This repo was created by accident, use deb-python-oslo.policy
instead.
Needed-By: I1ac1a06931c8b6dd7c2e73620a0302c29e605f03
Change-Id: I81894aea69b9d09b0977039623c26781093a397a
This reverts commit 5273d2c3a1.
The commit in question more nearly doubles the .testrepository runs:
-rw------- 1 stack stack 50M Aug 9 05:29 0
-rw------- 1 stack stack 36M Aug 9 05:46 1
0 == keystone py27 with olso.policy 1.13.0
1 == keystone py27 with olso.policy 1.12.0
This can be seen in the gate[1][2]. Revert the debuging change until it can be
off by defult and used when needed.
[1] http://logs.openstack.org/97/350197/2/check/gate-cross-keystone-python27-db-ubuntu-xenial/16c26fa/console.html#_2016-08-08_22_53_48_974404
[2] And it's preventing olso.policy 1.13.0 being used in upper-constraints.txt
Change-Id: I19a73e8935976cc98398665306cc104b66719951
The policy enforcement by user_id on some of API resources was untested.
This patch adds note about not all API resource support policy
enforcement by user_id or project_id.
Discussion:
http://lists.openstack.org/pipermail/openstack-operators/2016-May/010528.html
Change-Id: I6e5c77981d7acbee73ebf10b6d8bdecab4e83bb3
Now that policy rules can be registered in code there is a desire to run
projects without a policy file. However oslo.policy assumed a policy
file would exist and would raise an error if it could not be found. This
changes that behavior to not error if a policy file is not found.
Because there are now tools which can generate policy files which list
the defaults, or list the effective policy there is no requirement that
a policy file be used in order to examine the policy that is in use. So
it should be possible to run without one.
Change-Id: Ia82df77f7a65aa1f3e3eaa7ed949103fa73fb603
Replaced all slashes in the paths with os.path.join,
so that they are compatible with Windows and Linux.
Change-ID: I04125bb3305f695e156e901543393abfae527acc
Now that there is a passing gate job, we can claim support for
Python 3.5 in the classifier. This patch also adds the convenience
py35 venv.
Change-Id: I712c4e32e4db3e5ef826c69a11b8c3338753906f
The oslopolicy-policy-generator script was configured to use a method
named genarate_policy. Unfortunately that method does not exist but
there is one called generate_policy. This fixes the mistake.
Change-Id: I04125bb3305f695e156e901543393abfae527a09
The tests for policy sample generation were replacing
stevedore.named.NamedExtensionManager with a mock. This allows tests to
form a mock with a different api than NamedExtensionManager and run code
against that, which may pass the test and then fail when a real
NamedExtensionManager is used. Instead a
NamedExtensionManager.make_test_instance() should be returned which
enforces the same api as NamedExtensionManager and would cause a test
failure if used improperly.
Change-Id: I6db1b92fd90956f727a6422524623aee73f8c416
This adds two helper scripts that consuming projects can use to get
information that helps deployers.
The oslopolicy-policy-generator script looks at an entry_point for a
configured policy.Enforcer and outputs a yaml formatted policy file for
that configuration. This is a merge of registered rules and configured
rules.
The oslopolicy_list_redundant script looks at an entry_point for a
configured policy.Enforcer and outputs a yaml formatted policy file with
a list of policies where the registered default matches the project
configuration. These are policies that can be removed from the
configuration file(s) without affecting policy.
Change-Id: Ibe4e6c9288768bcc8f532e384524580c57e58275
Implements: bp policy-sample-generation
This adds a console script to oslo.policy that will output a sample
policy file in yaml format. It works by looking at the configured
namespace(s) under an 'oslo.policy.policies' entry point. A method, or
methods, should be provided which return a list of
oslo_policy.policy.RuleDefault objects.
To use this script add an entry to setup.cfg in a project with something
like:
oslo.policy.policies =
nova.api = nova.api.opts:list_policies
list_policies should be a method which returns a list of
oslo_policy.policy.RuleDefault objects.
Then run it like:
oslopolicy-sample-generator --namespace nova.api
--output-file can also be specified, or those options can be configured
in a file which can be specified with --config-file.
Change-Id: If25d48313b91a6610119220e13f635c6e28b2a59
Partially-Implements: bp policy-sample-generation
There are occasions when comparing two RuleDefault objects is needed.
Rather than embedding the logic at the comparison site it's preferable
to let the object know how to compare itself to another.
Change-Id: I2eae5665fdecd6638e84f577b506314f7bc03fd3
A new RuleDefault class has been added which can be used to register
policies that will be used by a consumer of oslo.policy. These policies
are merged with those defined in policy files, with the file definitions
overriding the defaults
Registering a policy with the same name twice is considered an error and
will raise a DuplicateRuleDefaultError exception.
To facilitate projects wishing to ensure that all policies are
registered before use an authorize method has been added which errors
when checking an unregistered policy. If the policy has been registered
then the enforce method is called in the normal manner.
Change-Id: I3b6423aeed8ae80e8bf73dbda0f63ef379ccef43
Implements: bp policy-in-code
The Rules.load_json function now supports loading YAML and is not
limited to JSON. As such, the name is changed to load(). The old
name remains but is deprecated.
bp policy-yaml
Change-Id: I8c71d1a566779f1641106a996ebbc9551e2f05e3
Follow new infra setup for translations, see spec
http://specs.openstack.org/openstack-infra/infra-specs/specs/translation_setup.html
for full details.
This basically renames
oslo.policy/locale/oslo.policy.pot to
oslo_policy/locale/oslo_policy.pot. For this we need to update
setup.cfg.
Update also domain name in i18n.py.
The project has no translations currently, let's remove the outdated
pot file, the updated scripts work without them. So, we can just
delete the file and once there are translations, an updated pot file
together with translations can be imported automatically.
Change-Id: I9ca723834b1634a9ed965a92724d72fefc15e0d2