commit c7da7a69250fcffb6841d36710770608d603bb6a
Author: Devananda van der Veen <email address hidden>
Date: Fri Jun 3 15:43:12 2016 -0700
Add keystone policy support to Ironic
Implements more fine-grained policy support within our API service,
following the oslo policy-in-code spec, while maintaining compatibility
with the previous default policy.json file. An empty policy.json file is
included, along with a sample file listig all supported policy settings
and their default values.
A new tox target "genpolicy" has been added to ease automation of
sample policy file generation.
All calls to policy.enforce() have been replaced with with
policy.authorize() to avoid silent failures when a rule is undefined,
because enforce() does not raise() if the target rule does not exist.
NOTE: policy.enforce() is not removed by this patch, but a deprecation
warning will be logged if it this method is invoked.
Updates unit test coverage for the new authorize() method, as well as
more general unit test updates for some of the new rules.
Reviewed: https:/ /review. openstack. org/325599 /git.openstack. org/cgit/ openstack/ ironic/ commit/ ?id=c7da7a69250 fcffb6841d36710 770608d603bb6a
Committed: https:/
Submitter: Jenkins
Branch: master
commit c7da7a69250fcff b6841d367107706 08d603bb6a
Author: Devananda van der Veen <email address hidden>
Date: Fri Jun 3 15:43:12 2016 -0700
Add keystone policy support to Ironic
Implements more fine-grained policy support within our API service,
following the oslo policy-in-code spec, while maintaining compatibility
with the previous default policy.json file. An empty policy.json file is
included, along with a sample file listig all supported policy settings
and their default values.
A new tox target "genpolicy" has been added to ease automation of
sample policy file generation.
All calls to policy.enforce() have been replaced with with authorize( ) to avoid silent failures when a rule is undefined,
policy.
because enforce() does not raise() if the target rule does not exist.
NOTE: policy.enforce() is not removed by this patch, but a deprecation
warning will be logged if it this method is invoked.
Updates unit test coverage for the new authorize() method, as well as
more general unit test updates for some of the new rules.
Partial-bug: #1526752 27e2fe209c17d85 4421687c7b7
Change-Id: Ie4398f840601d0