diff options
| author | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2018-11-08 20:26:30 +0200 |
|---|---|---|
| committer | Moisés Guimarães de Medeiros <moguimar@redhat.com> | 2019-01-21 16:35:20 +0100 |
| commit | 87c045199a70d51651c5fd7d95266d16b9e4384a (patch) | |
| tree | 2069c296a8f3ea2973b746ece853762795a1ae31 | |
| parent | ce31c0fce996444d3a147ec634ff3388b79d3b2a (diff) | |
| download | oslo-policy-87c045199a70d51651c5fd7d95266d16b9e4384a.tar.gz | |
Add ability for policy-checker to read configuration
Reading configurations will enable us to be able to use the
oslopolicy-checker to do external checks (which require the
configuration in the enforcer).
Change-Id: If2e697f9ac0317046f5a872ad668b42c1b32eb1e
Signed-off-by: Moisés Guimarães de Medeiros <moguimar@redhat.com>
| -rw-r--r-- | oslo_policy/shell.py | 35 |
1 files changed, 27 insertions, 8 deletions
diff --git a/oslo_policy/shell.py b/oslo_policy/shell.py index dcf8f2e..365a514 100644 --- a/oslo_policy/shell.py +++ b/oslo_policy/shell.py @@ -19,9 +19,24 @@ import sys from oslo_serialization import jsonutils from oslo_config import cfg +from oslo_policy import opts from oslo_policy import policy +class FakeEnforcer(object): + def __init__(self, rules, config): + self.rules = rules + self.conf = None + + if config: + self.conf = cfg.ConfigOpts() + + for group, options in opts.list_opts(): + self.conf.register_opts(options, group) + + self.conf(["--config-file={}".format(config)]) + + def _try_rule(key, rule, target, access_data, o): try: result = rule(target, access_data, o, current_rule=key) @@ -52,7 +67,8 @@ def flatten(d, parent_key=''): def tool(policy_file, access_file, apply_rule, is_admin=False, - target_file=None): + target_file=None, enforcer_config=None): + with open(access_file, "rb", 0) as a: access = a.read() @@ -66,10 +82,7 @@ def tool(policy_file, access_file, apply_rule, is_admin=False, rules = policy.Rules.load(policy_data, "default") - class Object(object): - pass - o = Object() - o.rules = rules + enforcer = FakeEnforcer(rules, enforcer_config) if target_file: with open(target_file, "rb", 0) as t: @@ -82,11 +95,12 @@ def tool(policy_file, access_file, apply_rule, is_admin=False, if apply_rule: key = apply_rule rule = rules[apply_rule] - _try_rule(key, rule, target_data, access_data, o) + _try_rule(key, rule, target_data, access_data, enforcer) return + for key, rule in sorted(rules.items()): if ":" in key: - _try_rule(key, rule, target_data, access_data, o) + _try_rule(key, rule, target_data, access_data, enforcer) def main(): @@ -117,9 +131,14 @@ def main(): help='set is_admin=True on the credentials used for the evaluation.', default=False)) + conf.register_cli_opt(cfg.StrOpt( + 'enforcer_config', + help='configuration file for the oslopolicy-checker enforcer')) + conf() - tool(conf.policy, conf.access, conf.rule, conf.is_admin, conf.target) + tool(conf.policy, conf.access, conf.rule, conf.is_admin, + conf.target, conf.enforcer_config) if __name__ == "__main__": |