diff options
author | RHE <rebirthmonkey@gmail.com> | 2017-11-24 13:54:26 +0100 |
---|---|---|
committer | RHE <rebirthmonkey@gmail.com> | 2017-11-24 13:54:26 +0100 |
commit | 920a49cfa055733d575282973e23558c33087a4a (patch) | |
tree | d371dab34efa5028600dad2e7ca58063626e7ba4 /keystone-moon/keystone/policy | |
parent | ef3eefca70d8abb4a00dafb9419ad32738e934b2 (diff) |
remove keystone-moon
Change-Id: I80d7c9b669f19d5f6607e162de8e0e55c2f80fdd
Signed-off-by: RHE <rebirthmonkey@gmail.com>
Diffstat (limited to 'keystone-moon/keystone/policy')
-rw-r--r-- | keystone-moon/keystone/policy/__init__.py | 16 | ||||
-rw-r--r-- | keystone-moon/keystone/policy/backends/__init__.py | 0 | ||||
-rw-r--r-- | keystone-moon/keystone/policy/backends/rules.py | 92 | ||||
-rw-r--r-- | keystone-moon/keystone/policy/backends/sql.py | 71 | ||||
-rw-r--r-- | keystone-moon/keystone/policy/controllers.py | 56 | ||||
-rw-r--r-- | keystone-moon/keystone/policy/core.py | 141 | ||||
-rw-r--r-- | keystone-moon/keystone/policy/routers.py | 24 | ||||
-rw-r--r-- | keystone-moon/keystone/policy/schema.py | 36 |
8 files changed, 0 insertions, 436 deletions
diff --git a/keystone-moon/keystone/policy/__init__.py b/keystone-moon/keystone/policy/__init__.py deleted file mode 100644 index a95aac1f..00000000 --- a/keystone-moon/keystone/policy/__init__.py +++ /dev/null @@ -1,16 +0,0 @@ -# Copyright 2012 OpenStack Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from keystone.policy import controllers # noqa -from keystone.policy.core import * # noqa diff --git a/keystone-moon/keystone/policy/backends/__init__.py b/keystone-moon/keystone/policy/backends/__init__.py deleted file mode 100644 index e69de29b..00000000 --- a/keystone-moon/keystone/policy/backends/__init__.py +++ /dev/null diff --git a/keystone-moon/keystone/policy/backends/rules.py b/keystone-moon/keystone/policy/backends/rules.py deleted file mode 100644 index 5a13287d..00000000 --- a/keystone-moon/keystone/policy/backends/rules.py +++ /dev/null @@ -1,92 +0,0 @@ -# Copyright (c) 2011 OpenStack, LLC. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -"""Policy engine for keystone""" - -from oslo_config import cfg -from oslo_log import log -from oslo_policy import policy as common_policy - -from keystone import exception -from keystone import policy - - -CONF = cfg.CONF -LOG = log.getLogger(__name__) - - -_ENFORCER = None - - -def reset(): - global _ENFORCER - _ENFORCER = None - - -def init(): - global _ENFORCER - if not _ENFORCER: - _ENFORCER = common_policy.Enforcer(CONF) - - -def enforce(credentials, action, target, do_raise=True): - """Verifies that the action is valid on the target in this context. - - :param credentials: user credentials - :param action: string representing the action to be checked, which should - be colon separated for clarity. - :param target: dictionary representing the object of the action for object - creation this should be a dictionary representing the - location of the object e.g. {'project_id': - object.project_id} - :raises keystone.exception.Forbidden: If verification fails. - - Actions should be colon separated for clarity. For example: - - * identity:list_users - - """ - init() - - # Add the exception arguments if asked to do a raise - extra = {} - if do_raise: - extra.update(exc=exception.ForbiddenAction, action=action, - do_raise=do_raise) - - return _ENFORCER.enforce(action, target, credentials, **extra) - - -class Policy(policy.PolicyDriverV8): - def enforce(self, credentials, action, target): - LOG.debug('enforce %(action)s: %(credentials)s', { - 'action': action, - 'credentials': credentials}) - enforce(credentials, action, target) - - def create_policy(self, policy_id, policy): - raise exception.NotImplemented() - - def list_policies(self): - raise exception.NotImplemented() - - def get_policy(self, policy_id): - raise exception.NotImplemented() - - def update_policy(self, policy_id, policy): - raise exception.NotImplemented() - - def delete_policy(self, policy_id): - raise exception.NotImplemented() diff --git a/keystone-moon/keystone/policy/backends/sql.py b/keystone-moon/keystone/policy/backends/sql.py deleted file mode 100644 index 94763f0d..00000000 --- a/keystone-moon/keystone/policy/backends/sql.py +++ /dev/null @@ -1,71 +0,0 @@ -# Copyright 2012 OpenStack LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from keystone.common import sql -from keystone import exception -from keystone.policy.backends import rules - - -class PolicyModel(sql.ModelBase, sql.DictBase): - __tablename__ = 'policy' - attributes = ['id', 'blob', 'type'] - id = sql.Column(sql.String(64), primary_key=True) - blob = sql.Column(sql.JsonBlob(), nullable=False) - type = sql.Column(sql.String(255), nullable=False) - extra = sql.Column(sql.JsonBlob()) - - -class Policy(rules.Policy): - - @sql.handle_conflicts(conflict_type='policy') - def create_policy(self, policy_id, policy): - with sql.session_for_write() as session: - ref = PolicyModel.from_dict(policy) - session.add(ref) - - return ref.to_dict() - - def list_policies(self): - with sql.session_for_read() as session: - refs = session.query(PolicyModel).all() - return [ref.to_dict() for ref in refs] - - def _get_policy(self, session, policy_id): - """Private method to get a policy model object (NOT a dictionary).""" - ref = session.query(PolicyModel).get(policy_id) - if not ref: - raise exception.PolicyNotFound(policy_id=policy_id) - return ref - - def get_policy(self, policy_id): - with sql.session_for_read() as session: - return self._get_policy(session, policy_id).to_dict() - - @sql.handle_conflicts(conflict_type='policy') - def update_policy(self, policy_id, policy): - with sql.session_for_write() as session: - ref = self._get_policy(session, policy_id) - old_dict = ref.to_dict() - old_dict.update(policy) - new_policy = PolicyModel.from_dict(old_dict) - ref.blob = new_policy.blob - ref.type = new_policy.type - ref.extra = new_policy.extra - - return ref.to_dict() - - def delete_policy(self, policy_id): - with sql.session_for_write() as session: - ref = self._get_policy(session, policy_id) - session.delete(ref) diff --git a/keystone-moon/keystone/policy/controllers.py b/keystone-moon/keystone/policy/controllers.py deleted file mode 100644 index e6eb9bca..00000000 --- a/keystone-moon/keystone/policy/controllers.py +++ /dev/null @@ -1,56 +0,0 @@ -# Copyright 2012 OpenStack Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from keystone.common import controller -from keystone.common import dependency -from keystone.common import validation -from keystone import notifications -from keystone.policy import schema - - -@dependency.requires('policy_api') -class PolicyV3(controller.V3Controller): - collection_name = 'policies' - member_name = 'policy' - - @controller.protected() - @validation.validated(schema.policy_create, 'policy') - def create_policy(self, context, policy): - ref = self._assign_unique_id(self._normalize_dict(policy)) - initiator = notifications._get_request_audit_info(context) - ref = self.policy_api.create_policy(ref['id'], ref, initiator) - return PolicyV3.wrap_member(context, ref) - - @controller.filterprotected('type') - def list_policies(self, context, filters): - hints = PolicyV3.build_driver_hints(context, filters) - refs = self.policy_api.list_policies(hints=hints) - return PolicyV3.wrap_collection(context, refs, hints=hints) - - @controller.protected() - def get_policy(self, context, policy_id): - ref = self.policy_api.get_policy(policy_id) - return PolicyV3.wrap_member(context, ref) - - @controller.protected() - @validation.validated(schema.policy_update, 'policy') - def update_policy(self, context, policy_id, policy): - initiator = notifications._get_request_audit_info(context) - ref = self.policy_api.update_policy(policy_id, policy, initiator) - return PolicyV3.wrap_member(context, ref) - - @controller.protected() - def delete_policy(self, context, policy_id): - initiator = notifications._get_request_audit_info(context) - return self.policy_api.delete_policy(policy_id, initiator) diff --git a/keystone-moon/keystone/policy/core.py b/keystone-moon/keystone/policy/core.py deleted file mode 100644 index f52795a5..00000000 --- a/keystone-moon/keystone/policy/core.py +++ /dev/null @@ -1,141 +0,0 @@ -# Copyright 2012 OpenStack Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -"""Main entry point into the Policy service.""" - -import abc - -from oslo_config import cfg -import six - -from keystone.common import dependency -from keystone.common import manager -from keystone import exception -from keystone import notifications - - -CONF = cfg.CONF - - -@dependency.provider('policy_api') -class Manager(manager.Manager): - """Default pivot point for the Policy backend. - - See :mod:`keystone.common.manager.Manager` for more details on how this - dynamically calls the backend. - - """ - - driver_namespace = 'keystone.policy' - - _POLICY = 'policy' - - def __init__(self): - super(Manager, self).__init__(CONF.policy.driver) - - def create_policy(self, policy_id, policy, initiator=None): - ref = self.driver.create_policy(policy_id, policy) - notifications.Audit.created(self._POLICY, policy_id, initiator) - return ref - - def get_policy(self, policy_id): - try: - return self.driver.get_policy(policy_id) - except exception.NotFound: - raise exception.PolicyNotFound(policy_id=policy_id) - - def update_policy(self, policy_id, policy, initiator=None): - if 'id' in policy and policy_id != policy['id']: - raise exception.ValidationError('Cannot change policy ID') - try: - ref = self.driver.update_policy(policy_id, policy) - except exception.NotFound: - raise exception.PolicyNotFound(policy_id=policy_id) - notifications.Audit.updated(self._POLICY, policy_id, initiator) - return ref - - @manager.response_truncated - def list_policies(self, hints=None): - # NOTE(henry-nash): Since the advantage of filtering or list limiting - # of policies at the driver level is minimal, we leave this to the - # caller. - return self.driver.list_policies() - - def delete_policy(self, policy_id, initiator=None): - try: - ret = self.driver.delete_policy(policy_id) - except exception.NotFound: - raise exception.PolicyNotFound(policy_id=policy_id) - notifications.Audit.deleted(self._POLICY, policy_id, initiator) - return ret - - -@six.add_metaclass(abc.ABCMeta) -class PolicyDriverV8(object): - - def _get_list_limit(self): - return CONF.policy.list_limit or CONF.list_limit - - @abc.abstractmethod - def enforce(self, context, credentials, action, target): - """Verify that a user is authorized to perform action. - - For more information on a full implementation of this see: - `keystone.policy.backends.rules.Policy.enforce` - """ - raise exception.NotImplemented() # pragma: no cover - - @abc.abstractmethod - def create_policy(self, policy_id, policy): - """Store a policy blob. - - :raises keystone.exception.Conflict: If a duplicate policy exists. - - """ - raise exception.NotImplemented() # pragma: no cover - - @abc.abstractmethod - def list_policies(self): - """List all policies.""" - raise exception.NotImplemented() # pragma: no cover - - @abc.abstractmethod - def get_policy(self, policy_id): - """Retrieve a specific policy blob. - - :raises keystone.exception.PolicyNotFound: If the policy doesn't exist. - - """ - raise exception.NotImplemented() # pragma: no cover - - @abc.abstractmethod - def update_policy(self, policy_id, policy): - """Update a policy blob. - - :raises keystone.exception.PolicyNotFound: If the policy doesn't exist. - - """ - raise exception.NotImplemented() # pragma: no cover - - @abc.abstractmethod - def delete_policy(self, policy_id): - """Remove a policy blob. - - :raises keystone.exception.PolicyNotFound: If the policy doesn't exist. - - """ - raise exception.NotImplemented() # pragma: no cover - - -Driver = manager.create_legacy_driver(PolicyDriverV8) diff --git a/keystone-moon/keystone/policy/routers.py b/keystone-moon/keystone/policy/routers.py deleted file mode 100644 index 5daadc81..00000000 --- a/keystone-moon/keystone/policy/routers.py +++ /dev/null @@ -1,24 +0,0 @@ -# Copyright 2012 OpenStack Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -from keystone.common import router -from keystone.common import wsgi -from keystone.policy import controllers - - -class Routers(wsgi.RoutersBase): - - def append_v3_routers(self, mapper, routers): - policy_controller = controllers.PolicyV3() - routers.append(router.Router(policy_controller, 'policies', 'policy', - resource_descriptions=self.v3_resources)) diff --git a/keystone-moon/keystone/policy/schema.py b/keystone-moon/keystone/policy/schema.py deleted file mode 100644 index 512c4ce7..00000000 --- a/keystone-moon/keystone/policy/schema.py +++ /dev/null @@ -1,36 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -_policy_properties = { - 'blob': { - 'type': 'string' - }, - 'type': { - 'type': 'string', - 'maxLength': 255 - } -} - -policy_create = { - 'type': 'object', - 'properties': _policy_properties, - 'required': ['blob', 'type'], - 'additionalProperties': True -} - -policy_update = { - 'type': 'object', - 'properties': _policy_properties, - 'minProperties': 1, - 'additionalProperties': True -} |