81f9fe6fed
Refactors all of keystone's dependency injection to maintain a single centralized repository of instantiated objects. This means that we are no longer having to resolve order. All objects that need to reference the various manager APIs simply do so via the __getattr__ built into the Manager common object or the ProviderAPIMixin object. This is also the first step towards correcting our tests to where they cannot run "load_backends" multiple times. This forces any/all managers to properly run super() as the way to register the api is via __init__. This eliminates all use of the @dependency.requires and @dependency.provides decorators, simplifying the objects all around. Any instantiations of a Manager after keystone is running will now generate an error, ensuring everything for keystone is running before handling requests. An exception is for CLI and CLI tests, as the CLI may directly instantiate managers and will not lock the registry. Change-Id: I4ba17855efd797c0db9f4824936b49e4bff54b6a
68 lines
2.3 KiB
Python
68 lines
2.3 KiB
Python
# Copyright 2012 OpenStack Foundation
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
"""Main entry point into the Policy service."""
|
|
|
|
from keystone.common import manager
|
|
import keystone.conf
|
|
from keystone import exception
|
|
from keystone import notifications
|
|
|
|
|
|
CONF = keystone.conf.CONF
|
|
|
|
|
|
class Manager(manager.Manager):
|
|
"""Default pivot point for the Policy backend.
|
|
|
|
See :mod:`keystone.common.manager.Manager` for more details on how this
|
|
dynamically calls the backend.
|
|
|
|
"""
|
|
|
|
driver_namespace = 'keystone.policy'
|
|
_provides_api = 'policy_api'
|
|
|
|
_POLICY = 'policy'
|
|
|
|
def __init__(self):
|
|
super(Manager, self).__init__(CONF.policy.driver)
|
|
|
|
def create_policy(self, policy_id, policy, initiator=None):
|
|
ref = self.driver.create_policy(policy_id, policy)
|
|
notifications.Audit.created(self._POLICY, policy_id, initiator)
|
|
return ref
|
|
|
|
def get_policy(self, policy_id):
|
|
return self.driver.get_policy(policy_id)
|
|
|
|
def update_policy(self, policy_id, policy, initiator=None):
|
|
if 'id' in policy and policy_id != policy['id']:
|
|
raise exception.ValidationError('Cannot change policy ID')
|
|
ref = self.driver.update_policy(policy_id, policy)
|
|
notifications.Audit.updated(self._POLICY, policy_id, initiator)
|
|
return ref
|
|
|
|
@manager.response_truncated
|
|
def list_policies(self, hints=None):
|
|
# NOTE(henry-nash): Since the advantage of filtering or list limiting
|
|
# of policies at the driver level is minimal, we leave this to the
|
|
# caller.
|
|
return self.driver.list_policies()
|
|
|
|
def delete_policy(self, policy_id, initiator=None):
|
|
ret = self.driver.delete_policy(policy_id)
|
|
notifications.Audit.deleted(self._POLICY, policy_id, initiator)
|
|
return ret
|