Expose a get_enforcer method for oslo.policy scripts
Because we have policy in code, we should be able to use the oslo.policy CLI scripts to produce sample policy files and render complete policies based on overrides on disk. This was broken because Congress did not properly expose the appropriate end point. This commit exposes a get_enforcer() that substitutes an empty list in place of arguments passed in through the system. Based on: https://review.openstack.org/#/c/530828/ Change-Id: Ia5f1f949b2dc97cce4227a8dd6819b4354867b97 Closes-Bug: 1793343
This commit is contained in:
parent
d5424aec5f
commit
9388e37b92
|
@ -71,6 +71,12 @@ def set_rules(rules, overwrite=True, use_conf=False):
|
|||
_ENFORCER.set_rules(rules, overwrite, use_conf)
|
||||
|
||||
|
||||
def get_enforcer():
|
||||
cfg.CONF([], project='congress')
|
||||
init()
|
||||
return _ENFORCER
|
||||
|
||||
|
||||
def enforce(context, action, target, do_raise=True, exc=None):
|
||||
"""Verifies that the action is valid on the target in this context.
|
||||
|
||||
|
|
|
@ -44,6 +44,9 @@ oslo.policy.policies =
|
|||
# the default defined polices.
|
||||
congress = congress.common.policies:list_rules
|
||||
|
||||
oslo.policy.enforcer =
|
||||
congress = congress.common.policy:get_enforcer
|
||||
|
||||
console_scripts =
|
||||
congress-server = congress.server.congress_server:main
|
||||
congress-db-manage = congress.db.migration.cli:main
|
||||
|
|
Loading…
Reference in New Issue