From e2ad8f6ce87e72cd6187ff0039aa7a3d06b8ce32 Mon Sep 17 00:00:00 2001 From: Ghanshyam Mann Date: Thu, 9 Apr 2020 10:18:00 -0500 Subject: [PATCH] Fix doc comments for new enforce default flag This commit fixes the review comments from patch - https://review.opendev.org/#/c/717943/ Change-Id: I00edbea503aefbce31cbb43a74929db752235bf0 --- oslo_policy/opts.py | 12 ++++++------ oslo_policy/policy.py | 4 ++-- .../notes/enforce_new_defaults-6ae17d8b8d166a2c.yaml | 12 ++++++------ 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/oslo_policy/opts.py b/oslo_policy/opts.py index 16e3696b..5eb93d7d 100644 --- a/oslo_policy/opts.py +++ b/oslo_policy/opts.py @@ -39,12 +39,12 @@ _options = [ help=_('This option controls whether or not to use old ' 'deprecated defaults when evaluating policies. If ' '``True``, the old deprecated defaults are not going ' - 'to be evaluated which mean if any existing token ' - 'allowed for old defaults but disallowed for new ' - 'defaults will be disallowed. It is encouraged to ' - 'enable this flag along with ``enforce_scope`` flag ' - 'so that you can get benefits of new defaults and ' - '``scope_type`` together')), + 'to be evaluated. This means if any existing token is ' + 'allowed for old defaults but is disallowed for new ' + 'defaults, it will be disallowed. It is encouraged to ' + 'enable this flag along with the ``enforce_scope`` ' + 'flag so that you can get the benefits of new defaults ' + 'and ``scope_type`` together')), cfg.StrOpt('policy_file', default='policy.json', help=_('The relative or absolute path of a file that maps ' diff --git a/oslo_policy/policy.py b/oslo_policy/policy.py index b0193150..2bcd3539 100644 --- a/oslo_policy/policy.py +++ b/oslo_policy/policy.py @@ -696,8 +696,8 @@ class Enforcer(object): # messages telling them stuff is going to change if they don't maintain # the policy manually or add infrastructure to their deployment to # support the new policy. - # If flag enforce_new_defaults is true then do not add OrCheck - # the old check_str and enforce only new defaults. + # If the enforce_new_defaults flag is True, do not add OrCheck to the + # old check_str and enforce only the new defaults. if (not self.conf.oslo_policy.enforce_new_defaults and deprecated_rule.check_str != default.check_str and default.name not in self.file_rules): diff --git a/releasenotes/notes/enforce_new_defaults-6ae17d8b8d166a2c.yaml b/releasenotes/notes/enforce_new_defaults-6ae17d8b8d166a2c.yaml index 8ff851f2..4a537de2 100644 --- a/releasenotes/notes/enforce_new_defaults-6ae17d8b8d166a2c.yaml +++ b/releasenotes/notes/enforce_new_defaults-6ae17d8b8d166a2c.yaml @@ -3,9 +3,9 @@ features: A new configuration option ``enforce_new_defaults`` has been added to the ``[oslo_policy]`` group to control whether or not to use the old deprecated defaults. If ``True``, the old deprecated - defaults are not going to be evaluated which mean if any existing - token allowed for old defaults but disallowed for new defaults - will be disallowed. It is encouraged to enable this flag along - with ``enforce_scope`` flag so that you can get benefits of new - defaults and ``scope_type`` together. This way operators can switch - to new defaults without overwriting the rule in policy file. + defaults are not going to be evaluated which means if any existing + token is allowed for old defaults but disallowed for new defaults + it will be disallowed. It is encouraged to enable this flag along + with the ``enforce_scope`` flag so that you can get the benefits of + new defaults and ``scope_type`` together. This way operators can switch + to new defaults without overwriting the rules in the policy file.