| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As part of community goal[1], each services are changing the default
value of 'CONF.oslo_policy.policy_file' config option from 'policy.json'
to 'policy.yaml'. oslo policy select the default value from
CONF.oslo_policy.policy_file which will be policy.yaml as service will
start changing the default. To avoid breaking the existing deployment which
are relying on old default (policy.json) file, a new fallback logic
is implemented. If new default file 'policy.yaml' does not exist but old
default 'policy.json' exist then fallback to use old default file.
Each services are going to add upgrade checks and warnings for using JSON
formatted policy file so in future we cna remove this fallback logic.
This logic was done in nova in Victoria cycle when nova changed the
default value - https://review.opendev.org/#/c/748059/ . Moving this
to oslo policy side will avoid the duplication on services side.
Also it provides a flag to disable this fallback.
[1] https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html
Change-Id: If72b2fcc3cfd8116b575ed7b9e3870df634fd9af
|
|
|
|
|
|
| |
Replace six with Python 3 style code.
Change-Id: I3d0c35e237484409d8410601ec482fac0dacf30d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As per victoria cycle testing runtime and community goal[1]
we need to migrate upstream CI/CD to Ubuntu Focal(20.04).
Fixing:
- bug#1886298
Bump the lower constraints for required deps which added python3.8 support
in their later version.
Story: #2007865
Task: #40207
Closes-Bug: #1886298
[1] https://governance.openstack.org/tc/goals/selected/victoria/migrate-ci-cd-jobs-to-ubuntu-focal.h>
Change-Id: I97072055f880915cef6c5c2f0210730e7bbe5119
|
|
|
|
|
|
|
|
|
|
| |
Because the bug #1804528 has been fixed in oslo.utils,
we need to add an explicit dependency on oslo.utils to
support removing "the conversion to dict" code snippet in
oslo.policy.For more details please refer to
https://review.opendev.org/#/c/717191
Change-Id: I4eb614dcb194d4f2668ba2259e624f850e0f1dfd
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit makes it easier for services to protect APIs meant for
domain-only operations. It does this by making "domain-scope" an
official scope type to check for during policy enforcement.
A good example of where this would be useful is protecting the user
API in keystone, since user's are technically owned by domains.
This commit bumps the version of oslo.context to 2.22.0, which also
has domain support.
Depends-On: https://review.openstack.org/#/c/613635/
Change-Id: Ifc83a5f261bc823060eca5c4d0a4bf07966794c4
|
|
|
|
|
|
|
|
|
|
|
|
| |
The ``creds`` dictionary passed into oslo.policy's enforce() method
assumes a lot of the same values already specified by oslo.context
RequestContext objects.
This commit teaches enforce() to handle being passed an instance of
a RequestContext object, and populate credential values accordingly.
Change-Id: Ia74bf6c40b1e05a1c958f4325e00f68be28d91b9
Closes-Bug: 1779172
|
|
|
|
| |
Change-Id: Iff836145c26a9e27410d78c9163086753c271cd6
|
|
|
|
| |
Change-Id: If5a8a7fbcd9620cd43be1363a202bde3640bd9db
|
|
|
|
| |
Change-Id: I685a9203d523496b58a606873c0772ee5309f59a
|
|
|
|
| |
Change-Id: Id83e8012e9dd8683a2dc69c3629cb2748a154a57
|
|
|
|
| |
Change-Id: Ia721dd1e8016f1c9d51f3299575a570a3b65ba95
|
|
|
|
| |
Change-Id: Id1100b5b4359cb38dc4095320a315829d30e4383
|
|
|
|
| |
Change-Id: I91e2b2df6e86ebf6bee02390e8c96f4ed95ecc04
|
|
|
|
| |
Change-Id: I1eceb9d8e5511fd90f2433ad66411a7d0729fb88
|
|
|
|
| |
Change-Id: Iec0d81fc4369a7ca723811d051aa34076c0d2af6
|
|
|
|
| |
Change-Id: I022c69ec40b2f4744c2907233e9ae5425520416c
|
|
|
|
| |
Change-Id: I0a6fa7102dcfef90f141c174eb7a243f10a1930f
|
|
|
|
| |
Change-Id: I5ce59cfc43b51e5cc27f16844c5375a22825ad62
|
|
|
|
| |
Change-Id: I53ee1c69ec2c3b3c65cc76ce7a8d7af983675342
|
|
|
|
| |
Change-Id: I5db9bd40c586abba6e072e35b3ad0b39dbb22ad9
|
|
|
|
| |
Change-Id: Ia02e8c9f16319d23913123ed46fac0686a48fc95
|
|
|
|
|
|
|
|
| |
This module is be used in:
oslo_policy/generator.py
oslo_policy/tests/test_generator.py
Change-Id: I613043aeab7825bac44bbb1b20d984c7c9a20ce8
|
|
|
|
| |
Change-Id: Ibadfbceb8a8548f7aeb9d2320feb938869437334
|
|
|
|
|
|
| |
unused import
Change-Id: I047819ab59d0b79a222d5517b8d24c84b09a279f
|
|
|
|
| |
Change-Id: Ib4398ab22db8930d9ac4cf08f36b31dea8b1a1b6
|
|
|
|
| |
Change-Id: I924b370ccf0af8350c2db6fa84bff2eaa79e27da
|
|
|
|
| |
Change-Id: I295cbacfcf5e68b811920992a13d22435601683f
|
|
|
|
| |
Change-Id: I92f5e86ef3a0a14eb55e0d4cc1134d2ec33da54d
|
|
|
|
| |
Change-Id: I929f57c4d6c72df0386ea87ae1edd49d1e2ae16f
|
|
|
|
| |
Change-Id: Ia206c725686347c3ce63cfe91e644296fc3813eb
|
|
|
|
| |
Change-Id: Id3d3d8966f256009c33636b9169e0f286776d178
|
|
|
|
| |
Change-Id: I93d7566f51b01576d70c3eba0434c298166f2846
|
|
|
|
| |
Change-Id: Iddbee6964b25bbd03ff4f0a51eb6f2c1e04bf699
|
|
|
|
| |
Change-Id: I110883319216fefb1fc8cb8ae663eb946d78d062
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| | |
YAML provides the advantage of being able to add comments.
bp policy-yaml
Change-Id: Ic6236665f2d55b24a56a99120ac57fc2b18e32eb
|
| |
| |
| |
| | |
Change-Id: I8486efae93766132cc0d9e12795422bd4befddf5
|
|/
|
|
| |
Change-Id: Idf80333c78658a6708ba7069d25ae3424965e887
|
|
|
|
| |
Change-Id: I40e90130045e9601028807fd3bc029ac7ad9a530
|
|
|
|
| |
Change-Id: I87b2cad535486a05279d17f470d301471a3b4ff6
|
|
|
|
| |
Change-Id: I7c55cc8ad63473f7a16b56f4c0e12ea828da2a4d
|
|
|
|
| |
Change-Id: Ida373b1c101c3ff024e39511f4650ab422e344b1
|
|
|
|
| |
Change-Id: Ia8fce74c2caa158ac80a01ab68a15b85fbe4c085
|
|
|
|
| |
Change-Id: If4a098972ef7d454ba99fe668d4226f0e27c58a6
|
|
|
|
| |
Change-Id: Ib8a4ed4e5e704abd7d328ddb7c1ddb9914939382
|
|
|
|
| |
Change-Id: I0d653df68c2db025f73b3020d9cff7ecb62b8cbd
|
|
|
|
| |
Change-Id: If27d199c8180acb51c754d6ec220ee875ede6185
|
|
|
|
| |
Change-Id: I83945e4206d63cecb2d0df8961c943735df8c864
|
|
|
|
| |
Change-Id: I79756e653cdb5fdc22be11d1df386d9d6a69a3c4
|
|
|
|
| |
Change-Id: Ic0ff7fdc74d0b4eeccc4fbe2d20539f79195840b
|