_policy(session, policy_id)
             session.delete(ref)
diff --git a/keystone-moon/keystone/policy/core.py b/keystone-moon/keystone/policy/core.py
index dfd6ff2d..f52795a5 100644
--- a/keystone-moon/keystone/policy/core.py
+++ b/keystone-moon/keystone/policy/core.py
@@ -100,7 +100,7 @@ class PolicyDriverV8(object):
     def create_policy(self, policy_id, policy):
         """Store a policy blob.
 
-        :raises: keystone.exception.Conflict
+        :raises keystone.exception.Conflict: If a duplicate policy exists.
 
         """
         raise exception.NotImplemented()  # pragma: no cover
@@ -114,7 +114,7 @@ class PolicyDriverV8(object):
     def get_policy(self, policy_id):
         """Retrieve a specific policy blob.
 
-        :raises: keystone.exception.PolicyNotFound
+        :raises keystone.exception.PolicyNotFound: If the policy doesn't exist.
 
         """
         raise exception.NotImplemented()  # pragma: no cover
@@ -123,7 +123,7 @@ class PolicyDriverV8(object):
     def update_policy(self, policy_id, policy):
         """Update a policy blob.
 
-        :raises: keystone.exception.PolicyNotFound
+        :raises keystone.exception.PolicyNotFound: If the policy doesn't exist.
 
         """
         raise exception.NotImplemented()  # pragma: no cover
@@ -132,7 +132,7 @@ class PolicyDriverV8(object):
     def delete_policy(self, policy_id):
         """Remove a policy blob.
 
-        :raises: keystone.exception.PolicyNotFound
+        :raises keystone.exception.PolicyNotFound: If the policy doesn't exist.
 
         """
         raise exception.NotImplemented()  # pragma: no cover