summaryrefslogtreecommitdiff
path: root/keystone/common/rbac_enforcer/enforcer.py
diff options
context:
space:
mode:
Diffstat (limited to 'keystone/common/rbac_enforcer/enforcer.py')
-rw-r--r--keystone/common/rbac_enforcer/enforcer.py8
1 files changed, 8 insertions, 0 deletions
diff --git a/keystone/common/rbac_enforcer/enforcer.py b/keystone/common/rbac_enforcer/enforcer.py
index ca6a8e7b2..7add048ce 100644
--- a/keystone/common/rbac_enforcer/enforcer.py
+++ b/keystone/common/rbac_enforcer/enforcer.py
@@ -14,6 +14,7 @@ import functools
import flask
from oslo_log import log
+from oslo_policy import opts
from oslo_policy import policy as common_policy
from oslo_utils import strutils
@@ -39,6 +40,13 @@ _POSSIBLE_TARGET_ACTIONS = frozenset([
_ENFORCEMENT_CHECK_ATTR = 'keystone:RBAC:enforcement_called'
+# TODO(gmann): Remove setting the default value of config policy_file
+# once oslo_policy change the default value to 'policy.yaml'.
+# https://github.com/openstack/oslo.policy/blob/a626ad12fe5a3abd49d70e3e5b95589d279ab578/oslo_policy/opts.py#L49
+DEFAULT_POLICY_FILE = 'policy.yaml'
+opts.set_defaults(CONF, DEFAULT_POLICY_FILE)
+
+
class RBACEnforcer(object):
"""Enforce RBAC on API calls."""
View Lorry Controller Status