From 5e3cdec9183435fd1badcf6a9d5f2c7987e3ef10 Mon Sep 17 00:00:00 2001
From: Lance Bragstad <lbragstad@gmail.com>
Date: Wed, 19 Sep 2018 16:22:08 +0000
Subject: [PATCH] Add entry point to allow for oslo.policy CLI usage

The oslo.policy library exposes entry points so that users can
generate sample policy files and templates. The entry points do
expect some things to be done by the service in order to work,
though.

This commit adds an entry point for oslo.policy so that it can
consume an enforcer that has been initialized with mistrals
policies. The library will use this to generate useful things
for users like templates and sample policy files.

Change-Id: Ib442fbb79b5c237d634586c3169cf8c7f595da1c
Closes-Bug: 1793346
---
 mistral/api/access_control.py | 23 +++++++++++++++++++++++
 setup.cfg                     |  5 ++++-
 2 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/mistral/api/access_control.py b/mistral/api/access_control.py
index 692f3b1f3..95088e9ed 100644
--- a/mistral/api/access_control.py
+++ b/mistral/api/access_control.py
@@ -21,6 +21,9 @@ from oslo_policy import policy
 from mistral import exceptions as exc
 from mistral import policies
 
+
+CONF = cfg.CONF
+
 _ENFORCER = None
 
 
@@ -84,6 +87,26 @@ def enforce(action, context, target=None, do_raise=True,
     )
 
 
+def get_enforcer():
+    """Entrypoint that must return the raw oslo.policy enforcer obj.
+
+    This is utilized by the command-line policy tools.
+
+    :returns: :class:`oslo_policy.policy.Enforcer`
+    """
+    # Here we pass an empty list of arguments because there aren't any
+    # arguments that oslo.config or oslo.policy shouldn't already understand
+    # from the CONF object. This makes things easier here because we don't have
+    # to parse arguments passed in from the command line and remove unexpected
+    # arguments before building a Config object.
+    CONF([], project='mistral')
+    enforcer = policy.Enforcer(CONF)
+    enforcer.register_defaults(policies.list_rules())
+    enforcer.load_rules()
+
+    return enforcer
+
+
 def _ensure_enforcer_initialization():
     global _ENFORCER
     if not _ENFORCER:
diff --git a/setup.cfg b/setup.cfg
index 9a587b2e3..c32e1d033 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -47,6 +47,9 @@ oslo.config.opts.defaults =
 oslo.policy.policies =
     mistral = mistral.policies:list_rules
 
+oslo.policy.enforcer =
+    mistral = mistral.api.access_control:get_enforcer
+
 mistral.actions =
     std.async_noop = mistral.actions.std_actions:AsyncNoOpAction
     std.noop = mistral.actions.std_actions:NoOpAction
@@ -109,4 +112,4 @@ pygments.lexers =
 mistral.js.implementation =
     pyv8 = mistral.utils.javascript:PyV8Evaluator
     v8eval = mistral.utils.javascript:V8EvalEvaluator
-    py_mini_racer = mistral.utils.javascript:PyMiniRacerEvaluator
\ No newline at end of file
+    py_mini_racer = mistral.utils.javascript:PyMiniRacerEvaluator