diff options
Diffstat (limited to 'tools/policies/generate_opst_policy.py')
| -rw-r--r-- | tools/policies/generate_opst_policy.py | 167 |
1 files changed, 0 insertions, 167 deletions
diff --git a/tools/policies/generate_opst_policy.py b/tools/policies/generate_opst_policy.py deleted file mode 100644 index dd01d1c1..00000000 --- a/tools/policies/generate_opst_policy.py +++ /dev/null @@ -1,167 +0,0 @@ -import json -import os -import logging -import argparse - - -FILES = [ - "cinder.policy.json", - "glance.policy.json", - "keystone.policy.json", - "neutron.policy.json", - "nova.policy.json", -] -policy = { - "pdps": [{ - "name": "external_pdp", - "keystone_project_id": "", - "description": "", - "policies": [{"name": "OpenStack RBAC Policy"}]} - ], - - "policies": [{ - "name": "OpenStack RBAC Policy", - "genre": "authz", - "description": "A RBAC policy similar of what you can find through policy.json files", - "model": {"name": "OPST_RBAC"}, "mandatory": True, "override": True} - ], - - "models": [{"name": "OPST_RBAC", "description": "", "meta_rules": [{"name": "rbac"}], "override": True}], - - "subjects": [ - {"name": "admin", "description": "", "extra": {}, "policies": [{"name": "OpenStack RBAC Policy"}]}, - {"name": "demo", "description": "", "extra": {}, "policies": [{"name": "OpenStack RBAC Policy"}]} - ], - - "subject_categories": [{"name": "role", "description": "a role in OpenStack"}], - - "subject_data": [ - {"name": "admin", "description": "the admin role", "policies": [], "category": {"name": "role"}}, - {"name": "member", "description": "the member role", "policies": [], "category": {"name": "role"}} - ], - - "subject_assignments": [ - {"subject": {"name": "admin"}, "category": {"name": "role"}, "assignments": [{"name": "admin"}, {"name": "member"}]}, - {"subject": {"name": "demo"}, "category": {"name": "role"}, "assignments": [{"name": "member"}]} - ], - - "objects": [], - - "object_categories": [{"name": "id", "description": "the UID of each virtual machine"}], - - "object_data": [ - { - "name": "all_vm", - "description": "represents all virtual machines in this project", - "policies": [], - "category": {"name": "id"}}, - ], - - "object_assignments": [], - - "actions": [], - - "action_categories": [{"name": "action_id", "description": ""}], - - "action_data": [], - - "action_assignments": [], - - "meta_rules": [ - { - "name": "rbac", "description": "", - "subject_categories": [{"name": "role"}], - "object_categories": [{"name": "id"}], - "action_categories": [{"name": "action_id"}] - } - ], - - "rules": [], - -} -logger = logging.getLogger(__name__) - - -def init(): - parser = argparse.ArgumentParser() - parser.add_argument("--verbose", '-v', action='store_true', help='verbose mode') - parser.add_argument("--debug", '-d', action='store_true', help='debug mode') - parser.add_argument("--dir", help='directory containing policy files', default="./policy.json.d") - parser.add_argument("--indent", '-i', help='indent the output (default:None)', type=int, default=None) - parser.add_argument("--output", '-o', help='output name', type=str, default="opst_default_policy.json") - args = parser.parse_args() - logging_format = "%(levelname)s: %(message)s" - if args.verbose: - logging.basicConfig(level=logging.INFO, format=logging_format) - if args.debug: - logging.basicConfig(level=logging.DEBUG, format=logging_format) - else: - logging.basicConfig(format=logging_format) - return args - - -def get_rules(args): - results = {} - for f in FILES: - _json_file = json.loads(open(os.path.join(args.dir, f)).read()) - keys = list(_json_file.keys()) - values = list(_json_file.values()) - for value in values: - if value in keys: - keys.remove(value) - component = os.path.basename(f).split(".")[0] - results[component] = keys - return results - - -def build_dict(results): - for key in results: - for rule in results[key]: - _output = { - "name": rule, - "description": "{} action for {}".format(rule, key), - "extra": {"component": key}, - "policies": [] - } - policy['actions'].append(_output) - _output = { - "name": rule, - "description": "{} action for {}".format(rule, key), - "policies": [], - "category": {"name": "action_id"} - } - policy['action_data'].append(_output) - _output = { - "action": {"name": rule}, - "category": {"name": "action_id"}, - "assignments": [{"name": rule}, ]} - policy['action_assignments'].append(_output) - _output = { - "meta_rule": {"name": "rbac"}, - "rule": { - "subject_data": [{"name": "admin"}], - "object_data": [{"name": "all_vm"}], - "action_data": [{"name": rule}] - }, - "policy": {"name": "OpenStack RBAC Policy"}, - "instructions": {"decision": "grant"}, - "enabled": True - } - policy['rules'].append(_output) - # TODO: add rules for member only - # TODO: add rules for everyone - - -def write_dict(args): - json.dump(policy, open(args.output, "w"), indent=args.indent) - - -def main(): - args = init() - rules = get_rules(args) - build_dict(rules) - write_dict(args) - - -if __name__ == "__main__": - main()
\ No newline at end of file |