diff options
Diffstat (limited to 'oslo_policy/policy.py')
-rw-r--r-- | oslo_policy/policy.py | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/oslo_policy/policy.py b/oslo_policy/policy.py index 4491eca..53815d6 100644 --- a/oslo_policy/policy.py +++ b/oslo_policy/policy.py @@ -982,6 +982,17 @@ class Enforcer(object): ) raise InvalidContextObject(msg) + # NOTE(lbragstad): We unfortunately have to special case this + # attribute. Originally when the system scope when into oslo.policy, we + # checked for a key called 'system' in creds. The oslo.context library + # uses `system_scope` instead, and the compatibility between + # oslo.policy and oslo.context was an afterthought. We'll have to + # support services who've been setting creds['system'], but we can do + # that by making sure we populate it with what's in the context object + # if it has a system_scope attribute. + if creds.get('system_scope'): + creds['system'] = creds.get('system_scope') + if LOG.isEnabledFor(logging.DEBUG): try: creds_dict = strutils.mask_dict_password(creds) @@ -1088,17 +1099,6 @@ class Enforcer(object): for k, v in context_values.items(): creds[k] = v - # NOTE(lbragstad): We unfortunately have to special case this - # attribute. Originally when the system scope when into oslo.policy, we - # checked for a key called 'system' in creds. The oslo.context library - # uses `system_scope` instead, and the compatibility between - # oslo.policy and oslo.context was an afterthought. We'll have to - # support services who've been setting creds['system'], but we can do - # that by making sure we populate it with what's in the context object - # if it has a system_scope attribute. - if context.system_scope: - creds['system'] = context.system_scope - return creds def register_default(self, default): |