From 8a8f116ec4991184e524b2c4c0dc420b236396d2 Mon Sep 17 00:00:00 2001 From: Witold Bedyk Date: Wed, 13 Jun 2018 15:01:26 +0200 Subject: [PATCH] Move roles initialization to individual modules Roles constants were initialized before the configuration file was parsed. The result was that default values were always used. This commit moves roles constants initialization to the modules where they are used. Change-Id: I87406c320e5a403126a9c9c9a258390851f50056 Story: 2002541 Task: 22099 --- monasca_api/policies/__init__.py | 8 -------- monasca_api/policies/alarms.py | 10 ++++++++-- monasca_api/policies/delegate.py | 6 +++++- monasca_api/policies/healthcheck.py | 6 +++++- monasca_api/policies/metrics.py | 11 ++++++++--- monasca_api/policies/notifications.py | 9 +++++++-- monasca_api/policies/versions.py | 6 +++++- 7 files changed, 38 insertions(+), 18 deletions(-) diff --git a/monasca_api/policies/__init__.py b/monasca_api/policies/__init__.py index efeec4c00..413975193 100644 --- a/monasca_api/policies/__init__.py +++ b/monasca_api/policies/__init__.py @@ -16,7 +16,6 @@ import os import pkgutil - from oslo_config import cfg from oslo_log import log from oslo_utils import importutils @@ -35,13 +34,6 @@ def roles_list_to_check_str(roles_list): security.register_opts(CONF) -HEALTHCHECK_ROLES = roles_list_to_check_str(cfg.CONF.security.healthcheck_roles) -VERSIONS_ROLES = roles_list_to_check_str(cfg.CONF.security.versions_roles) -DEFAULT_AUTHORIZED_ROLES = roles_list_to_check_str(cfg.CONF.security.default_authorized_roles) -READ_ONLY_AUTHORIZED_ROLES = roles_list_to_check_str(cfg.CONF.security.read_only_authorized_roles) -AGENT_AUTHORIZED_ROLES = roles_list_to_check_str(cfg.CONF.security.agent_authorized_roles) -DELEGATE_AUTHORIZED_ROLES = roles_list_to_check_str(cfg.CONF.security.delegate_authorized_roles) - def load_policy_modules(): """Load all modules that contain policies. diff --git a/monasca_api/policies/alarms.py b/monasca_api/policies/alarms.py index abedb2358..384e2d822 100644 --- a/monasca_api/policies/alarms.py +++ b/monasca_api/policies/alarms.py @@ -12,10 +12,16 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_config import cfg from oslo_policy import policy -from monasca_api.policies import DEFAULT_AUTHORIZED_ROLES -from monasca_api.policies import READ_ONLY_AUTHORIZED_ROLES +from monasca_api import policies + +CONF = cfg.CONF +DEFAULT_AUTHORIZED_ROLES = policies.roles_list_to_check_str( + cfg.CONF.security.default_authorized_roles) +READ_ONLY_AUTHORIZED_ROLES = policies.roles_list_to_check_str( + cfg.CONF.security.read_only_authorized_roles) rules = [ policy.DocumentedRuleDefault( diff --git a/monasca_api/policies/delegate.py b/monasca_api/policies/delegate.py index 7b0900154..76f36ef4d 100644 --- a/monasca_api/policies/delegate.py +++ b/monasca_api/policies/delegate.py @@ -12,9 +12,13 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_config import cfg from oslo_policy import policy -from monasca_api.policies import DELEGATE_AUTHORIZED_ROLES +from monasca_api import policies + +DELEGATE_AUTHORIZED_ROLES = policies.roles_list_to_check_str( + cfg.CONF.security.delegate_authorized_roles) rules = [ policy.RuleDefault( diff --git a/monasca_api/policies/healthcheck.py b/monasca_api/policies/healthcheck.py index e91b94a39..96605a5f2 100644 --- a/monasca_api/policies/healthcheck.py +++ b/monasca_api/policies/healthcheck.py @@ -12,9 +12,13 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_config import cfg from oslo_policy import policy -from monasca_api.policies import HEALTHCHECK_ROLES +from monasca_api import policies + +CONF = cfg.CONF +HEALTHCHECK_ROLES = policies.roles_list_to_check_str(cfg.CONF.security.healthcheck_roles) rules = [ policy.DocumentedRuleDefault( diff --git a/monasca_api/policies/metrics.py b/monasca_api/policies/metrics.py index 79e6eb126..cf2614e23 100644 --- a/monasca_api/policies/metrics.py +++ b/monasca_api/policies/metrics.py @@ -12,12 +12,17 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_config import cfg from oslo_policy import policy -from monasca_api.policies import AGENT_AUTHORIZED_ROLES -from monasca_api.policies import DEFAULT_AUTHORIZED_ROLES -from monasca_api.policies import READ_ONLY_AUTHORIZED_ROLES +from monasca_api import policies +CONF = cfg.CONF +DEFAULT_AUTHORIZED_ROLES = policies.roles_list_to_check_str( + cfg.CONF.security.default_authorized_roles) +READ_ONLY_AUTHORIZED_ROLES = policies.roles_list_to_check_str( + cfg.CONF.security.read_only_authorized_roles) +AGENT_AUTHORIZED_ROLES = policies.roles_list_to_check_str(cfg.CONF.security.agent_authorized_roles) rules = [ policy.DocumentedRuleDefault( diff --git a/monasca_api/policies/notifications.py b/monasca_api/policies/notifications.py index e98b3b28f..8743205db 100644 --- a/monasca_api/policies/notifications.py +++ b/monasca_api/policies/notifications.py @@ -12,11 +12,16 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_config import cfg from oslo_policy import policy -from monasca_api.policies import DEFAULT_AUTHORIZED_ROLES -from monasca_api.policies import READ_ONLY_AUTHORIZED_ROLES +from monasca_api import policies +CONF = cfg.CONF +DEFAULT_AUTHORIZED_ROLES = policies.roles_list_to_check_str( + cfg.CONF.security.default_authorized_roles) +READ_ONLY_AUTHORIZED_ROLES = policies.roles_list_to_check_str( + cfg.CONF.security.read_only_authorized_roles) rules = [ policy.DocumentedRuleDefault( diff --git a/monasca_api/policies/versions.py b/monasca_api/policies/versions.py index d0add788f..1f1275375 100644 --- a/monasca_api/policies/versions.py +++ b/monasca_api/policies/versions.py @@ -12,9 +12,13 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_config import cfg from oslo_policy import policy -from monasca_api.policies import VERSIONS_ROLES +from monasca_api import policies + +CONF = cfg.CONF +VERSIONS_ROLES = policies.roles_list_to_check_str(cfg.CONF.security.versions_roles) rules = [ policy.DocumentedRuleDefault(