diff options
Diffstat (limited to 'openstack')
| -rw-r--r-- | openstack/common/policy.py | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/openstack/common/policy.py b/openstack/common/policy.py index 5705d78..ec1e4e3 100644 --- a/openstack/common/policy.py +++ b/openstack/common/policy.py @@ -115,12 +115,18 @@ class Rules(dict): def __missing__(self, key): """Implements the default rule handling.""" + if isinstance(self.default_rule, dict): + raise KeyError(key) + # If the default rule isn't actually defined, do something # reasonably intelligent if not self.default_rule or self.default_rule not in self: raise KeyError(key) - return self[self.default_rule] + if isinstance(self.default_rule, BaseCheck): + return self.default_rule + elif isinstance(self.default_rule, six.string_types): + return self[self.default_rule] def __str__(self): """Dumps a string representation of the rules.""" @@ -153,7 +159,7 @@ class Enforcer(object): """ def __init__(self, policy_file=None, rules=None, default_rule=None): - self.rules = Rules(rules) + self.rules = Rules(rules, default_rule) self.default_rule = default_rule or CONF.policy_default_rule self.policy_path = None @@ -172,13 +178,14 @@ class Enforcer(object): "got %s instead") % type(rules)) if overwrite: - self.rules = Rules(rules) + self.rules = Rules(rules, self.default_rule) else: - self.update(rules) + self.rules.update(rules) def clear(self): """Clears Enforcer rules, policy's cache and policy's path.""" self.set_rules({}) + self.default_rule = None self.policy_path = None def load_rules(self, force_reload=False): @@ -194,8 +201,7 @@ class Enforcer(object): reloaded, data = fileutils.read_cached_file(self.policy_path, force_reload=force_reload) - - if reloaded: + if reloaded or not self.rules: rules = Rules.load_json(data, self.default_rule) self.set_rules(rules) LOG.debug(_("Rules successfully reloaded")) |