diff options
| author | James E. Blair <jeblair@hp.com> | 2012-02-14 15:54:59 -0800 |
|---|---|---|
| committer | James E. Blair <jeblair@hp.com> | 2012-02-14 15:57:37 -0800 |
| commit | eef1f0d93ae19f04601b75cd7a2514e81b4005b9 (patch) | |
| tree | 2b1b8b4a45f884414bd89c4bec7e31056a20a351 /keystone/policy | |
| parent | 9452cf04bc8b0a4dc66dc640615d5ace1ca715f2 (diff) | |
| parent | 90068b0143af788869116d08533d5ebc99874a17 (diff) | |
| download | keystone-eef1f0d93ae19f04601b75cd7a2514e81b4005b9.tar.gz keystone-eef1f0d93ae19f04601b75cd7a2514e81b4005b9.tar.xz keystone-eef1f0d93ae19f04601b75cd7a2514e81b4005b9.zip | |
Merge redux branch (keystone light)
Change-Id: I2cb5b198a06848f42f919ea49e338443131e263e
Diffstat (limited to 'keystone/policy')
| -rw-r--r-- | keystone/policy/__init__.py | 1 | ||||
| -rw-r--r-- | keystone/policy/backends/__init__.py | 0 | ||||
| -rw-r--r-- | keystone/policy/backends/simple.py | 23 | ||||
| -rw-r--r-- | keystone/policy/core.py | 21 |
4 files changed, 45 insertions, 0 deletions
diff --git a/keystone/policy/__init__.py b/keystone/policy/__init__.py new file mode 100644 index 00000000..d16de59f --- /dev/null +++ b/keystone/policy/__init__.py @@ -0,0 +1 @@ +from keystone.policy.core import * diff --git a/keystone/policy/backends/__init__.py b/keystone/policy/backends/__init__.py new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/keystone/policy/backends/__init__.py diff --git a/keystone/policy/backends/simple.py b/keystone/policy/backends/simple.py new file mode 100644 index 00000000..ec4840fe --- /dev/null +++ b/keystone/policy/backends/simple.py @@ -0,0 +1,23 @@ +# vim: tabstop=4 shiftwidth=4 softtabstop=4 + + +from keystone.common import logging + + +class TrivialTrue(object): + def can_haz(self, target, credentials): + return True + + +class SimpleMatch(object): + def can_haz(self, target, credentials): + """Check whether key-values in target are present in credentials.""" + # TODO(termie): handle ANDs, probably by providing a tuple instead of a + # string + for requirement in target: + key, match = requirement.split(':', 1) + check = credentials.get(key) + if check is None or isinstance(check, basestring): + check = [check] + if match in check: + return True diff --git a/keystone/policy/core.py b/keystone/policy/core.py new file mode 100644 index 00000000..694f6285 --- /dev/null +++ b/keystone/policy/core.py @@ -0,0 +1,21 @@ +# vim: tabstop=4 shiftwidth=4 softtabstop=4 + +"""Main entry point into the Policy service.""" + +from keystone import config +from keystone.common import manager + + +CONF = config.CONF + + +class Manager(manager.Manager): + """Default pivot point for the Policy backend. + + See :mod:`keystone.common.manager.Manager` for more details on how this + dynamically calls the backend. + + """ + + def __init__(self): + super(Manager, self).__init__(CONF.policy.driver) |