Add entry point to allow for oslo.policy CLI usage
The oslo.policy library exposes entry points so that users can generate sample policy files and templates. The entry points do expect some things to be done by the service in order to work, though. This commit adds an entry point for oslo.policy so that it can consume an enforcer that has been initialized with mistrals policies. The library will use this to generate useful things for users like templates and sample policy files. Change-Id: Ib442fbb79b5c237d634586c3169cf8c7f595da1c Closes-Bug: 1793346
This commit is contained in:
parent
f85e57da89
commit
5e3cdec918
@ -21,6 +21,9 @@ from oslo_policy import policy
|
||||
from mistral import exceptions as exc
|
||||
from mistral import policies
|
||||
|
||||
|
||||
CONF = cfg.CONF
|
||||
|
||||
_ENFORCER = None
|
||||
|
||||
|
||||
@ -84,6 +87,26 @@ def enforce(action, context, target=None, do_raise=True,
|
||||
)
|
||||
|
||||
|
||||
def get_enforcer():
|
||||
"""Entrypoint that must return the raw oslo.policy enforcer obj.
|
||||
|
||||
This is utilized by the command-line policy tools.
|
||||
|
||||
:returns: :class:`oslo_policy.policy.Enforcer`
|
||||
"""
|
||||
# Here we pass an empty list of arguments because there aren't any
|
||||
# arguments that oslo.config or oslo.policy shouldn't already understand
|
||||
# from the CONF object. This makes things easier here because we don't have
|
||||
# to parse arguments passed in from the command line and remove unexpected
|
||||
# arguments before building a Config object.
|
||||
CONF([], project='mistral')
|
||||
enforcer = policy.Enforcer(CONF)
|
||||
enforcer.register_defaults(policies.list_rules())
|
||||
enforcer.load_rules()
|
||||
|
||||
return enforcer
|
||||
|
||||
|
||||
def _ensure_enforcer_initialization():
|
||||
global _ENFORCER
|
||||
if not _ENFORCER:
|
||||
|
@ -47,6 +47,9 @@ oslo.config.opts.defaults =
|
||||
oslo.policy.policies =
|
||||
mistral = mistral.policies:list_rules
|
||||
|
||||
oslo.policy.enforcer =
|
||||
mistral = mistral.api.access_control:get_enforcer
|
||||
|
||||
mistral.actions =
|
||||
std.async_noop = mistral.actions.std_actions:AsyncNoOpAction
|
||||
std.noop = mistral.actions.std_actions:NoOpAction
|
||||
|
Loading…
Reference in New Issue
Block a user