![Felipe Monteiro](/assets/img/avatar_default.png)
This PS implements oslo.policy integration in Deckhand. The policy.py file implements 2 types of functions for performing policy enforcement in Deckhand: authorize, which is a decorator that is used directly around falcon on_HTTP_VERB methods that raises a 403 immediately if policy enforcement fails; and conditional_authorize, to be used inside controller code conditionally. For example, since Deckhand has two types of documents with respect to security -- encrypted and cleartext documents -- policy enforcement is conditioned on the type of the documents' metadata.storagePolicy. Included in this PS: - policy framework implementation - policy in code and policy documentation for all Deckhand policies - modification of functional test script to override default admin-only policies with custom policy file dynamically created using lax permissions - bug fix for filtering out deleted documents (and its predecessors in previous revisions) for PUT /revisions/{revision_id}/documents - policy documentation - basic unit tests for policy enforcement framework - allow functional tests to be filtered via regex Due to the size of this PS, functional tests related to policy enforcement will be done in a follow up. Change-Id: If418129f9b401091e098c0bd6c7336b8a5cd2359
38 lines
915 B
INI
38 lines
915 B
INI
[metadata]
|
|
name = deckhand
|
|
summary = Secrets management persistence tool.
|
|
description-file = README.rst
|
|
|
|
author = deckhand team
|
|
home-page = http://deckhand-helm.readthedocs.io/en/latest/
|
|
classifier =
|
|
Intended Audience :: Information Technology
|
|
Intended Audience :: System Administrators
|
|
License :: OSI Approved :: Apache Software License
|
|
Operating System :: POSIX :: Linux
|
|
Programming Language :: Python
|
|
Programming Language :: Python :: 2
|
|
Programming Language :: Python :: 2.7
|
|
Programming Language :: Python :: 3
|
|
Programming Language :: Python :: 3.5
|
|
|
|
[files]
|
|
packages =
|
|
deckhand
|
|
|
|
[entry_points]
|
|
oslo.config.opts =
|
|
deckhand.conf = deckhand.conf.opts:list_opts
|
|
|
|
oslo.policy.policies =
|
|
deckhand = deckhand.policies:list_rules
|
|
|
|
[build_sphinx]
|
|
source-dir = doc/source
|
|
build-dir = doc/build
|
|
all_files = 1
|
|
warning-is-error = 1
|
|
|
|
[upload_sphinx]
|
|
upload-dir = doc/build/html
|