Keep new RBAC disable by default
oslo.policy has enabled the new RBAC config options enforce_scope and enforce_new_defaults by default[1][2]. Until Aodh is ready with the new RBAC, we need to continue disable them by overriding their default values. NOTE: there is no change in behaviour, aodh continue with the old RBAC as default. Needed-By: https://review.opendev.org/c/openstack/requirements/+/925464 [1] https://review.opendev.org/c/openstack/oslo.policy/+/924283 [2] https://review.opendev.org/c/openstack/releases/+/925032 Change-Id: Ifac31d1fc11b44fd6d3d18041f8bacee8287bccf
This commit is contained in:
parent
f43e903117
commit
ab00dac26f
@ -19,11 +19,17 @@ from pecan import hooks
|
|||||||
|
|
||||||
from aodh.api import policies
|
from aodh.api import policies
|
||||||
|
|
||||||
# TODO(gmann): Remove setting the default value of config policy_file
|
# TODO(gmann): Remove overriding the default value of config options:
|
||||||
# once oslo_policy change the default value to 'policy.yaml'.
|
# - 'policy_file' once oslo_policy change their default value to what is
|
||||||
# https://github.com/openstack/oslo.policy/blob/a626ad12fe5a3abd49d70e3e5b95589d279ab578/oslo_policy/opts.py#L49
|
# overridden here.
|
||||||
|
# - 'enforce_scope', and 'enforce_new_defaults' once aodh is ready with the
|
||||||
|
# new RBAC (oslo_policy enable them by default)
|
||||||
DEFAULT_POLICY_FILE = 'policy.yaml'
|
DEFAULT_POLICY_FILE = 'policy.yaml'
|
||||||
opts.set_defaults(cfg.CONF, DEFAULT_POLICY_FILE)
|
opts.set_defaults(
|
||||||
|
cfg.CONF,
|
||||||
|
DEFAULT_POLICY_FILE,
|
||||||
|
enforce_scope=False,
|
||||||
|
enforce_new_defaults=False)
|
||||||
|
|
||||||
|
|
||||||
class ConfigHook(hooks.PecanHook):
|
class ConfigHook(hooks.PecanHook):
|
||||||
|
@ -27,8 +27,11 @@ def set_lib_defaults():
|
|||||||
"""
|
"""
|
||||||
set_cors_middleware_defaults()
|
set_cors_middleware_defaults()
|
||||||
|
|
||||||
# Update default value of oslo.policy policy_file config option.
|
# Update default value of oslo.policy policy_file, ,
|
||||||
policy_opts.set_defaults(cfg.CONF, 'policy.yaml')
|
# enforce_scope, and enforce_new_defaults config options.
|
||||||
|
policy_opts.set_defaults(cfg.CONF, 'policy.yaml',
|
||||||
|
enforce_scope=False,
|
||||||
|
enforce_new_defaults=False)
|
||||||
|
|
||||||
|
|
||||||
def set_cors_middleware_defaults():
|
def set_cors_middleware_defaults():
|
||||||
|
@ -10,7 +10,7 @@ oslo.config>=6.8.0 # Apache-2.0
|
|||||||
oslo.i18n>=1.5.0 # Apache-2.0
|
oslo.i18n>=1.5.0 # Apache-2.0
|
||||||
oslo.log>=4.3.0 # Apache-2.0
|
oslo.log>=4.3.0 # Apache-2.0
|
||||||
oslo.reports>=1.18.0 # Apache-2.0
|
oslo.reports>=1.18.0 # Apache-2.0
|
||||||
oslo.policy>=3.7.0 # Apache-2.0
|
oslo.policy>=3.11.0 # Apache-2.0
|
||||||
oslo.upgradecheck>=1.3.0 # Apache-2.0
|
oslo.upgradecheck>=1.3.0 # Apache-2.0
|
||||||
PasteDeploy>=1.5.0
|
PasteDeploy>=1.5.0
|
||||||
pbr>=2.0.0 # Apache-2.0
|
pbr>=2.0.0 # Apache-2.0
|
||||||
|
Loading…
Reference in New Issue
Block a user