diff options
Diffstat (limited to 'oslo_policy/generator.py')
| -rw-r--r-- | oslo_policy/generator.py | 110 |
1 files changed, 105 insertions, 5 deletions
diff --git a/oslo_policy/generator.py b/oslo_policy/generator.py index 40f374d..5262784 100644 --- a/oslo_policy/generator.py +++ b/oslo_policy/generator.py @@ -51,6 +51,17 @@ UPGRADE_OPTS = [ help='Path to the policy file which need to be updated.') ] +CONVERT_OPTS = [ + cfg.MultiStrOpt('namespace', + required=True, + help='Option namespace(s) under "oslo.policy.policies" in ' + 'which to query for options.'), + cfg.StrOpt('policy-file', + required=True, + help='Path to the policy file which need to be converted to ' + 'yaml format.') +] + def get_policies_dict(namespaces): """Find the options available via the given namespaces. @@ -139,10 +150,16 @@ def _format_help_text(description): return '\n'.join(formatted_lines) -def _format_rule_default_yaml(default, include_help=True): +def _format_rule_default_yaml(default, include_help=True, comment_rule=True, + add_deprecated_rules=True): """Create a yaml node from policy.RuleDefault or policy.DocumentedRuleDefault. :param default: A policy.RuleDefault or policy.DocumentedRuleDefault object + :param comment_rule: By default rules will be commented out in generated + yaml format text. If you want to keep few or all rules + uncommented then pass this arg as False. + :param add_deprecated_rules: Whether to add the deprecated rules in format + text. :returns: A string containing a yaml representation of the RuleDefault """ text = ('"%(name)s": "%(check_str)s"\n' % @@ -161,14 +178,15 @@ def _format_rule_default_yaml(default, include_help=True): intended_scope = ( '# Intended scope(s): ' + ', '.join(default.scope_types) + '\n' ) - - text = ('%(help)s\n%(op)s%(scope)s#%(text)s\n' % + comment = '#' if comment_rule else '' + text = ('%(help)s\n%(op)s%(scope)s%(comment)s%(text)s\n' % {'help': _format_help_text(default.description), 'op': op, 'scope': intended_scope, + 'comment': comment, 'text': text}) - if default.deprecated_for_removal: + if add_deprecated_rules and default.deprecated_for_removal: text = ( '# DEPRECATED\n# "%(name)s" has been deprecated since ' '%(since)s.\n%(reason)s\n%(text)s' @@ -177,7 +195,7 @@ def _format_rule_default_yaml(default, include_help=True): 'since': default.deprecated_since, 'reason': _format_help_text(default.deprecated_reason), 'text': text} - elif default.deprecated_rule: + elif add_deprecated_rules and default.deprecated_rule: # This issues a deprecation warning but aliases the old policy name # with the new policy name for compatibility. deprecated_text = ( @@ -392,6 +410,75 @@ def _validate_policy(namespace): return return_code +def _convert_policy_json_to_yaml(namespace, policy_file, output_file=None): + with open(policy_file, 'r') as rule_data: + file_policies = jsonutils.loads(rule_data.read()) + + yaml_format_rules = [] + default_policies = get_policies_dict(namespace) + for section in sorted(default_policies): + default_rules = default_policies[section] + for default_rule in default_rules: + if default_rule.name not in file_policies: + continue + file_rule_check_str = file_policies.pop(default_rule.name) + # Some rules might be still RuleDefault object so let's prepare + # empty 'operations' list for those. + operations = [{ + 'method': '', + 'path': '' + }] + if hasattr(default_rule, 'operations'): + operations = default_rule.operations + # Converting JSON file rules to DocumentedRuleDefault rules so + # that we can convert the JSON file to YAML including + # descriptions which is what 'oslopolicy-sample-generator' + # tool does. + file_rule = policy.DocumentedRuleDefault( + default_rule.name, + file_rule_check_str, + default_rule.description, + operations, + default_rule.deprecated_rule, + default_rule.deprecated_for_removal, + default_rule.deprecated_reason, + default_rule.deprecated_since, + scope_types=default_rule.scope_types) + if file_rule == default_rule: + rule_text = _format_rule_default_yaml( + file_rule, add_deprecated_rules=False) + else: + # NOTE(gmann): If json file rule is not same as default + # means rule is overridden then do not comment out it in + # yaml file. + rule_text = _format_rule_default_yaml( + file_rule, comment_rule=False, + add_deprecated_rules=False) + yaml_format_rules.append(rule_text) + + extra_rules_text = ("# WARNING: Below rules are either deprecated rules\n" + "# or extra rules in policy file, it is strongly\n" + "# recommended to switch to new rules.\n") + # NOTE(gmann): If policy json file still using the deprecated rules which + # will not be present in default rules list. Or it can be case of any + # extra rule (old rule which is now removed) present in json file. + # so let's keep these as it is (not commented out) to avoid breaking + # existing deployment. + if file_policies: + yaml_format_rules.append(extra_rules_text) + for file_rule, check_str in file_policies.items(): + rule_text = ('"%(name)s": "%(check_str)s"\n' % + {'name': file_rule, + 'check_str': check_str}) + yaml_format_rules.append(rule_text) + + if output_file: + with open(output_file, 'w') as fh: + fh.writelines(yaml_format_rules) + else: + sys.stdout.writelines(yaml_format_rules) + + def on_load_failure_callback(*args, **kwargs): raise @@ -490,3 +577,16 @@ def validate_policy(args=None): conf.register_opts(ENFORCER_OPTS) conf(args) sys.exit(_validate_policy(conf.namespace)) + + +def convert_policy_json_to_yaml(args=None, conf=None): + logging.basicConfig(level=logging.WARN) + # Allow the caller to pass in a local conf object for unit testing + if conf is None: + conf = cfg.CONF + conf.register_cli_opts(GENERATOR_OPTS + CONVERT_OPTS) + conf.register_opts(GENERATOR_OPTS + CONVERT_OPTS) + conf(args) + _check_for_namespace_opt(conf) + _convert_policy_json_to_yaml(conf.namespace, conf.policy_file, + conf.output_file) |