Fix doc comments for new enforce default flag
This commit fixes the review comments from patch - https://review.opendev.org/#/c/717943/ Change-Id: I00edbea503aefbce31cbb43a74929db752235bf0
This commit is contained in:
Ghanshyam Mann
parent
99012db14b
commit
e2ad8f6ce8
@ -39,12 +39,12 @@ _options = [
|
|||||||
help=_('This option controls whether or not to use old '
|
help=_('This option controls whether or not to use old '
|
||||||
'deprecated defaults when evaluating policies. If '
|
'deprecated defaults when evaluating policies. If '
|
||||||
'``True``, the old deprecated defaults are not going '
|
'``True``, the old deprecated defaults are not going '
|
||||||
'to be evaluated which mean if any existing token '
|
'to be evaluated. This means if any existing token is '
|
||||||
'allowed for old defaults but disallowed for new '
|
'allowed for old defaults but is disallowed for new '
|
||||||
'defaults will be disallowed. It is encouraged to '
|
'defaults, it will be disallowed. It is encouraged to '
|
||||||
'enable this flag along with ``enforce_scope`` flag '
|
'enable this flag along with the ``enforce_scope`` '
|
||||||
'so that you can get benefits of new defaults and '
|
'flag so that you can get the benefits of new defaults '
|
||||||
'``scope_type`` together')),
|
'and ``scope_type`` together')),
|
||||||
cfg.StrOpt('policy_file',
|
cfg.StrOpt('policy_file',
|
||||||
default='policy.json',
|
default='policy.json',
|
||||||
help=_('The relative or absolute path of a file that maps '
|
help=_('The relative or absolute path of a file that maps '
|
||||||
|
|||||||
@ -696,8 +696,8 @@ class Enforcer(object):
|
|||||||
# messages telling them stuff is going to change if they don't maintain
|
# messages telling them stuff is going to change if they don't maintain
|
||||||
# the policy manually or add infrastructure to their deployment to
|
# the policy manually or add infrastructure to their deployment to
|
||||||
# support the new policy.
|
# support the new policy.
|
||||||
# If flag enforce_new_defaults is true then do not add OrCheck
|
# If the enforce_new_defaults flag is True, do not add OrCheck to the
|
||||||
# the old check_str and enforce only new defaults.
|
# old check_str and enforce only the new defaults.
|
||||||
if (not self.conf.oslo_policy.enforce_new_defaults
|
if (not self.conf.oslo_policy.enforce_new_defaults
|
||||||
and deprecated_rule.check_str != default.check_str
|
and deprecated_rule.check_str != default.check_str
|
||||||
and default.name not in self.file_rules):
|
and default.name not in self.file_rules):
|
||||||
|
|||||||
@ -3,9 +3,9 @@ features:
|
|||||||
A new configuration option ``enforce_new_defaults`` has been
|
A new configuration option ``enforce_new_defaults`` has been
|
||||||
added to the ``[oslo_policy]`` group to control whether or not to
|
added to the ``[oslo_policy]`` group to control whether or not to
|
||||||
use the old deprecated defaults. If ``True``, the old deprecated
|
use the old deprecated defaults. If ``True``, the old deprecated
|
||||||
defaults are not going to be evaluated which mean if any existing
|
defaults are not going to be evaluated which means if any existing
|
||||||
token allowed for old defaults but disallowed for new defaults
|
token is allowed for old defaults but disallowed for new defaults
|
||||||
will be disallowed. It is encouraged to enable this flag along
|
it will be disallowed. It is encouraged to enable this flag along
|
||||||
with ``enforce_scope`` flag so that you can get benefits of new
|
with the ``enforce_scope`` flag so that you can get the benefits of
|
||||||
defaults and ``scope_type`` together. This way operators can switch
|
new defaults and ``scope_type`` together. This way operators can switch
|
||||||
to new defaults without overwriting the rule in policy file.
|
to new defaults without overwriting the rules in the policy file.
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user