Add an oslo.policy.enforcer entrypoint

This will allow oslopolicy-policy-generator to generate useful
information about Glance policies.

Change-Id: I3aeeeb67d19832ad72f0ab06c8adc0b018020c71
Closes-Bug: #1816647
This commit is contained in:
Cyril Roelandt 2019-02-19 20:32:11 +01:00
parent 88a8ad7823
commit 517d8d66c3
2 changed files with 12 additions and 0 deletions

View File

@ -30,6 +30,7 @@ from glance.i18n import _
LOG = logging.getLogger(__name__) LOG = logging.getLogger(__name__)
CONF = cfg.CONF CONF = cfg.CONF
_ENFORCER = None
DEFAULT_RULES = policy.Rules.from_dict({ DEFAULT_RULES = policy.Rules.from_dict({
'context_is_admin': 'role:admin', 'context_is_admin': 'role:admin',
@ -89,6 +90,14 @@ class Enforcer(policy.Enforcer):
return self.check(context, 'context_is_admin', context.to_dict()) return self.check(context, 'context_is_admin', context.to_dict())
def get_enforcer():
CONF([], project='glance')
global _ENFORCER
if _ENFORCER is None:
_ENFORCER = Enforcer()
return _ENFORCER
class ImageRepoProxy(glance.domain.proxy.Repo): class ImageRepoProxy(glance.domain.proxy.Repo):
def __init__(self, image_repo, context, policy): def __init__(self, image_repo, context, policy):

View File

@ -63,6 +63,9 @@ glance.database.migration_backend =
glance.database.metadata_backend = glance.database.metadata_backend =
sqlalchemy = glance.db.sqlalchemy.metadata sqlalchemy = glance.db.sqlalchemy.metadata
oslo.policy.enforcer =
glance = glance.api.policy:get_enforcer
glance.flows = glance.flows =
api_image_import = glance.async_.flows.api_image_import:get_flow api_image_import = glance.async_.flows.api_image_import:get_flow
import = glance.async_.flows.base_import:get_flow import = glance.async_.flows.base_import:get_flow