Update openstack.common.policy from oslo-incubator
This includes the following changes: 64bb5e2f5 Fix wrong argument in openstack common policy b7edc9997 Fix missing argument bug in oslo common policy 3626b6db9 Fix policy default_rule issue Fixes Bug #1194354 Change-Id: I611816a238034e248c5abd3b07ee751098438f53
This commit is contained in:
parent
54465d8e7e
commit
d8ecd12b51
@ -115,11 +115,17 @@ class Rules(dict):
|
|||||||
def __missing__(self, key):
|
def __missing__(self, key):
|
||||||
"""Implements the default rule handling."""
|
"""Implements the default rule handling."""
|
||||||
|
|
||||||
|
if isinstance(self.default_rule, dict):
|
||||||
|
raise KeyError(key)
|
||||||
|
|
||||||
# If the default rule isn't actually defined, do something
|
# If the default rule isn't actually defined, do something
|
||||||
# reasonably intelligent
|
# reasonably intelligent
|
||||||
if not self.default_rule or self.default_rule not in self:
|
if not self.default_rule or self.default_rule not in self:
|
||||||
raise KeyError(key)
|
raise KeyError(key)
|
||||||
|
|
||||||
|
if isinstance(self.default_rule, BaseCheck):
|
||||||
|
return self.default_rule
|
||||||
|
elif isinstance(self.default_rule, six.string_types):
|
||||||
return self[self.default_rule]
|
return self[self.default_rule]
|
||||||
|
|
||||||
def __str__(self):
|
def __str__(self):
|
||||||
@ -153,7 +159,7 @@ class Enforcer(object):
|
|||||||
"""
|
"""
|
||||||
|
|
||||||
def __init__(self, policy_file=None, rules=None, default_rule=None):
|
def __init__(self, policy_file=None, rules=None, default_rule=None):
|
||||||
self.rules = Rules(rules)
|
self.rules = Rules(rules, default_rule)
|
||||||
self.default_rule = default_rule or CONF.policy_default_rule
|
self.default_rule = default_rule or CONF.policy_default_rule
|
||||||
|
|
||||||
self.policy_path = None
|
self.policy_path = None
|
||||||
@ -172,13 +178,14 @@ class Enforcer(object):
|
|||||||
"got %s instead") % type(rules))
|
"got %s instead") % type(rules))
|
||||||
|
|
||||||
if overwrite:
|
if overwrite:
|
||||||
self.rules = Rules(rules)
|
self.rules = Rules(rules, self.default_rule)
|
||||||
else:
|
else:
|
||||||
self.update(rules)
|
self.rules.update(rules)
|
||||||
|
|
||||||
def clear(self):
|
def clear(self):
|
||||||
"""Clears Enforcer rules, policy's cache and policy's path."""
|
"""Clears Enforcer rules, policy's cache and policy's path."""
|
||||||
self.set_rules({})
|
self.set_rules({})
|
||||||
|
self.default_rule = None
|
||||||
self.policy_path = None
|
self.policy_path = None
|
||||||
|
|
||||||
def load_rules(self, force_reload=False):
|
def load_rules(self, force_reload=False):
|
||||||
@ -194,8 +201,7 @@ class Enforcer(object):
|
|||||||
|
|
||||||
reloaded, data = fileutils.read_cached_file(self.policy_path,
|
reloaded, data = fileutils.read_cached_file(self.policy_path,
|
||||||
force_reload=force_reload)
|
force_reload=force_reload)
|
||||||
|
if reloaded or not self.rules:
|
||||||
if reloaded:
|
|
||||||
rules = Rules.load_json(data, self.default_rule)
|
rules = Rules.load_json(data, self.default_rule)
|
||||||
self.set_rules(rules)
|
self.set_rules(rules)
|
||||||
LOG.debug(_("Rules successfully reloaded"))
|
LOG.debug(_("Rules successfully reloaded"))
|
||||||
@ -215,7 +221,7 @@ class Enforcer(object):
|
|||||||
if policy_file:
|
if policy_file:
|
||||||
return policy_file
|
return policy_file
|
||||||
|
|
||||||
raise cfg.ConfigFilesNotFoundError(path=CONF.policy_file)
|
raise cfg.ConfigFilesNotFoundError((CONF.policy_file,))
|
||||||
|
|
||||||
def enforce(self, rule, target, creds, do_raise=False,
|
def enforce(self, rule, target, creds, do_raise=False,
|
||||||
exc=None, *args, **kwargs):
|
exc=None, *args, **kwargs):
|
||||||
@ -398,7 +404,7 @@ class AndCheck(BaseCheck):
|
|||||||
"""
|
"""
|
||||||
|
|
||||||
for rule in self.rules:
|
for rule in self.rules:
|
||||||
if not rule(target, cred):
|
if not rule(target, cred, enforcer):
|
||||||
return False
|
return False
|
||||||
|
|
||||||
return True
|
return True
|
||||||
@ -441,7 +447,7 @@ class OrCheck(BaseCheck):
|
|||||||
"""
|
"""
|
||||||
|
|
||||||
for rule in self.rules:
|
for rule in self.rules:
|
||||||
if rule(target, cred):
|
if rule(target, cred, enforcer):
|
||||||
return True
|
return True
|
||||||
|
|
||||||
return False
|
return False
|
||||||
|
Loading…
Reference in New Issue
Block a user