Removed SimpleMatch 'shim'; updated readme

Change-Id: I34fcc8d7233e58024c4e173867f8f41f9d2b9f4c
2012-05-02 08:23:40 -05:00 · 2012-05-02 08:23:40 -05:00 · 422aeba0b4
parent b9311480dd
commit 422aeba0b4
2 changed files with 6 additions and 32 deletions
--- a/README.rst
+++ b/README.rst
@ -172,8 +172,8 @@ of checks and will possibly write completely custom backends. Backends included
 in Keystone are:


-Simple Match
------------
+Rules
+-----

 Given a list of matches to check for, simply verify that the credentials
 contain the matches. For example::
@ -181,16 +181,13 @@ contain the matches. For example::
  credentials = {'user_id': 'foo', 'is_admin': 1, 'roles': ['nova:netadmin']}

  # An admin only call:
-  policy_api.can_haz(('is_admin:1',), credentials)
+  policy_api.enforce(('is_admin:1',), credentials)

  # An admin or owner call:
-  policy_api.can_haz(('is_admin:1', 'user_id:foo'),
-                     credentials)
+  policy_api.enforce(('is_admin:1', 'user_id:foo'), credentials)

  # A netadmin call:
-  policy_api.can_haz(('roles:nova:netadmin',),
-                     credentials)
-
+  policy_api.enforce(('roles:nova:netadmin',), credentials)

 Credentials are generally built from the user metadata in the 'extras' part
 of the Identity API. So, adding a 'role' to the user just means adding the role
@ -210,7 +207,7 @@ to which capabilities are allowed for that role. For example::
  # add a policy
  policy_api.add_policy('action:nova:add_network', ('roles:nova:netadmin',))

-  policy_api.can_haz(('action:nova:add_network',), credentials)
+  policy_api.enforce(('action:nova:add_network',), credentials)


 In the backend this would look up the policy for 'action:nova:add_network' and
--- a/keystone/policy/backends/simple.py
+++ b/keystone/policy/backends/simple.py
@ -1,23 +0,0 @@
-# vim: tabstop=4 shiftwidth=4 softtabstop=4
-
-# Copyright 2012 OpenStack LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-# This file exists as a shim to get devstack testing to pass.
-# It will be removed once devstack has been updated.
-
-from keystone.policy.backends import rules
-
-
-SimpleMatch = rules.Policy