Commit Graph

69 Commits

Author SHA1 Message Date
Ghanshyam Mann 5180e9674f Add policy file selection logic when default changing to yaml
As part of community goal[1], each services are changing the default
value of 'CONF.oslo_policy.policy_file' config option from 'policy.json'
to 'policy.yaml'. oslo policy select the default value from
CONF.oslo_policy.policy_file which will be policy.yaml as service will
start changing the default. To avoid breaking the existing deployment which
are relying on old default (policy.json) file, a new fallback logic
is implemented. If new default file 'policy.yaml' does not exist but old
default 'policy.json' exist then fallback to use old default file.

Each services are going to add upgrade checks and warnings for using JSON
formatted policy file so in future we cna remove this fallback logic.

This logic was done in nova in Victoria cycle when nova changed the
default value - https://review.opendev.org/#/c/748059/ . Moving this
to oslo policy side will avoid the duplication on services side.

Also it provides a flag to disable this fallback.

[1] https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html

Change-Id: If72b2fcc3cfd8116b575ed7b9e3870df634fd9af
2020-11-19 11:30:23 -06:00
haixin 298c86f1e6 Remove all usage of six library
Replace six with Python 3 style code.

Change-Id: I3d0c35e237484409d8410601ec482fac0dacf30d
2020-10-06 15:56:50 +08:00
Ghanshyam Mann 9ae15390da [goal] Migrate testing to ubuntu focal
As per victoria cycle testing runtime and community goal[1]
we need to migrate upstream CI/CD to Ubuntu Focal(20.04).

Fixing:
- bug#1886298
Bump the lower constraints for required deps which added python3.8 support
in their later version.


Story: #2007865
Task: #40207

Closes-Bug: #1886298

[1] https://governance.openstack.org/tc/goals/selected/victoria/migrate-ci-cd-jobs-to-ubuntu-focal.h>

Change-Id: I97072055f880915cef6c5c2f0210730e7bbe5119
2020-09-11 00:18:17 +00:00
Arthur Dayne 8ce161986a Bump oslo.utils to 3.40.0
Because the bug #1804528 has been fixed in oslo.utils,
we need to add an explicit dependency on oslo.utils to
support removing "the conversion to dict" code snippet in
oslo.policy.For more details please refer to
https://review.opendev.org/#/c/717191

Change-Id: I4eb614dcb194d4f2668ba2259e624f850e0f1dfd
2020-04-07 16:08:24 +08:00
Lance Bragstad 7a2d79eafc Add domain scope support for scope types
This commit makes it easier for services to protect APIs meant for
domain-only operations. It does this by making "domain-scope" an
official scope type to check for during policy enforcement.

A good example of where this would be useful is protecting the user
API in keystone, since user's are technically owned by domains.

This commit bumps the version of oslo.context to 2.22.0, which also
has domain support.

Depends-On: https://review.openstack.org/#/c/613635/

Change-Id: Ifc83a5f261bc823060eca5c4d0a4bf07966794c4
2018-11-30 14:52:36 +00:00
Lance Bragstad 775641a5fc Teach Enforcer.enforce to deal with context objects
The ``creds`` dictionary passed into oslo.policy's enforce() method
assumes a lot of the same values already specified by oslo.context
RequestContext objects.

This commit teaches enforce() to handle being passed an instance of
a RequestContext object, and populate credential values accordingly.

Change-Id: Ia74bf6c40b1e05a1c958f4325e00f68be28d91b9
Closes-Bug: 1779172
2018-07-09 16:46:57 +00:00
OpenStack Proposal Bot d759f90b9b Updated from global requirements
Change-Id: Iff836145c26a9e27410d78c9163086753c271cd6
2018-03-15 07:49:45 +00:00
OpenStack Proposal Bot d0cdcd4a16 Updated from global requirements
Change-Id: If5a8a7fbcd9620cd43be1363a202bde3640bd9db
2017-11-29 09:15:26 +00:00
OpenStack Proposal Bot 5956388d8f Updated from global requirements
Change-Id: I685a9203d523496b58a606873c0772ee5309f59a
2017-11-16 11:21:38 +00:00
OpenStack Proposal Bot e9d5557134 Updated from global requirements
Change-Id: Id83e8012e9dd8683a2dc69c3629cb2748a154a57
2017-09-11 21:28:23 +00:00
OpenStack Proposal Bot 067250f74d Updated from global requirements
Change-Id: Ia721dd1e8016f1c9d51f3299575a570a3b65ba95
2017-08-18 11:40:12 +00:00
OpenStack Proposal Bot 864042c23e Updated from global requirements
Change-Id: Id1100b5b4359cb38dc4095320a315829d30e4383
2017-07-18 01:54:59 +00:00
OpenStack Proposal Bot 04c3063aa3 Updated from global requirements
Change-Id: I91e2b2df6e86ebf6bee02390e8c96f4ed95ecc04
2017-06-15 16:33:03 +00:00
OpenStack Proposal Bot b5beeb645e Updated from global requirements
Change-Id: I1eceb9d8e5511fd90f2433ad66411a7d0729fb88
2017-06-10 21:46:54 +00:00
OpenStack Proposal Bot b4be783c23 Updated from global requirements
Change-Id: Iec0d81fc4369a7ca723811d051aa34076c0d2af6
2017-06-02 02:35:09 +00:00
OpenStack Proposal Bot 2a8d18adde Updated from global requirements
Change-Id: I022c69ec40b2f4744c2907233e9ae5425520416c
2017-05-23 12:27:37 +00:00
OpenStack Proposal Bot b2d6455ad7 Updated from global requirements
Change-Id: I0a6fa7102dcfef90f141c174eb7a243f10a1930f
2017-03-15 04:26:36 +00:00
OpenStack Proposal Bot 3c3261c072 Updated from global requirements
Change-Id: I5ce59cfc43b51e5cc27f16844c5375a22825ad62
2017-03-03 03:07:08 +00:00
OpenStack Proposal Bot 0a5112c26d Updated from global requirements
Change-Id: I53ee1c69ec2c3b3c65cc76ce7a8d7af983675342
2017-02-11 17:50:32 +00:00
OpenStack Proposal Bot d2b52ea815 Updated from global requirements
Change-Id: I5db9bd40c586abba6e072e35b3ad0b39dbb22ad9
2016-12-02 05:12:24 +00:00
OpenStack Proposal Bot b32f6c87d4 Updated from global requirements
Change-Id: Ia02e8c9f16319d23913123ed46fac0686a48fc95
2016-10-27 12:21:19 +00:00
Tony Xu d615913ae5 Add stevedore to requirements
This module is be used in:
oslo_policy/generator.py
oslo_policy/tests/test_generator.py

Change-Id: I613043aeab7825bac44bbb1b20d984c7c9a20ce8
2016-10-25 11:01:25 +08:00
OpenStack Proposal Bot e4ecd85eb0 Updated from global requirements
Change-Id: Ibadfbceb8a8548f7aeb9d2320feb938869437334
2016-09-30 20:05:04 +00:00
Tony Xu e0999c25bb Remove oslo.utils from requirements
unused import

Change-Id: I047819ab59d0b79a222d5517b8d24c84b09a279f
2016-09-22 13:58:34 +08:00
OpenStack Proposal Bot 1d2b26d7b5 Updated from global requirements
Change-Id: Ib4398ab22db8930d9ac4cf08f36b31dea8b1a1b6
2016-08-04 02:40:49 +00:00
OpenStack Proposal Bot 10a81baefa Updated from global requirements
Change-Id: I924b370ccf0af8350c2db6fa84bff2eaa79e27da
2016-07-29 02:33:58 +00:00
OpenStack Proposal Bot cbb0824b56 Updated from global requirements
Change-Id: I295cbacfcf5e68b811920992a13d22435601683f
2016-07-09 19:25:58 +00:00
OpenStack Proposal Bot d0d39a4618 Updated from global requirements
Change-Id: I92f5e86ef3a0a14eb55e0d4cc1134d2ec33da54d
2016-07-09 03:16:17 +00:00
OpenStack Proposal Bot a7a51bc1c9 Updated from global requirements
Change-Id: I929f57c4d6c72df0386ea87ae1edd49d1e2ae16f
2016-06-30 18:48:30 +00:00
OpenStack Proposal Bot 88bcd97575 Updated from global requirements
Change-Id: Ia206c725686347c3ce63cfe91e644296fc3813eb
2016-06-03 18:18:06 +00:00
OpenStack Proposal Bot 8c3acab47b Updated from global requirements
Change-Id: Id3d3d8966f256009c33636b9169e0f286776d178
2016-06-01 13:53:18 +00:00
OpenStack Proposal Bot 3e7f7d4ec4 Updated from global requirements
Change-Id: I93d7566f51b01576d70c3eba0434c298166f2846
2016-05-31 03:05:24 +00:00
OpenStack Proposal Bot f5ee730a64 Updated from global requirements
Change-Id: Iddbee6964b25bbd03ff4f0a51eb6f2c1e04bf699
2016-05-17 18:05:10 +00:00
OpenStack Proposal Bot 93aee73d37 Updated from global requirements
Change-Id: I110883319216fefb1fc8cb8ae663eb946d78d062
2016-04-28 16:16:13 +00:00
Jenkins 3e9883ada7 Merge "Support policy file in YAML" 2016-04-24 22:20:07 +00:00
OpenStack Proposal Bot fa3a368d77 Updated from global requirements
Change-Id: I8486efae93766132cc0d9e12795422bd4befddf5
2016-04-07 17:13:19 +00:00
OpenStack Proposal Bot e0db3415d3 Updated from global requirements
Change-Id: Idf80333c78658a6708ba7069d25ae3424965e887
2016-02-26 01:52:30 +00:00
Brant Knudson 83d209e9ed Support policy file in YAML
YAML provides the advantage of being able to add comments.

bp policy-yaml

Change-Id: Ic6236665f2d55b24a56a99120ac57fc2b18e32eb
2016-02-22 13:17:35 -06:00
OpenStack Proposal Bot 5fb13edfe6 Updated from global requirements
Change-Id: I40e90130045e9601028807fd3bc029ac7ad9a530
2016-02-20 21:59:38 +00:00
OpenStack Proposal Bot d587463d3a Updated from global requirements
Change-Id: I87b2cad535486a05279d17f470d301471a3b4ff6
2016-01-26 23:28:00 +00:00
OpenStack Proposal Bot a7113ecf61 Updated from global requirements
Change-Id: I7c55cc8ad63473f7a16b56f4c0e12ea828da2a4d
2016-01-23 10:34:54 +00:00
OpenStack Proposal Bot a5b47968e9 Updated from global requirements
Change-Id: Ida373b1c101c3ff024e39511f4650ab422e344b1
2016-01-18 22:45:04 +00:00
OpenStack Proposal Bot d5b2dee8a2 Updated from global requirements
Change-Id: Ia8fce74c2caa158ac80a01ab68a15b85fbe4c085
2016-01-16 03:31:20 +00:00
OpenStack Proposal Bot 127d4f94c2 Updated from global requirements
Change-Id: If4a098972ef7d454ba99fe668d4226f0e27c58a6
2016-01-06 23:18:39 +00:00
OpenStack Proposal Bot 4a19048092 Updated from global requirements
Change-Id: Ib8a4ed4e5e704abd7d328ddb7c1ddb9914939382
2015-12-15 18:59:15 +00:00
OpenStack Proposal Bot c9c96f5319 Updated from global requirements
Change-Id: I0d653df68c2db025f73b3020d9cff7ecb62b8cbd
2015-12-11 15:24:13 +00:00
OpenStack Proposal Bot 802cf01732 Updated from global requirements
Change-Id: If27d199c8180acb51c754d6ec220ee875ede6185
2015-11-27 22:41:23 +00:00
OpenStack Proposal Bot 50585917ee Updated from global requirements
Change-Id: I83945e4206d63cecb2d0df8961c943735df8c864
2015-11-19 16:00:29 +00:00
OpenStack Proposal Bot 80974edc63 Updated from global requirements
Change-Id: I79756e653cdb5fdc22be11d1df386d9d6a69a3c4
2015-10-23 18:48:56 +00:00
OpenStack Proposal Bot cb56a2f6bf Updated from global requirements
Change-Id: Ic0ff7fdc74d0b4eeccc4fbe2d20539f79195840b
2015-10-19 23:32:03 +00:00