initial version

Change-Id: I699e0ab082657880998d8618fe29eb7f56c6c661
2015-06-04 15:26:55 +02:00
parent 073c6e49cb
commit d14e057da1
316 changed files with 27260 additions and 0 deletions
--- a/watcher/common/policy.py
+++ b/watcher/common/policy.py
@@ -0,0 +1,69 @@
+# Copyright (c) 2011 OpenStack Foundation
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+"""Policy Engine For Watcher."""
+
+from oslo_concurrency import lockutils
+from oslo_config import cfg
+
+from watcher.openstack.common import policy
+
+_ENFORCER = None
+CONF = cfg.CONF
+
+
+@lockutils.synchronized('policy_enforcer', 'watcher-')
+def init_enforcer(policy_file=None, rules=None,
+                  default_rule=None, use_conf=True):
+    """Synchronously initializes the policy enforcer
+
+       :param policy_file: Custom policy file to use, if none is specified,
+                           `CONF.policy_file` will be used.
+       :param rules: Default dictionary / Rules to use. It will be
+                     considered just in the first instantiation.
+       :param default_rule: Default rule to use, CONF.default_rule will
+                            be used if none is specified.
+       :param use_conf: Whether to load rules from config file.
+
+    """
+    global _ENFORCER
+
+    if _ENFORCER:
+        return
+
+    _ENFORCER = policy.Enforcer(policy_file=policy_file,
+                                rules=rules,
+                                default_rule=default_rule,
+                                use_conf=use_conf)
+
+
+def get_enforcer():
+    """Provides access to the single instance of Policy enforcer."""
+
+    if not _ENFORCER:
+        init_enforcer()
+
+    return _ENFORCER
+
+
+def enforce(rule, target, creds, do_raise=False, exc=None, *args, **kwargs):
+    """A shortcut for policy.Enforcer.enforce()
+
+    Checks authorization of a rule against the target and credentials.
+
+    """
+    enforcer = get_enforcer()
+    return enforcer.enforce(rule, target, creds, do_raise=do_raise,
+                            exc=exc, *args, **kwargs)