diff options
Diffstat (limited to 'keystone-moon/keystone/policy')
-rw-r--r-- | keystone-moon/keystone/policy/__init__.py | 1 | ||||
-rw-r--r-- | keystone-moon/keystone/policy/backends/rules.py | 24 | ||||
-rw-r--r-- | keystone-moon/keystone/policy/backends/sql.py | 26 | ||||
-rw-r--r-- | keystone-moon/keystone/policy/core.py | 8 |
4 files changed, 25 insertions, 34 deletions
diff --git a/keystone-moon/keystone/policy/__init__.py b/keystone-moon/keystone/policy/__init__.py index 4cd96793..a95aac1f 100644 --- a/keystone-moon/keystone/policy/__init__.py +++ b/keystone-moon/keystone/policy/__init__.py @@ -14,4 +14,3 @@ from keystone.policy import controllers # noqa from keystone.policy.core import * # noqa -from keystone.policy import routers # noqa diff --git a/keystone-moon/keystone/policy/backends/rules.py b/keystone-moon/keystone/policy/backends/rules.py index a4150575..5a13287d 100644 --- a/keystone-moon/keystone/policy/backends/rules.py +++ b/keystone-moon/keystone/policy/backends/rules.py @@ -44,18 +44,18 @@ def init(): def enforce(credentials, action, target, do_raise=True): """Verifies that the action is valid on the target in this context. - :param credentials: user credentials - :param action: string representing the action to be checked, which - should be colon separated for clarity. - :param target: dictionary representing the object of the action - for object creation this should be a dictionary - representing the location of the object e.g. - {'project_id': object.project_id} - :raises: `exception.Forbidden` if verification fails. - - Actions should be colon separated for clarity. For example: - - * identity:list_users + :param credentials: user credentials + :param action: string representing the action to be checked, which should + be colon separated for clarity. + :param target: dictionary representing the object of the action for object + creation this should be a dictionary representing the + location of the object e.g. {'project_id': + object.project_id} + :raises keystone.exception.Forbidden: If verification fails. + + Actions should be colon separated for clarity. For example: + + * identity:list_users """ init() diff --git a/keystone-moon/keystone/policy/backends/sql.py b/keystone-moon/keystone/policy/backends/sql.py index b2cccd01..94763f0d 100644 --- a/keystone-moon/keystone/policy/backends/sql.py +++ b/keystone-moon/keystone/policy/backends/sql.py @@ -30,19 +30,16 @@ class Policy(rules.Policy): @sql.handle_conflicts(conflict_type='policy') def create_policy(self, policy_id, policy): - session = sql.get_session() - - with session.begin(): + with sql.session_for_write() as session: ref = PolicyModel.from_dict(policy) session.add(ref) - return ref.to_dict() + return ref.to_dict() def list_policies(self): - session = sql.get_session() - - refs = session.query(PolicyModel).all() - return [ref.to_dict() for ref in refs] + with sql.session_for_read() as session: + refs = session.query(PolicyModel).all() + return [ref.to_dict() for ref in refs] def _get_policy(self, session, policy_id): """Private method to get a policy model object (NOT a dictionary).""" @@ -52,15 +49,12 @@ class Policy(rules.Policy): return ref def get_policy(self, policy_id): - session = sql.get_session() - - return self._get_policy(session, policy_id).to_dict() + with sql.session_for_read() as session: + return self._get_policy(session, policy_id).to_dict() @sql.handle_conflicts(conflict_type='policy') def update_policy(self, policy_id, policy): - session = sql.get_session() - - with session.begin(): + with sql.session_for_write() as session: ref = self._get_policy(session, policy_id) old_dict = ref.to_dict() old_dict.update(policy) @@ -72,8 +66,6 @@ class Policy(rules.Policy): return ref.to_dict() def delete_policy(self, policy_id): - session = sql.get_session() - - with session.begin(): + with sql.session_for_write() as session: ref = self._get_policy(session, policy_id) session.delete(ref) diff --git a/keystone-moon/keystone/policy/core.py b/keystone-moon/keystone/policy/core.py index dfd6ff2d..f52795a5 100644 --- a/keystone-moon/keystone/policy/core.py +++ b/keystone-moon/keystone/policy/core.py @@ -100,7 +100,7 @@ class PolicyDriverV8(object): def create_policy(self, policy_id, policy): """Store a policy blob. - :raises: keystone.exception.Conflict + :raises keystone.exception.Conflict: If a duplicate policy exists. """ raise exception.NotImplemented() # pragma: no cover @@ -114,7 +114,7 @@ class PolicyDriverV8(object): def get_policy(self, policy_id): """Retrieve a specific policy blob. - :raises: keystone.exception.PolicyNotFound + :raises keystone.exception.PolicyNotFound: If the policy doesn't exist. """ raise exception.NotImplemented() # pragma: no cover @@ -123,7 +123,7 @@ class PolicyDriverV8(object): def update_policy(self, policy_id, policy): """Update a policy blob. - :raises: keystone.exception.PolicyNotFound + :raises keystone.exception.PolicyNotFound: If the policy doesn't exist. """ raise exception.NotImplemented() # pragma: no cover @@ -132,7 +132,7 @@ class PolicyDriverV8(object): def delete_policy(self, policy_id): """Remove a policy blob. - :raises: keystone.exception.PolicyNotFound + :raises keystone.exception.PolicyNotFound: If the policy doesn't exist. """ raise exception.NotImplemented() # pragma: no cover |