diff options
| author | Lance Bragstad <lbragstad@gmail.com> | 2020-10-29 18:28:22 +0000 |
|---|---|---|
| committer | Lance Bragstad <lbragstad@gmail.com> | 2020-10-29 18:33:25 +0000 |
| commit | 5d2f716e4be69e31cc48e326cb024aa18c83bbe9 (patch) | |
| tree | 88d3e996af7ffcef7828ca874c5507c485c3761a | |
| parent | 5d7c92e20463fb2ba9a508789b8e2d5a3ce78f0f (diff) | |
| download | keystone-5d2f716e4be69e31cc48e326cb024aa18c83bbe9.tar.gz | |
Use enforce_new_defaults when setting up keystone protection tests
The `keystone.conf [oslo_policy] enforce_new_defaults` option is meant
to help deployments that want to opt into the new policy enforcement
model (with scope checking) but without having to generate override
files. This is the case for devstack and tempest.
We can use this to bypass generating a policy file with just the new
policies for tempest testing.
Change-Id: I3b219bde569c5a8001aec0c243027b6881254304
| -rw-r--r-- | devstack/lib/scope.sh | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/devstack/lib/scope.sh b/devstack/lib/scope.sh index 05b605cd9..255ed695e 100644 --- a/devstack/lib/scope.sh +++ b/devstack/lib/scope.sh @@ -14,9 +14,9 @@ function configure_enforce_scope { iniset $KEYSTONE_CONF oslo_policy enforce_scope true + iniset $KEYSTONE_CONF oslo_policy enforce_new_defaults true iniset $KEYSTONE_CONF oslo_policy policy_file policy.yaml sudo systemctl restart devstack@keystone - oslopolicy-policy-generator --namespace keystone > /etc/keystone/policy.yaml } function configure_protection_tests { |