Restructure policy abstract driver

Change I5ff9c4e4b6d64750f5db2a73cc4317358aea0649 restructured the
identity subsystem. As part of the change, the abstract driver
was extracted to identity/backends/base.py

This change does the same for the policy subsystem.

Partial-Bug: 1563101
Change-Id: Id2a6e9d43724a7ffe95f097a9876b2320f8f01f8

keystone/policy/backends/base.py

@@ -0,0 +1,77 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import abc
+import six
+
+from keystone import exception
+from oslo_config import cfg
+
+
+CONF = cfg.CONF
+
+
+@six.add_metaclass(abc.ABCMeta)
+class PolicyDriverV8(object):
+
+    def _get_list_limit(self):
+        return CONF.policy.list_limit or CONF.list_limit
+
+    @abc.abstractmethod
+    def enforce(self, context, credentials, action, target):
+        """Verify that a user is authorized to perform action.
+
+        For more information on a full implementation of this see:
+        `keystone.policy.backends.rules.Policy.enforce`
+        """
+        raise exception.NotImplemented()  # pragma: no cover
+
+    @abc.abstractmethod
+    def create_policy(self, policy_id, policy):
+        """Store a policy blob.
+
+        :raises keystone.exception.Conflict: If a duplicate policy exists.
+
+        """
+        raise exception.NotImplemented()  # pragma: no cover
+
+    @abc.abstractmethod
+    def list_policies(self):
+        """List all policies."""
+        raise exception.NotImplemented()  # pragma: no cover
+
+    @abc.abstractmethod
+    def get_policy(self, policy_id):
+        """Retrieve a specific policy blob.
+
+        :raises keystone.exception.PolicyNotFound: If the policy doesn't exist.
+
+        """
+        raise exception.NotImplemented()  # pragma: no cover
+
+    @abc.abstractmethod
+    def update_policy(self, policy_id, policy):
+        """Update a policy blob.
+
+        :raises keystone.exception.PolicyNotFound: If the policy doesn't exist.
+
+        """
+        raise exception.NotImplemented()  # pragma: no cover
+
+    @abc.abstractmethod
+    def delete_policy(self, policy_id):
+        """Remove a policy blob.
+
+        :raises keystone.exception.PolicyNotFound: If the policy doesn't exist.
+
+        """
+        raise exception.NotImplemented()  # pragma: no cover

keystone/policy/backends/rules.py

@@ -20,7 +20,7 @@ from oslo_log import log
 from oslo_policy import policy as common_policy
 
 from keystone import exception
-from keystone import policy
+from keystone.policy.backends import base
 
 
 CONF = cfg.CONF
@@ -69,7 +69,7 @@ def enforce(credentials, action, target, do_raise=True):
     return _ENFORCER.enforce(action, target, credentials, **extra)
 
 
-class Policy(policy.PolicyDriverV8):
+class Policy(base.PolicyDriverV8):
     def enforce(self, credentials, action, target):
         LOG.debug('enforce %(action)s: %(credentials)s', {
             'action': action,

keystone/policy/core.py

@@ -14,15 +14,14 @@
 
 """Main entry point into the Policy service."""
 
-import abc
-
 from oslo_config import cfg
-import six
+from oslo_log import versionutils
 
 from keystone.common import dependency
 from keystone.common import manager
 from keystone import exception
 from keystone import notifications
+from keystone.policy.backends import base
 
 
 CONF = cfg.CONF
@@ -81,61 +80,13 @@ class Manager(manager.Manager):
         return ret
 
 
-@six.add_metaclass(abc.ABCMeta)
-class PolicyDriverV8(object):
-
-    def _get_list_limit(self):
-        return CONF.policy.list_limit or CONF.list_limit
-
-    @abc.abstractmethod
-    def enforce(self, context, credentials, action, target):
-        """Verify that a user is authorized to perform action.
-
-        For more information on a full implementation of this see:
-        `keystone.policy.backends.rules.Policy.enforce`
-        """
-        raise exception.NotImplemented()  # pragma: no cover
-
-    @abc.abstractmethod
-    def create_policy(self, policy_id, policy):
-        """Store a policy blob.
-
-        :raises keystone.exception.Conflict: If a duplicate policy exists.
-
-        """
-        raise exception.NotImplemented()  # pragma: no cover
-
-    @abc.abstractmethod
-    def list_policies(self):
-        """List all policies."""
-        raise exception.NotImplemented()  # pragma: no cover
-
-    @abc.abstractmethod
-    def get_policy(self, policy_id):
-        """Retrieve a specific policy blob.
-
-        :raises keystone.exception.PolicyNotFound: If the policy doesn't exist.
-
-        """
-        raise exception.NotImplemented()  # pragma: no cover
-
-    @abc.abstractmethod
-    def update_policy(self, policy_id, policy):
-        """Update a policy blob.
-
-        :raises keystone.exception.PolicyNotFound: If the policy doesn't exist.
-
-        """
-        raise exception.NotImplemented()  # pragma: no cover
-
-    @abc.abstractmethod
-    def delete_policy(self, policy_id):
-        """Remove a policy blob.
-
-        :raises keystone.exception.PolicyNotFound: If the policy doesn't exist.
-
-        """
-        raise exception.NotImplemented()  # pragma: no cover
+@versionutils.deprecated(
+    versionutils.deprecated.NEWTON,
+    what='keystone.policy.PolicyDriverV8',
+    in_favor_of='keystone.policy.backends.base.PolicyDriverV8',
+    remove_in=+1)
+class PolicyDriverV8(base.PolicyDriverV8):
+    pass
 
 
-Driver = manager.create_legacy_driver(PolicyDriverV8)
+Driver = manager.create_legacy_driver(base.PolicyDriverV8)