|
|
Implements more fine-grained policy support within our API service,
following the oslo policy-in-code spec, while maintaining compatibility
with the previous default policy.json file. An empty policy.json file is
included, along with a sample file listig all supported policy settings
and their default values.
A new tox target "genpolicy" has been added to ease automation of
sample policy file generation.
All calls to policy.enforce() have been replaced with with
policy.authorize() to avoid silent failures when a rule is undefined,
because enforce() does not raise() if the target rule does not exist.
NOTE: policy.enforce() is not removed by this patch, but a deprecation
warning will be logged if it this method is invoked.
Updates unit test coverage for the new authorize() method, as well as
more general unit test updates for some of the new rules.
Partial-bug: #1526752
Change-Id: Ie4398f840601d027e2fe209c17d854421687c7b7
|
