This change ensures that horizon tries to load all policy files even
if an invalid policy file is found, so that horizon can use as many
policy rules as it can parse.
Closes-Bug: #1917483
Change-Id: I24f8da71460129ee7162af5f307a7e405addb15d
This commit allows horizon to handle deprecated policy rules.
The approach is explained in the document updated by this change.
oslo.policy requirement is updated. oslo.policy 3.2.0 is chosen
just because it is the first release in Victoria cycle.
requirements.txt and lower-constraints.txt are updated accordingly
including oslo.policy dependencies.
Change-Id: If5059d03f6bd7e94796065aa1b51c0c23ac85f5e
oslo.policy doesn't handle Permission Denied error during file
parsing. This patch just ignores IOError exceptions to fallback to
the default behaviour.
Closes-Bug: #1845523
Change-Id: I87c2862e6e3a3f42d231552b00dc02364d6fa14f
This commit also moves descriptions of settings defined in openstack_auth
from openstack_dashboard/settings.py and local_settings.py(.example)
to openstack_auth/settings.py.
Note that if openstack_dashboard has different default settings
from openstack_auth defaults, they are now moved to
openstack_dashboard/defaults.py.
Part of blueprint ini-based-configuration
Change-Id: I59eebc388de0bcbd4d1fe35c6138efbd3e04c5b8
Token is not used in policies,
and json.dumps can't dump it when http rules are used.
Closes-Bug: 1823977
Change-Id: Id1b0b94d27d24d7dfdd2f1542973088947d83ada
Signed-off-by: George Melikov <mail@gmelikov.ru>
enforcer for policy can be loaded from a single file or from multiple
files (policy_dir). so checking for policy_file is not good enough.
If a policy is loaded it will have some rules, if not loaded then,
oslo_policy rejects all acccess, but it is not saved to the
_ENFORCER object, which is holds the objects used for enforcing
policies. So checking for existance of rules is a better check.
Some refactoring for better logging
added tests: test_nonexisting_policy_file_load
Change-Id: Id1f65058014ef5b14449b502d6741da9d34767b3
Closes-Bug: 1804174
Moves Django OpenStack Auth content to Horizon, since they are so
tightly coupled. This cleans up the development workflow and should
make keystone / auth related contributions easier.
Implements: blueprint merge-openstack-auth
Change-Id: Ia1cdc47bad1ca6e633073a9f9445b0c7f70d05bc