Work on copy of registered rule instead of original object3.6.2

When service register their policy rule oslo policy does not
copy the rule and instead work on the original object.

- https://github.com/openstack/oslo.policy/blob/bd9d47aa36ad6f2f4746f09a267d7ce809a820f4/oslo_policy/policy.py#L1104

policy enforcer modify the default rules in
_handle_deprecated_rule().

- https://github.com/openstack/oslo.policy/blob/bd9d47aa36ad6f2f4746f09a267d7ce809a820f4/oslo_policy/policy.py#L767-L774

In any case, oslo policy should make copy of the registered
rules.

Another thing it fix is setting of flag
RuleDefault._deprecated_rule_handled.
Flag _deprecated_rule_handled is set to True when
_handle_deprecated_rule() is called irrespective of it
actually handle the deprecated rule and add it in OR checks.
We should set this flag when acutally deprecated rule is
handled so that if any condition change like config flag or
file rules we correctly handle deprecated rules.

Closes-Bug: #1914095
Closes-Bug: #1914592
Story: 2008556
Task: 41687
Change-Id: I154213dabd4d9eef760f0a4c9a852d504638ca8d

1 files changed, 8 insertions, 0 deletions

diff --git a/releasenotes/notes/fix-bug-1914095-fa71d81c9639ba94.yaml b/releasenotes/notes/fix-bug-1914095-fa71d81c9639ba94.yaml
new file mode 100644
index 0000000..17f2c6f
--- /dev/null
+++ b/releasenotes/notes/fix-bug-1914095-fa71d81c9639ba94.yaml
@@ -0,0 +1,8 @@
+---
+fixes:
+  - |
+    This fixes the Bug# 1914095. Policy engine has bug of modifying the
+    registered rule original object which caused issue when there are
+    multiple policy objects are processing rules in parallel.
+    With this fix. policy engine will make copies of all the registered rules
+    and process accordingly.