openstack
/
manila
Code Issues Proposed changes

Use common code within manila.policy module 

Rewrote 'init' and 'reset' functions for using same
functionality from common code of policy enforcer.
Changed path to test policy file, because policy enforcer
uses method of oslo.config 'find_file', that was not used before,
and does not know about test policy file.

Partially-implements blueprint use-common-code
Change-Id: I26ed170d39ed183899ee4420dc04d512cf3172e2
This commit is contained in:
Valeriy Ponomaryov 2014-07-24 06:20:38 -04:00
parent c8112434eb
commit 284936f43b
3 changed files with 25 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
manila/policy.py
View File

@ -16,48 +16,27 @@
"""Policy Engine For Manila"""
import functools
import os.path
from oslo.config import cfg
from manila import exception
from manila.openstack.common import policy
from manila import utils
CONF = cfg.CONF
_ENFORCER = None
_POLICY_PATH = None
_POLICY_CACHE = {}
def reset():
global _POLICY_PATH
global _POLICY_CACHE
global _ENFORCER
_POLICY_PATH = None
_POLICY_CACHE = {}
_ENFORCER = None
if _ENFORCER:
_ENFORCER.clear()
_ENFORCER = None
def init():
global _POLICY_PATH
global _POLICY_CACHE
def init(policy_path=None):
global _ENFORCER
if not _POLICY_PATH:
_POLICY_PATH = CONF.policy_file
if not os.path.exists(_POLICY_PATH):
_POLICY_PATH = utils.find_config(_POLICY_PATH)
if not _ENFORCER:
_ENFORCER = policy.Enforcer(policy_file=_POLICY_PATH)
utils.read_cached_file(_POLICY_PATH, _POLICY_CACHE, reload_func=_set_rules)
def _set_rules(data):
global _ENFORCER
default_rule = CONF.policy_default_rule
_ENFORCER.set_rules(policy.Rules.load_json(
data, default_rule))
_ENFORCER = policy.Enforcer()
if policy_path:
_ENFORCER.policy_path = policy_path
_ENFORCER.load_rules()
def enforce(context, action, target, do_raise=True):

10
manila/tests/conf_fixture.py
View File

@ -14,9 +14,13 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo.config import cfg
import os
CONF = cfg.CONF
from manila.common import config
CONF = config.CONF
_POLICY_PATH = os.path.abspath(os.path.join(CONF.state_path,
'manila/tests/policy.json'))
def set_defaults(conf):
@ -24,7 +28,7 @@ def set_defaults(conf):
conf.set_default('verbose', True)
conf.set_default('connection', "sqlite://", group='database')
conf.set_default('sqlite_synchronous', False)
conf.set_default('policy_file', 'manila/tests/policy.json')
conf.set_default('policy_file', _POLICY_PATH)
conf.set_default('share_export_ip', '0.0.0.0')
conf.set_default('service_instance_user', 'fake_user')
conf.set_default('share_driver',

18
manila/tests/test_policy.py
View File

@ -33,6 +33,7 @@ CONF = cfg.CONF
class PolicyFileTestCase(test.TestCase):
def setUp(self):
super(PolicyFileTestCase, self).setUp()
# since is_admin is defined by policy, create context before reset
@ -40,26 +41,27 @@ class PolicyFileTestCase(test.TestCase):
policy.reset()
self.target = {}
def tearDown(self):
super(PolicyFileTestCase, self).tearDown()
policy.reset()
def test_modified_policy_reloads(self):
with utils.tempdir() as tmpdir:
tmpfilename = os.path.join(tmpdir, 'policy')
self.flags(policy_file=tmpfilename)
action = "example:test"
with open(tmpfilename, "w") as policyfile:
policyfile.write("""{"example:test": []}""")
policy.init(tmpfilename)
policy.enforce(self.context, action, self.target)
with open(tmpfilename, "w") as policyfile:
policyfile.write("""{"example:test": ["false:false"]}""")
# NOTE(vish): reset stored policy cache so we don't have to
# sleep(1)
policy._POLICY_CACHE = {}
self.assertRaises(exception.PolicyNotAuthorized, policy.enforce,
self.context, action, self.target)
policy._ENFORCER.load_rules(True)
self.assertRaises(
exception.PolicyNotAuthorized,
policy.enforce,
self.context,
action,
self.target,
)
class PolicyTestCase(test.TestCase):