diff options
-rw-r--r-- | oslo_policy/policy.py | 10 | ||||
-rw-r--r-- | test-requirements.txt | 2 |
2 files changed, 8 insertions, 4 deletions
diff --git a/oslo_policy/policy.py b/oslo_policy/policy.py index 83e4c0c..2b19a66 100644 --- a/oslo_policy/policy.py +++ b/oslo_policy/policy.py @@ -956,16 +956,20 @@ class Enforcer(object): # If the rule doesn't exist, fail closed result = False else: + # NOTE(moguimar): suppressing [B105:hardcoded_password_string] + # as token_scope is not actually a hardcoded + # token. + # Check the scope of the operation against the possible scope # attributes provided in `creds`. if creds.get('system'): - token_scope = 'system' + token_scope = 'system' # nosec elif creds.get('domain_id'): - token_scope = 'domain' + token_scope = 'domain' # nosec else: # If the token isn't system-scoped or domain-scoped then # we're dealing with a project-scoped token. - token_scope = 'project' + token_scope = 'project' # nosec registered_rule = self.registered_rules.get(rule) if registered_rule and registered_rule.scope_types: diff --git a/test-requirements.txt b/test-requirements.txt index 29e6739..3c503c3 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -11,4 +11,4 @@ oslo.context>=2.22.0 # Apache-2.0 coverage!=4.4,>=4.0 # Apache-2.0 # Bandit security code scanner -bandit>=1.1.0,<1.6.0 # Apache-2.0 +bandit>=1.6.0,<1.7.0 # Apache-2.0 |