openstack/oslo.policy
Code Issues Proposed changes
c474b36793
oslo.policy/oslo_policy/shell.py
Sami Makki 98bc1354e2 Remove dead code and use default value of argparse. 
In the 'tool' method, the var 'apply_rule' was tested, and the
method returned if it was true. Then, it was tested again even
though it could only be 'false' (or not be None).
Also, an unused parameter of main() had been removed.

Closes-Bug #1650599
Change-Id: I4b265ef609d4a5fc8128f40359cf8d04ee8cbe28
Signed-off-by: Sami Makki <mail@samimakki.fr>
2017-01-02 11:21:44 +01:00

93 lines
2.6 KiB
Python
Raw Blame History

#!/usr/bin/env python
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import argparse
import sys
from oslo_serialization import jsonutils
from oslo_policy import policy
def _try_rule(key, rule, target, access_data, o):
try:
result = rule(target, access_data, o)
if result:
print("passed: %s" % key)
else:
print("failed: %s" % key)
except Exception as e:
print(e)
print("exception: %s" % rule)
def tool(policy_file, access_file, apply_rule, is_admin=False):
access = access_file.read()
access_data = jsonutils.loads(access)['token']
access_data['roles'] = [role['name'] for role in access_data['roles']]
access_data['project_id'] = access_data['project']['id']
access_data['is_admin'] = is_admin
policy_data = policy_file.read()
rules = policy.Rules.load(policy_data, "default")
class Object(object):
pass
o = Object()
o.rules = rules
target = {"project_id": access_data['project_id']}
if apply_rule:
key = apply_rule
rule = rules[apply_rule]
_try_rule(key, rule, target, access_data, o)
return
for key, rule in rules.items():
if ":" in key:
_try_rule(key, rule, target, access_data, o)
def main():
parser = argparse.ArgumentParser(sys.argv[0])
parser.add_argument(
'--policy',
required=True,
type=argparse.FileType('rb', 0),
help='path to a policy file')
parser.add_argument(
'--access',
required=True,
type=argparse.FileType('rb', 0),
help='path to a file containing OpenStack Identity API' +
' access info in JSON format')
parser.add_argument(
'--rule',
help='rule to test')
parser.add_argument(
'--is_admin',
help='set is_admin=True on the credentials used for the evaluation')
args = parser.parse_args()
try:
is_admin = args.is_admin.lower() == "true"
except Exception:
is_admin = False
tool(args.policy, args.access, args.rule, is_admin)
if __name__ == "__main__":
sys.exit(main())
View Git Blame Copy Permalink