Added support for policy.json in packaging process
This commit updates the packaging files for supporting the new authorization mechanism based on policy.json Change-Id: I001fba11b9c59ef34a10bf92ab7241f37efd4668 Sem-Ver: feature
This commit is contained in:
parent
91f82cc654
commit
ef0bd4556d
17
config/policy.json
Normal file
17
config/policy.json
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
{
|
||||||
|
"admin": "role:admin or is_admin:True",
|
||||||
|
"admin_or_owner": "rule:admin or project_id:%(id)s or project_name:%(name)s",
|
||||||
|
"cloud_admin": "rule:admin and project_name:admin",
|
||||||
|
"default": "rule:admin",
|
||||||
|
"ProjectManager:ADD_PROJECT": "rule:admin",
|
||||||
|
"ProjectManager:GET_PROJECT": "rule:admin_or_owner",
|
||||||
|
"ProjectManager:GET_PROJECTS": "rule:cloud_admin",
|
||||||
|
"ProjectManager:REMOVE_PROJECT": "rule:admin",
|
||||||
|
"ProjectManager:UPDATE_PROJECT": "rule:admin",
|
||||||
|
"synergy:EXECUTE": "rule:cloud_admin",
|
||||||
|
"synergy:LIST": "rule:admin",
|
||||||
|
"synergy:START": "rule:admin",
|
||||||
|
"synergy:STATUS": "rule:admin",
|
||||||
|
"synergy:STOP": "rule:admin",
|
||||||
|
}
|
||||||
|
|
@ -1 +1,2 @@
|
|||||||
config/synergy_scheduler.conf /etc/synergy
|
config/synergy_scheduler.conf /etc/synergy
|
||||||
|
config/policy.json /etc/synergy
|
||||||
|
47
packaging/debian/python-synergy-scheduler-manager.postinst
Executable file
47
packaging/debian/python-synergy-scheduler-manager.postinst
Executable file
@ -0,0 +1,47 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
# postinst script for python-synergy-service
|
||||||
|
#
|
||||||
|
# see: dh_installdeb(1)
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
# summary of how this script can be called:
|
||||||
|
# * <postinst> `configure' <most-recently-configured-version>
|
||||||
|
# * <old-postinst> `abort-upgrade' <new version>
|
||||||
|
# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
|
||||||
|
# <new-version>
|
||||||
|
# * <postinst> `abort-remove'
|
||||||
|
# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
|
||||||
|
# <failed-install-package> <version> `removing'
|
||||||
|
# <conflicting-package> <version>
|
||||||
|
# for details, see http://www.debian.org/doc/debian-policy/ or
|
||||||
|
# the debian-policy package
|
||||||
|
|
||||||
|
case "$1" in
|
||||||
|
configure)
|
||||||
|
# Add synergy group & user
|
||||||
|
adduser --quiet --system --group --home /var/lib/synergy synergy > /dev/null 2>&1
|
||||||
|
# Change dirs and files permission/ownership
|
||||||
|
chown synergy:synergy /etc/synergy/policy.json
|
||||||
|
chown synergy:synergy /etc/synergy/synergy_scheduler.conf
|
||||||
|
|
||||||
|
chmod 0644 /etc/synergy/policy.json
|
||||||
|
chmod 0644 /etc/synergy/synergy_scheduler.conf
|
||||||
|
;;
|
||||||
|
|
||||||
|
abort-upgrade|abort-remove|abort-deconfigure)
|
||||||
|
;;
|
||||||
|
|
||||||
|
*)
|
||||||
|
echo "postinst called with unknown argument \`$1'" >&2
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
|
||||||
|
# dh_installdeb will replace this with shell code automatically
|
||||||
|
# generated by other debhelper scripts.
|
||||||
|
|
||||||
|
#DEBHELPER#
|
||||||
|
|
||||||
|
exit 0
|
37
packaging/debian/python-synergy-scheduler-manager.postrm
Executable file
37
packaging/debian/python-synergy-scheduler-manager.postrm
Executable file
@ -0,0 +1,37 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
# postrm script for python-synergy-service
|
||||||
|
#
|
||||||
|
# see: dh_installdeb(1)
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
# summary of how this script can be called:
|
||||||
|
# * <postrm> `remove'
|
||||||
|
# * <postrm> `purge'
|
||||||
|
# * <old-postrm> `upgrade' <new-version>
|
||||||
|
# * <new-postrm> `failed-upgrade' <old-version>
|
||||||
|
# * <new-postrm> `abort-install'
|
||||||
|
# * <new-postrm> `abort-install' <old-version>
|
||||||
|
# * <new-postrm> `abort-upgrade' <old-version>
|
||||||
|
# * <disappearer's-postrm> `disappear' <overwriter>
|
||||||
|
# <overwriter-version>
|
||||||
|
# for details, see http://www.debian.org/doc/debian-policy/ or
|
||||||
|
# the debian-policy package
|
||||||
|
|
||||||
|
|
||||||
|
case "$1" in
|
||||||
|
remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear|purge)
|
||||||
|
;;
|
||||||
|
|
||||||
|
*)
|
||||||
|
echo "postrm called with unknown argument \`$1'" >&2
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
# dh_installdeb will replace this with shell code automatically
|
||||||
|
# generated by other debhelper scripts.
|
||||||
|
|
||||||
|
#DEBHELPER#
|
||||||
|
|
||||||
|
exit 0
|
34
packaging/debian/python-synergy-scheduler-manager.preinst
Executable file
34
packaging/debian/python-synergy-scheduler-manager.preinst
Executable file
@ -0,0 +1,34 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
# preinst script for python-synergy-service
|
||||||
|
#
|
||||||
|
# see: dh_installdeb(1)
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
# summary of how this script can be called:
|
||||||
|
# * <new-preinst> `install'
|
||||||
|
# * <new-preinst> `install' <old-version>
|
||||||
|
# * <new-preinst> `upgrade' <old-version>
|
||||||
|
# * <old-preinst> `abort-upgrade' <new-version>
|
||||||
|
# for details, see http://www.debian.org/doc/debian-policy/ or
|
||||||
|
# the debian-policy package
|
||||||
|
|
||||||
|
case "$1" in
|
||||||
|
install|upgrade)
|
||||||
|
;;
|
||||||
|
|
||||||
|
abort-upgrade)
|
||||||
|
;;
|
||||||
|
|
||||||
|
*)
|
||||||
|
echo "preinst called with unknown argument \`$1'" >&2
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
# dh_installdeb will replace this with shell code automatically
|
||||||
|
# generated by other debhelper scripts.
|
||||||
|
|
||||||
|
#DEBHELPER#
|
||||||
|
|
||||||
|
exit 0
|
@ -42,12 +42,17 @@ schedulers.
|
|||||||
rm -rf $RPM_BUILD_ROOT
|
rm -rf $RPM_BUILD_ROOT
|
||||||
%{__python} setup.py install -O1 --skip-build --root $RPM_BUILD_ROOT
|
%{__python} setup.py install -O1 --skip-build --root $RPM_BUILD_ROOT
|
||||||
install -D -m0644 config/synergy_scheduler.conf %{buildroot}%{_sysconfdir}/synergy/synergy_scheduler.conf
|
install -D -m0644 config/synergy_scheduler.conf %{buildroot}%{_sysconfdir}/synergy/synergy_scheduler.conf
|
||||||
|
install -D -m0644 config/policy.json %{buildroot}%{_sysconfdir}/synergy/policy.json
|
||||||
|
|
||||||
|
|
||||||
%files
|
%files
|
||||||
%doc README.rst
|
%doc README.rst
|
||||||
%{python_sitelib}/*
|
%{python_sitelib}/*
|
||||||
|
%{_sysconfdir}/synergy
|
||||||
|
%dir %attr(0755, synergy, synergy) %{_sysconfdir}/synergy/
|
||||||
%config(noreplace) %{_sysconfdir}/synergy/synergy_scheduler.conf
|
%config(noreplace) %{_sysconfdir}/synergy/synergy_scheduler.conf
|
||||||
|
%config(noreplace) %{_sysconfdir}/synergy/policy.json
|
||||||
|
%attr(0644, synergy, synergy) %{_sysconfdir}/synergy/policy.json
|
||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
@ -69,16 +69,21 @@ class KeystoneAuthorization(object):
|
|||||||
self.storePolicies(ENFORCER, policy_file)
|
self.storePolicies(ENFORCER, policy_file)
|
||||||
|
|
||||||
def storePolicies(self, enforcer, output_file):
|
def storePolicies(self, enforcer, output_file):
|
||||||
output_file = (open(output_file, 'w') if output_file
|
output_file = (open(output_file, 'w') if output_file else sys.stdout)
|
||||||
else sys.stdout)
|
|
||||||
rules = {}
|
rules = {}
|
||||||
rules.update(enforcer.registered_rules)
|
rules.update(enforcer.registered_rules)
|
||||||
rules.update(enforcer.file_rules)
|
rules.update(enforcer.file_rules)
|
||||||
|
|
||||||
|
output_file.write("{\n")
|
||||||
|
|
||||||
for rule in sorted(rules.keys(), key=lambda v: v.upper()):
|
for rule in sorted(rules.keys(), key=lambda v: v.upper()):
|
||||||
section = generator._format_rule_default_yaml(rules[rule],
|
section = generator._format_rule_default_yaml(rules[rule],
|
||||||
include_help=False)
|
include_help=False)
|
||||||
output_file.write(section)
|
output_file.write(" ")
|
||||||
|
output_file.write(section.replace('\n', ',\n'))
|
||||||
|
|
||||||
|
output_file.write("}")
|
||||||
|
output_file.close()
|
||||||
|
|
||||||
def authorize(self, context):
|
def authorize(self, context):
|
||||||
managers = context.get("managers", None)
|
managers = context.get("managers", None)
|
||||||
|
Loading…
Reference in New Issue
Block a user