Add Authorization Rules configuration

Allow an operator to define authorization rules.
Allow an operator to add authorization rules to a tenant.
Add a rule parser and a rule registry.

The authZ engine is not plugged in yet.

Change-Id: I3a86c6c7d62ad2bce68a98dbd2fff18549b94fb9

1 files changed, 10 insertions, 5 deletions

diff --git a/zuul/cmd/web.py b/zuul/cmd/web.py
index 8a7d38e24..1c88f56d4 100755
--- a/zuul/cmd/web.py
+++ b/zuul/cmd/web.py
@@ -73,7 +73,8 @@ class WebServer(zuul.cmd.ZuulDaemonApp):
             '/var/lib/zuul/web.socket')
 
         params['connections'] = self.connections
-        params['auths'] = self.auths
+        params['authenticators'] = self.authenticators
+        params['authorizations'] = self.authorizations
         # Validate config here before we spin up the ZuulWeb object
         for conn_name, connection in self.connections.connections.items():
             try:
@@ -108,9 +109,12 @@ class WebServer(zuul.cmd.ZuulDaemonApp):
         self.web.stop()
         self.log.info("Zuul Web Server stopped")
 
-    def configure_auth(self):
-        self.auths = zuul.lib.auth.AuthenticatorRegistry()
-        self.auths.configure(self.config)
+    def configure_authenticators(self):
+        self.authenticators = zuul.lib.auth.AuthenticatorRegistry()
+        self.authenticators.configure(self.config)
+
+    def configure_authorizations(self):
+        self.authorizations = zuul.lib.auth.AuthorizationRegistry()
 
     def run(self):
         if self.args.command in zuul.web.COMMANDS:
@@ -125,7 +129,8 @@ class WebServer(zuul.cmd.ZuulDaemonApp):
                 include_drivers=[zuul.driver.sql.SQLDriver,
                                  zuul.driver.github.GithubDriver,
                                  zuul.driver.pagure.PagureDriver])
-            self.configure_auth()
+            self.configure_authenticators()
+            self.configure_authorizations()
             self._run()
         except Exception:
             self.log.exception("Exception from WebServer:")