From 302643b027a3f3d894c32054cee2220e02a20a8a Mon Sep 17 00:00:00 2001
From: mitya-eremeev-2 <mitossvyaz@mail.ru>
Date: Thu, 21 Oct 2021 14:45:52 +0000
Subject: Don't reset rules without overwriting

If an user uses Enforcer without overwriting (Enforcer(overwrite=False))
we  should not reset rules and only update loaded rules.
Enforcer without overwriting is a weird behavior, but it is supported at this moment.
Maybe it will be eliminated in future because it's misleading.
Operator cannot conclude what rules are loaded by simply looking in config files.

Change-Id: I2871407f8c7417a016415ccc166c1f37a9e17908
Closes-Bug: 1943584
---
 oslo_policy/policy.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'oslo_policy')

diff --git a/oslo_policy/policy.py b/oslo_policy/policy.py
index bf5556e..2101d9c 100644
--- a/oslo_policy/policy.py
+++ b/oslo_policy/policy.py
@@ -657,12 +657,12 @@ class Enforcer(object):
                 # rules in main policy file. And after that we apply rules
                 # from every policy directory.
                 if self.policy_path:
-                    if not policy_file_rules_changed:
+                    if not policy_file_rules_changed and self.overwrite:
                         self._load_policy_file(path=self.policy_path,
                                                force_reload=True,
                                                overwrite=self.overwrite
                                                )
-                else:
+                elif self.overwrite:
                     self.rules = Rules(default_rule=self.default_rule)
                 for path in existing_policy_dirs:
                     self._walk_through_policy_directory(
-- 
cgit v1.2.1