aboutsummaryrefslogtreecommitdiffstats
path: root/keystone-moon/keystone/endpoint_policy
diff options
context:
space:
mode:
Diffstat (limited to 'keystone-moon/keystone/endpoint_policy')
-rw-r--r--keystone-moon/keystone/endpoint_policy/__init__.py13
-rw-r--r--keystone-moon/keystone/endpoint_policy/backends/__init__.py0
-rw-r--r--keystone-moon/keystone/endpoint_policy/backends/sql.py140
-rw-r--r--keystone-moon/keystone/endpoint_policy/controllers.py166
-rw-r--r--keystone-moon/keystone/endpoint_policy/core.py439
-rw-r--r--keystone-moon/keystone/endpoint_policy/routers.py85
6 files changed, 0 insertions, 843 deletions
diff --git a/keystone-moon/keystone/endpoint_policy/__init__.py b/keystone-moon/keystone/endpoint_policy/__init__.py
deleted file mode 100644
index 36c016a1..00000000
--- a/keystone-moon/keystone/endpoint_policy/__init__.py
+++ /dev/null
@@ -1,13 +0,0 @@
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from keystone.endpoint_policy.core import * # noqa
diff --git a/keystone-moon/keystone/endpoint_policy/backends/__init__.py b/keystone-moon/keystone/endpoint_policy/backends/__init__.py
deleted file mode 100644
index e69de29b..00000000
--- a/keystone-moon/keystone/endpoint_policy/backends/__init__.py
+++ /dev/null
diff --git a/keystone-moon/keystone/endpoint_policy/backends/sql.py b/keystone-moon/keystone/endpoint_policy/backends/sql.py
deleted file mode 100644
index aacbb083..00000000
--- a/keystone-moon/keystone/endpoint_policy/backends/sql.py
+++ /dev/null
@@ -1,140 +0,0 @@
-# Copyright 2014 IBM Corp.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-import uuid
-
-import sqlalchemy
-
-from keystone.common import sql
-from keystone import exception
-
-
-class PolicyAssociation(sql.ModelBase, sql.ModelDictMixin):
- __tablename__ = 'policy_association'
- attributes = ['policy_id', 'endpoint_id', 'region_id', 'service_id']
- # The id column is never exposed outside this module. It only exists to
- # provide a primary key, given that the real columns we would like to use
- # (endpoint_id, service_id, region_id) can be null
- id = sql.Column(sql.String(64), primary_key=True)
- policy_id = sql.Column(sql.String(64), nullable=False)
- endpoint_id = sql.Column(sql.String(64), nullable=True)
- service_id = sql.Column(sql.String(64), nullable=True)
- region_id = sql.Column(sql.String(64), nullable=True)
- __table_args__ = (sql.UniqueConstraint('endpoint_id', 'service_id',
- 'region_id'),)
-
- def to_dict(self):
- """Returns the model's attributes as a dictionary.
-
- We override the standard method in order to hide the id column,
- since this only exists to provide the table with a primary key.
-
- """
- d = {}
- for attr in self.__class__.attributes:
- d[attr] = getattr(self, attr)
- return d
-
-
-class EndpointPolicy(object):
-
- def create_policy_association(self, policy_id, endpoint_id=None,
- service_id=None, region_id=None):
- with sql.session_for_write() as session:
- try:
- # See if there is already a row for this association, and if
- # so, update it with the new policy_id
- query = session.query(PolicyAssociation)
- query = query.filter_by(endpoint_id=endpoint_id)
- query = query.filter_by(service_id=service_id)
- query = query.filter_by(region_id=region_id)
- association = query.one()
- association.policy_id = policy_id
- except sql.NotFound:
- association = PolicyAssociation(id=uuid.uuid4().hex,
- policy_id=policy_id,
- endpoint_id=endpoint_id,
- service_id=service_id,
- region_id=region_id)
- session.add(association)
-
- def check_policy_association(self, policy_id, endpoint_id=None,
- service_id=None, region_id=None):
- sql_constraints = sqlalchemy.and_(
- PolicyAssociation.policy_id == policy_id,
- PolicyAssociation.endpoint_id == endpoint_id,
- PolicyAssociation.service_id == service_id,
- PolicyAssociation.region_id == region_id)
-
- # NOTE(henry-nash): Getting a single value to save object
- # management overhead.
- with sql.session_for_read() as session:
- if session.query(PolicyAssociation.id).filter(
- sql_constraints).distinct().count() == 0:
- raise exception.PolicyAssociationNotFound()
-
- def delete_policy_association(self, policy_id, endpoint_id=None,
- service_id=None, region_id=None):
- with sql.session_for_write() as session:
- query = session.query(PolicyAssociation)
- query = query.filter_by(policy_id=policy_id)
- query = query.filter_by(endpoint_id=endpoint_id)
- query = query.filter_by(service_id=service_id)
- query = query.filter_by(region_id=region_id)
- query.delete()
-
- def get_policy_association(self, endpoint_id=None,
- service_id=None, region_id=None):
- sql_constraints = sqlalchemy.and_(
- PolicyAssociation.endpoint_id == endpoint_id,
- PolicyAssociation.service_id == service_id,
- PolicyAssociation.region_id == region_id)
-
- try:
- with sql.session_for_read() as session:
- policy_id = session.query(PolicyAssociation.policy_id).filter(
- sql_constraints).distinct().one()
- return {'policy_id': policy_id}
- except sql.NotFound:
- raise exception.PolicyAssociationNotFound()
-
- def list_associations_for_policy(self, policy_id):
- with sql.session_for_read() as session:
- query = session.query(PolicyAssociation)
- query = query.filter_by(policy_id=policy_id)
- return [ref.to_dict() for ref in query.all()]
-
- def delete_association_by_endpoint(self, endpoint_id):
- with sql.session_for_write() as session:
- query = session.query(PolicyAssociation)
- query = query.filter_by(endpoint_id=endpoint_id)
- query.delete()
-
- def delete_association_by_service(self, service_id):
- with sql.session_for_write() as session:
- query = session.query(PolicyAssociation)
- query = query.filter_by(service_id=service_id)
- query.delete()
-
- def delete_association_by_region(self, region_id):
- with sql.session_for_write() as session:
- query = session.query(PolicyAssociation)
- query = query.filter_by(region_id=region_id)
- query.delete()
-
- def delete_association_by_policy(self, policy_id):
- with sql.session_for_write() as session:
- query = session.query(PolicyAssociation)
- query = query.filter_by(policy_id=policy_id)
- query.delete()
diff --git a/keystone-moon/keystone/endpoint_policy/controllers.py b/keystone-moon/keystone/endpoint_policy/controllers.py
deleted file mode 100644
index b96834dc..00000000
--- a/keystone-moon/keystone/endpoint_policy/controllers.py
+++ /dev/null
@@ -1,166 +0,0 @@
-# Copyright 2014 IBM Corp.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from keystone.common import controller
-from keystone.common import dependency
-from keystone import notifications
-
-
-@dependency.requires('policy_api', 'catalog_api', 'endpoint_policy_api')
-class EndpointPolicyV3Controller(controller.V3Controller):
- collection_name = 'endpoints'
- member_name = 'endpoint'
-
- def __init__(self):
- super(EndpointPolicyV3Controller, self).__init__()
- notifications.register_event_callback(
- 'deleted', 'endpoint', self._on_endpoint_delete)
- notifications.register_event_callback(
- 'deleted', 'service', self._on_service_delete)
- notifications.register_event_callback(
- 'deleted', 'region', self._on_region_delete)
- notifications.register_event_callback(
- 'deleted', 'policy', self._on_policy_delete)
-
- def _on_endpoint_delete(self, service, resource_type, operation, payload):
- self.endpoint_policy_api.delete_association_by_endpoint(
- payload['resource_info'])
-
- def _on_service_delete(self, service, resource_type, operation, payload):
- self.endpoint_policy_api.delete_association_by_service(
- payload['resource_info'])
-
- def _on_region_delete(self, service, resource_type, operation, payload):
- self.endpoint_policy_api.delete_association_by_region(
- payload['resource_info'])
-
- def _on_policy_delete(self, service, resource_type, operation, payload):
- self.endpoint_policy_api.delete_association_by_policy(
- payload['resource_info'])
-
- @controller.protected()
- def create_policy_association_for_endpoint(self, context,
- policy_id, endpoint_id):
- """Create an association between a policy and an endpoint."""
- self.policy_api.get_policy(policy_id)
- self.catalog_api.get_endpoint(endpoint_id)
- self.endpoint_policy_api.create_policy_association(
- policy_id, endpoint_id=endpoint_id)
-
- @controller.protected()
- def check_policy_association_for_endpoint(self, context,
- policy_id, endpoint_id):
- """Check an association between a policy and an endpoint."""
- self.policy_api.get_policy(policy_id)
- self.catalog_api.get_endpoint(endpoint_id)
- self.endpoint_policy_api.check_policy_association(
- policy_id, endpoint_id=endpoint_id)
-
- @controller.protected()
- def delete_policy_association_for_endpoint(self, context,
- policy_id, endpoint_id):
- """Delete an association between a policy and an endpoint."""
- self.policy_api.get_policy(policy_id)
- self.catalog_api.get_endpoint(endpoint_id)
- self.endpoint_policy_api.delete_policy_association(
- policy_id, endpoint_id=endpoint_id)
-
- @controller.protected()
- def create_policy_association_for_service(self, context,
- policy_id, service_id):
- """Create an association between a policy and a service."""
- self.policy_api.get_policy(policy_id)
- self.catalog_api.get_service(service_id)
- self.endpoint_policy_api.create_policy_association(
- policy_id, service_id=service_id)
-
- @controller.protected()
- def check_policy_association_for_service(self, context,
- policy_id, service_id):
- """Check an association between a policy and a service."""
- self.policy_api.get_policy(policy_id)
- self.catalog_api.get_service(service_id)
- self.endpoint_policy_api.check_policy_association(
- policy_id, service_id=service_id)
-
- @controller.protected()
- def delete_policy_association_for_service(self, context,
- policy_id, service_id):
- """Delete an association between a policy and a service."""
- self.policy_api.get_policy(policy_id)
- self.catalog_api.get_service(service_id)
- self.endpoint_policy_api.delete_policy_association(
- policy_id, service_id=service_id)
-
- @controller.protected()
- def create_policy_association_for_region_and_service(
- self, context, policy_id, service_id, region_id):
- """Create an association between a policy and region+service."""
- self.policy_api.get_policy(policy_id)
- self.catalog_api.get_service(service_id)
- self.catalog_api.get_region(region_id)
- self.endpoint_policy_api.create_policy_association(
- policy_id, service_id=service_id, region_id=region_id)
-
- @controller.protected()
- def check_policy_association_for_region_and_service(
- self, context, policy_id, service_id, region_id):
- """Check an association between a policy and region+service."""
- self.policy_api.get_policy(policy_id)
- self.catalog_api.get_service(service_id)
- self.catalog_api.get_region(region_id)
- self.endpoint_policy_api.check_policy_association(
- policy_id, service_id=service_id, region_id=region_id)
-
- @controller.protected()
- def delete_policy_association_for_region_and_service(
- self, context, policy_id, service_id, region_id):
- """Delete an association between a policy and region+service."""
- self.policy_api.get_policy(policy_id)
- self.catalog_api.get_service(service_id)
- self.catalog_api.get_region(region_id)
- self.endpoint_policy_api.delete_policy_association(
- policy_id, service_id=service_id, region_id=region_id)
-
- @controller.protected()
- def get_policy_for_endpoint(self, context, endpoint_id):
- """Get the effective policy for an endpoint."""
- self.catalog_api.get_endpoint(endpoint_id)
- ref = self.endpoint_policy_api.get_policy_for_endpoint(endpoint_id)
- # NOTE(henry-nash): since the collection and member for this class is
- # set to endpoints, we have to handle wrapping this policy entity
- # ourselves.
- self._add_self_referential_link(context, ref)
- return {'policy': ref}
-
- # NOTE(henry-nash): As in the catalog controller, we must ensure that the
- # legacy_endpoint_id does not escape.
-
- @classmethod
- def filter_endpoint(cls, ref):
- if 'legacy_endpoint_id' in ref:
- ref.pop('legacy_endpoint_id')
- return ref
-
- @classmethod
- def wrap_member(cls, context, ref):
- ref = cls.filter_endpoint(ref)
- return super(EndpointPolicyV3Controller, cls).wrap_member(context, ref)
-
- @controller.protected()
- def list_endpoints_for_policy(self, context, policy_id):
- """List endpoints with the effective association to a policy."""
- self.policy_api.get_policy(policy_id)
- refs = self.endpoint_policy_api.list_endpoints_for_policy(policy_id)
- return EndpointPolicyV3Controller.wrap_collection(context, refs)
diff --git a/keystone-moon/keystone/endpoint_policy/core.py b/keystone-moon/keystone/endpoint_policy/core.py
deleted file mode 100644
index 6243f26b..00000000
--- a/keystone-moon/keystone/endpoint_policy/core.py
+++ /dev/null
@@ -1,439 +0,0 @@
-# Copyright 2014 IBM Corp.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-import abc
-
-from oslo_config import cfg
-from oslo_log import log
-import six
-
-from keystone.common import dependency
-from keystone.common import manager
-from keystone import exception
-from keystone.i18n import _, _LE, _LW
-
-
-CONF = cfg.CONF
-LOG = log.getLogger(__name__)
-
-
-@dependency.provider('endpoint_policy_api')
-@dependency.requires('catalog_api', 'policy_api')
-class Manager(manager.Manager):
- """Default pivot point for the Endpoint Policy backend.
-
- See :mod:`keystone.common.manager.Manager` for more details on how this
- dynamically calls the backend.
-
- """
-
- driver_namespace = 'keystone.endpoint_policy'
-
- def __init__(self):
- super(Manager, self).__init__(CONF.endpoint_policy.driver)
-
- def _assert_valid_association(self, endpoint_id, service_id, region_id):
- """Assert that the association is supported.
-
- There are three types of association supported:
-
- - Endpoint (in which case service and region must be None)
- - Service and region (in which endpoint must be None)
- - Service (in which case endpoint and region must be None)
-
- """
- if (endpoint_id is not None and
- service_id is None and region_id is None):
- return
- if (service_id is not None and region_id is not None and
- endpoint_id is None):
- return
- if (service_id is not None and
- endpoint_id is None and region_id is None):
- return
-
- raise exception.InvalidPolicyAssociation(endpoint_id=endpoint_id,
- service_id=service_id,
- region_id=region_id)
-
- def create_policy_association(self, policy_id, endpoint_id=None,
- service_id=None, region_id=None):
- self._assert_valid_association(endpoint_id, service_id, region_id)
- self.driver.create_policy_association(policy_id, endpoint_id,
- service_id, region_id)
-
- def check_policy_association(self, policy_id, endpoint_id=None,
- service_id=None, region_id=None):
- self._assert_valid_association(endpoint_id, service_id, region_id)
- self.driver.check_policy_association(policy_id, endpoint_id,
- service_id, region_id)
-
- def delete_policy_association(self, policy_id, endpoint_id=None,
- service_id=None, region_id=None):
- self._assert_valid_association(endpoint_id, service_id, region_id)
- self.driver.delete_policy_association(policy_id, endpoint_id,
- service_id, region_id)
-
- def list_endpoints_for_policy(self, policy_id):
-
- def _get_endpoint(endpoint_id, policy_id):
- try:
- return self.catalog_api.get_endpoint(endpoint_id)
- except exception.EndpointNotFound:
- msg = _LW('Endpoint %(endpoint_id)s referenced in '
- 'association for policy %(policy_id)s not found.')
- LOG.warning(msg, {'policy_id': policy_id,
- 'endpoint_id': endpoint_id})
- raise
-
- def _get_endpoints_for_service(service_id, endpoints):
- # TODO(henry-nash): Consider optimizing this in the future by
- # adding an explicit list_endpoints_for_service to the catalog API.
- return [ep for ep in endpoints if ep['service_id'] == service_id]
-
- def _get_endpoints_for_service_and_region(
- service_id, region_id, endpoints, regions):
- # TODO(henry-nash): Consider optimizing this in the future.
- # The lack of a two-way pointer in the region tree structure
- # makes this somewhat inefficient.
-
- def _recursively_get_endpoints_for_region(
- region_id, service_id, endpoint_list, region_list,
- endpoints_found, regions_examined):
- """Recursively search down a region tree for endpoints.
-
- :param region_id: the point in the tree to examine
- :param service_id: the service we are interested in
- :param endpoint_list: list of all endpoints
- :param region_list: list of all regions
- :param endpoints_found: list of matching endpoints found so
- far - which will be updated if more are
- found in this iteration
- :param regions_examined: list of regions we have already looked
- at - used to spot illegal circular
- references in the tree to avoid never
- completing search
- :returns: list of endpoints that match
-
- """
- if region_id in regions_examined:
- msg = _LE('Circular reference or a repeated entry found '
- 'in region tree - %(region_id)s.')
- LOG.error(msg, {'region_id': ref.region_id})
- return
-
- regions_examined.append(region_id)
- endpoints_found += (
- [ep for ep in endpoint_list if
- ep['service_id'] == service_id and
- ep['region_id'] == region_id])
-
- for region in region_list:
- if region['parent_region_id'] == region_id:
- _recursively_get_endpoints_for_region(
- region['id'], service_id, endpoints, regions,
- endpoints_found, regions_examined)
-
- endpoints_found = []
- regions_examined = []
-
- # Now walk down the region tree
- _recursively_get_endpoints_for_region(
- region_id, service_id, endpoints, regions,
- endpoints_found, regions_examined)
-
- return endpoints_found
-
- matching_endpoints = []
- endpoints = self.catalog_api.list_endpoints()
- regions = self.catalog_api.list_regions()
- for ref in self.list_associations_for_policy(policy_id):
- if ref.get('endpoint_id') is not None:
- matching_endpoints.append(
- _get_endpoint(ref['endpoint_id'], policy_id))
- continue
-
- if (ref.get('service_id') is not None and
- ref.get('region_id') is None):
- matching_endpoints += _get_endpoints_for_service(
- ref['service_id'], endpoints)
- continue
-
- if (ref.get('service_id') is not None and
- ref.get('region_id') is not None):
- matching_endpoints += (
- _get_endpoints_for_service_and_region(
- ref['service_id'], ref['region_id'],
- endpoints, regions))
- continue
-
- msg = _LW('Unsupported policy association found - '
- 'Policy %(policy_id)s, Endpoint %(endpoint_id)s, '
- 'Service %(service_id)s, Region %(region_id)s, ')
- LOG.warning(msg, {'policy_id': policy_id,
- 'endpoint_id': ref['endpoint_id'],
- 'service_id': ref['service_id'],
- 'region_id': ref['region_id']})
-
- return matching_endpoints
-
- def get_policy_for_endpoint(self, endpoint_id):
-
- def _get_policy(policy_id, endpoint_id):
- try:
- return self.policy_api.get_policy(policy_id)
- except exception.PolicyNotFound:
- msg = _LW('Policy %(policy_id)s referenced in association '
- 'for endpoint %(endpoint_id)s not found.')
- LOG.warning(msg, {'policy_id': policy_id,
- 'endpoint_id': endpoint_id})
- raise
-
- def _look_for_policy_for_region_and_service(endpoint):
- """Look in the region and its parents for a policy.
-
- Examine the region of the endpoint for a policy appropriate for
- the service of the endpoint. If there isn't a match, then chase up
- the region tree to find one.
-
- """
- region_id = endpoint['region_id']
- regions_examined = []
- while region_id is not None:
- try:
- ref = self.get_policy_association(
- service_id=endpoint['service_id'],
- region_id=region_id)
- return ref['policy_id']
- except exception.PolicyAssociationNotFound: # nosec
- # There wasn't one for that region & service, handle below.
- pass
-
- # There wasn't one for that region & service, let's
- # chase up the region tree
- regions_examined.append(region_id)
- region = self.catalog_api.get_region(region_id)
- region_id = None
- if region.get('parent_region_id') is not None:
- region_id = region['parent_region_id']
- if region_id in regions_examined:
- msg = _LE('Circular reference or a repeated entry '
- 'found in region tree - %(region_id)s.')
- LOG.error(msg, {'region_id': region_id})
- break
-
- # First let's see if there is a policy explicitly defined for
- # this endpoint.
-
- try:
- ref = self.get_policy_association(endpoint_id=endpoint_id)
- return _get_policy(ref['policy_id'], endpoint_id)
- except exception.PolicyAssociationNotFound: # nosec
- # There wasn't a policy explicitly defined for this endpoint,
- # handled below.
- pass
-
- # There wasn't a policy explicitly defined for this endpoint, so
- # now let's see if there is one for the Region & Service.
-
- endpoint = self.catalog_api.get_endpoint(endpoint_id)
- policy_id = _look_for_policy_for_region_and_service(endpoint)
- if policy_id is not None:
- return _get_policy(policy_id, endpoint_id)
-
- # Finally, just check if there is one for the service.
- try:
- ref = self.get_policy_association(
- service_id=endpoint['service_id'])
- return _get_policy(ref['policy_id'], endpoint_id)
- except exception.PolicyAssociationNotFound: # nosec
- # No policy is associated with endpoint, handled below.
- pass
-
- msg = _('No policy is associated with endpoint '
- '%(endpoint_id)s.') % {'endpoint_id': endpoint_id}
- raise exception.NotFound(msg)
-
-
-@six.add_metaclass(abc.ABCMeta)
-class EndpointPolicyDriverV8(object):
- """Interface description for an Endpoint Policy driver."""
-
- @abc.abstractmethod
- def create_policy_association(self, policy_id, endpoint_id=None,
- service_id=None, region_id=None):
- """Creates a policy association.
-
- :param policy_id: identity of policy that is being associated
- :type policy_id: string
- :param endpoint_id: identity of endpoint to associate
- :type endpoint_id: string
- :param service_id: identity of the service to associate
- :type service_id: string
- :param region_id: identity of the region to associate
- :type region_id: string
- :returns: None
-
- There are three types of association permitted:
-
- - Endpoint (in which case service and region must be None)
- - Service and region (in which endpoint must be None)
- - Service (in which case endpoint and region must be None)
-
- """
- raise exception.NotImplemented() # pragma: no cover
-
- @abc.abstractmethod
- def check_policy_association(self, policy_id, endpoint_id=None,
- service_id=None, region_id=None):
- """Checks existence a policy association.
-
- :param policy_id: identity of policy that is being associated
- :type policy_id: string
- :param endpoint_id: identity of endpoint to associate
- :type endpoint_id: string
- :param service_id: identity of the service to associate
- :type service_id: string
- :param region_id: identity of the region to associate
- :type region_id: string
- :raises keystone.exception.PolicyAssociationNotFound: If there is no
- match for the specified association.
- :returns: None
-
- """
- raise exception.NotImplemented() # pragma: no cover
-
- @abc.abstractmethod
- def delete_policy_association(self, policy_id, endpoint_id=None,
- service_id=None, region_id=None):
- """Deletes a policy association.
-
- :param policy_id: identity of policy that is being associated
- :type policy_id: string
- :param endpoint_id: identity of endpoint to associate
- :type endpoint_id: string
- :param service_id: identity of the service to associate
- :type service_id: string
- :param region_id: identity of the region to associate
- :type region_id: string
- :returns: None
-
- """
- raise exception.NotImplemented() # pragma: no cover
-
- @abc.abstractmethod
- def get_policy_association(self, endpoint_id=None,
- service_id=None, region_id=None):
- """Gets the policy for an explicit association.
-
- This method is not exposed as a public API, but is used by
- get_policy_for_endpoint().
-
- :param endpoint_id: identity of endpoint
- :type endpoint_id: string
- :param service_id: identity of the service
- :type service_id: string
- :param region_id: identity of the region
- :type region_id: string
- :raises keystone.exception.PolicyAssociationNotFound: If there is no
- match for the specified association.
- :returns: dict containing policy_id
-
- """
- raise exception.NotImplemented() # pragma: no cover
-
- @abc.abstractmethod
- def list_associations_for_policy(self, policy_id):
- """List the associations for a policy.
-
- This method is not exposed as a public API, but is used by
- list_endpoints_for_policy().
-
- :param policy_id: identity of policy
- :type policy_id: string
- :returns: List of association dicts
-
- """
- raise exception.NotImplemented() # pragma: no cover
-
- @abc.abstractmethod
- def list_endpoints_for_policy(self, policy_id):
- """List all the endpoints using a given policy.
-
- :param policy_id: identity of policy that is being associated
- :type policy_id: string
- :returns: list of endpoints that have an effective association with
- that policy
-
- """
- raise exception.NotImplemented() # pragma: no cover
-
- @abc.abstractmethod
- def get_policy_for_endpoint(self, endpoint_id):
- """Get the appropriate policy for a given endpoint.
-
- :param endpoint_id: identity of endpoint
- :type endpoint_id: string
- :returns: Policy entity for the endpoint
-
-
- """
- raise exception.NotImplemented() # pragma: no cover
-
- @abc.abstractmethod
- def delete_association_by_endpoint(self, endpoint_id):
- """Removes all the policy associations with the specific endpoint.
-
- :param endpoint_id: identity of endpoint to check
- :type endpoint_id: string
- :returns: None
-
- """
- raise exception.NotImplemented() # pragma: no cover
-
- @abc.abstractmethod
- def delete_association_by_service(self, service_id):
- """Removes all the policy associations with the specific service.
-
- :param service_id: identity of endpoint to check
- :type service_id: string
- :returns: None
-
- """
- raise exception.NotImplemented() # pragma: no cover
-
- @abc.abstractmethod
- def delete_association_by_region(self, region_id):
- """Removes all the policy associations with the specific region.
-
- :param region_id: identity of endpoint to check
- :type region_id: string
- :returns: None
-
- """
- raise exception.NotImplemented() # pragma: no cover
-
- @abc.abstractmethod
- def delete_association_by_policy(self, policy_id):
- """Removes all the policy associations with the specific policy.
-
- :param policy_id: identity of endpoint to check
- :type policy_id: string
- :returns: None
-
- """
- raise exception.NotImplemented() # pragma: no cover
-
-
-Driver = manager.create_legacy_driver(EndpointPolicyDriverV8)
diff --git a/keystone-moon/keystone/endpoint_policy/routers.py b/keystone-moon/keystone/endpoint_policy/routers.py
deleted file mode 100644
index 4846bb18..00000000
--- a/keystone-moon/keystone/endpoint_policy/routers.py
+++ /dev/null
@@ -1,85 +0,0 @@
-# Copyright 2014 IBM Corp.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-import functools
-
-from keystone.common import json_home
-from keystone.common import wsgi
-from keystone.endpoint_policy import controllers
-
-
-build_resource_relation = functools.partial(
- json_home.build_v3_extension_resource_relation,
- extension_name='OS-ENDPOINT-POLICY', extension_version='1.0')
-
-
-class Routers(wsgi.RoutersBase):
-
- PATH_PREFIX = '/OS-ENDPOINT-POLICY'
-
- def append_v3_routers(self, mapper, routers):
- endpoint_policy_controller = controllers.EndpointPolicyV3Controller()
-
- self._add_resource(
- mapper, endpoint_policy_controller,
- path='/endpoints/{endpoint_id}' + self.PATH_PREFIX + '/policy',
- get_head_action='get_policy_for_endpoint',
- rel=build_resource_relation(resource_name='endpoint_policy'),
- path_vars={'endpoint_id': json_home.Parameters.ENDPOINT_ID})
- self._add_resource(
- mapper, endpoint_policy_controller,
- path='/policies/{policy_id}' + self.PATH_PREFIX + '/endpoints',
- get_action='list_endpoints_for_policy',
- rel=build_resource_relation(resource_name='policy_endpoints'),
- path_vars={'policy_id': json_home.Parameters.POLICY_ID})
- self._add_resource(
- mapper, endpoint_policy_controller,
- path=('/policies/{policy_id}' + self.PATH_PREFIX +
- '/endpoints/{endpoint_id}'),
- get_head_action='check_policy_association_for_endpoint',
- put_action='create_policy_association_for_endpoint',
- delete_action='delete_policy_association_for_endpoint',
- rel=build_resource_relation(
- resource_name='endpoint_policy_association'),
- path_vars={
- 'policy_id': json_home.Parameters.POLICY_ID,
- 'endpoint_id': json_home.Parameters.ENDPOINT_ID,
- })
- self._add_resource(
- mapper, endpoint_policy_controller,
- path=('/policies/{policy_id}' + self.PATH_PREFIX +
- '/services/{service_id}'),
- get_head_action='check_policy_association_for_service',
- put_action='create_policy_association_for_service',
- delete_action='delete_policy_association_for_service',
- rel=build_resource_relation(
- resource_name='service_policy_association'),
- path_vars={
- 'policy_id': json_home.Parameters.POLICY_ID,
- 'service_id': json_home.Parameters.SERVICE_ID,
- })
- self._add_resource(
- mapper, endpoint_policy_controller,
- path=('/policies/{policy_id}' + self.PATH_PREFIX +
- '/services/{service_id}/regions/{region_id}'),
- get_head_action='check_policy_association_for_region_and_service',
- put_action='create_policy_association_for_region_and_service',
- delete_action='delete_policy_association_for_region_and_service',
- rel=build_resource_relation(
- resource_name='region_and_service_policy_association'),
- path_vars={
- 'policy_id': json_home.Parameters.POLICY_ID,
- 'service_id': json_home.Parameters.SERVICE_ID,
- 'region_id': json_home.Parameters.REGION_ID,
- })