diff options
author | Brian Waldon <bcwaldon@gmail.com> | 2012-01-16 15:28:49 -0800 |
---|---|---|
committer | Brian Waldon <bcwaldon@gmail.com> | 2012-01-16 16:07:40 -0800 |
commit | 85518a93ef01ae997ecfc0687d89ba87f7607f54 (patch) | |
tree | 9d7928af887d05d8b1052ea5c9cabee82247f4bb /nova/policy.py | |
parent | 1fd26203b29d6432325ae1365e3dcbecc9d97864 (diff) | |
download | nova-85518a93ef01ae997ecfc0687d89ba87f7607f54.tar.gz |
Add default policy rule
If a specific rule is not found, we will check the rule defined in FLAGS.policy_default_action.
Change-Id: Ib1b1aa4bbeec74bdb1562d0fc649d33838076f01
Diffstat (limited to 'nova/policy.py')
-rw-r--r-- | nova/policy.py | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/nova/policy.py b/nova/policy.py index 1b3d77996b..22551d6a40 100644 --- a/nova/policy.py +++ b/nova/policy.py @@ -25,6 +25,8 @@ from nova import utils FLAGS = flags.FLAGS flags.DEFINE_string('policy_file', 'policy.json', _('JSON file representing policy')) +flags.DEFINE_string('policy_default_rule', 'default', + _('Rule checked when requested rule is not found')) _POLICY_PATH = None _POLICY_CACHE = {} @@ -48,7 +50,8 @@ def init(): def _set_brain(data): - policy.set_brain(policy.HttpBrain.load_json(data)) + default_rule = FLAGS.policy_default_rule + policy.set_brain(policy.HttpBrain.load_json(data, default_rule)) def enforce(context, action, target): @@ -69,10 +72,11 @@ def enforce(context, action, target): """ init() + match_list = ('rule:%s' % action,) - target_dict = target - credentials_dict = context.to_dict() + credentials = context.to_dict() + try: - policy.enforce(match_list, target_dict, credentials_dict) + policy.enforce(match_list, target, credentials) except policy.NotAuthorized: raise exception.PolicyNotAuthorized(action=action) |