Merge "Restructure policy abstract driver"
This commit is contained in:
commit
eb7c0e340a
77
keystone/policy/backends/base.py
Normal file
77
keystone/policy/backends/base.py
Normal file
@ -0,0 +1,77 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import abc
|
||||
import six
|
||||
|
||||
from keystone import exception
|
||||
from oslo_config import cfg
|
||||
|
||||
|
||||
CONF = cfg.CONF
|
||||
|
||||
|
||||
@six.add_metaclass(abc.ABCMeta)
|
||||
class PolicyDriverV8(object):
|
||||
|
||||
def _get_list_limit(self):
|
||||
return CONF.policy.list_limit or CONF.list_limit
|
||||
|
||||
@abc.abstractmethod
|
||||
def enforce(self, context, credentials, action, target):
|
||||
"""Verify that a user is authorized to perform action.
|
||||
|
||||
For more information on a full implementation of this see:
|
||||
`keystone.policy.backends.rules.Policy.enforce`
|
||||
"""
|
||||
raise exception.NotImplemented() # pragma: no cover
|
||||
|
||||
@abc.abstractmethod
|
||||
def create_policy(self, policy_id, policy):
|
||||
"""Store a policy blob.
|
||||
|
||||
:raises keystone.exception.Conflict: If a duplicate policy exists.
|
||||
|
||||
"""
|
||||
raise exception.NotImplemented() # pragma: no cover
|
||||
|
||||
@abc.abstractmethod
|
||||
def list_policies(self):
|
||||
"""List all policies."""
|
||||
raise exception.NotImplemented() # pragma: no cover
|
||||
|
||||
@abc.abstractmethod
|
||||
def get_policy(self, policy_id):
|
||||
"""Retrieve a specific policy blob.
|
||||
|
||||
:raises keystone.exception.PolicyNotFound: If the policy doesn't exist.
|
||||
|
||||
"""
|
||||
raise exception.NotImplemented() # pragma: no cover
|
||||
|
||||
@abc.abstractmethod
|
||||
def update_policy(self, policy_id, policy):
|
||||
"""Update a policy blob.
|
||||
|
||||
:raises keystone.exception.PolicyNotFound: If the policy doesn't exist.
|
||||
|
||||
"""
|
||||
raise exception.NotImplemented() # pragma: no cover
|
||||
|
||||
@abc.abstractmethod
|
||||
def delete_policy(self, policy_id):
|
||||
"""Remove a policy blob.
|
||||
|
||||
:raises keystone.exception.PolicyNotFound: If the policy doesn't exist.
|
||||
|
||||
"""
|
||||
raise exception.NotImplemented() # pragma: no cover
|
@ -20,7 +20,7 @@ from oslo_log import log
|
||||
from oslo_policy import policy as common_policy
|
||||
|
||||
from keystone import exception
|
||||
from keystone import policy
|
||||
from keystone.policy.backends import base
|
||||
|
||||
|
||||
CONF = cfg.CONF
|
||||
@ -69,7 +69,7 @@ def enforce(credentials, action, target, do_raise=True):
|
||||
return _ENFORCER.enforce(action, target, credentials, **extra)
|
||||
|
||||
|
||||
class Policy(policy.PolicyDriverV8):
|
||||
class Policy(base.PolicyDriverV8):
|
||||
def enforce(self, credentials, action, target):
|
||||
LOG.debug('enforce %(action)s: %(credentials)s', {
|
||||
'action': action,
|
||||
|
@ -14,15 +14,14 @@
|
||||
|
||||
"""Main entry point into the Policy service."""
|
||||
|
||||
import abc
|
||||
|
||||
from oslo_config import cfg
|
||||
import six
|
||||
from oslo_log import versionutils
|
||||
|
||||
from keystone.common import dependency
|
||||
from keystone.common import manager
|
||||
from keystone import exception
|
||||
from keystone import notifications
|
||||
from keystone.policy.backends import base
|
||||
|
||||
|
||||
CONF = cfg.CONF
|
||||
@ -81,61 +80,13 @@ class Manager(manager.Manager):
|
||||
return ret
|
||||
|
||||
|
||||
@six.add_metaclass(abc.ABCMeta)
|
||||
class PolicyDriverV8(object):
|
||||
|
||||
def _get_list_limit(self):
|
||||
return CONF.policy.list_limit or CONF.list_limit
|
||||
|
||||
@abc.abstractmethod
|
||||
def enforce(self, context, credentials, action, target):
|
||||
"""Verify that a user is authorized to perform action.
|
||||
|
||||
For more information on a full implementation of this see:
|
||||
`keystone.policy.backends.rules.Policy.enforce`
|
||||
"""
|
||||
raise exception.NotImplemented() # pragma: no cover
|
||||
|
||||
@abc.abstractmethod
|
||||
def create_policy(self, policy_id, policy):
|
||||
"""Store a policy blob.
|
||||
|
||||
:raises keystone.exception.Conflict: If a duplicate policy exists.
|
||||
|
||||
"""
|
||||
raise exception.NotImplemented() # pragma: no cover
|
||||
|
||||
@abc.abstractmethod
|
||||
def list_policies(self):
|
||||
"""List all policies."""
|
||||
raise exception.NotImplemented() # pragma: no cover
|
||||
|
||||
@abc.abstractmethod
|
||||
def get_policy(self, policy_id):
|
||||
"""Retrieve a specific policy blob.
|
||||
|
||||
:raises keystone.exception.PolicyNotFound: If the policy doesn't exist.
|
||||
|
||||
"""
|
||||
raise exception.NotImplemented() # pragma: no cover
|
||||
|
||||
@abc.abstractmethod
|
||||
def update_policy(self, policy_id, policy):
|
||||
"""Update a policy blob.
|
||||
|
||||
:raises keystone.exception.PolicyNotFound: If the policy doesn't exist.
|
||||
|
||||
"""
|
||||
raise exception.NotImplemented() # pragma: no cover
|
||||
|
||||
@abc.abstractmethod
|
||||
def delete_policy(self, policy_id):
|
||||
"""Remove a policy blob.
|
||||
|
||||
:raises keystone.exception.PolicyNotFound: If the policy doesn't exist.
|
||||
|
||||
"""
|
||||
raise exception.NotImplemented() # pragma: no cover
|
||||
@versionutils.deprecated(
|
||||
versionutils.deprecated.NEWTON,
|
||||
what='keystone.policy.PolicyDriverV8',
|
||||
in_favor_of='keystone.policy.backends.base.PolicyDriverV8',
|
||||
remove_in=+1)
|
||||
class PolicyDriverV8(base.PolicyDriverV8):
|
||||
pass
|
||||
|
||||
|
||||
Driver = manager.create_legacy_driver(PolicyDriverV8)
|
||||
Driver = manager.create_legacy_driver(base.PolicyDriverV8)
|
||||
|
Loading…
Reference in New Issue
Block a user