diff options
Diffstat (limited to 'keystone-moon/keystone/endpoint_policy')
| -rw-r--r-- | keystone-moon/keystone/endpoint_policy/__init__.py | 1 | ||||
| -rw-r--r-- | keystone-moon/keystone/endpoint_policy/backends/sql.py | 20 | ||||
| -rw-r--r-- | keystone-moon/keystone/endpoint_policy/core.py | 27 |
3 files changed, 25 insertions, 23 deletions
diff --git a/keystone-moon/keystone/endpoint_policy/__init__.py b/keystone-moon/keystone/endpoint_policy/__init__.py index c8ae5e68..36c016a1 100644 --- a/keystone-moon/keystone/endpoint_policy/__init__.py +++ b/keystone-moon/keystone/endpoint_policy/__init__.py @@ -11,4 +11,3 @@ # under the License. from keystone.endpoint_policy.core import * # noqa -from keystone.endpoint_policy import routers # noqa diff --git a/keystone-moon/keystone/endpoint_policy/backends/sql.py b/keystone-moon/keystone/endpoint_policy/backends/sql.py index 484444f1..aacbb083 100644 --- a/keystone-moon/keystone/endpoint_policy/backends/sql.py +++ b/keystone-moon/keystone/endpoint_policy/backends/sql.py @@ -32,7 +32,7 @@ class PolicyAssociation(sql.ModelBase, sql.ModelDictMixin): service_id = sql.Column(sql.String(64), nullable=True) region_id = sql.Column(sql.String(64), nullable=True) __table_args__ = (sql.UniqueConstraint('endpoint_id', 'service_id', - 'region_id'), {}) + 'region_id'),) def to_dict(self): """Returns the model's attributes as a dictionary. @@ -51,7 +51,7 @@ class EndpointPolicy(object): def create_policy_association(self, policy_id, endpoint_id=None, service_id=None, region_id=None): - with sql.transaction() as session: + with sql.session_for_write() as session: try: # See if there is already a row for this association, and if # so, update it with the new policy_id @@ -79,14 +79,14 @@ class EndpointPolicy(object): # NOTE(henry-nash): Getting a single value to save object # management overhead. - with sql.transaction() as session: + with sql.session_for_read() as session: if session.query(PolicyAssociation.id).filter( sql_constraints).distinct().count() == 0: raise exception.PolicyAssociationNotFound() def delete_policy_association(self, policy_id, endpoint_id=None, service_id=None, region_id=None): - with sql.transaction() as session: + with sql.session_for_write() as session: query = session.query(PolicyAssociation) query = query.filter_by(policy_id=policy_id) query = query.filter_by(endpoint_id=endpoint_id) @@ -102,7 +102,7 @@ class EndpointPolicy(object): PolicyAssociation.region_id == region_id) try: - with sql.transaction() as session: + with sql.session_for_read() as session: policy_id = session.query(PolicyAssociation.policy_id).filter( sql_constraints).distinct().one() return {'policy_id': policy_id} @@ -110,31 +110,31 @@ class EndpointPolicy(object): raise exception.PolicyAssociationNotFound() def list_associations_for_policy(self, policy_id): - with sql.transaction() as session: + with sql.session_for_read() as session: query = session.query(PolicyAssociation) query = query.filter_by(policy_id=policy_id) return [ref.to_dict() for ref in query.all()] def delete_association_by_endpoint(self, endpoint_id): - with sql.transaction() as session: + with sql.session_for_write() as session: query = session.query(PolicyAssociation) query = query.filter_by(endpoint_id=endpoint_id) query.delete() def delete_association_by_service(self, service_id): - with sql.transaction() as session: + with sql.session_for_write() as session: query = session.query(PolicyAssociation) query = query.filter_by(service_id=service_id) query.delete() def delete_association_by_region(self, region_id): - with sql.transaction() as session: + with sql.session_for_write() as session: query = session.query(PolicyAssociation) query = query.filter_by(region_id=region_id) query.delete() def delete_association_by_policy(self, policy_id): - with sql.transaction() as session: + with sql.session_for_write() as session: query = session.query(PolicyAssociation) query = query.filter_by(policy_id=policy_id) query.delete() diff --git a/keystone-moon/keystone/endpoint_policy/core.py b/keystone-moon/keystone/endpoint_policy/core.py index e176ac1c..6243f26b 100644 --- a/keystone-moon/keystone/endpoint_policy/core.py +++ b/keystone-moon/keystone/endpoint_policy/core.py @@ -127,7 +127,6 @@ class Manager(manager.Manager): :returns: list of endpoints that match """ - if region_id in regions_examined: msg = _LE('Circular reference or a repeated entry found ' 'in region tree - %(region_id)s.') @@ -159,7 +158,7 @@ class Manager(manager.Manager): matching_endpoints = [] endpoints = self.catalog_api.list_endpoints() regions = self.catalog_api.list_regions() - for ref in self.driver.list_associations_for_policy(policy_id): + for ref in self.list_associations_for_policy(policy_id): if ref.get('endpoint_id') is not None: matching_endpoints.append( _get_endpoint(ref['endpoint_id'], policy_id)) @@ -213,11 +212,12 @@ class Manager(manager.Manager): regions_examined = [] while region_id is not None: try: - ref = self.driver.get_policy_association( + ref = self.get_policy_association( service_id=endpoint['service_id'], region_id=region_id) return ref['policy_id'] - except exception.PolicyAssociationNotFound: + except exception.PolicyAssociationNotFound: # nosec + # There wasn't one for that region & service, handle below. pass # There wasn't one for that region & service, let's @@ -237,9 +237,11 @@ class Manager(manager.Manager): # this endpoint. try: - ref = self.driver.get_policy_association(endpoint_id=endpoint_id) + ref = self.get_policy_association(endpoint_id=endpoint_id) return _get_policy(ref['policy_id'], endpoint_id) - except exception.PolicyAssociationNotFound: + except exception.PolicyAssociationNotFound: # nosec + # There wasn't a policy explicitly defined for this endpoint, + # handled below. pass # There wasn't a policy explicitly defined for this endpoint, so @@ -252,10 +254,11 @@ class Manager(manager.Manager): # Finally, just check if there is one for the service. try: - ref = self.driver.get_policy_association( + ref = self.get_policy_association( service_id=endpoint['service_id']) return _get_policy(ref['policy_id'], endpoint_id) - except exception.PolicyAssociationNotFound: + except exception.PolicyAssociationNotFound: # nosec + # No policy is associated with endpoint, handled below. pass msg = _('No policy is associated with endpoint ' @@ -304,8 +307,8 @@ class EndpointPolicyDriverV8(object): :type service_id: string :param region_id: identity of the region to associate :type region_id: string - :raises: keystone.exception.PolicyAssociationNotFound if there is no - match for the specified association + :raises keystone.exception.PolicyAssociationNotFound: If there is no + match for the specified association. :returns: None """ @@ -343,8 +346,8 @@ class EndpointPolicyDriverV8(object): :type service_id: string :param region_id: identity of the region :type region_id: string - :raises: keystone.exception.PolicyAssociationNotFound if there is no - match for the specified association + :raises keystone.exception.PolicyAssociationNotFound: If there is no + match for the specified association. :returns: dict containing policy_id """ |