From fac8aa64a0468f0c1bba3ad8e0a45623e7ad48db Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Tue, 26 Nov 2024 22:23:21 +0900 Subject: [PATCH] Drop logic for absence of segregation rule Since all policy rules were implemented as code, there is no chance that the segregation policy rule does not exist. Change-Id: If30adba443ead164af55c947a1822f8690da5e53 --- aodh/api/rbac.py | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/aodh/api/rbac.py b/aodh/api/rbac.py index e82c3f8fd..4bdae104d 100644 --- a/aodh/api/rbac.py +++ b/aodh/api/rbac.py @@ -67,17 +67,8 @@ def get_limited_to(req, enforcer): one of these. """ - # TODO(sileht): Only filtering on role work currently for segregation - # oslo.policy expects the target to be the alarm. That will allow - # creating more enhanced rbac. But for now we enforce the - # scoping of request to the project-id, so... - target = {} ctxt = context.RequestContext.from_environ(req.environ) - # maintain backward compat with Juno and previous by using context_is_admin - # rule if the segregation rule (added in Kilo) is not defined - rules = enforcer.rules.keys() - rule_name = 'segregation' if 'segregation' in rules else 'context_is_admin' - if not enforcer.enforce(rule_name, target, ctxt.to_dict()): + if not enforcer.enforce('segregation', {}, ctxt.to_dict()): return ctxt.user_id, ctxt.project_id return None, None