diff options
| author | mitya-eremeev-2 <mitossvyaz@mail.ru> | 2021-10-21 14:45:52 +0000 |
|---|---|---|
| committer | Mitya_Eremeev <mitossvyaz@mail.ru> | 2021-10-21 17:54:39 +0300 |
| commit | 302643b027a3f3d894c32054cee2220e02a20a8a (patch) | |
| tree | fdab7c227c7251aa4c9628c8324f671be5077266 | |
| parent | 949289e094090757576f9251019e10d53af7a663 (diff) | |
| download | oslo-policy-302643b027a3f3d894c32054cee2220e02a20a8a.tar.gz | |
Don't reset rules without overwriting
If an user uses Enforcer without overwriting (Enforcer(overwrite=False))
we should not reset rules and only update loaded rules.
Enforcer without overwriting is a weird behavior, but it is supported at this moment.
Maybe it will be eliminated in future because it's misleading.
Operator cannot conclude what rules are loaded by simply looking in config files.
Change-Id: I2871407f8c7417a016415ccc166c1f37a9e17908
Closes-Bug: 1943584
| -rw-r--r-- | oslo_policy/policy.py | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/oslo_policy/policy.py b/oslo_policy/policy.py index bf5556e..2101d9c 100644 --- a/oslo_policy/policy.py +++ b/oslo_policy/policy.py @@ -657,12 +657,12 @@ class Enforcer(object): # rules in main policy file. And after that we apply rules # from every policy directory. if self.policy_path: - if not policy_file_rules_changed: + if not policy_file_rules_changed and self.overwrite: self._load_policy_file(path=self.policy_path, force_reload=True, overwrite=self.overwrite ) - else: + elif self.overwrite: self.rules = Rules(default_rule=self.default_rule) for path in existing_policy_dirs: self._walk_through_policy_directory( |