Add policy sample generation

This adds the entry point and config file necessary for using the oslo.policy sample generation script. It also adds a tox target to simplify the usage of it. Finally, this commit adds murano.common.policies.base.list_rules to murano.common.polices (__init__.py) so that the base rules are also included in the generated policy file. Note that the policy sample is generated as a YAML which is the standard adopted by Nova [0] and Keystone [1] and is now the standard across OpenStack since Ocata [2]: While the old json format policy file is still supported, we recommend using the newer YAML format file, more intuitive syntax. The output from tox -egenpolicy will be: murano.policy.sample.yaml in murano/etc. The policy documentation was already updated in I1a8581a559e4333a74d56a5bdce7e6d1f117907d [0] e845d66a1b/etc/nova/nova-policy-generator.conf [1] https://github.com/openstack/keystone/blob/master/config-generator/keystone-policy-generator.conf [2] https://docs.openstack.org/ocata/config-reference/policy-yaml-file.html#older-json-format-policy Change-Id: I2356ac0b2033bd83caaf2672189670fc300e55fd Partially-Implements: blueprint policy-in-code
2017-06-12 20:16:57 +01:00 · 2017-06-12 20:16:57 +01:00 · b360bf7ab7
parent 6b1fb69fb0
commit b360bf7ab7
4 changed files with 17 additions and 1 deletions
--- a/.gitignore
+++ b/.gitignore
@ -38,9 +38,10 @@ doc/source/api
 #Config file for functional tests
 murano/tests/functional/engine/config.conf

-#Autogenerated sample config file
+#Autogenerated sample config file and policy file
 etc/murano/murano.conf.sample
 etc/murano/murano-cfapi.conf.sample
+etc/murano.policy.yaml.sample

 #User Config file for Murano
 etc/murano/murano.conf
--- a/etc/oslo-policy-generator/murano-policy-generator.conf
+++ b/etc/oslo-policy-generator/murano-policy-generator.conf
@ -0,0 +1,3 @@
+[DEFAULT]
+output_file = etc/murano.policy.yaml.sample
+namespace = murano
--- a/setup.cfg
+++ b/setup.cfg
@ -53,14 +53,23 @@ console_scripts =
    murano-cfapi-db-manage = murano.cmd.cfapi_db_manage:main
    murano-test-runner = murano.cmd.test_runner:main
    murano-cfapi = murano.cmd.cfapi:main
+
 wsgi_scripts =
    murano-wsgi-api = murano.httpd.murano_api:init_application
+
 oslo.config.opts =
    murano = murano.opts:list_opts
    keystone_authtoken = keystonemiddleware.opts:list_auth_token_opts
    murano.cfapi = murano.opts:list_cfapi_opts
+
 oslo.config.opts.defaults =
    murano = murano.common.config:set_middleware_defaults
+
+oslo.policy.policies =
+    # With the move of default policy in code list_rules returns a list of
+    # the default defined polices.
+    murano = murano.common.policies:list_rules
+
 tempest.test_plugins =
    murano_tests = murano_tempest_tests.plugin:MuranoTempestPlugin

--- a/tox.ini
+++ b/tox.ini
@ -65,6 +65,9 @@ commands =
 commands =
    oslo-config-generator --config-file etc/oslo-config-generator/murano-cfapi.conf

+[testenv:genpolicy]
+commands = oslopolicy-sample-generator --config-file etc/oslo-policy-generator/murano-policy-generator.conf
+
 [testenv:releasenotes]
 commands = sphinx-build -a -E -W -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html