Skip to content

Commit

Permalink
Merge pull request #1292 from pshchelo/policy-enforcer
Browse files Browse the repository at this point in the history 
Add oslo.policy.enforcer entry point
  • Loading branch information
@mergify
mergify[bot] authored Feb 1, 2023
2 parents 0221178 + 616b15b commit eaa83d6
Show file tree
Hide file tree
Showing 3 changed files with 18 additions and 3 deletions.
4 changes: 1 addition & 3 deletions gnocchi/rest/app.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,6 @@

import daiquiri
from oslo_middleware import cors
from oslo_policy import policy
from paste import deploy
import pecan
from pecan import jsonify
Expand Down Expand Up @@ -52,8 +51,7 @@ class GnocchiHook(pecan.hooks.PecanHook):
def __init__(self, conf):
self.backends = {}
self.conf = conf
self.policy_enforcer = policy.Enforcer(conf)
self.policy_enforcer.register_defaults(policies.list_rules())
self.policy_enforcer = policies.init(conf)
self.auth_helper = driver.DriverManager("gnocchi.rest.auth_helper",
conf.api.auth_mode,
invoke_on_load=True).driver
Expand Down
14 changes: 14 additions & 0 deletions gnocchi/rest/policies.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
# under the License.


from oslo_config import cfg
from oslo_policy import policy

ADMIN = "role:admin"
Expand Down Expand Up @@ -412,3 +413,16 @@ def list_rules():
+ resource_rules + resource_type_rules \
+ archive_policy_rules + archive_policy_rule_rules \
+ metric_rules + measure_rules


def init(conf):
policy_enforcer = policy.Enforcer(conf)
policy_enforcer.register_defaults(list_rules())
return policy_enforcer


def get_enforcer():
# This method is used by oslopolicy CLI scripts in order to generate policy
# files from overrides on disk and defaults in code.
cfg.CONF([], project='gnocchi')
return init(cfg.CONF)
3 changes: 3 additions & 0 deletions setup.cfg
View file
Original file line number Diff line number Diff line change
Expand Up @@ -160,6 +160,9 @@ oslo.config.opts.defaults =
oslo.policy.policies =
gnocchi = gnocchi.rest.policies:list_rules

oslo.policy.enforcer =
gnocchi = gnocchi.rest.policies:get_enforcer

[build_sphinx]
all_files = 1
build-dir = doc/build
Expand Down

0 comments on commit eaa83d6

Please sign in to comment.