Fix default policy rules registration
The constants used for configuring default policy rules were initialized before configuration file was parsed. As the result the configuration options in 'roles_middleware' group didn't have effect on registered policy rules. The behavior can be reproduced in devstack plugin where monasca-log-agent using 'monasca-agent' role is not authorized to send logs to the API. The change postpones the initilization of these constants. Additionally obsolete 'roles' filter was removed from the paste pipelines. Change-Id: I0ca38f2cc7d63b9b47eedb304ba7b00a94816f9a Story: 2001233 Task: 24250
This commit is contained in:
parent
8b6582d8d4
commit
7d40e5d5c2
|
@ -32,10 +32,10 @@ pipeline = error_trap versionapp
|
|||
pipeline = error_trap healthcheckapp
|
||||
|
||||
[pipeline:la_api_v2]
|
||||
pipeline = error_trap request_id auth roles api_v2_app
|
||||
pipeline = error_trap request_id auth api_v2_app
|
||||
|
||||
[pipeline:la_api_v3]
|
||||
pipeline = error_trap request_id auth roles api_v3_app
|
||||
pipeline = error_trap request_id auth api_v3_app
|
||||
|
||||
[app:versionapp]
|
||||
paste.app_factory = monasca_log_api.app.api:create_version_app
|
||||
|
@ -54,9 +54,6 @@ set api_version=v3.0
|
|||
[filter:auth]
|
||||
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
|
||||
|
||||
[filter:roles]
|
||||
paste.filter_factory = monasca_log_api.middleware.role_middleware:RoleMiddleware.factory
|
||||
|
||||
[filter:request_id]
|
||||
paste.filter_factory = oslo_middleware.request_id:RequestId.factory
|
||||
|
||||
|
|
|
@ -16,7 +16,6 @@
|
|||
import os
|
||||
import pkgutil
|
||||
|
||||
|
||||
from oslo_config import cfg
|
||||
from oslo_log import log
|
||||
from oslo_utils import importutils
|
||||
|
@ -38,11 +37,6 @@ def roles_list_to_check_str(roles_list):
|
|||
|
||||
role_middleware.register_opts(CONF)
|
||||
|
||||
DEFAULT_AUTHORIZED_ROLES = roles_list_to_check_str(cfg.CONF.roles_middleware.default_roles)
|
||||
AGENT_AUTHORIZED_ROLES = roles_list_to_check_str(cfg.CONF.roles_middleware.agent_roles)
|
||||
DELEGATE_AUTHORIZED_ROLES = roles_list_to_check_str(cfg.CONF.roles_middleware.delegate_roles)
|
||||
CHECK_AUTHORIZED_ROLES = roles_list_to_check_str(cfg.CONF.roles_middleware.check_roles)
|
||||
|
||||
|
||||
def load_policy_modules():
|
||||
"""Load all modules that contain policies.
|
||||
|
|
|
@ -12,9 +12,13 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_config import cfg
|
||||
from oslo_policy import policy
|
||||
|
||||
from monasca_log_api.policies import CHECK_AUTHORIZED_ROLES
|
||||
from monasca_log_api import policies
|
||||
|
||||
CHECK_AUTHORIZED_ROLES = policies.roles_list_to_check_str(
|
||||
cfg.CONF.roles_middleware.check_roles)
|
||||
|
||||
rules = [
|
||||
policy.DocumentedRuleDefault(
|
||||
|
|
|
@ -12,12 +12,17 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_config import cfg
|
||||
from oslo_policy import policy
|
||||
|
||||
from monasca_log_api.policies import AGENT_AUTHORIZED_ROLES
|
||||
from monasca_log_api.policies import DEFAULT_AUTHORIZED_ROLES
|
||||
from monasca_log_api.policies import DELEGATE_AUTHORIZED_ROLES
|
||||
from monasca_log_api import policies
|
||||
|
||||
DEFAULT_AUTHORIZED_ROLES = policies.roles_list_to_check_str(
|
||||
cfg.CONF.roles_middleware.default_roles)
|
||||
AGENT_AUTHORIZED_ROLES = policies.roles_list_to_check_str(
|
||||
cfg.CONF.roles_middleware.agent_roles)
|
||||
DELEGATE_AUTHORIZED_ROLES = policies.roles_list_to_check_str(
|
||||
cfg.CONF.roles_middleware.delegate_roles)
|
||||
|
||||
rules = [
|
||||
policy.DocumentedRuleDefault(
|
||||
|
|
|
@ -12,10 +12,13 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_config import cfg
|
||||
from oslo_policy import policy
|
||||
|
||||
from monasca_log_api.policies import CHECK_AUTHORIZED_ROLES
|
||||
from monasca_log_api import policies
|
||||
|
||||
CHECK_AUTHORIZED_ROLES = policies.roles_list_to_check_str(
|
||||
cfg.CONF.roles_middleware.check_roles)
|
||||
|
||||
rules = [
|
||||
policy.DocumentedRuleDefault(
|
||||
|
|
Loading…
Reference in New Issue