def _prepare_policy(self):
# Convert all actions to require the specified role
policy = {}
for rule in policies.list_rules():
policy[rule.name] = 'role:%s' % self.role
self.policy_dir = self.useFixture(fixtures.TempDir())
self.policy_file = os.path.join(self.policy_dir.path, 'policy.json')
with open(self.policy_file, 'w') as f:
jsonutils.dump(policy, f)
def _prepare_policy(self):
# Convert all actions to require the specified role
policy = {}
for rule in policies.list_rules():
policy[rule.name] = 'role:%s' % self.role
self.policy_dir = self.useFixture(fixtures.TempDir())
self.policy_file = os.path.join(self.policy_dir.path, 'policy.json')
with open(self.policy_file, 'w') as f:
jsonutils.dump(policy, f)
def add_missing_default_rules(self, rules):
"""Adds default rules and their values to the given rules dict.
The given rulen dict may have an incomplete set of policy rules.
This method will add the default policy rules and their values to
the dict. It will not override the existing rules.
"""
for rule in policies.list_rules():
if rule.name not in rules:
rules[rule.name] = rule.check_str
def add_missing_default_rules(self, rules):
"""Adds default rules and their values to the given rules dict.
The given rulen dict may have an incomplete set of policy rules.
This method will add the default policy rules and their values to
the dict. It will not override the existing rules.
"""
for rule in policies.list_rules():
if rule.name not in rules:
rules[rule.name] = rule.check_str
def add_missing_default_rules(self, rules):
"""Adds default rules and their values to the given rules dict.
The given rulen dict may have an incomplete set of policy rules.
This method will add the default policy rules and their values to
the dict. It will not override the existing rules.
"""
for rule in policies.list_rules():
# NOTE(lbragstad): Only write the rule if it isn't already in the
# rule set and if it isn't deprecated. Otherwise we're just going
# to spam test runs with deprecate policy warnings.
if rule.name not in rules and not rule.deprecated_for_removal:
rules[rule.name] = rule.check_str
def add_missing_default_rules(self, rules):
"""Adds default rules and their values to the given rules dict.
The given rulen dict may have an incomplete set of policy rules.
This method will add the default policy rules and their values to
the dict. It will not override the existing rules.
"""
for rule in policies.list_rules():
# NOTE(lbragstad): Only write the rule if it isn't already in the
# rule set and if it isn't deprecated. Otherwise we're just going
# to spam test runs with deprecate policy warnings.
if rule.name not in rules and not rule.deprecated_for_removal:
rules[rule.name] = rule.check_str
def _filter_rules(self, context, api_name, target):
all_rules = policies.list_rules()
return [
rule.name for rule in all_rules if api_name in rule.name
and context.can(rule.name, target, fatal=False)
]
def register_rules(enforcer):
enforcer.register_defaults(policies.list_rules())
def register_rules(enforcer):
enforcer.register_defaults(policies.list_rules())
def _filter_rules(self, context, api_name, target):
all_rules = policies.list_rules()
return [rule.name for rule in all_rules if api_name in rule.name and
context.can(rule.name, target, fatal=False)]
