Update openstack.common.policy from oslo-incubator

This includes the following changes:
 64bb5e2f5 Fix wrong argument in openstack common policy
 b7edc9997 Fix missing argument bug in oslo common policy
 3626b6db9 Fix policy default_rule issue

Fixes Bug #1194354

Change-Id: I611816a238034e248c5abd3b07ee751098438f53
This commit is contained in:
Swann Croiset 2013-09-05 12:22:40 +02:00
parent 54465d8e7e
commit d8ecd12b51

View File

@ -115,11 +115,17 @@ class Rules(dict):
def __missing__(self, key): def __missing__(self, key):
"""Implements the default rule handling.""" """Implements the default rule handling."""
if isinstance(self.default_rule, dict):
raise KeyError(key)
# If the default rule isn't actually defined, do something # If the default rule isn't actually defined, do something
# reasonably intelligent # reasonably intelligent
if not self.default_rule or self.default_rule not in self: if not self.default_rule or self.default_rule not in self:
raise KeyError(key) raise KeyError(key)
if isinstance(self.default_rule, BaseCheck):
return self.default_rule
elif isinstance(self.default_rule, six.string_types):
return self[self.default_rule] return self[self.default_rule]
def __str__(self): def __str__(self):
@ -153,7 +159,7 @@ class Enforcer(object):
""" """
def __init__(self, policy_file=None, rules=None, default_rule=None): def __init__(self, policy_file=None, rules=None, default_rule=None):
self.rules = Rules(rules) self.rules = Rules(rules, default_rule)
self.default_rule = default_rule or CONF.policy_default_rule self.default_rule = default_rule or CONF.policy_default_rule
self.policy_path = None self.policy_path = None
@ -172,13 +178,14 @@ class Enforcer(object):
"got %s instead") % type(rules)) "got %s instead") % type(rules))
if overwrite: if overwrite:
self.rules = Rules(rules) self.rules = Rules(rules, self.default_rule)
else: else:
self.update(rules) self.rules.update(rules)
def clear(self): def clear(self):
"""Clears Enforcer rules, policy's cache and policy's path.""" """Clears Enforcer rules, policy's cache and policy's path."""
self.set_rules({}) self.set_rules({})
self.default_rule = None
self.policy_path = None self.policy_path = None
def load_rules(self, force_reload=False): def load_rules(self, force_reload=False):
@ -194,8 +201,7 @@ class Enforcer(object):
reloaded, data = fileutils.read_cached_file(self.policy_path, reloaded, data = fileutils.read_cached_file(self.policy_path,
force_reload=force_reload) force_reload=force_reload)
if reloaded or not self.rules:
if reloaded:
rules = Rules.load_json(data, self.default_rule) rules = Rules.load_json(data, self.default_rule)
self.set_rules(rules) self.set_rules(rules)
LOG.debug(_("Rules successfully reloaded")) LOG.debug(_("Rules successfully reloaded"))
@ -215,7 +221,7 @@ class Enforcer(object):
if policy_file: if policy_file:
return policy_file return policy_file
raise cfg.ConfigFilesNotFoundError(path=CONF.policy_file) raise cfg.ConfigFilesNotFoundError((CONF.policy_file,))
def enforce(self, rule, target, creds, do_raise=False, def enforce(self, rule, target, creds, do_raise=False,
exc=None, *args, **kwargs): exc=None, *args, **kwargs):
@ -398,7 +404,7 @@ class AndCheck(BaseCheck):
""" """
for rule in self.rules: for rule in self.rules:
if not rule(target, cred): if not rule(target, cred, enforcer):
return False return False
return True return True
@ -441,7 +447,7 @@ class OrCheck(BaseCheck):
""" """
for rule in self.rules: for rule in self.rules:
if rule(target, cred): if rule(target, cred, enforcer):
return True return True
return False return False