Add an oslo.policy.enforcer entrypoint
This will allow oslopolicy-policy-generator to generate useful information about Glance policies. Change-Id: I3aeeeb67d19832ad72f0ab06c8adc0b018020c71 Closes-Bug: #1816647
This commit is contained in:
parent
88a8ad7823
commit
517d8d66c3
@ -30,6 +30,7 @@ from glance.i18n import _
|
|||||||
|
|
||||||
LOG = logging.getLogger(__name__)
|
LOG = logging.getLogger(__name__)
|
||||||
CONF = cfg.CONF
|
CONF = cfg.CONF
|
||||||
|
_ENFORCER = None
|
||||||
|
|
||||||
DEFAULT_RULES = policy.Rules.from_dict({
|
DEFAULT_RULES = policy.Rules.from_dict({
|
||||||
'context_is_admin': 'role:admin',
|
'context_is_admin': 'role:admin',
|
||||||
@ -89,6 +90,14 @@ class Enforcer(policy.Enforcer):
|
|||||||
return self.check(context, 'context_is_admin', context.to_dict())
|
return self.check(context, 'context_is_admin', context.to_dict())
|
||||||
|
|
||||||
|
|
||||||
|
def get_enforcer():
|
||||||
|
CONF([], project='glance')
|
||||||
|
global _ENFORCER
|
||||||
|
if _ENFORCER is None:
|
||||||
|
_ENFORCER = Enforcer()
|
||||||
|
return _ENFORCER
|
||||||
|
|
||||||
|
|
||||||
class ImageRepoProxy(glance.domain.proxy.Repo):
|
class ImageRepoProxy(glance.domain.proxy.Repo):
|
||||||
|
|
||||||
def __init__(self, image_repo, context, policy):
|
def __init__(self, image_repo, context, policy):
|
||||||
|
@ -63,6 +63,9 @@ glance.database.migration_backend =
|
|||||||
glance.database.metadata_backend =
|
glance.database.metadata_backend =
|
||||||
sqlalchemy = glance.db.sqlalchemy.metadata
|
sqlalchemy = glance.db.sqlalchemy.metadata
|
||||||
|
|
||||||
|
oslo.policy.enforcer =
|
||||||
|
glance = glance.api.policy:get_enforcer
|
||||||
|
|
||||||
glance.flows =
|
glance.flows =
|
||||||
api_image_import = glance.async_.flows.api_image_import:get_flow
|
api_image_import = glance.async_.flows.api_image_import:get_flow
|
||||||
import = glance.async_.flows.base_import:get_flow
|
import = glance.async_.flows.base_import:get_flow
|
||||||
|
Loading…
Reference in New Issue
Block a user