Merge "Expose a get_enforcer method for oslo.policy scripts" into stable/pike
This commit is contained in:
commit
e8953d0392
|
@ -35,6 +35,17 @@ def init():
|
|||
register_rules(_ENFORCER)
|
||||
|
||||
|
||||
def get_enforcer():
|
||||
# Here we pass an empty list of arguments because there aren't any
|
||||
# arguments that oslo.config or oslo.policy shouldn't already understand
|
||||
# from the CONF object. This makes things easier here because we don't have
|
||||
# to parse arguments passed in from the command line and remove unexpected
|
||||
# arguments before building a Config object.
|
||||
CONF([], project='keystone')
|
||||
init()
|
||||
return _ENFORCER
|
||||
|
||||
|
||||
def enforce(credentials, action, target, do_raise=True):
|
||||
"""Verify that the action is valid on the target in this context.
|
||||
|
||||
|
|
|
@ -15,6 +15,7 @@
|
|||
|
||||
import json
|
||||
import os
|
||||
import subprocess
|
||||
import uuid
|
||||
|
||||
from oslo_policy import policy as common_policy
|
||||
|
@ -213,3 +214,18 @@ class PolicyJsonTestCase(unit.TestCase):
|
|||
|
||||
doc_targets = list(read_doc_targets())
|
||||
self.assertItemsEqual(policy_keys, doc_targets + policy_rule_keys)
|
||||
|
||||
|
||||
class GeneratePolicyFileTestCase(unit.TestCase):
|
||||
|
||||
def test_policy_generator_from_command_line(self):
|
||||
# This test ensures keystone.common.policy:get_enforcer ignores
|
||||
# unexpected arguments before handing them off to oslo.config, which
|
||||
# will fail and prevent users from generating policy files.
|
||||
ret_val = subprocess.Popen(
|
||||
['oslopolicy-policy-generator', '--namespace', 'keystone'],
|
||||
stdout=subprocess.PIPE,
|
||||
stderr=subprocess.PIPE
|
||||
)
|
||||
ret_val.communicate()
|
||||
self.assertEqual(ret_val.returncode, 0)
|
||||
|
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
fixes:
|
||||
- |
|
||||
[`bug 1740951 <https://bugs.launchpad.net/keystone/+bug/1740951>`_]
|
||||
A new method was added that made it so oslo.policy sample generation
|
||||
scripts can be used with keystone. The ``oslopolicy-policy-generator``
|
||||
script will now generate a policy file containing overrides and defaults
|
||||
registered in code.
|
|
@ -181,6 +181,9 @@ oslo.policy.policies =
|
|||
# the default defined polices.
|
||||
keystone = keystone.common.policies:list_rules
|
||||
|
||||
oslo.policy.enforcer =
|
||||
keystone = keystone.common.policy:get_enforcer
|
||||
|
||||
paste.filter_factory =
|
||||
healthcheck = oslo_middleware:Healthcheck.factory
|
||||
cors = oslo_middleware:CORS.factory
|
||||
|
|
Loading…
Reference in New Issue