From 422aeba0b4fbfc22a251cf86e553598ff1179046 Mon Sep 17 00:00:00 2001 From: Dolph Mathews Date: Wed, 2 May 2012 08:23:40 -0500 Subject: [PATCH] Removed SimpleMatch 'shim'; updated readme Change-Id: I34fcc8d7233e58024c4e173867f8f41f9d2b9f4c --- README.rst | 15 ++++++--------- keystone/policy/backends/simple.py | 23 ----------------------- 2 files changed, 6 insertions(+), 32 deletions(-) delete mode 100644 keystone/policy/backends/simple.py diff --git a/README.rst b/README.rst index 8b23626c58..199b6703ee 100644 --- a/README.rst +++ b/README.rst @@ -172,8 +172,8 @@ of checks and will possibly write completely custom backends. Backends included in Keystone are: -Simple Match ------------- +Rules +----- Given a list of matches to check for, simply verify that the credentials contain the matches. For example:: @@ -181,16 +181,13 @@ contain the matches. For example:: credentials = {'user_id': 'foo', 'is_admin': 1, 'roles': ['nova:netadmin']} # An admin only call: - policy_api.can_haz(('is_admin:1',), credentials) + policy_api.enforce(('is_admin:1',), credentials) # An admin or owner call: - policy_api.can_haz(('is_admin:1', 'user_id:foo'), - credentials) + policy_api.enforce(('is_admin:1', 'user_id:foo'), credentials) # A netadmin call: - policy_api.can_haz(('roles:nova:netadmin',), - credentials) - + policy_api.enforce(('roles:nova:netadmin',), credentials) Credentials are generally built from the user metadata in the 'extras' part of the Identity API. So, adding a 'role' to the user just means adding the role @@ -210,7 +207,7 @@ to which capabilities are allowed for that role. For example:: # add a policy policy_api.add_policy('action:nova:add_network', ('roles:nova:netadmin',)) - policy_api.can_haz(('action:nova:add_network',), credentials) + policy_api.enforce(('action:nova:add_network',), credentials) In the backend this would look up the policy for 'action:nova:add_network' and diff --git a/keystone/policy/backends/simple.py b/keystone/policy/backends/simple.py deleted file mode 100644 index 9d490f6c2a..0000000000 --- a/keystone/policy/backends/simple.py +++ /dev/null @@ -1,23 +0,0 @@ -# vim: tabstop=4 shiftwidth=4 softtabstop=4 - -# Copyright 2012 OpenStack LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# This file exists as a shim to get devstack testing to pass. -# It will be removed once devstack has been updated. - -from keystone.policy.backends import rules - - -SimpleMatch = rules.Policy