Move roles initialization to individual modules

Roles constants were initialized before the configuration file was
parsed. The result was that default values were always used. This commit
moves roles constants initialization to the modules where they are used.

Change-Id: I87406c320e5a403126a9c9c9a258390851f50056
Story: 2002541
Task: 22099

monasca_api/policies/__init__.py

@@ -16,7 +16,6 @@
 import os
 import pkgutil
 
-
 from oslo_config import cfg
 from oslo_log import log
 from oslo_utils import importutils
@@ -35,13 +34,6 @@ def roles_list_to_check_str(roles_list):
 
 security.register_opts(CONF)
 
-HEALTHCHECK_ROLES = roles_list_to_check_str(cfg.CONF.security.healthcheck_roles)
-VERSIONS_ROLES = roles_list_to_check_str(cfg.CONF.security.versions_roles)
-DEFAULT_AUTHORIZED_ROLES = roles_list_to_check_str(cfg.CONF.security.default_authorized_roles)
-READ_ONLY_AUTHORIZED_ROLES = roles_list_to_check_str(cfg.CONF.security.read_only_authorized_roles)
-AGENT_AUTHORIZED_ROLES = roles_list_to_check_str(cfg.CONF.security.agent_authorized_roles)
-DELEGATE_AUTHORIZED_ROLES = roles_list_to_check_str(cfg.CONF.security.delegate_authorized_roles)
-
 
 def load_policy_modules():
     """Load all modules that contain policies.

monasca_api/policies/alarms.py

@@ -12,10 +12,16 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 
+from oslo_config import cfg
 from oslo_policy import policy
 
-from monasca_api.policies import DEFAULT_AUTHORIZED_ROLES
-from monasca_api.policies import READ_ONLY_AUTHORIZED_ROLES
+from monasca_api import policies
+
+CONF = cfg.CONF
+DEFAULT_AUTHORIZED_ROLES = policies.roles_list_to_check_str(
+    cfg.CONF.security.default_authorized_roles)
+READ_ONLY_AUTHORIZED_ROLES = policies.roles_list_to_check_str(
+    cfg.CONF.security.read_only_authorized_roles)
 
 rules = [
     policy.DocumentedRuleDefault(

monasca_api/policies/delegate.py

@@ -12,9 +12,13 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 
+from oslo_config import cfg
 from oslo_policy import policy
 
-from monasca_api.policies import DELEGATE_AUTHORIZED_ROLES
+from monasca_api import policies
+
+DELEGATE_AUTHORIZED_ROLES = policies.roles_list_to_check_str(
+    cfg.CONF.security.delegate_authorized_roles)
 
 rules = [
     policy.RuleDefault(

monasca_api/policies/healthcheck.py

@@ -12,9 +12,13 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 
+from oslo_config import cfg
 from oslo_policy import policy
 
-from monasca_api.policies import HEALTHCHECK_ROLES
+from monasca_api import policies
+
+CONF = cfg.CONF
+HEALTHCHECK_ROLES = policies.roles_list_to_check_str(cfg.CONF.security.healthcheck_roles)
 
 rules = [
     policy.DocumentedRuleDefault(

monasca_api/policies/metrics.py

@@ -12,12 +12,17 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 
+from oslo_config import cfg
 from oslo_policy import policy
 
-from monasca_api.policies import AGENT_AUTHORIZED_ROLES
-from monasca_api.policies import DEFAULT_AUTHORIZED_ROLES
-from monasca_api.policies import READ_ONLY_AUTHORIZED_ROLES
+from monasca_api import policies
 
+CONF = cfg.CONF
+DEFAULT_AUTHORIZED_ROLES = policies.roles_list_to_check_str(
+    cfg.CONF.security.default_authorized_roles)
+READ_ONLY_AUTHORIZED_ROLES = policies.roles_list_to_check_str(
+    cfg.CONF.security.read_only_authorized_roles)
+AGENT_AUTHORIZED_ROLES = policies.roles_list_to_check_str(cfg.CONF.security.agent_authorized_roles)
 
 rules = [
     policy.DocumentedRuleDefault(

monasca_api/policies/notifications.py

@@ -12,11 +12,16 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 
+from oslo_config import cfg
 from oslo_policy import policy
 
-from monasca_api.policies import DEFAULT_AUTHORIZED_ROLES
-from monasca_api.policies import READ_ONLY_AUTHORIZED_ROLES
+from monasca_api import policies
 
+CONF = cfg.CONF
+DEFAULT_AUTHORIZED_ROLES = policies.roles_list_to_check_str(
+    cfg.CONF.security.default_authorized_roles)
+READ_ONLY_AUTHORIZED_ROLES = policies.roles_list_to_check_str(
+    cfg.CONF.security.read_only_authorized_roles)
 
 rules = [
     policy.DocumentedRuleDefault(

monasca_api/policies/versions.py

@@ -12,9 +12,13 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 
+from oslo_config import cfg
 from oslo_policy import policy
 
-from monasca_api.policies import VERSIONS_ROLES
+from monasca_api import policies
+
+CONF = cfg.CONF
+VERSIONS_ROLES = policies.roles_list_to_check_str(cfg.CONF.security.versions_roles)
 
 rules = [
     policy.DocumentedRuleDefault(