d7592cbe25
Adds below things for the implementation of framework for registering and using default policy rules. * Policy-in-code The framework for registering and using default policy rules. Rules should be defined and returned from a module in masakari/policies/, and then added to the list in masakari/policies/__init__.py. A new context.can() method has been added for policy enforcement of registered rules. It has the same parameters as the enforce() method currently being used. * Add policy sample generation The entry point and config file necessary for using the oslo.policy sample generation script. It also adds a tox target to simplify the usage of it. * Add policy documentation and sample file Documentation and sample file for default policy in code feature. * Hacking check for policy registration It ensures that policy registration happens in the centralized masakari/policies/ directory. * Hacking check for _ENFORCER.enforce() Hacking check in order to ensure that only registered policies are used for authorization checks _ENFORCER.authorize should be used rather than _ENFORCER.enforce. * Add entry_point for oslo policy scripts There are two helper scripts in oslo.policy to help deployers understand their policy configuration better. With the setup.cfg entry these can be called directly from oslo.policy. Changes done here are with the reference of [1] at NOVA side which is contributed by Andrew Laski and Claudiu Belu [1] https://review.openstack.org/#/q/topic:bp/policy-in-code+project:openstack/nova+status:merged Change-Id: If885a66d92c31be440d27d6780635800a0b12e3e
48 lines
2.4 KiB
ReStructuredText
48 lines
2.4 KiB
ReStructuredText
masakari Style Commandments
|
|
===========================
|
|
|
|
- Step 1: Read the OpenStack Style Commandments
|
|
https://docs.openstack.org/hacking/latest/
|
|
- Step 2: Read on
|
|
|
|
Masakari Specific Commandments
|
|
------------------------------
|
|
|
|
|
|
- [M301] no db session in public API methods (disabled)
|
|
This enforces a guideline defined in ``oslo.db.sqlalchemy.session``
|
|
- [M302] timeutils.utcnow() wrapper must be used instead of direct
|
|
calls to datetime.datetime.utcnow() to make it easy to override its return value in tests
|
|
- [M303] capitalize help string
|
|
Config parameter help strings should have a capitalized first letter
|
|
- [M305] Change assertTrue(isinstance(A, B)) by optimal assert like
|
|
assertIsInstance(A, B).
|
|
- [M306] Change assertEqual(type(A), B) by optimal assert like
|
|
assertIsInstance(A, B)
|
|
- [M308] Validate that log messages are not translated.
|
|
- [M309] Don't import translation in tests
|
|
- [M310] Setting CONF.* attributes directly in tests is forbidden. Use
|
|
self.flags(option=value) instead.
|
|
- [M315] Method's default argument shouldn't be mutable
|
|
- [M316] Ensure that the _() function is explicitly imported to ensure proper translations.
|
|
- [M317] Ensure that jsonutils.%(fun)s must be used instead of json.%(fun)s
|
|
- [M318] Change assertTrue/False(A in/not in B, message) to the more specific
|
|
assertIn/NotIn(A, B, message)
|
|
- [M319] Check for usage of deprecated assertRaisesRegexp
|
|
- [M320] Must use a dict comprehension instead of a dict constructor with a sequence of key-value pairs.
|
|
- [M321] Change assertEqual(A in B, True), assertEqual(True, A in B),
|
|
assertEqual(A in B, False) or assertEqual(False, A in B) to the more specific
|
|
assertIn/NotIn(A, B)
|
|
- [M322] Check masakari.utils.spawn() is used instead of greenthread.spawn() and eventlet.spawn()
|
|
- [M323] contextlib.nested is deprecated
|
|
- [M324] Config options should be in the central location ``masakari/conf/``
|
|
- [M325] Check for common double word typos
|
|
- [M326] Python 3: do not use dict.iteritems.
|
|
- [M327] Python 3: do not use dict.iterkeys.
|
|
- [M328] Python 3: do not use dict.itervalues.
|
|
- [M329] Deprecated library function os.popen()
|
|
- [M331] LOG.warn is deprecated. Enforce use of LOG.warning.
|
|
- [M332] Yield must always be followed by a space when yielding a value.
|
|
- [M333] Policy registration should be in the central location ``masakari/policies/``
|
|
- [M334] Do not use the oslo_policy.policy.Enforcer.enforce() method.
|