Merge "Simplify logic in get_enforcer"

2018-10-30 22:43:50 +00:00 · 2018-10-30 22:43:50 +00:00 · b25bd1b16a
parent 7f85d4b1ff 6244a44278
commit b25bd1b16a
2 changed files with 19 additions and 16 deletions
--- a/nova/policy.py
+++ b/nova/policy.py
@ -16,7 +16,6 @@
 """Policy Engine For Nova."""
 import copy
 import re
-import sys

 from oslo_config import cfg
 from oslo_log import log as logging
@ -208,21 +207,9 @@ def register_rules(enforcer):


 def get_enforcer():
-    # This method is for use by oslopolicy CLI scripts. Those scripts need the
-    # 'output-file' and 'namespace' options, but having those in sys.argv means
-    # loading the Nova config options will fail as those are not expected to
-    # be present. So we pass in an arg list with those stripped out.
-    conf_args = []
-    # Start at 1 because cfg.CONF expects the equivalent of sys.argv[1:]
-    i = 1
-    while i < len(sys.argv):
-        if sys.argv[i].strip('-') in ['namespace', 'output-file']:
-            i += 2
-            continue
-        conf_args.append(sys.argv[i])
-        i += 1
-
-    cfg.CONF(conf_args, project='nova')
+    # This method is used by oslopolicy CLI scripts in order to generate policy
+    # files from overrides on disk and defaults in code.
+    cfg.CONF([], project='nova')
    init()
    return _ENFORCER

--- a/nova/tests/unit/test_policy.py
+++ b/nova/tests/unit/test_policy.py
@ -16,6 +16,7 @@
 """Test of Policy Engine For Nova."""

 import os.path
+import subprocess

 import mock
 from oslo_policy import policy as oslo_policy
@ -472,3 +473,18 @@ class RealRolePolicyTestCase(test.NoDBTestCase):
            self.admin_or_owner_rules +
            self.allow_all_rules + special_rules)
        self.assertEqual(set([]), result)
+
+
+class GeneratePolicyFileTestCase(test.NoDBTestCase):
+
+    def test_policy_generator_from_command_line(self):
+        # This test ensures nova.policy:get_enforcer ignores unexpected
+        # arguments before handing them off to oslo.config, which will fail and
+        # prevent users from generating policy files.
+        ret_val = subprocess.Popen(
+            ['oslopolicy-policy-generator', '--namespace', 'nova'],
+            stdout=subprocess.PIPE,
+            stderr=subprocess.PIPE
+        )
+        ret_val.communicate()
+        self.assertEqual(0, ret_val.returncode)