diff options
| author | Dolph Mathews <dolph.mathews@gmail.com> | 2012-05-02 08:23:40 -0500 |
|---|---|---|
| committer | Dolph Mathews <dolph.mathews@gmail.com> | 2012-05-03 09:46:00 -0500 |
| commit | 422aeba0b4fbfc22a251cf86e553598ff1179046 (patch) | |
| tree | 385718908e20879c527f9264426b651218fb91fa | |
| parent | b9311480dd758ef6c736f116ffbf2ddcd9c00fd0 (diff) | |
| download | keystone-422aeba0b4fbfc22a251cf86e553598ff1179046.tar.gz keystone-422aeba0b4fbfc22a251cf86e553598ff1179046.tar.xz keystone-422aeba0b4fbfc22a251cf86e553598ff1179046.zip | |
Removed SimpleMatch 'shim'; updated readme
Change-Id: I34fcc8d7233e58024c4e173867f8f41f9d2b9f4c
| -rw-r--r-- | README.rst | 15 | ||||
| -rw-r--r-- | keystone/policy/backends/simple.py | 23 |
2 files changed, 6 insertions, 32 deletions
@@ -172,8 +172,8 @@ of checks and will possibly write completely custom backends. Backends included in Keystone are: -Simple Match ------------- +Rules +----- Given a list of matches to check for, simply verify that the credentials contain the matches. For example:: @@ -181,16 +181,13 @@ contain the matches. For example:: credentials = {'user_id': 'foo', 'is_admin': 1, 'roles': ['nova:netadmin']} # An admin only call: - policy_api.can_haz(('is_admin:1',), credentials) + policy_api.enforce(('is_admin:1',), credentials) # An admin or owner call: - policy_api.can_haz(('is_admin:1', 'user_id:foo'), - credentials) + policy_api.enforce(('is_admin:1', 'user_id:foo'), credentials) # A netadmin call: - policy_api.can_haz(('roles:nova:netadmin',), - credentials) - + policy_api.enforce(('roles:nova:netadmin',), credentials) Credentials are generally built from the user metadata in the 'extras' part of the Identity API. So, adding a 'role' to the user just means adding the role @@ -210,7 +207,7 @@ to which capabilities are allowed for that role. For example:: # add a policy policy_api.add_policy('action:nova:add_network', ('roles:nova:netadmin',)) - policy_api.can_haz(('action:nova:add_network',), credentials) + policy_api.enforce(('action:nova:add_network',), credentials) In the backend this would look up the policy for 'action:nova:add_network' and diff --git a/keystone/policy/backends/simple.py b/keystone/policy/backends/simple.py deleted file mode 100644 index 9d490f6c..00000000 --- a/keystone/policy/backends/simple.py +++ /dev/null @@ -1,23 +0,0 @@ -# vim: tabstop=4 shiftwidth=4 softtabstop=4 - -# Copyright 2012 OpenStack LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# This file exists as a shim to get devstack testing to pass. -# It will be removed once devstack has been updated. - -from keystone.policy.backends import rules - - -SimpleMatch = rules.Policy |