python-oslo.policy 1.14.0-2 / usr / lib / python2.7 / dist-packages / oslo_policy / shell.py

This file is indexed.

/usr/lib/python2.7/dist-packages/oslo_policy/shell.py is in python-oslo.policy 1.14.0-2.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
#!/usr/bin/env python

# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.

import argparse
import sys

from oslo_serialization import jsonutils

from oslo_policy import policy


def _try_rule(key, rule, target, access_data, o):
    try:
        result = rule(target, access_data, o)
        if result:
            print("passed: %s" % key)
        else:
            print("failed: %s" % key)
    except Exception as e:
        print(e)
        print("exception: %s" % rule)


def tool(policy_file, access_file, apply_rule, is_admin=False):
    access = access_file.read()
    access_data = jsonutils.loads(access)['token']
    access_data['roles'] = [role['name'] for role in access_data['roles']]
    access_data['project_id'] = access_data['project']['id']
    access_data['is_admin'] = is_admin
    policy_data = policy_file.read()
    rules = policy.Rules.load(policy_data, "default")

    class Object(object):
        pass
    o = Object()
    o.rules = rules

    target = {"project_id": access_data['project_id']}

    if apply_rule:
        key = apply_rule
        rule = rules[apply_rule]
        _try_rule(key, rule, target, access_data, o)
        return
    for key, rule in rules.items():
        if ":" in key:
            if apply_rule:
                if (apply_rule == key):
                    _try_rule(key, rule, target, access_data, o)
            else:
                _try_rule(key, rule, target, access_data, o)


def main(argv=sys.argv[1:]):
    parser = argparse.ArgumentParser(sys.argv[0])
    parser.add_argument(
        '--policy',
        required=True,
        type=argparse.FileType('rb', 0),
        help='path to a policy file')
    parser.add_argument(
        '--access',
        required=True,
        type=argparse.FileType('rb', 0),
        help='path to a file containing OpenStack Identity API' +
        ' access info in JSON format')
    parser.add_argument(
        '--rule',
        help='rule to test')

    parser.add_argument(
        '--is_admin',
        help='set is_admin=True on the credentials used for the evaluation')

    args = parser.parse_args()
    try:
        apply_rule = args.rule
    except Exception:
        apply_rule = None
    try:
        is_admin = args.is_admin.lower() == "true"
    except Exception:
        is_admin = False
    tool(args.policy, args.access, apply_rule, is_admin)


if __name__ == "__main__":
    sys.exit(main(sys.argv[1:]))

APT Browse - Built by Thomas Orozco.