diff options
author | Jenkins <jenkins@review.openstack.org> | 2016-04-24 22:20:07 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2016-04-24 22:20:07 +0000 |
commit | 3e9883ada7c25b9f7ecc10974b92412aa471e203 (patch) | |
tree | 1fc8fbec253561972a0ff6dbd8a1d6c361fd5aa4 | |
parent | cc9f17d84f0c177d684459ad1c7aae66cdbf9f7e (diff) | |
parent | 83d209e9ed1a1f7f70cd818e6142f97515f0e178 (diff) | |
download | oslo-policy-3e9883ada7c25b9f7ecc10974b92412aa471e203.tar.gz |
Merge "Support policy file in YAML"
-rw-r--r-- | oslo_policy/policy.py | 15 | ||||
-rw-r--r-- | oslo_policy/tests/test_policy.py | 33 | ||||
-rw-r--r-- | requirements.txt | 1 |
3 files changed, 44 insertions, 5 deletions
diff --git a/oslo_policy/policy.py b/oslo_policy/policy.py index 8dd0634..7ccd2fc 100644 --- a/oslo_policy/policy.py +++ b/oslo_policy/policy.py @@ -221,6 +221,7 @@ import os from oslo_config import cfg from oslo_serialization import jsonutils import six +import yaml from oslo_policy import _cache_handler from oslo_policy import _checks @@ -299,11 +300,17 @@ class Rules(dict): @classmethod def load_json(cls, data, default_rule=None): - """Allow loading of JSON rule data.""" + """Allow loading of YAML/JSON rule data.""" - # Suck in the JSON data and parse the rules - rules = {k: _parser.parse_rule(v) - for k, v in jsonutils.loads(data).items()} + try: + parsed = yaml.safe_load(data) + except yaml.YAMLError as e: + # For backwards-compatibility, convert yaml error to ValueError, + # which is what JSON loader raised. + raise ValueError(six.text_type(e)) + + # Parse the rules + rules = {k: _parser.parse_rule(v) for k, v in parsed.items()} return cls(rules, default_rule) diff --git a/oslo_policy/tests/test_policy.py b/oslo_policy/tests/test_policy.py index 983a8c6..84206fe 100644 --- a/oslo_policy/tests/test_policy.py +++ b/oslo_policy/tests/test_policy.py @@ -101,7 +101,38 @@ class RulesTestCase(test_base.BaseTestCase): # Note the trailing , in the exemplar is invalid JSON. exemplar = """{ "admin_or_owner": [["role:admin"], ["project_id:%(project_id)s"]], - "default": [], + "default": [ +}""" + self.assertRaises(ValueError, policy.Rules.load_json, exemplar, + 'default') + + @mock.patch.object(_parser, 'parse_rule', lambda x: x) + def test_load_yaml(self): + # Test that simplified YAML can be used with load_json. + # Show that YAML allows useful comments. + exemplar = """ +# Define a custom rule. +admin_or_owner: role:admin or project_id:%(project_id)s +# The default rule is used when there's no action defined. +default: [] +""" + rules = policy.Rules.load_json(exemplar, 'default') + + self.assertEqual('default', rules.default_rule) + self.assertEqual(dict( + admin_or_owner='role:admin or project_id:%(project_id)s', + default=[], + ), rules) + + @mock.patch.object(_parser, 'parse_rule', lambda x: x) + def test_load_yaml_invalid_exc(self): + # When the JSON isn't valid, ValueError is raised on load_json. + # Note the trailing , in the exemplar is invalid JSON. + exemplar = """{ +# Define a custom rule. +admin_or_owner: role:admin or project_id:%(project_id)s +# The default rule is used when there's no action defined. +default: [ }""" self.assertRaises(ValueError, policy.Rules.load_json, exemplar, 'default') diff --git a/requirements.txt b/requirements.txt index d52ae60..9b6db95 100644 --- a/requirements.txt +++ b/requirements.txt @@ -7,4 +7,5 @@ oslo.config>=3.9.0 # Apache-2.0 oslo.i18n>=2.1.0 # Apache-2.0 oslo.serialization>=1.10.0 # Apache-2.0 oslo.utils>=3.5.0 # Apache-2.0 +PyYAML>=3.1.0 # MIT six>=1.9.0 # MIT |