diff options
| author | Zuul <zuul@review.opendev.org> | 2020-04-09 23:52:41 +0000 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2020-04-09 23:52:41 +0000 |
| commit | 0ed3df2c3a26598dfcfdfd6502530c71fde9f371 (patch) | |
| tree | 69f3b2f194ade59fe30906e29887366ad90088f5 | |
| parent | bbb76769fde5bfaee86539ec94ac10175de20697 (diff) | |
| parent | e2ad8f6ce87e72cd6187ff0039aa7a3d06b8ce32 (diff) | |
| download | oslo-policy-3.1.0.tar.gz | |
Merge "Fix doc comments for new enforce default flag"3.1.0
| -rw-r--r-- | oslo_policy/opts.py | 12 | ||||
| -rw-r--r-- | oslo_policy/policy.py | 4 | ||||
| -rw-r--r-- | releasenotes/notes/enforce_new_defaults-6ae17d8b8d166a2c.yaml | 12 |
3 files changed, 14 insertions, 14 deletions
diff --git a/oslo_policy/opts.py b/oslo_policy/opts.py index 16e3696..5eb93d7 100644 --- a/oslo_policy/opts.py +++ b/oslo_policy/opts.py @@ -39,12 +39,12 @@ _options = [ help=_('This option controls whether or not to use old ' 'deprecated defaults when evaluating policies. If ' '``True``, the old deprecated defaults are not going ' - 'to be evaluated which mean if any existing token ' - 'allowed for old defaults but disallowed for new ' - 'defaults will be disallowed. It is encouraged to ' - 'enable this flag along with ``enforce_scope`` flag ' - 'so that you can get benefits of new defaults and ' - '``scope_type`` together')), + 'to be evaluated. This means if any existing token is ' + 'allowed for old defaults but is disallowed for new ' + 'defaults, it will be disallowed. It is encouraged to ' + 'enable this flag along with the ``enforce_scope`` ' + 'flag so that you can get the benefits of new defaults ' + 'and ``scope_type`` together')), cfg.StrOpt('policy_file', default='policy.json', help=_('The relative or absolute path of a file that maps ' diff --git a/oslo_policy/policy.py b/oslo_policy/policy.py index a1a6f85..fd7fbf3 100644 --- a/oslo_policy/policy.py +++ b/oslo_policy/policy.py @@ -703,8 +703,8 @@ class Enforcer(object): # messages telling them stuff is going to change if they don't maintain # the policy manually or add infrastructure to their deployment to # support the new policy. - # If flag enforce_new_defaults is true then do not add OrCheck - # the old check_str and enforce only new defaults. + # If the enforce_new_defaults flag is True, do not add OrCheck to the + # old check_str and enforce only the new defaults. if (not self.conf.oslo_policy.enforce_new_defaults and deprecated_rule.check_str != default.check_str and default.name not in self.file_rules): diff --git a/releasenotes/notes/enforce_new_defaults-6ae17d8b8d166a2c.yaml b/releasenotes/notes/enforce_new_defaults-6ae17d8b8d166a2c.yaml index 8ff851f..4a537de 100644 --- a/releasenotes/notes/enforce_new_defaults-6ae17d8b8d166a2c.yaml +++ b/releasenotes/notes/enforce_new_defaults-6ae17d8b8d166a2c.yaml @@ -3,9 +3,9 @@ features: A new configuration option ``enforce_new_defaults`` has been added to the ``[oslo_policy]`` group to control whether or not to use the old deprecated defaults. If ``True``, the old deprecated - defaults are not going to be evaluated which mean if any existing - token allowed for old defaults but disallowed for new defaults - will be disallowed. It is encouraged to enable this flag along - with ``enforce_scope`` flag so that you can get benefits of new - defaults and ``scope_type`` together. This way operators can switch - to new defaults without overwriting the rule in policy file. + defaults are not going to be evaluated which means if any existing + token is allowed for old defaults but disallowed for new defaults + it will be disallowed. It is encouraged to enable this flag along + with the ``enforce_scope`` flag so that you can get the benefits of + new defaults and ``scope_type`` together. This way operators can switch + to new defaults without overwriting the rules in the policy file. |