blob: 78ae67d6cad74d0f6096932f2a8621b5ca6e40e4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
========================
Writing HTTP check rules
========================
oslo.policy has supported the following syntax for a while::
http:<target URL>, which delegates the check to a remote server
Starting with 1.29, oslo.policy will also support https url(s) as well::
https:<target URL>, which delegates the check to a remote server
Both ``http`` and ``https`` support are implemented as custom check rules.
If you see the setup.cfg for oslo.policy, you can see the following
entry points::
oslo.policy.rule_checks =
http = oslo_policy._external:HttpCheck
https = oslo_policy._external:HttpsCheck
When a policy is evaluated, when the engine encounters ``https`` like in
a snippet below::
{
...
"target 1" : "https://foo.bar/baz",
...
}
The engine will look for a plugin named ``https`` in the ``rule_checks``
entry point and will try to invoke that stevedore plugin.
This mechanism allows anyone to write their own code, in their own library
with their own custom stevedore based rule check plugins and can enhance
their policies with custom checks. This would be useful for example to
integrate with an in-house policy server.
Example code - HttpCheck
========================
.. note::
Full source located at :example:`_external.py`
.. literalinclude:: ../../../oslo_policy/_external.py
:language: python
:linenos:
:lines: 28-64
|
