aboutsummaryrefslogtreecommitdiffstats
path: root/keystone-moon/keystone/policy/backends
diff options
context:
space:
mode:
Diffstat (limited to 'keystone-moon/keystone/policy/backends')
-rw-r--r--keystone-moon/keystone/policy/backends/rules.py24
-rw-r--r--keystone-moon/keystone/policy/backends/sql.py26
2 files changed, 21 insertions, 29 deletions
diff --git a/keystone-moon/keystone/policy/backends/rules.py b/keystone-moon/keystone/policy/backends/rules.py
index a4150575..5a13287d 100644
--- a/keystone-moon/keystone/policy/backends/rules.py
+++ b/keystone-moon/keystone/policy/backends/rules.py
@@ -44,18 +44,18 @@ def init():
def enforce(credentials, action, target, do_raise=True):
"""Verifies that the action is valid on the target in this context.
- :param credentials: user credentials
- :param action: string representing the action to be checked, which
- should be colon separated for clarity.
- :param target: dictionary representing the object of the action
- for object creation this should be a dictionary
- representing the location of the object e.g.
- {'project_id': object.project_id}
- :raises: `exception.Forbidden` if verification fails.
-
- Actions should be colon separated for clarity. For example:
-
- * identity:list_users
+ :param credentials: user credentials
+ :param action: string representing the action to be checked, which should
+ be colon separated for clarity.
+ :param target: dictionary representing the object of the action for object
+ creation this should be a dictionary representing the
+ location of the object e.g. {'project_id':
+ object.project_id}
+ :raises keystone.exception.Forbidden: If verification fails.
+
+ Actions should be colon separated for clarity. For example:
+
+ * identity:list_users
"""
init()
diff --git a/keystone-moon/keystone/policy/backends/sql.py b/keystone-moon/keystone/policy/backends/sql.py
index b2cccd01..94763f0d 100644
--- a/keystone-moon/keystone/policy/backends/sql.py
+++ b/keystone-moon/keystone/policy/backends/sql.py
@@ -30,19 +30,16 @@ class Policy(rules.Policy):
@sql.handle_conflicts(conflict_type='policy')
def create_policy(self, policy_id, policy):
- session = sql.get_session()
-
- with session.begin():
+ with sql.session_for_write() as session:
ref = PolicyModel.from_dict(policy)
session.add(ref)
- return ref.to_dict()
+ return ref.to_dict()
def list_policies(self):
- session = sql.get_session()
-
- refs = session.query(PolicyModel).all()
- return [ref.to_dict() for ref in refs]
+ with sql.session_for_read() as session:
+ refs = session.query(PolicyModel).all()
+ return [ref.to_dict() for ref in refs]
def _get_policy(self, session, policy_id):
"""Private method to get a policy model object (NOT a dictionary)."""
@@ -52,15 +49,12 @@ class Policy(rules.Policy):
return ref
def get_policy(self, policy_id):
- session = sql.get_session()
-
- return self._get_policy(session, policy_id).to_dict()
+ with sql.session_for_read() as session:
+ return self._get_policy(session, policy_id).to_dict()
@sql.handle_conflicts(conflict_type='policy')
def update_policy(self, policy_id, policy):
- session = sql.get_session()
-
- with session.begin():
+ with sql.session_for_write() as session:
ref = self._get_policy(session, policy_id)
old_dict = ref.to_dict()
old_dict.update(policy)
@@ -72,8 +66,6 @@ class Policy(rules.Policy):
return ref.to_dict()
def delete_policy(self, policy_id):
- session = sql.get_session()
-
- with session.begin():
+ with sql.session_for_write() as session:
ref = self._get_policy(session, policy_id)
session.delete(ref)