def _prepare_policy(self): # Convert all actions to require the specified role policy = {} for rule in policies.list_rules(): policy[rule.name] = 'role:%s' % self.role self.policy_dir = self.useFixture(fixtures.TempDir()) self.policy_file = os.path.join(self.policy_dir.path, 'policy.json') with open(self.policy_file, 'w') as f: jsonutils.dump(policy, f)
def add_missing_default_rules(self, rules): """Adds default rules and their values to the given rules dict. The given rulen dict may have an incomplete set of policy rules. This method will add the default policy rules and their values to the dict. It will not override the existing rules. """ for rule in policies.list_rules(): if rule.name not in rules: rules[rule.name] = rule.check_str
def add_missing_default_rules(self, rules): """Adds default rules and their values to the given rules dict. The given rulen dict may have an incomplete set of policy rules. This method will add the default policy rules and their values to the dict. It will not override the existing rules. """ for rule in policies.list_rules(): # NOTE(lbragstad): Only write the rule if it isn't already in the # rule set and if it isn't deprecated. Otherwise we're just going # to spam test runs with deprecate policy warnings. if rule.name not in rules and not rule.deprecated_for_removal: rules[rule.name] = rule.check_str
def _filter_rules(self, context, api_name, target): all_rules = policies.list_rules() return [ rule.name for rule in all_rules if api_name in rule.name and context.can(rule.name, target, fatal=False) ]
def register_rules(enforcer): enforcer.register_defaults(policies.list_rules())
def _filter_rules(self, context, api_name, target): all_rules = policies.list_rules() return [rule.name for rule in all_rules if api_name in rule.name and context.can(rule.name, target, fatal=False)]