Merge "Add an oslo.policy.enforcer entrypoint"

2 files changed, 12 insertions, 0 deletions

diff --git a/glance/api/policy.py b/glance/api/policy.py
index 67ac14741..2dddeff61 100644
--- a/glance/api/policy.py
+++ b/glance/api/policy.py
@@ -30,6 +30,7 @@ from glance.i18n import _
 
 LOG = logging.getLogger(__name__)
 CONF = cfg.CONF
+_ENFORCER = None
 
 DEFAULT_RULES = policy.Rules.from_dict({
     'context_is_admin': 'role:admin',
@@ -89,6 +90,14 @@ class Enforcer(policy.Enforcer):
         return self.check(context, 'context_is_admin', context.to_dict())
 
 
+def get_enforcer():
+    CONF([], project='glance')
+    global _ENFORCER
+    if _ENFORCER is None:
+        _ENFORCER = Enforcer()
+    return _ENFORCER
+
+
 class ImageRepoProxy(glance.domain.proxy.Repo):
 
     def __init__(self, image_repo, context, policy):
diff --git a/setup.cfg b/setup.cfg
index 03beee87e..4a275516b 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -63,6 +63,9 @@ glance.database.migration_backend =
 glance.database.metadata_backend =
     sqlalchemy = glance.db.sqlalchemy.metadata
 
+oslo.policy.enforcer =
+    glance = glance.api.policy:get_enforcer
+
 glance.flows =
     api_image_import = glance.async_.flows.api_image_import:get_flow
     import = glance.async_.flows.base_import:get_flow