Expose a get_enforcer method for oslo.policy scripts

Because we have policy in code, we should be able to use the oslo.policy CLI scripts to produce sample policy files and render complete policies based on overrides on disk. This was broken because Congress did not properly expose the appropriate end point. This commit exposes a get_enforcer() that substitutes an empty list in place of arguments passed in through the system. Based on: https://review.openstack.org/#/c/530828/ Change-Id: Ia5f1f949b2dc97cce4227a8dd6819b4354867b97 Closes-Bug: 1793343
2018-09-25 17:31:00 -07:00 · 2018-09-25 17:31:00 -07:00 · 9388e37b92
parent d5424aec5f
commit 9388e37b92
2 changed files with 9 additions and 0 deletions
--- a/congress/common/policy.py
+++ b/congress/common/policy.py
@ -71,6 +71,12 @@ def set_rules(rules, overwrite=True, use_conf=False):
    _ENFORCER.set_rules(rules, overwrite, use_conf)


+def get_enforcer():
+    cfg.CONF([], project='congress')
+    init()
+    return _ENFORCER
+
+
 def enforce(context, action, target, do_raise=True, exc=None):
    """Verifies that the action is valid on the target in this context.

--- a/setup.cfg
+++ b/setup.cfg
@ -44,6 +44,9 @@ oslo.policy.policies =
    # the default defined polices.
    congress = congress.common.policies:list_rules

+oslo.policy.enforcer =
+    congress = congress.common.policy:get_enforcer
+
 console_scripts =
    congress-server = congress.server.congress_server:main
    congress-db-manage = congress.db.migration.cli:main