Merge "Simplify logic in get_enforcer"
This commit is contained in:
commit
b25bd1b16a
|
@ -16,7 +16,6 @@
|
|||
"""Policy Engine For Nova."""
|
||||
import copy
|
||||
import re
|
||||
import sys
|
||||
|
||||
from oslo_config import cfg
|
||||
from oslo_log import log as logging
|
||||
|
@ -208,21 +207,9 @@ def register_rules(enforcer):
|
|||
|
||||
|
||||
def get_enforcer():
|
||||
# This method is for use by oslopolicy CLI scripts. Those scripts need the
|
||||
# 'output-file' and 'namespace' options, but having those in sys.argv means
|
||||
# loading the Nova config options will fail as those are not expected to
|
||||
# be present. So we pass in an arg list with those stripped out.
|
||||
conf_args = []
|
||||
# Start at 1 because cfg.CONF expects the equivalent of sys.argv[1:]
|
||||
i = 1
|
||||
while i < len(sys.argv):
|
||||
if sys.argv[i].strip('-') in ['namespace', 'output-file']:
|
||||
i += 2
|
||||
continue
|
||||
conf_args.append(sys.argv[i])
|
||||
i += 1
|
||||
|
||||
cfg.CONF(conf_args, project='nova')
|
||||
# This method is used by oslopolicy CLI scripts in order to generate policy
|
||||
# files from overrides on disk and defaults in code.
|
||||
cfg.CONF([], project='nova')
|
||||
init()
|
||||
return _ENFORCER
|
||||
|
||||
|
|
|
@ -16,6 +16,7 @@
|
|||
"""Test of Policy Engine For Nova."""
|
||||
|
||||
import os.path
|
||||
import subprocess
|
||||
|
||||
import mock
|
||||
from oslo_policy import policy as oslo_policy
|
||||
|
@ -472,3 +473,18 @@ class RealRolePolicyTestCase(test.NoDBTestCase):
|
|||
self.admin_or_owner_rules +
|
||||
self.allow_all_rules + special_rules)
|
||||
self.assertEqual(set([]), result)
|
||||
|
||||
|
||||
class GeneratePolicyFileTestCase(test.NoDBTestCase):
|
||||
|
||||
def test_policy_generator_from_command_line(self):
|
||||
# This test ensures nova.policy:get_enforcer ignores unexpected
|
||||
# arguments before handing them off to oslo.config, which will fail and
|
||||
# prevent users from generating policy files.
|
||||
ret_val = subprocess.Popen(
|
||||
['oslopolicy-policy-generator', '--namespace', 'nova'],
|
||||
stdout=subprocess.PIPE,
|
||||
stderr=subprocess.PIPE
|
||||
)
|
||||
ret_val.communicate()
|
||||
self.assertEqual(0, ret_val.returncode)
|
||||
|
|
Loading…
Reference in New Issue