Hot-keys on this page

r m x p   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

# vim: tabstop=4 shiftwidth=4 softtabstop=4 

 

# Copyright 2012 OpenStack LLC 

# 

# Licensed under the Apache License, Version 2.0 (the "License"); you may 

# not use this file except in compliance with the License. You may obtain 

# a copy of the License at 

# 

#      http://www.apache.org/licenses/LICENSE-2.0 

# 

# Unless required by applicable law or agreed to in writing, software 

# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 

# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 

# License for the specific language governing permissions and limitations 

# under the License. 

 

"""Main entry point into the Policy service.""" 

 

 

from keystone.common import dependency 

from keystone.common import manager 

from keystone import config 

from keystone import exception 

 

 

CONF = config.CONF 

 

 

@dependency.provider('policy_api') 

class Manager(manager.Manager): 

    """Default pivot point for the Policy backend. 

 

    See :mod:`keystone.common.manager.Manager` for more details on how this 

    dynamically calls the backend. 

 

    """ 

 

    def __init__(self): 

        super(Manager, self).__init__(CONF.policy.driver) 

 

    def get_policy(self, context, policy_id): 

        try: 

            return self.driver.get_policy(policy_id) 

        except exception.NotFound: 

            raise exception.PolicyNotFound(policy_id=policy_id) 

 

    def update_policy(self, context, policy_id, policy): 

        if 'id' in policy and policy_id != policy['id']: 

            raise exception.ValidationError('Cannot change policy ID') 

        try: 

            return self.driver.update_policy(policy_id, policy) 

        except exception.NotFound: 

            raise exception.PolicyNotFound(policy_id=policy_id) 

 

    def delete_policy(self, context, policy_id): 

        try: 

            return self.driver.delete_policy(policy_id) 

        except exception.NotFound: 

            raise exception.PolicyNotFound(policy_id=policy_id) 

 

 

class Driver(object): 

    def enforce(self, context, credentials, action, target): 

        """Verify that a user is authorized to perform action. 

 

        For more information on a full implementation of this see: 

        `keystone.common.policy.enforce`. 

        """ 

        raise exception.NotImplemented() 

 

    def create_policy(self, policy_id, policy): 

        """Store a policy blob. 

 

        :raises: keystone.exception.Conflict 

 

        """ 

        raise exception.NotImplemented() 

 

    def list_policies(self): 

        """List all policies.""" 

        raise exception.NotImplemented() 

 

    def get_policy(self, policy_id): 

        """Retrieve a specific policy blob. 

 

        :raises: keystone.exception.PolicyNotFound 

 

        """ 

        raise exception.NotImplemented() 

 

    def update_policy(self, policy_id, policy): 

        """Update a policy blob. 

 

        :raises: keystone.exception.PolicyNotFound 

 

        """ 

        raise exception.NotImplemented() 

 

    def delete_policy(self, policy_id): 

        """Remove a policy blob. 

 

        :raises: keystone.exception.PolicyNotFound 

 

        """ 

        raise exception.NotImplemented()