LOG = logging.getLogger(__name__) policy_opts = [ cfg.StrOpt('policy_file', default='policy.json', help=_('The location of the policy file.')), cfg.StrOpt('policy_default_rule', default='default', help=_('The default policy to use.')), ] CONF = cfg.CONF CONF.register_opts(policy_opts) DEFAULT_RULES = { 'context_is_admin': policy.RoleCheck('role', 'admin'), 'default': policy.TrueCheck(), 'manage_image_cache': policy.RoleCheck('role', 'admin'), } class Enforcer(object): """Responsible for loading and enforcing rules""" def __init__(self): self.default_rule = CONF.policy_default_rule self.policy_path = self._find_policy_file() self.policy_file_mtime = None self.policy_file_contents = None self.load_rules() def set_rules(self, rules):
policy_opts = [ cfg.StrOpt('policy_file', default='policy.json', help=_('The location of the policy file.')), cfg.StrOpt('policy_default_rule', default='default', help=_('The default policy to use.')), ] CONF = cfg.CONF CONF.register_opts(policy_opts) DEFAULT_RULES = { 'default': policy.TrueCheck(), 'manage_image_cache': policy.RoleCheck('role', 'admin'), } class Enforcer(object): """Responsible for loading and enforcing rules""" def __init__(self): self.default_rule = CONF.policy_default_rule self.policy_path = self._find_policy_file() self.policy_file_mtime = None self.policy_file_contents = None def set_rules(self, rules): """Create a new Rules object based on the provided dict of rules""" rules_obj = policy.Rules(rules, self.default_rule) policy.set_rules(rules_obj)