Merge "Implement basic policy module in code"

etc/oslo-config-generator/zaqar-policy-generator.conf

@@ -0,0 +1,3 @@
+[DEFAULT]
+output_file = etc/zaqar.policy.yaml.sample
+namespace = zaqar

etc/policy.json.sample

@@ -1,6 +1,4 @@
 {
-    "context_is_admin": "role:admin",
-    "admin_or_owner": "is_admin:True or project_id:%(project_id)s",
     "default": "rule:admin_or_owner",
 
     "queues:get_all": "",

setup.cfg

@@ -87,6 +87,9 @@ zaqar.notification.tasks =
 tempest.test_plugins =
     zaqar_tests = zaqar.tests.tempest_plugin.plugin:ZaqarTempestPlugin
 
+oslo.policy.policies =
+    zaqar = zaqar.common.policies:list_rules
+
 [nosetests]
 where=zaqar/tests
 verbosity=2

tox.ini

@@ -34,6 +34,10 @@ commands = flake8
 commands =
   oslo-config-generator --config-file etc/oslo-config-generator/zaqar.conf
 
+[testenv:genpolicy]
+commands =
+  oslopolicy-sample-generator --config-file etc/oslo-config-generator/zaqar-policy-generator.conf
+
 [testenv:cover]
 commands =
   python setup.py testr --coverage \

zaqar/common/policies/__init__.py

@@ -0,0 +1,21 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import itertools
+
+from zaqar.common.policies import base
+
+
+def list_rules():
+    return itertools.chain(
+        base.list_rules()
+    )

zaqar/common/policies/base.py

@@ -0,0 +1,31 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from oslo_policy import policy
+
+ROLE_ADMIN = 'role:admin'
+RULE_ADMIN_OR_OWNER = 'is_admin:True or project_id:%(project_id)s'
+
+rules = [
+    policy.RuleDefault(
+        name='context_is_admin',
+        check_str=ROLE_ADMIN
+    ),
+    policy.RuleDefault(
+        name='admin_or_owner',
+        check_str=RULE_ADMIN_OR_OWNER
+    )
+]
+
+
+def list_rules():
+    return rules

zaqar/transport/acl.py

@@ -18,6 +18,8 @@ import functools
 
 from oslo_policy import policy
 
+from zaqar.common import policies
+
 ENFORCER = None
 
 
@@ -25,6 +27,11 @@ def setup_policy(conf):
     global ENFORCER
 
     ENFORCER = policy.Enforcer(conf)
+    register_rules(ENFORCER)
+
+
+def register_rules(enforcer):
+    enforcer.register_defaults(policies.list_rules())
 
 
 def enforce(rule):