diff options
| author | guohliu <guohliu@cn.ibm.com> | 2013-07-19 10:10:19 +0800 |
|---|---|---|
| committer | guohliu <guohliu@cn.ibm.com> | 2013-07-29 10:41:43 +0800 |
| commit | 3626b6db91ce1e897d1993fb4e13ac4237d04b7f (patch) | |
| tree | 9edd26c6c0cac7b070792ce15e4dd39806518838 /openstack | |
| parent | b4148c2b88069f50eb0b215daf71d798fd0d892c (diff) | |
| download | oslo-3626b6db91ce1e897d1993fb4e13ac4237d04b7f.tar.gz oslo-3626b6db91ce1e897d1993fb4e13ac4237d04b7f.tar.xz oslo-3626b6db91ce1e897d1993fb4e13ac4237d04b7f.zip | |
Fix policy default_rule issue
This patch fixed the following issue in policy:
1. Default_rule wasn't set correctly when using enforcer.
2. When overwrite=True set_rule method doesn't work.
3. Add type check in __missing__ of dict and return
the correct value of default_rule.
4. Partially refactor the test_policy code based on the
related change.
Fixed #bug 1202771
Change-Id: I9be1ac8bdc995adae201e9b45ee124dd525e4822
Diffstat (limited to 'openstack')
| -rw-r--r-- | openstack/common/policy.py | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/openstack/common/policy.py b/openstack/common/policy.py index 5705d78..ec1e4e3 100644 --- a/openstack/common/policy.py +++ b/openstack/common/policy.py @@ -115,12 +115,18 @@ class Rules(dict): def __missing__(self, key): """Implements the default rule handling.""" + if isinstance(self.default_rule, dict): + raise KeyError(key) + # If the default rule isn't actually defined, do something # reasonably intelligent if not self.default_rule or self.default_rule not in self: raise KeyError(key) - return self[self.default_rule] + if isinstance(self.default_rule, BaseCheck): + return self.default_rule + elif isinstance(self.default_rule, six.string_types): + return self[self.default_rule] def __str__(self): """Dumps a string representation of the rules.""" @@ -153,7 +159,7 @@ class Enforcer(object): """ def __init__(self, policy_file=None, rules=None, default_rule=None): - self.rules = Rules(rules) + self.rules = Rules(rules, default_rule) self.default_rule = default_rule or CONF.policy_default_rule self.policy_path = None @@ -172,13 +178,14 @@ class Enforcer(object): "got %s instead") % type(rules)) if overwrite: - self.rules = Rules(rules) + self.rules = Rules(rules, self.default_rule) else: - self.update(rules) + self.rules.update(rules) def clear(self): """Clears Enforcer rules, policy's cache and policy's path.""" self.set_rules({}) + self.default_rule = None self.policy_path = None def load_rules(self, force_reload=False): @@ -194,8 +201,7 @@ class Enforcer(object): reloaded, data = fileutils.read_cached_file(self.policy_path, force_reload=force_reload) - - if reloaded: + if reloaded or not self.rules: rules = Rules.load_json(data, self.default_rule) self.set_rules(rules) LOG.debug(_("Rules successfully reloaded")) |