summaryrefslogtreecommitdiff
path: root/nova/policy.py
diff options
context:
space:
mode:
authorBrian Waldon <bcwaldon@gmail.com>2012-01-16 15:28:49 -0800
committerBrian Waldon <bcwaldon@gmail.com>2012-01-16 16:07:40 -0800
commit85518a93ef01ae997ecfc0687d89ba87f7607f54 (patch)
tree9d7928af887d05d8b1052ea5c9cabee82247f4bb /nova/policy.py
parent1fd26203b29d6432325ae1365e3dcbecc9d97864 (diff)
downloadnova-85518a93ef01ae997ecfc0687d89ba87f7607f54.tar.gz
Add default policy rule
If a specific rule is not found, we will check the rule defined in FLAGS.policy_default_action. Change-Id: Ib1b1aa4bbeec74bdb1562d0fc649d33838076f01
Diffstat (limited to 'nova/policy.py')
-rw-r--r--nova/policy.py12
1 files changed, 8 insertions, 4 deletions
diff --git a/nova/policy.py b/nova/policy.py
index 1b3d77996b..22551d6a40 100644
--- a/nova/policy.py
+++ b/nova/policy.py
@@ -25,6 +25,8 @@ from nova import utils
FLAGS = flags.FLAGS
flags.DEFINE_string('policy_file', 'policy.json',
_('JSON file representing policy'))
+flags.DEFINE_string('policy_default_rule', 'default',
+ _('Rule checked when requested rule is not found'))
_POLICY_PATH = None
_POLICY_CACHE = {}
@@ -48,7 +50,8 @@ def init():
def _set_brain(data):
- policy.set_brain(policy.HttpBrain.load_json(data))
+ default_rule = FLAGS.policy_default_rule
+ policy.set_brain(policy.HttpBrain.load_json(data, default_rule))
def enforce(context, action, target):
@@ -69,10 +72,11 @@ def enforce(context, action, target):
"""
init()
+
match_list = ('rule:%s' % action,)
- target_dict = target
- credentials_dict = context.to_dict()
+ credentials = context.to_dict()
+
try:
- policy.enforce(match_list, target_dict, credentials_dict)
+ policy.enforce(match_list, target, credentials)
except policy.NotAuthorized:
raise exception.PolicyNotAuthorized(action=action)
View Lorry Controller Status