A warning message appears in Cinder logs which state that
inheritance-based rules are deprecated and use default
Brain instead of HttpBrain. It looks like HttpBrain class
doesnt have any difference from Brain class, so changing
all the instances of HttpBrain to Brain shouldn't affect
anything and removes this warning from logs.
Digging further, I found out that the policy engine has
gone through a major rework in Oslo and Nova, and I think
at some point of time in future, we will also be moving
to use the latest policy engine code. In that way of
thinking, I guess this fix is acceptable for now.
Reference: https://review.openstack.org/#/c/14122
Changed the brain from HttpBrain -> Brain, which makes the
warnings in the log disapper. A more comprehensive work will be
to pull the latest policy change code from Oslo.
Bug #
1156608
Change-Id: I9f63ec4c41025042725db9b2e7c8ffa3d91e0596
def _set_brain(data):
default_rule = FLAGS.policy_default_rule
- policy.set_brain(policy.HttpBrain.load_json(data, default_rule))
+ policy.set_brain(policy.Brain.load_json(data, default_rule))
def enforce(context, action, target):
"example:uppercase_admin": [["role:ADMIN"], ["role:sysadmin"]],
}
# NOTE(vish): then overload underlying brain
- common_policy.set_brain(common_policy.HttpBrain(rules))
+ common_policy.set_brain(common_policy.Brain(rules))
self.context = context.RequestContext('fake', 'fake', roles=['member'])
self.target = {}
self.context = context.RequestContext('fake', 'fake')
def _set_brain(self, default_rule):
- brain = cinder.openstack.common.policy.HttpBrain(self.rules,
+ brain = cinder.openstack.common.policy.Brain(self.rules,
default_rule)
cinder.openstack.common.policy.set_brain(brain)
cinder.policy.reset()
def _set_rules(self, rules):
- cinder.common.policy.set_brain(cinder.common.policy.HttpBrain(rules))
+ cinder.common.policy.set_brain(cinder.common.policy.Brain(rules))
def test_check_policy(self):
self.mox.StubOutWithMock(cinder.policy, 'enforce')
Code Review / openstack-build / cinder-build.git / commitdiff