diff options
author | Ghanshyam Mann <gmann@ghanshyammann.com> | 2019-08-01 13:43:30 +0000 |
---|---|---|
committer | Ghanshyam Mann <gmann@ghanshyammann.com> | 2019-10-29 15:21:50 +0000 |
commit | 55ae1a5d5397638de7cfd2aec732a7685cc39f10 (patch) | |
tree | 80d308efb77728b5704f50db39ad47d42008daa8 /requirements.txt | |
parent | 9742a64403c0a0ae5e0b37df5b0bf3ba14ac4626 (diff) | |
download | nova-55ae1a5d5397638de7cfd2aec732a7685cc39f10.tar.gz |
Pass RequestContext to oslo_policy
In nova.policy.authorize() method, it convert the context
object to policy value by context.to_policy_values() and then
pass that into oslo.policy enforcer authorize() method.
This is fine till now and does not cause any issue but when
scope_type is set on policy and context then scope info is
not passed correctly.
In case of system scope, oslo.policy check for a key called 'system'
in creds. The oslo.context library uses `system_scope` instead[1],
and the compatibility between both oslo.policy and oslo.context
are handled when complete context is passed into oslo_policy[2].
If nova convert the context object to policy values then system scope
info is not passed into the oslo_policy. Better way is to pass the complete
context object to oslo_policy and let oslo_policy fetch the system scope
info in correct way.
Update the lower constraints for oslo.policy and oslo.context to have
system scope checks feature.
Partial implement blueprint policy-defaults-refresh
[1] https://github.com/openstack/oslo.context/blob/f65408df5cd5924f2879c3ee94d07fd27cb2cf73/oslo_context/context.py#L321
[2] https://github.com/openstack/oslo.policy/blob/b9fd10e2612f26c93d49c168a0408aba6d20e5bf/oslo_policy/policy.py#L994
Change-Id: I847fc44e62065e3d26e5595e178b83912ab5d19b
Diffstat (limited to 'requirements.txt')
-rw-r--r-- | requirements.txt | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/requirements.txt b/requirements.txt index 57e45ceba4..f623b60bff 100644 --- a/requirements.txt +++ b/requirements.txt @@ -37,7 +37,7 @@ websockify>=0.8.0 # LGPLv3 oslo.cache>=1.26.0 # Apache-2.0 oslo.concurrency>=3.26.0 # Apache-2.0 oslo.config>=6.1.0 # Apache-2.0 -oslo.context>=2.19.2 # Apache-2.0 +oslo.context>=2.21.0 # Apache-2.0 oslo.log>=3.36.0 # Apache-2.0 oslo.reports>=1.18.0 # Apache-2.0 oslo.serialization!=2.19.1,>=2.21.1 # Apache-2.0 @@ -46,7 +46,7 @@ oslo.utils>=3.40.2 # Apache-2.0 oslo.db>=4.44.0 # Apache-2.0 oslo.rootwrap>=5.8.0 # Apache-2.0 oslo.messaging>=7.0.0 # Apache-2.0 -oslo.policy>=1.35.0 # Apache-2.0 +oslo.policy>=1.38.0 # Apache-2.0 oslo.privsep>=1.33.2 # Apache-2.0 oslo.i18n>=3.15.3 # Apache-2.0 oslo.service>=1.40.1 # Apache-2.0 |