diff options
author | Lance Bragstad <lbragstad@gmail.com> | 2017-10-06 19:30:14 +0000 |
---|---|---|
committer | Lance Bragstad <lbragstad@gmail.com> | 2017-12-04 18:51:25 +0000 |
commit | 52c82ff9ab04dd78ff7045cb30d2f5de535dd7da (patch) | |
tree | 8e6002e6b0b1da89679bee7189547018c53ccca5 /oslo_policy/generator.py | |
parent | a9931f3708e86983ae906d0060b111bc41d95e58 (diff) | |
download | oslo-policy-52c82ff9ab04dd78ff7045cb30d2f5de535dd7da.tar.gz |
Add scope_types to RuleDefault objects
This change will help oslo.policy consume different levels of scope
and enforce proper admin-ness across OpenStack. The idea is that once
keystone has the ability to issue system-scoped tokens, we can start
enforcing partial scope checks in `Enforcer.enforce()`.
bp add-scope-to-policy
Change-Id: I7fa171d859d82939511f8279e4e9464f792ed2cd
Diffstat (limited to 'oslo_policy/generator.py')
-rw-r--r-- | oslo_policy/generator.py | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/oslo_policy/generator.py b/oslo_policy/generator.py index 0a6fde2..77dbf7c 100644 --- a/oslo_policy/generator.py +++ b/oslo_policy/generator.py @@ -121,10 +121,16 @@ def _format_rule_default_yaml(default, include_help=True): op += ('# %(method)s %(path)s\n' % {'method': operation['method'], 'path': operation['path']}) + intended_scope = "" + if getattr(default, 'scope_types', None) is not None: + intended_scope = ( + '# Intended scope(s): ' + ', '.join(default.scope_types) + '\n' + ) - text = ('%(help)s\n%(op)s#%(text)s\n' % + text = ('%(help)s\n%(op)s%(scope)s#%(text)s\n' % {'help': _format_help_text(default.description), 'op': op, + 'scope': intended_scope, 'text': text}) if default.deprecated_for_removal: |