Drop logic for absence of segregation rule

Since all policy rules were implemented as code, there is no chance
that the segregation policy rule does not exist.

Change-Id: If30adba443ead164af55c947a1822f8690da5e53
This commit is contained in:
Takashi Kajinami 2024-11-26 22:23:21 +09:00
parent 2813c83e5b
commit fac8aa64a0

View File

@ -67,17 +67,8 @@ def get_limited_to(req, enforcer):
one of these. one of these.
""" """
# TODO(sileht): Only filtering on role work currently for segregation
# oslo.policy expects the target to be the alarm. That will allow
# creating more enhanced rbac. But for now we enforce the
# scoping of request to the project-id, so...
target = {}
ctxt = context.RequestContext.from_environ(req.environ) ctxt = context.RequestContext.from_environ(req.environ)
# maintain backward compat with Juno and previous by using context_is_admin if not enforcer.enforce('segregation', {}, ctxt.to_dict()):
# rule if the segregation rule (added in Kilo) is not defined
rules = enforcer.rules.keys()
rule_name = 'segregation' if 'segregation' in rules else 'context_is_admin'
if not enforcer.enforce(rule_name, target, ctxt.to_dict()):
return ctxt.user_id, ctxt.project_id return ctxt.user_id, ctxt.project_id
return None, None return None, None