aboutsummaryrefslogtreecommitdiffstats
path: root/keystone-moon/keystone/policy
diff options
context:
space:
mode:
Diffstat (limited to 'keystone-moon/keystone/policy')
-rw-r--r--keystone-moon/keystone/policy/__init__.py1
-rw-r--r--keystone-moon/keystone/policy/backends/rules.py24
-rw-r--r--keystone-moon/keystone/policy/backends/sql.py26
-rw-r--r--keystone-moon/keystone/policy/core.py8
4 files changed, 25 insertions, 34 deletions
diff --git a/keystone-moon/keystone/policy/__init__.py b/keystone-moon/keystone/policy/__init__.py
index 4cd96793..a95aac1f 100644
--- a/keystone-moon/keystone/policy/__init__.py
+++ b/keystone-moon/keystone/policy/__init__.py
@@ -14,4 +14,3 @@
from keystone.policy import controllers # noqa
from keystone.policy.core import * # noqa
-from keystone.policy import routers # noqa
diff --git a/keystone-moon/keystone/policy/backends/rules.py b/keystone-moon/keystone/policy/backends/rules.py
index a4150575..5a13287d 100644
--- a/keystone-moon/keystone/policy/backends/rules.py
+++ b/keystone-moon/keystone/policy/backends/rules.py
@@ -44,18 +44,18 @@ def init():
def enforce(credentials, action, target, do_raise=True):
"""Verifies that the action is valid on the target in this context.
- :param credentials: user credentials
- :param action: string representing the action to be checked, which
- should be colon separated for clarity.
- :param target: dictionary representing the object of the action
- for object creation this should be a dictionary
- representing the location of the object e.g.
- {'project_id': object.project_id}
- :raises: `exception.Forbidden` if verification fails.
-
- Actions should be colon separated for clarity. For example:
-
- * identity:list_users
+ :param credentials: user credentials
+ :param action: string representing the action to be checked, which should
+ be colon separated for clarity.
+ :param target: dictionary representing the object of the action for object
+ creation this should be a dictionary representing the
+ location of the object e.g. {'project_id':
+ object.project_id}
+ :raises keystone.exception.Forbidden: If verification fails.
+
+ Actions should be colon separated for clarity. For example:
+
+ * identity:list_users
"""
init()
diff --git a/keystone-moon/keystone/policy/backends/sql.py b/keystone-moon/keystone/policy/backends/sql.py
index b2cccd01..94763f0d 100644
--- a/keystone-moon/keystone/policy/backends/sql.py
+++ b/keystone-moon/keystone/policy/backends/sql.py
@@ -30,19 +30,16 @@ class Policy(rules.Policy):
@sql.handle_conflicts(conflict_type='policy')
def create_policy(self, policy_id, policy):
- session = sql.get_session()
-
- with session.begin():
+ with sql.session_for_write() as session:
ref = PolicyModel.from_dict(policy)
session.add(ref)
- return ref.to_dict()
+ return ref.to_dict()
def list_policies(self):
- session = sql.get_session()
-
- refs = session.query(PolicyModel).all()
- return [ref.to_dict() for ref in refs]
+ with sql.session_for_read() as session:
+ refs = session.query(PolicyModel).all()
+ return [ref.to_dict() for ref in refs]
def _get_policy(self, session, policy_id):
"""Private method to get a policy model object (NOT a dictionary)."""
@@ -52,15 +49,12 @@ class Policy(rules.Policy):
return ref
def get_policy(self, policy_id):
- session = sql.get_session()
-
- return self._get_policy(session, policy_id).to_dict()
+ with sql.session_for_read() as session:
+ return self._get_policy(session, policy_id).to_dict()
@sql.handle_conflicts(conflict_type='policy')
def update_policy(self, policy_id, policy):
- session = sql.get_session()
-
- with session.begin():
+ with sql.session_for_write() as session:
ref = self._get_policy(session, policy_id)
old_dict = ref.to_dict()
old_dict.update(policy)
@@ -72,8 +66,6 @@ class Policy(rules.Policy):
return ref.to_dict()
def delete_policy(self, policy_id):
- session = sql.get_session()
-
- with session.begin():
+ with sql.session_for_write() as session:
ref = self._get_policy(session, policy_id)
session.delete(ref)
diff --git a/keystone-moon/keystone/policy/core.py b/keystone-moon/keystone/policy/core.py
index dfd6ff2d..f52795a5 100644
--- a/keystone-moon/keystone/policy/core.py
+++ b/keystone-moon/keystone/policy/core.py
@@ -100,7 +100,7 @@ class PolicyDriverV8(object):
def create_policy(self, policy_id, policy):
"""Store a policy blob.
- :raises: keystone.exception.Conflict
+ :raises keystone.exception.Conflict: If a duplicate policy exists.
"""
raise exception.NotImplemented() # pragma: no cover
@@ -114,7 +114,7 @@ class PolicyDriverV8(object):
def get_policy(self, policy_id):
"""Retrieve a specific policy blob.
- :raises: keystone.exception.PolicyNotFound
+ :raises keystone.exception.PolicyNotFound: If the policy doesn't exist.
"""
raise exception.NotImplemented() # pragma: no cover
@@ -123,7 +123,7 @@ class PolicyDriverV8(object):
def update_policy(self, policy_id, policy):
"""Update a policy blob.
- :raises: keystone.exception.PolicyNotFound
+ :raises keystone.exception.PolicyNotFound: If the policy doesn't exist.
"""
raise exception.NotImplemented() # pragma: no cover
@@ -132,7 +132,7 @@ class PolicyDriverV8(object):
def delete_policy(self, policy_id):
"""Remove a policy blob.
- :raises: keystone.exception.PolicyNotFound
+ :raises keystone.exception.PolicyNotFound: If the policy doesn't exist.
"""
raise exception.NotImplemented() # pragma: no cover