diff options
author | Jenkins <jenkins@review.openstack.org> | 2012-11-07 01:55:51 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2012-11-07 01:55:51 +0000 |
commit | 126dd9c9bdab46074d812f4a16358357d364e789 (patch) | |
tree | 6c41496c882432164de59fbd86753dff10aae1bb /keystone/policy | |
parent | 6b87660d91b30dcccf19c77cf999fa3f0dee84b2 (diff) | |
parent | 86aaff4a50039a927eac2ca0db927249058bef12 (diff) | |
download | keystone-126dd9c9bdab46074d812f4a16358357d364e789.tar.gz keystone-126dd9c9bdab46074d812f4a16358357d364e789.tar.xz keystone-126dd9c9bdab46074d812f4a16358357d364e789.zip |
Merge "Merge remote-tracking branch 'origin/feature/keystone-v3' into HEAD"
Diffstat (limited to 'keystone/policy')
-rw-r--r-- | keystone/policy/core.py | 100 |
1 files changed, 100 insertions, 0 deletions
diff --git a/keystone/policy/core.py b/keystone/policy/core.py index 5b60443b..498e027b 100644 --- a/keystone/policy/core.py +++ b/keystone/policy/core.py @@ -16,7 +16,9 @@ """Main entry point into the Policy service.""" + from keystone.common import manager +from keystone.common import controller from keystone import config from keystone import exception @@ -35,6 +37,26 @@ class Manager(manager.Manager): def __init__(self): super(Manager, self).__init__(CONF.policy.driver) + def get_policy(self, context, policy_id): + try: + return self.driver.get_policy(policy_id) + except exception.NotFound: + raise exception.PolicyNotFound(policy_id=policy_id) + + def update_policy(self, context, policy_id, policy): + if 'id' in policy and policy_id != policy['id']: + raise exception.ValidationError('Cannot change policy ID') + try: + return self.driver.update_policy(policy_id, policy) + except exception.NotFound: + raise exception.PolicyNotFound(policy_id=policy_id) + + def delete_policy(self, context, policy_id): + try: + return self.driver.delete_policy(policy_id) + except exception.NotFound: + raise exception.PolicyNotFound(policy_id=policy_id) + class Driver(object): def enforce(context, credentials, action, target): @@ -44,3 +66,81 @@ class Driver(object): `keystone.common.policy.enforce`. """ raise exception.NotImplemented() + + def create_policy(self, policy_id, policy): + """Store a policy blob for a particular endpoint. + + :raises: keystone.exception.EndpointNotFound, + keystone.exception.Conflict + + """ + raise exception.NotImplemented() + + def list_policies(self): + """List all policies.""" + raise exception.NotImplemented() + + def get_policy(self, policy_id): + """Retrieve a specific policy blob. + + :raises: keystone.exception.PolicyNotFound + + """ + raise exception.NotImplemented() + + def update_policy(self, policy_id, policy): + """Update a policy blob. + + :raises: keystone.exception.PolicyNotFound, + keystone.exception.EndpointNotFound + + """ + raise exception.NotImplemented() + + def delete_policy(self, policy_id): + """Remove a policy blob. + + :raises: keystone.exception.PolicyNotFound + + """ + raise exception.NotImplemented() + + +class PolicyControllerV3(controller.V3Controller): + def create_policy(self, context, policy): + self.assert_admin(context) + + ref = self._assign_unique_id(self._normalize_dict(policy)) + self._require_attribute(ref, 'blob') + self._require_attribute(ref, 'type') + self._require_attribute(ref, 'endpoint_id') + + self.catalog_api.get_endpoint(context, ref['endpoint_id']) + + ref = self.policy_api.create_policy(context, ref['id'], ref) + return {'policy': ref} + + def list_policies(self, context): + self.assert_admin(context) + refs = self.policy_api.list_policies(context) + refs = self._filter_by_attribute(context, refs, 'endpoint_id') + refs = self._filter_by_attribute(context, refs, 'type') + return {'policies': self._paginate(context, refs)} + + def get_policy(self, context, policy_id): + self.assert_admin(context) + ref = self.policy_api.get_policy(context, policy_id) + return {'policy': ref} + + def update_policy(self, context, policy_id, policy): + self.assert_admin(context) + + if 'endpoint_id' in policy: + self.catalog_api.get_endpoint(context, policy['endpoint_id']) + + ref = self.policy_api.update_policy(context, policy_id, policy) + return {'policy': ref} + + def delete_policy(self, context, policy_id): + self.assert_admin(context) + return self.policy_api.delete_policy(context, policy_id) |