openstack/oslo.policy
Code Issues Proposed changes

Deprecate load_json() in favor of load()

Browse Source 
The Rules.load_json function now supports loading YAML and is not
limited to JSON. As such, the name is changed to load(). The old
name remains but is deprecated.

bp policy-yaml
Change-Id: I8c71d1a566779f1641106a996ebbc9551e2f05e3
This commit is contained in:
Brant Knudson 2016-02-15 13:35:53 -06:00
parent 83d209e9ed
commit ea1268bcd3
4 changed files with 38 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
oslo_policy/policy.py
View File

@ -217,6 +217,7 @@ desired rule name.
import logging
import os
import warnings
from oslo_config import cfg
from oslo_serialization import jsonutils
@ -299,8 +300,12 @@ class Rules(dict):
"""A store for rules. Handles the default_rule setting directly."""
@classmethod
def load_json(cls, data, default_rule=None):
"""Allow loading of YAML/JSON rule data."""
def load(cls, data, default_rule=None):
"""Allow loading of YAML/JSON rule data.
.. versionadded:: 1.5.0
"""
try:
parsed = yaml.safe_load(data)
@ -314,6 +319,21 @@ class Rules(dict):
return cls(rules, default_rule)
@classmethod
def load_json(cls, data, default_rule=None):
"""Allow loading of YAML/JSON rule data.
.. warning::
This method is deprecated as of the 1.5.0 release in favor of
:meth:`load` and may be removed in the 2.0 release.
"""
warnings.warn(
'The load_json() method is deprecated as of the 1.5.0 release in '
'favor of load() and may be removed in the 2.0 release.',
DeprecationWarning)
return cls.load(data, default_rule)
@classmethod
def from_dict(cls, rules_dict, default_rule=None):
"""Allow loading of rule data from a dictionary."""
@ -494,7 +514,7 @@ class Enforcer(object):
reloaded, data = _cache_handler.read_cached_file(
self._file_cache, path, force_reload=force_reload)
if reloaded or not self.rules:
rules = Rules.load_json(data, self.default_rule)
rules = Rules.load(data, self.default_rule)
self.set_rules(rules, overwrite=overwrite, use_conf=True)
self._loaded_files.append(path)
LOG.debug('Reloaded policy file: %(path)s', {'path': path})

2
oslo_policy/shell.py
View File

@ -40,7 +40,7 @@ def tool(policy_file, access_file, apply_rule, is_admin=False):
access_data['project_id'] = access_data['project']['id']
access_data['is_admin'] = is_admin
policy_data = policy_file.read()
rules = policy.Rules.load_json(policy_data, "default")
rules = policy.Rules.load(policy_data, "default")
class Object(object):
pass

2
oslo_policy/tests/test_fixtures.py
View File

@ -30,7 +30,7 @@ class FixtureTestCase(test_base.PolicyBaseTestCase):
rules_json = {
action: "http:" + self.getUniqueString()
}
rules = oslo_policy.Rules.load_json(json.dumps(rules_json))
rules = oslo_policy.Rules.load(json.dumps(rules_json))
self.enforcer.set_rules(rules)
return self.enforcer.enforce(rule=action,
target={},

21
oslo_policy/tests/test_policy.py
View File

@ -87,7 +87,7 @@ class RulesTestCase(test_base.BaseTestCase):
"admin_or_owner": [["role:admin"], ["project_id:%(project_id)s"]],
"default": []
})
rules = policy.Rules.load_json(exemplar, 'default')
rules = policy.Rules.load(exemplar, 'default')
self.assertEqual('default', rules.default_rule)
self.assertEqual(dict(
@ -103,12 +103,12 @@ class RulesTestCase(test_base.BaseTestCase):
"admin_or_owner": [["role:admin"], ["project_id:%(project_id)s"]],
"default": [
}"""
self.assertRaises(ValueError, policy.Rules.load_json, exemplar,
self.assertRaises(ValueError, policy.Rules.load, exemplar,
'default')
@mock.patch.object(_parser, 'parse_rule', lambda x: x)
def test_load_yaml(self):
# Test that simplified YAML can be used with load_json.
# Test that simplified YAML can be used with load().
# Show that YAML allows useful comments.
exemplar = """
# Define a custom rule.
@ -116,7 +116,7 @@ admin_or_owner: role:admin or project_id:%(project_id)s
# The default rule is used when there's no action defined.
default: []
"""
rules = policy.Rules.load_json(exemplar, 'default')
rules = policy.Rules.load(exemplar, 'default')
self.assertEqual('default', rules.default_rule)
self.assertEqual(dict(
@ -126,7 +126,7 @@ default: []
@mock.patch.object(_parser, 'parse_rule', lambda x: x)
def test_load_yaml_invalid_exc(self):
# When the JSON isn't valid, ValueError is raised on load_json.
# When the JSON isn't valid, ValueError is raised on load().
# Note the trailing , in the exemplar is invalid JSON.
exemplar = """{
# Define a custom rule.
@ -134,7 +134,7 @@ admin_or_owner: role:admin or project_id:%(project_id)s
# The default rule is used when there's no action defined.
default: [
}"""
self.assertRaises(ValueError, policy.Rules.load_json, exemplar,
self.assertRaises(ValueError, policy.Rules.load, exemplar,
'default')
@mock.patch.object(_parser, 'parse_rule', lambda x: x)
@ -165,6 +165,11 @@ default: [
self.assertEqual(exemplar, str(rules))
def test_load_json_deprecated(self):
with self.assertWarnsRegex(DeprecationWarning,
r'load_json\(\).*load\(\)'):
policy.Rules.load_json(jsonutils.dumps({'default': ''}, 'default'))
class EnforcerTest(base.PolicyBaseTestCase):
@ -311,7 +316,7 @@ class EnforcerTest(base.PolicyBaseTestCase):
"deny_stack_user": "not role:stack_user",
"cloudwatch:PutMetricData": ""
})
rules = policy.Rules.load_json(rules_json)
rules = policy.Rules.load(rules_json)
self.enforcer.set_rules(rules)
action = 'cloudwatch:PutMetricData'
creds = {'roles': ''}
@ -322,7 +327,7 @@ class EnforcerTest(base.PolicyBaseTestCase):
"deny_stack_user": "not role:stack_user",
"cloudwatch:PutMetricData": ""
})
rules = policy.Rules.load_json(rules_json)
rules = policy.Rules.load(rules_json)
default_rule = _checks.TrueCheck()
enforcer = policy.Enforcer(self.conf, default_rule=default_rule)
enforcer.set_rules(rules)