From 92ece11d01f52e3e7b3c7aad20b63604cdea064d Mon Sep 17 00:00:00 2001 From: Samuel de Medeiros Queiroz Date: Mon, 18 Apr 2016 14:06:13 -0300 Subject: [PATCH] Restructure policy abstract driver Change I5ff9c4e4b6d64750f5db2a73cc4317358aea0649 restructured the identity subsystem. As part of the change, the abstract driver was extracted to identity/backends/base.py This change does the same for the policy subsystem. Partial-Bug: 1563101 Change-Id: Id2a6e9d43724a7ffe95f097a9876b2320f8f01f8 --- keystone/policy/backends/base.py | 77 +++++++++++++++++++++++++++++++ keystone/policy/backends/rules.py | 4 +- keystone/policy/core.py | 69 ++++----------------------- 3 files changed, 89 insertions(+), 61 deletions(-) create mode 100644 keystone/policy/backends/base.py diff --git a/keystone/policy/backends/base.py b/keystone/policy/backends/base.py new file mode 100644 index 0000000000..473770d16e --- /dev/null +++ b/keystone/policy/backends/base.py @@ -0,0 +1,77 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import abc +import six + +from keystone import exception +from oslo_config import cfg + + +CONF = cfg.CONF + + +@six.add_metaclass(abc.ABCMeta) +class PolicyDriverV8(object): + + def _get_list_limit(self): + return CONF.policy.list_limit or CONF.list_limit + + @abc.abstractmethod + def enforce(self, context, credentials, action, target): + """Verify that a user is authorized to perform action. + + For more information on a full implementation of this see: + `keystone.policy.backends.rules.Policy.enforce` + """ + raise exception.NotImplemented() # pragma: no cover + + @abc.abstractmethod + def create_policy(self, policy_id, policy): + """Store a policy blob. + + :raises keystone.exception.Conflict: If a duplicate policy exists. + + """ + raise exception.NotImplemented() # pragma: no cover + + @abc.abstractmethod + def list_policies(self): + """List all policies.""" + raise exception.NotImplemented() # pragma: no cover + + @abc.abstractmethod + def get_policy(self, policy_id): + """Retrieve a specific policy blob. + + :raises keystone.exception.PolicyNotFound: If the policy doesn't exist. + + """ + raise exception.NotImplemented() # pragma: no cover + + @abc.abstractmethod + def update_policy(self, policy_id, policy): + """Update a policy blob. + + :raises keystone.exception.PolicyNotFound: If the policy doesn't exist. + + """ + raise exception.NotImplemented() # pragma: no cover + + @abc.abstractmethod + def delete_policy(self, policy_id): + """Remove a policy blob. + + :raises keystone.exception.PolicyNotFound: If the policy doesn't exist. + + """ + raise exception.NotImplemented() # pragma: no cover diff --git a/keystone/policy/backends/rules.py b/keystone/policy/backends/rules.py index e96bffae0c..e22b13aba9 100644 --- a/keystone/policy/backends/rules.py +++ b/keystone/policy/backends/rules.py @@ -20,7 +20,7 @@ from oslo_log import log from oslo_policy import policy as common_policy from keystone import exception -from keystone import policy +from keystone.policy.backends import base CONF = cfg.CONF @@ -69,7 +69,7 @@ def enforce(credentials, action, target, do_raise=True): return _ENFORCER.enforce(action, target, credentials, **extra) -class Policy(policy.PolicyDriverV8): +class Policy(base.PolicyDriverV8): def enforce(self, credentials, action, target): LOG.debug('enforce %(action)s: %(credentials)s', { 'action': action, diff --git a/keystone/policy/core.py b/keystone/policy/core.py index f52795a542..1824e9d2bf 100644 --- a/keystone/policy/core.py +++ b/keystone/policy/core.py @@ -14,15 +14,14 @@ """Main entry point into the Policy service.""" -import abc - from oslo_config import cfg -import six +from oslo_log import versionutils from keystone.common import dependency from keystone.common import manager from keystone import exception from keystone import notifications +from keystone.policy.backends import base CONF = cfg.CONF @@ -81,61 +80,13 @@ class Manager(manager.Manager): return ret -@six.add_metaclass(abc.ABCMeta) -class PolicyDriverV8(object): - - def _get_list_limit(self): - return CONF.policy.list_limit or CONF.list_limit - - @abc.abstractmethod - def enforce(self, context, credentials, action, target): - """Verify that a user is authorized to perform action. - - For more information on a full implementation of this see: - `keystone.policy.backends.rules.Policy.enforce` - """ - raise exception.NotImplemented() # pragma: no cover - - @abc.abstractmethod - def create_policy(self, policy_id, policy): - """Store a policy blob. - - :raises keystone.exception.Conflict: If a duplicate policy exists. - - """ - raise exception.NotImplemented() # pragma: no cover - - @abc.abstractmethod - def list_policies(self): - """List all policies.""" - raise exception.NotImplemented() # pragma: no cover - - @abc.abstractmethod - def get_policy(self, policy_id): - """Retrieve a specific policy blob. - - :raises keystone.exception.PolicyNotFound: If the policy doesn't exist. - - """ - raise exception.NotImplemented() # pragma: no cover - - @abc.abstractmethod - def update_policy(self, policy_id, policy): - """Update a policy blob. - - :raises keystone.exception.PolicyNotFound: If the policy doesn't exist. - - """ - raise exception.NotImplemented() # pragma: no cover - - @abc.abstractmethod - def delete_policy(self, policy_id): - """Remove a policy blob. - - :raises keystone.exception.PolicyNotFound: If the policy doesn't exist. - - """ - raise exception.NotImplemented() # pragma: no cover +@versionutils.deprecated( + versionutils.deprecated.NEWTON, + what='keystone.policy.PolicyDriverV8', + in_favor_of='keystone.policy.backends.base.PolicyDriverV8', + remove_in=+1) +class PolicyDriverV8(base.PolicyDriverV8): + pass -Driver = manager.create_legacy_driver(PolicyDriverV8) +Driver = manager.create_legacy_driver(base.PolicyDriverV8)