aboutsummaryrefslogtreecommitdiffstats
path: root/keystone-moon/keystone/policy/backends
diff options
context:
space:
mode:
Diffstat (limited to 'keystone-moon/keystone/policy/backends')
-rw-r--r--keystone-moon/keystone/policy/backends/__init__.py0
-rw-r--r--keystone-moon/keystone/policy/backends/rules.py92
-rw-r--r--keystone-moon/keystone/policy/backends/sql.py71
3 files changed, 0 insertions, 163 deletions
diff --git a/keystone-moon/keystone/policy/backends/__init__.py b/keystone-moon/keystone/policy/backends/__init__.py
deleted file mode 100644
index e69de29b..00000000
--- a/keystone-moon/keystone/policy/backends/__init__.py
+++ /dev/null
diff --git a/keystone-moon/keystone/policy/backends/rules.py b/keystone-moon/keystone/policy/backends/rules.py
deleted file mode 100644
index 5a13287d..00000000
--- a/keystone-moon/keystone/policy/backends/rules.py
+++ /dev/null
@@ -1,92 +0,0 @@
-# Copyright (c) 2011 OpenStack, LLC.
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-"""Policy engine for keystone"""
-
-from oslo_config import cfg
-from oslo_log import log
-from oslo_policy import policy as common_policy
-
-from keystone import exception
-from keystone import policy
-
-
-CONF = cfg.CONF
-LOG = log.getLogger(__name__)
-
-
-_ENFORCER = None
-
-
-def reset():
- global _ENFORCER
- _ENFORCER = None
-
-
-def init():
- global _ENFORCER
- if not _ENFORCER:
- _ENFORCER = common_policy.Enforcer(CONF)
-
-
-def enforce(credentials, action, target, do_raise=True):
- """Verifies that the action is valid on the target in this context.
-
- :param credentials: user credentials
- :param action: string representing the action to be checked, which should
- be colon separated for clarity.
- :param target: dictionary representing the object of the action for object
- creation this should be a dictionary representing the
- location of the object e.g. {'project_id':
- object.project_id}
- :raises keystone.exception.Forbidden: If verification fails.
-
- Actions should be colon separated for clarity. For example:
-
- * identity:list_users
-
- """
- init()
-
- # Add the exception arguments if asked to do a raise
- extra = {}
- if do_raise:
- extra.update(exc=exception.ForbiddenAction, action=action,
- do_raise=do_raise)
-
- return _ENFORCER.enforce(action, target, credentials, **extra)
-
-
-class Policy(policy.PolicyDriverV8):
- def enforce(self, credentials, action, target):
- LOG.debug('enforce %(action)s: %(credentials)s', {
- 'action': action,
- 'credentials': credentials})
- enforce(credentials, action, target)
-
- def create_policy(self, policy_id, policy):
- raise exception.NotImplemented()
-
- def list_policies(self):
- raise exception.NotImplemented()
-
- def get_policy(self, policy_id):
- raise exception.NotImplemented()
-
- def update_policy(self, policy_id, policy):
- raise exception.NotImplemented()
-
- def delete_policy(self, policy_id):
- raise exception.NotImplemented()
diff --git a/keystone-moon/keystone/policy/backends/sql.py b/keystone-moon/keystone/policy/backends/sql.py
deleted file mode 100644
index 94763f0d..00000000
--- a/keystone-moon/keystone/policy/backends/sql.py
+++ /dev/null
@@ -1,71 +0,0 @@
-# Copyright 2012 OpenStack LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from keystone.common import sql
-from keystone import exception
-from keystone.policy.backends import rules
-
-
-class PolicyModel(sql.ModelBase, sql.DictBase):
- __tablename__ = 'policy'
- attributes = ['id', 'blob', 'type']
- id = sql.Column(sql.String(64), primary_key=True)
- blob = sql.Column(sql.JsonBlob(), nullable=False)
- type = sql.Column(sql.String(255), nullable=False)
- extra = sql.Column(sql.JsonBlob())
-
-
-class Policy(rules.Policy):
-
- @sql.handle_conflicts(conflict_type='policy')
- def create_policy(self, policy_id, policy):
- with sql.session_for_write() as session:
- ref = PolicyModel.from_dict(policy)
- session.add(ref)
-
- return ref.to_dict()
-
- def list_policies(self):
- with sql.session_for_read() as session:
- refs = session.query(PolicyModel).all()
- return [ref.to_dict() for ref in refs]
-
- def _get_policy(self, session, policy_id):
- """Private method to get a policy model object (NOT a dictionary)."""
- ref = session.query(PolicyModel).get(policy_id)
- if not ref:
- raise exception.PolicyNotFound(policy_id=policy_id)
- return ref
-
- def get_policy(self, policy_id):
- with sql.session_for_read() as session:
- return self._get_policy(session, policy_id).to_dict()
-
- @sql.handle_conflicts(conflict_type='policy')
- def update_policy(self, policy_id, policy):
- with sql.session_for_write() as session:
- ref = self._get_policy(session, policy_id)
- old_dict = ref.to_dict()
- old_dict.update(policy)
- new_policy = PolicyModel.from_dict(old_dict)
- ref.blob = new_policy.blob
- ref.type = new_policy.type
- ref.extra = new_policy.extra
-
- return ref.to_dict()
-
- def delete_policy(self, policy_id):
- with sql.session_for_write() as session:
- ref = self._get_policy(session, policy_id)
- session.delete(ref)