Cache policy enforcer

The policy enforcer can be used as a global object, there is no create one for every context creation. This caches the object in the module and reuse it in context. Change-Id: I03087b7bc139c8aaef95809043fc57f52b7900a1 Closes-Bug: #1658083
2017-05-31 15:07:40 +02:00 · 2017-05-31 15:07:40 +02:00 · 71c72340f5
parent 7b17c8b4ee
commit 71c72340f5
2 changed files with 10 additions and 1 deletions
--- a/heat/common/context.py
+++ b/heat/common/context.py
@ -114,7 +114,7 @@ class RequestContext(context.RequestContext):
            **config.get_ssl_options('keystone'))
        self.trust_id = trust_id
        self.trustor_user_id = trustor_user_id
-        self.policy = policy.Enforcer()
+        self.policy = policy.get_enforcer()
        self._auth_plugin = auth_plugin
        self._trusts_auth_plugin = trusts_auth_plugin

--- a/heat/common/policy.py
+++ b/heat/common/policy.py
@ -31,6 +31,8 @@ LOG = logging.getLogger(__name__)
 DEFAULT_RULES = policy.Rules.from_dict({'default': '!'})
 DEFAULT_RESOURCE_RULES = policy.Rules.from_dict({'default': '@'})

+ENFORCER = None
+

 class Enforcer(object):
    """Responsible for loading and enforcing rules."""
@ -88,6 +90,13 @@ class Enforcer(object):
        return self._check(context, 'context_is_admin', target={}, exc=None)


+def get_enforcer():
+    global ENFORCER
+    if ENFORCER is None:
+        ENFORCER = Enforcer()
+    return ENFORCER
+
+
 class ResourceEnforcer(Enforcer):
    def __init__(self, default_rule=DEFAULT_RESOURCE_RULES['default'],
                 **kwargs):