Merge "Disable some policy warnings"
This commit is contained in:
commit
333b18da72
|
@ -46,16 +46,16 @@ def reset():
|
||||||
_ENFORCER = None
|
_ENFORCER = None
|
||||||
|
|
||||||
|
|
||||||
def init(rules=None, use_conf=True):
|
def init(rules=None, use_conf=True, suppress_deprecation_warnings=False):
|
||||||
"""Init an Enforcer class.
|
"""Init an Enforcer class.
|
||||||
|
|
||||||
:param policy_file: Custom policy file to use, if none is specified,
|
:param policy_file: Custom policy file to use, if none is specified,
|
||||||
`CONF.policy_file` will be used.
|
`CONF.policy_file` will be used.
|
||||||
:param rules: Default dictionary / Rules to use. It will be
|
:param rules: Default dictionary / Rules to use. It will be
|
||||||
considered just in the first instantiation.
|
considered just in the first instantiation.
|
||||||
:param default_rule: Default rule to use, CONF.default_rule will
|
|
||||||
be used if none is specified.
|
|
||||||
:param use_conf: Whether to load rules from config file.
|
:param use_conf: Whether to load rules from config file.
|
||||||
|
:param suppress_deprecation_warnings: Whether to suppress policy
|
||||||
|
deprecation warnings.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
global _ENFORCER
|
global _ENFORCER
|
||||||
|
@ -63,6 +63,18 @@ def init(rules=None, use_conf=True):
|
||||||
_ENFORCER = policy.Enforcer(CONF,
|
_ENFORCER = policy.Enforcer(CONF,
|
||||||
rules=rules,
|
rules=rules,
|
||||||
use_conf=use_conf)
|
use_conf=use_conf)
|
||||||
|
|
||||||
|
# NOTE(gouthamr): Explicitly disable the warnings for policies
|
||||||
|
# changing their default check_str. During
|
||||||
|
# secure-rbac / policy-defaults-refresh work, all the policy
|
||||||
|
# defaults have been changed and warning for each policy started
|
||||||
|
# filling the log limits for various tools. Once we move to new
|
||||||
|
# defaults only world then we can enable these warning again.
|
||||||
|
_ENFORCER.suppress_default_change_warnings = True
|
||||||
|
# Suppressing deprecation warnings is fine for tests. However we
|
||||||
|
# won't do it by default
|
||||||
|
_ENFORCER.suppress_deprecation_warnings = suppress_deprecation_warnings
|
||||||
|
|
||||||
register_rules(_ENFORCER)
|
register_rules(_ENFORCER)
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -39,6 +39,7 @@ from manila import coordination
|
||||||
from manila.db import migration
|
from manila.db import migration
|
||||||
from manila.db.sqlalchemy import api as db_api
|
from manila.db.sqlalchemy import api as db_api
|
||||||
from manila.db.sqlalchemy import models as db_models
|
from manila.db.sqlalchemy import models as db_models
|
||||||
|
from manila import policy
|
||||||
from manila import rpc
|
from manila import rpc
|
||||||
from manila import service
|
from manila import service
|
||||||
from manila.tests import conf_fixture
|
from manila.tests import conf_fixture
|
||||||
|
@ -161,6 +162,10 @@ class TestCase(base_test.BaseTestCase):
|
||||||
coordination.LOCK_COORDINATOR.start()
|
coordination.LOCK_COORDINATOR.start()
|
||||||
self.addCleanup(coordination.LOCK_COORDINATOR.stop)
|
self.addCleanup(coordination.LOCK_COORDINATOR.stop)
|
||||||
|
|
||||||
|
# policy
|
||||||
|
policy.init(suppress_deprecation_warnings=True)
|
||||||
|
self.addCleanup(policy.reset)
|
||||||
|
|
||||||
def _disable_osprofiler(self):
|
def _disable_osprofiler(self):
|
||||||
"""Disable osprofiler.
|
"""Disable osprofiler.
|
||||||
|
|
||||||
|
|
|
@ -46,7 +46,7 @@ class PolicyTestCase(test.TestCase):
|
||||||
"role:ADMIN"),
|
"role:ADMIN"),
|
||||||
]
|
]
|
||||||
policy.reset()
|
policy.reset()
|
||||||
policy.init()
|
policy.init(suppress_deprecation_warnings=True)
|
||||||
# before a policy rule can be used, its default has to be registered.
|
# before a policy rule can be used, its default has to be registered.
|
||||||
policy._ENFORCER.register_defaults(rules)
|
policy._ENFORCER.register_defaults(rules)
|
||||||
self.context = context.RequestContext('fake', 'fake', roles=['member'])
|
self.context = context.RequestContext('fake', 'fake', roles=['member'])
|
||||||
|
@ -105,7 +105,7 @@ class PolicyTestCase(test.TestCase):
|
||||||
project_context = context.RequestContext(project_id='fake-project-id',
|
project_context = context.RequestContext(project_id='fake-project-id',
|
||||||
roles=['bar'])
|
roles=['bar'])
|
||||||
policy.reset()
|
policy.reset()
|
||||||
policy.init()
|
policy.init(suppress_deprecation_warnings=True)
|
||||||
rule = common_policy.RuleDefault('foo', 'role:bar',
|
rule = common_policy.RuleDefault('foo', 'role:bar',
|
||||||
scope_types=['system'])
|
scope_types=['system'])
|
||||||
policy._ENFORCER.register_defaults([rule])
|
policy._ENFORCER.register_defaults([rule])
|
||||||
|
@ -120,7 +120,7 @@ class PolicyTestCase(test.TestCase):
|
||||||
project_context = context.RequestContext(project_id='fake-project-id',
|
project_context = context.RequestContext(project_id='fake-project-id',
|
||||||
roles=['bar'])
|
roles=['bar'])
|
||||||
policy.reset()
|
policy.reset()
|
||||||
policy.init()
|
policy.init(suppress_deprecation_warnings=True)
|
||||||
rule = common_policy.RuleDefault('foo', 'role:bar',
|
rule = common_policy.RuleDefault('foo', 'role:bar',
|
||||||
scope_types=['system'])
|
scope_types=['system'])
|
||||||
policy._ENFORCER.register_defaults([rule])
|
policy._ENFORCER.register_defaults([rule])
|
||||||
|
@ -138,7 +138,7 @@ class DefaultPolicyTestCase(test.TestCase):
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(DefaultPolicyTestCase, self).setUp()
|
super(DefaultPolicyTestCase, self).setUp()
|
||||||
policy.reset()
|
policy.reset()
|
||||||
policy.init()
|
policy.init(suppress_deprecation_warnings=True)
|
||||||
|
|
||||||
self.rules = {
|
self.rules = {
|
||||||
"default": [],
|
"default": [],
|
||||||
|
@ -180,7 +180,7 @@ class ContextIsAdminPolicyTestCase(test.TestCase):
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(ContextIsAdminPolicyTestCase, self).setUp()
|
super(ContextIsAdminPolicyTestCase, self).setUp()
|
||||||
policy.reset()
|
policy.reset()
|
||||||
policy.init()
|
policy.init(suppress_deprecation_warnings=True)
|
||||||
|
|
||||||
def _set_rules(self, rules, default_rule):
|
def _set_rules(self, rules, default_rule):
|
||||||
these_rules = common_policy.Rules.from_dict(rules,
|
these_rules = common_policy.Rules.from_dict(rules,
|
||||||
|
|
Loading…
Reference in New Issue