Merge "Add entry point to allow for oslo.policy CLI usage"

mistral/api/access_control.py

@@ -21,6 +21,9 @@ from oslo_policy import policy
 from mistral import exceptions as exc
 from mistral import policies
 
+
+CONF = cfg.CONF
+
 _ENFORCER = None
 
 
@@ -84,6 +87,26 @@ def enforce(action, context, target=None, do_raise=True,
     )
 
 
+def get_enforcer():
+    """Entrypoint that must return the raw oslo.policy enforcer obj.
+
+    This is utilized by the command-line policy tools.
+
+    :returns: :class:`oslo_policy.policy.Enforcer`
+    """
+    # Here we pass an empty list of arguments because there aren't any
+    # arguments that oslo.config or oslo.policy shouldn't already understand
+    # from the CONF object. This makes things easier here because we don't have
+    # to parse arguments passed in from the command line and remove unexpected
+    # arguments before building a Config object.
+    CONF([], project='mistral')
+    enforcer = policy.Enforcer(CONF)
+    enforcer.register_defaults(policies.list_rules())
+    enforcer.load_rules()
+
+    return enforcer
+
+
 def _ensure_enforcer_initialization():
     global _ENFORCER
     if not _ENFORCER:

setup.cfg

@@ -47,6 +47,9 @@ oslo.config.opts.defaults =
 oslo.policy.policies =
     mistral = mistral.policies:list_rules
 
+oslo.policy.enforcer =
+    mistral = mistral.api.access_control:get_enforcer
+
 mistral.actions =
     std.async_noop = mistral.actions.std_actions:AsyncNoOpAction
     std.noop = mistral.actions.std_actions:NoOpAction
@@ -109,4 +112,4 @@ pygments.lexers =
 mistral.js.implementation =
     pyv8 = mistral.utils.javascript:PyV8Evaluator
     v8eval = mistral.utils.javascript:V8EvalEvaluator
-    py_mini_racer = mistral.utils.javascript:PyMiniRacerEvaluator
+    py_mini_racer = mistral.utils.javascript:PyMiniRacerEvaluator