Cache policy enforcer
The policy enforcer can be used as a global object, there is no create one for every context creation. This caches the object in the module and reuse it in context. Change-Id: I03087b7bc139c8aaef95809043fc57f52b7900a1 Closes-Bug: #1658083
This commit is contained in:
parent
7b17c8b4ee
commit
71c72340f5
|
@ -114,7 +114,7 @@ class RequestContext(context.RequestContext):
|
|||
**config.get_ssl_options('keystone'))
|
||||
self.trust_id = trust_id
|
||||
self.trustor_user_id = trustor_user_id
|
||||
self.policy = policy.Enforcer()
|
||||
self.policy = policy.get_enforcer()
|
||||
self._auth_plugin = auth_plugin
|
||||
self._trusts_auth_plugin = trusts_auth_plugin
|
||||
|
||||
|
|
|
@ -31,6 +31,8 @@ LOG = logging.getLogger(__name__)
|
|||
DEFAULT_RULES = policy.Rules.from_dict({'default': '!'})
|
||||
DEFAULT_RESOURCE_RULES = policy.Rules.from_dict({'default': '@'})
|
||||
|
||||
ENFORCER = None
|
||||
|
||||
|
||||
class Enforcer(object):
|
||||
"""Responsible for loading and enforcing rules."""
|
||||
|
@ -88,6 +90,13 @@ class Enforcer(object):
|
|||
return self._check(context, 'context_is_admin', target={}, exc=None)
|
||||
|
||||
|
||||
def get_enforcer():
|
||||
global ENFORCER
|
||||
if ENFORCER is None:
|
||||
ENFORCER = Enforcer()
|
||||
return ENFORCER
|
||||
|
||||
|
||||
class ResourceEnforcer(Enforcer):
|
||||
def __init__(self, default_rule=DEFAULT_RESOURCE_RULES['default'],
|
||||
**kwargs):
|
||||
|
|
Loading…
Reference in New Issue