Drop logic for absence of segregation rule
Since all policy rules were implemented as code, there is no chance that the segregation policy rule does not exist. Change-Id: If30adba443ead164af55c947a1822f8690da5e53
This commit is contained in:
parent
2813c83e5b
commit
fac8aa64a0
@ -67,17 +67,8 @@ def get_limited_to(req, enforcer):
|
|||||||
one of these.
|
one of these.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
# TODO(sileht): Only filtering on role work currently for segregation
|
|
||||||
# oslo.policy expects the target to be the alarm. That will allow
|
|
||||||
# creating more enhanced rbac. But for now we enforce the
|
|
||||||
# scoping of request to the project-id, so...
|
|
||||||
target = {}
|
|
||||||
ctxt = context.RequestContext.from_environ(req.environ)
|
ctxt = context.RequestContext.from_environ(req.environ)
|
||||||
# maintain backward compat with Juno and previous by using context_is_admin
|
if not enforcer.enforce('segregation', {}, ctxt.to_dict()):
|
||||||
# rule if the segregation rule (added in Kilo) is not defined
|
|
||||||
rules = enforcer.rules.keys()
|
|
||||||
rule_name = 'segregation' if 'segregation' in rules else 'context_is_admin'
|
|
||||||
if not enforcer.enforce(rule_name, target, ctxt.to_dict()):
|
|
||||||
return ctxt.user_id, ctxt.project_id
|
return ctxt.user_id, ctxt.project_id
|
||||||
|
|
||||||
return None, None
|
return None, None
|
||||||
|
Loading…
x
Reference in New Issue
Block a user