fix(region): allow disable default policy

pkg/ansibleserver/service/service.go

@@ -30,7 +30,7 @@ import (
 
 func StartService() {
 	opts := &options.Options
-	common_options.ParseOptions(opts, os.Args, "ansibleserver.conf", "ansibleserver")
+	common_options.ParseOptions(opts, os.Args, "ansibleserver.conf", "ansibleserver", nil)
 
 	commonOpts := &opts.CommonOptions
 	common_app.InitAuth(commonOpts, func() {

pkg/apigateway/service/service.go

@@ -38,7 +38,7 @@ func StartService() {
 	opts := options.Options
 	baseOpts := &opts.BaseOptions
 	commonOpts := &opts.CommonOptions
-	common_options.ParseOptions(opts, os.Args, "apigateway.conf", api.SERVICE_TYPE)
+	common_options.ParseOptions(opts, os.Args, "apigateway.conf", api.SERVICE_TYPE, nil)
 	app_common.InitAuth(commonOpts, func() {
 		log.Infof("Auth complete.")
 	})

pkg/apimap/options/options.go

@@ -34,7 +34,7 @@ func GetOptions() *SOptions {
 }
 
 func Init() {
-	common_options.ParseOptions(&opts, os.Args, "apimap.conf", "apimap")
+	common_options.ParseOptions(&opts, os.Args, "apimap.conf", "apimap", nil)
 	options.Options = opts.ComputeOptions
 }
 func OnOptionsChange(oldO, newO interface{}) bool {

pkg/apis/identity/consts.go

@@ -236,6 +236,7 @@ var (
 			// kubeserver blacklist options
 			// ############################
 			"running_mode",
+			"enable_default_policy",
 		},
 	}
 )

pkg/baremetal/service/service.go

@@ -46,7 +46,7 @@ func New() *BaremetalService {
 }
 
 func (s *BaremetalService) StartService() {
-	common_options.ParseOptions(&o.Options, os.Args, "baremetal.conf", "baremetal")
+	common_options.ParseOptions(&o.Options, os.Args, "baremetal.conf", "baremetal", nil)
 
 	if len(o.Options.CachePath) == 0 {
 		o.Options.CachePath = filepath.Join(filepath.Dir(o.Options.BaremetalsPath), "bm_image_cache")

pkg/cloudcommon/consts/db.go

@@ -31,6 +31,8 @@ var (
 	localTaskWorkerCount int
 
 	enableChangeOwnerAutoRename = false
+
+	enableDefaultPolicy = true
 )
 
 func SetDefaultDB(dialect, connStr string) {
@@ -81,3 +83,11 @@ func TaskWorkerCount() int {
 func LocalTaskWorkerCount() int {
 	return localTaskWorkerCount
 }
+
+func SetDefaultPolicy(enable bool) {
+	enableDefaultPolicy = enable
+}
+
+func IsEnableDefaultPolicy() bool {
+	return enableDefaultPolicy == true
+}

pkg/cloudcommon/options/options.go

@@ -19,7 +19,7 @@ import (
 	"crypto/x509"
 	"encoding/pem"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"net/url"
 	"os"
@@ -123,6 +123,7 @@ type BaseOptions struct {
 	EnableAppProfiling bool `help:"enable profiling API" default:"false"`
 
 	EnableChangeOwnerAutoRename bool `help:"Allows renaming when changing names" default:"false"`
+	EnableDefaultPolicy         bool `help:"Enable defualt policies" default:"true"`
 }
 
 const (
@@ -220,7 +221,7 @@ func (opt *EtcdOptions) GetEtcdTLSConfig() (*tls.Config, error) {
 		opt.EtcdUseTLS = true
 	}
 	if opt.EtcdCacert != "" {
-		data, err := ioutil.ReadFile(opt.EtcdCacert)
+		data, err := os.ReadFile(opt.EtcdCacert)
 		if err != nil {
 			return nil, errors.Wrap(err, "read cacert file")
 		}
@@ -279,8 +280,11 @@ func ParseOptionsIgnoreNoConfigfile(optStruct interface{}, args []string, config
 	parseOptions(optStruct, args, configFileName, serviceType, true)
 }
 
-func ParseOptions(optStruct interface{}, args []string, configFileName string, serviceType string) {
+func ParseOptions(optStruct interface{}, args []string, configFileName string, serviceType string, callback func()) {
 	parseOptions(optStruct, args, configFileName, serviceType, false)
+	if callback != nil {
+		callback()
+	}
 }
 
 func parseOptions(optStruct interface{}, args []string, configFileName string, serviceType string, ignoreNoConfigfile bool) {
@@ -377,7 +381,7 @@ func parseOptions(optStruct interface{}, args []string, configFileName string, s
 		h.Init()
 		log.DisableColors()
 		log.Logger().AddHook(h)
-		log.Logger().Out = ioutil.Discard
+		log.Logger().Out = io.Discard
 		atexit.Register(atexit.ExitHandler{
 			Prio:   atexit.PRIO_LOG_CLOSE,
 			Reason: "deinit log rotate hook",
@@ -397,6 +401,7 @@ func parseOptions(optStruct interface{}, args []string, configFileName string, s
 
 	consts.SetTaskWorkerCount(optionsRef.TaskWorkerCount)
 	consts.SetLocalTaskWorkerCount(optionsRef.LocalTaskWorkerCount)
+	consts.SetDefaultPolicy(optionsRef.EnableDefaultPolicy)
 }
 
 func (self *BaseOptions) HttpTransportProxyFunc() httputils.TransportProxyFunc {

pkg/cloudevent/service/service.go

@@ -37,7 +37,7 @@ import (
 
 func StartService() {
 	opts := &options.Options
-	common_options.ParseOptions(opts, os.Args, "yunionevent.conf", api.SERVICE_TYPE)
+	common_options.ParseOptions(opts, os.Args, "yunionevent.conf", api.SERVICE_TYPE, nil)
 
 	commonOpts := &opts.CommonOptions
 	common_app.InitAuth(commonOpts, func() {

pkg/cloudid/policy/defaults.go

@@ -18,6 +18,7 @@ import (
 	"yunion.io/x/pkg/util/rbacscope"
 
 	api "yunion.io/x/onecloud/pkg/apis/cloudid"
+	"yunion.io/x/onecloud/pkg/cloudcommon/consts"
 	common_policy "yunion.io/x/onecloud/pkg/cloudcommon/policy"
 	"yunion.io/x/onecloud/pkg/util/rbacutils"
 )
@@ -108,6 +109,8 @@ var (
 	}
 )
 
-func init() {
-	common_policy.AppendDefaultPolicies(predefinedDefaultPolicies)
+func Init() {
+	if consts.IsEnableDefaultPolicy() {
+		common_policy.AppendDefaultPolicies(predefinedDefaultPolicies)
+	}
 }

pkg/cloudid/service/service.go

@@ -35,7 +35,7 @@ import (
 	_ "yunion.io/x/onecloud/pkg/cloudid/drivers"
 	"yunion.io/x/onecloud/pkg/cloudid/models"
 	"yunion.io/x/onecloud/pkg/cloudid/options"
-	_ "yunion.io/x/onecloud/pkg/cloudid/policy"
+	"yunion.io/x/onecloud/pkg/cloudid/policy"
 	"yunion.io/x/onecloud/pkg/cloudid/saml"
 	_ "yunion.io/x/onecloud/pkg/cloudid/tasks"
 	"yunion.io/x/onecloud/pkg/mcclient/auth"
@@ -46,7 +46,7 @@ func StartService() {
 	dbOpts := &opts.DBOptions
 	baseOpts := &opts.BaseOptions
 	commonOpts := &opts.CommonOptions
-	common_options.ParseOptions(opts, os.Args, "cloudid.conf", api.SERVICE_TYPE)
+	common_options.ParseOptions(opts, os.Args, "cloudid.conf", api.SERVICE_TYPE, policy.Init)
 
 	app_common.InitAuth(commonOpts, func() {
 		log.Infof("Auth complete!!")

pkg/cloudir/service/service.go

@@ -30,7 +30,7 @@ func StartService() {
 	opts := &options.Options
 	baseOpts := &opts.BaseOptions
 	commonOpts := &opts.CommonOptions
-	common_options.ParseOptions(opts, os.Args, "cloudir.conf", "cloudir")
+	common_options.ParseOptions(opts, os.Args, "cloudir.conf", "cloudir", nil)
 
 	app_common.InitAuth(commonOpts, func() {
 		log.Infof("Auth complete!!")

pkg/cloudmon/service/service.go

@@ -38,7 +38,7 @@ import (
 func StartService() {
 	opts := &options.Options
 	baseOpts := &options.Options.BaseOptions
-	common_options.ParseOptions(opts, os.Args, "cloudmon.conf", "cloudmon")
+	common_options.ParseOptions(opts, os.Args, "cloudmon.conf", "cloudmon", nil)
 
 	commonOpts := &opts.CommonOptions
 	app_common.InitAuth(commonOpts, func() {

pkg/cloudnet/service/service.go

@@ -35,7 +35,7 @@ import (
 
 func StartService() {
 	opts := &options.Options
-	common_options.ParseOptions(opts, os.Args, "cloudnet.conf", "cloudnet")
+	common_options.ParseOptions(opts, os.Args, "cloudnet.conf", "cloudnet", nil)
 
 	commonOpts := &opts.CommonOptions
 	app_common.InitAuth(commonOpts, func() {

pkg/cloudproxy/options/options.go

@@ -44,6 +44,7 @@ func Get() *Options {
 			os.Args,
 			"cloudproxy.conf",
 			api.SERVICE_TYPE,
+			nil,
 		)
 	})
 	return &opts

pkg/cloutpost/service/service.go

@@ -40,7 +40,7 @@ func StartService() {
 	opts := &options.Options
 	baseOpts := &opts.BaseOptions
 	commonOpts := &opts.CommonOptions
-	common_options.ParseOptions(opts, os.Args, "cloutpost.conf", SERVICE_TYPE)
+	common_options.ParseOptions(opts, os.Args, "cloutpost.conf", SERVICE_TYPE, nil)
 
 	app_common.InitAuth(commonOpts, func() {
 		log.Infof("Auth complete!!")

pkg/compute/policy/defaults.go

@@ -18,6 +18,7 @@ import (
 	"yunion.io/x/pkg/util/rbacscope"
 
 	api "yunion.io/x/onecloud/pkg/apis/compute"
+	"yunion.io/x/onecloud/pkg/cloudcommon/consts"
 	common_policy "yunion.io/x/onecloud/pkg/cloudcommon/policy"
 	"yunion.io/x/onecloud/pkg/util/rbacutils"
 )
@@ -403,6 +404,8 @@ var (
 	}
 )
 
-func init() {
-	common_policy.AppendDefaultPolicies(predefinedDefaultPolicies)
+func Init() {
+	if consts.IsEnableDefaultPolicy() {
+		common_policy.AppendDefaultPolicies(predefinedDefaultPolicies)
+	}
 }

pkg/compute/service/service.go

@@ -48,7 +48,7 @@ import (
 	_ "yunion.io/x/onecloud/pkg/compute/hostdrivers"
 	"yunion.io/x/onecloud/pkg/compute/models"
 	"yunion.io/x/onecloud/pkg/compute/options"
-	_ "yunion.io/x/onecloud/pkg/compute/policy"
+	"yunion.io/x/onecloud/pkg/compute/policy"
 	_ "yunion.io/x/onecloud/pkg/compute/regiondrivers"
 	_ "yunion.io/x/onecloud/pkg/compute/storagedrivers"
 	"yunion.io/x/onecloud/pkg/compute/tasks"
@@ -66,7 +66,7 @@ func StartServiceWithJobs(jobs func(cron *cronman.SCronJobManager)) {
 	commonOpts := &options.Options.CommonOptions
 	baseOpts := &options.Options.BaseOptions
 	dbOpts := &options.Options.DBOptions
-	common_options.ParseOptions(opts, os.Args, "region.conf", api.SERVICE_TYPE)
+	common_options.ParseOptions(opts, os.Args, "region.conf", api.SERVICE_TYPE, policy.Init)
 
 	if opts.PortV2 > 0 {
 		log.Infof("Port V2 %d is specified, use v2 port", opts.PortV2)

pkg/devtool/service/service.go

@@ -36,7 +36,7 @@ func StartService() {
 	commonOpts := &opts.CommonOptions
 	dbOpts := &options.Options.DBOptions
 	baseOpts := &opts.BaseOptions
-	common_options.ParseOptions(opts, os.Args, "devtool.conf", api.SERVICE_TYPE)
+	common_options.ParseOptions(opts, os.Args, "devtool.conf", api.SERVICE_TYPE, nil)
 
 	app_common.InitAuth(commonOpts, func() {
 		log.Infof("Auth complete!!")

pkg/esxi/service/esxi_agent_service.go

@@ -43,7 +43,7 @@ func New() *SExsiAgentService {
 }
 
 func (s *SExsiAgentService) StartService() {
-	options_common.ParseOptions(&options.Options, os.Args, "esxiagent.conf", "esxiagent")
+	options_common.ParseOptions(&options.Options, os.Args, "esxiagent.conf", "esxiagent", nil)
 
 	if len(options.Options.ImageCachePath) == 0 {
 		options.Options.ImageCachePath = filepath.Join(options.Options.EsxiAgentPath, "image_cache")

pkg/hostimage/host_image_service.go

@@ -59,12 +59,12 @@ func init() {
 
 func StartService() {
 	consts.SetServiceType("host-image")
-	common_options.ParseOptions(&HostImageOptions, os.Args, "host.conf", "host-image")
+	common_options.ParseOptions(&HostImageOptions, os.Args, "host.conf", "host-image", nil)
 	if len(HostImageOptions.CommonConfigFile) > 0 {
 		baseOpt := HostImageOptions.BaseOptions.BaseOptions
 		commonCfg := new(common_options.CommonOptions)
 		commonCfg.Config = HostImageOptions.CommonConfigFile
-		common_options.ParseOptions(commonCfg, []string{"host"}, "common.conf", "host")
+		common_options.ParseOptions(commonCfg, []string{"host"}, "common.conf", "host", nil)
 		HostImageOptions.CommonOptions = *commonCfg
 		HostImageOptions.BaseOptions.BaseOptions = baseOpt
 	}

pkg/hostman/hostdeployer/deployserver/options.go

@@ -55,7 +55,7 @@ func Parse() SDeployOptions {
 	if len(hostOpts.CommonConfigFile) > 0 && fileutils2.Exists(hostOpts.CommonConfigFile) {
 		commonCfg := &host_options.SHostBaseOptions{}
 		commonCfg.Config = hostOpts.CommonConfigFile
-		common_options.ParseOptions(commonCfg, []string{os.Args[0]}, "common.conf", "host")
+		common_options.ParseOptions(commonCfg, []string{os.Args[0]}, "common.conf", "host", nil)
 		baseOpt := hostOpts.BaseOptions.BaseOptions
 		hostOpts.SHostBaseOptions = *commonCfg
 		// keep base options

pkg/hostman/options/options.go

@@ -253,11 +253,11 @@ var (
 
 func Parse() SHostOptions {
 	var hostOpts SHostOptions
-	common_options.ParseOptions(&hostOpts, os.Args, "host.conf", "host")
+	common_options.ParseOptions(&hostOpts, os.Args, "host.conf", "host", nil)
 	if len(hostOpts.CommonConfigFile) > 0 && fileutils2.Exists(hostOpts.CommonConfigFile) {
 		commonCfg := &SHostBaseOptions{}
 		commonCfg.Config = hostOpts.CommonConfigFile
-		common_options.ParseOptions(commonCfg, []string{os.Args[0]}, "common.conf", "host")
+		common_options.ParseOptions(commonCfg, []string{os.Args[0]}, "common.conf", "host", nil)
 		baseOpt := hostOpts.BaseOptions.BaseOptions
 		hostOpts.SHostBaseOptions = *commonCfg
 		// keep base options

pkg/image/policy/defaults.go

@@ -18,6 +18,7 @@ import (
 	"yunion.io/x/pkg/util/rbacscope"
 
 	api "yunion.io/x/onecloud/pkg/apis/image"
+	"yunion.io/x/onecloud/pkg/cloudcommon/consts"
 	common_policy "yunion.io/x/onecloud/pkg/cloudcommon/policy"
 	"yunion.io/x/onecloud/pkg/util/rbacutils"
 )
@@ -65,6 +66,8 @@ var (
 	}
 )
 
-func init() {
-	common_policy.AppendDefaultPolicies(predefinedDefaultPolicies)
+func Init() {
+	if consts.IsEnableDefaultPolicy() {
+		common_policy.AppendDefaultPolicies(predefinedDefaultPolicies)
+	}
 }

pkg/image/service/service.go

@@ -40,7 +40,7 @@ import (
 	"yunion.io/x/onecloud/pkg/image/drivers/s3"
 	"yunion.io/x/onecloud/pkg/image/models"
 	"yunion.io/x/onecloud/pkg/image/options"
-	_ "yunion.io/x/onecloud/pkg/image/policy"
+	"yunion.io/x/onecloud/pkg/image/policy"
 	_ "yunion.io/x/onecloud/pkg/image/tasks"
 	"yunion.io/x/onecloud/pkg/image/torrent"
 	"yunion.io/x/onecloud/pkg/mcclient/auth"
@@ -54,7 +54,7 @@ func StartService() {
 	commonOpts := &opts.CommonOptions
 	baseOpts := &opts.BaseOptions
 	dbOpts := &opts.DBOptions
-	common_options.ParseOptions(opts, os.Args, "glance-api.conf", api.SERVICE_TYPE)
+	common_options.ParseOptions(opts, os.Args, "glance-api.conf", api.SERVICE_TYPE, policy.Init)
 
 	// no need to run glance as root any more
 	// isRoot := sysutils.IsRootPermission()

pkg/keystone/policy/defaults.go

@@ -18,6 +18,7 @@ import (
 	"yunion.io/x/pkg/util/rbacscope"
 
 	api "yunion.io/x/onecloud/pkg/apis/identity"
+	"yunion.io/x/onecloud/pkg/cloudcommon/consts"
 	common_policy "yunion.io/x/onecloud/pkg/cloudcommon/policy"
 	"yunion.io/x/onecloud/pkg/util/rbacutils"
 )
@@ -191,6 +192,8 @@ var (
 	}
 )
 
-func init() {
-	common_policy.AppendDefaultPolicies(predefinedDefaultPolicies)
+func Init() {
+	if consts.IsEnableDefaultPolicy() {
+		common_policy.AppendDefaultPolicies(predefinedDefaultPolicies)
+	}
 }

pkg/keystone/service/service.go

@@ -35,7 +35,7 @@ import (
 	"yunion.io/x/onecloud/pkg/keystone/cronjobs"
 	"yunion.io/x/onecloud/pkg/keystone/models"
 	"yunion.io/x/onecloud/pkg/keystone/options"
-	_ "yunion.io/x/onecloud/pkg/keystone/policy"
+	kpolicy "yunion.io/x/onecloud/pkg/keystone/policy"
 	"yunion.io/x/onecloud/pkg/keystone/saml"
 	_ "yunion.io/x/onecloud/pkg/keystone/tasks"
 	"yunion.io/x/onecloud/pkg/keystone/tokens"
@@ -62,7 +62,7 @@ func StartService() {
 	models.InitSyncWorkers()
 
 	opts := &options.Options
-	common_options.ParseOptions(opts, os.Args, "keystone.conf", api.SERVICE_TYPE)
+	common_options.ParseOptions(opts, os.Args, "keystone.conf", api.SERVICE_TYPE, kpolicy.Init)
 
 	if opts.Port == 0 {
 		opts.Port = 5000 // keystone well-known port

pkg/lbagent/service.go

@@ -38,12 +38,12 @@ func StartService() {
 	opts := &Options{}
 	commonOpts := &opts.CommonOptions
 	{
-		common_options.ParseOptions(opts, os.Args, "lbagent.conf", "lbagent")
+		common_options.ParseOptions(opts, os.Args, "lbagent.conf", "lbagent", nil)
 		if len(opts.CommonConfigFile) > 0 && fileutils2.Exists(opts.CommonConfigFile) {
 			log.Infof("read common config file: %s", opts.CommonConfigFile)
 			commonCfg := &LbagentCommonOptions{}
 			commonCfg.Config = opts.CommonConfigFile
-			common_options.ParseOptions(commonCfg, []string{os.Args[0]}, "common.conf", "lbagent")
+			common_options.ParseOptions(commonCfg, []string{os.Args[0]}, "common.conf", "lbagent", nil)
 			baseOpt := opts.BaseOptions.BaseOptions
 			opts.LbagentCommonOptions = *commonCfg
 			// keep base options