def policy(self, rules, default_rule='allow'): # Inject an allow and deny rule rules['allow'] = '@' rules['deny'] = '!' # Parse the rules rules = dict((k, policy.parse_rule(v)) for k, v in rules.items()) rules = policy.Rules(rules, default_rule) # Set the rules policy.set_rules(rules)
def policy(self, rules, default_rule="allow"): # Inject an allow and deny rule rules["allow"] = "@" rules["deny"] = "!" # Parse the rules rules = dict((k, policy.parse_rule(v)) for k, v in rules.items()) rules = policy.Rules(rules, default_rule) # Set the rules policy.set_rules(rules)
def set_rules(data, default_rule=None, overwrite=True): default_rule = default_rule or cfg.CONF.policy_default_rule if not _ENFORCER: LOG.debug("Enforcer not present, recreating at rules stage.") init() if default_rule: _ENFORCER.default_rule = default_rule msg = "Loading rules %s, default: %s, overwrite: %s" LOG.debug(msg, data, default_rule, overwrite) if isinstance(data, dict): rules = dict((k, policy.parse_rule(v)) for k, v in data.items()) rules = policy.Rules(rules, default_rule) else: rules = policy.Rules.load_json(data, default_rule) _ENFORCER.set_rules(rules, overwrite=overwrite)