diff options
Diffstat (limited to 'nova/policy.py')
-rw-r--r-- | nova/policy.py | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/nova/policy.py b/nova/policy.py index 1b3d77996..22551d6a4 100644 --- a/nova/policy.py +++ b/nova/policy.py @@ -25,6 +25,8 @@ from nova import utils FLAGS = flags.FLAGS flags.DEFINE_string('policy_file', 'policy.json', _('JSON file representing policy')) +flags.DEFINE_string('policy_default_rule', 'default', + _('Rule checked when requested rule is not found')) _POLICY_PATH = None _POLICY_CACHE = {} @@ -48,7 +50,8 @@ def init(): def _set_brain(data): - policy.set_brain(policy.HttpBrain.load_json(data)) + default_rule = FLAGS.policy_default_rule + policy.set_brain(policy.HttpBrain.load_json(data, default_rule)) def enforce(context, action, target): @@ -69,10 +72,11 @@ def enforce(context, action, target): """ init() + match_list = ('rule:%s' % action,) - target_dict = target - credentials_dict = context.to_dict() + credentials = context.to_dict() + try: - policy.enforce(match_list, target_dict, credentials_dict) + policy.enforce(match_list, target, credentials) except policy.NotAuthorized: raise exception.PolicyNotAuthorized(action=action) |