Use enforce_new_defaults when setting up keystone protection tests

The `keystone.conf [oslo_policy] enforce_new_defaults` option is meant to help deployments that want to opt into the new policy enforcement model (with scope checking) but without having to generate override files. This is the case for devstack and tempest. We can use this to bypass generating a policy file with just the new policies for tempest testing. Change-Id: I3b219bde569c5a8001aec0c243027b6881254304
2020-10-29 18:28:22 +00:00 · 2020-10-29 18:28:22 +00:00 · 5d2f716e4b
commit 5d2f716e4b
parent 5d7c92e204
1 changed files with 1 additions and 1 deletions
--- a/devstack/lib/scope.sh
+++ b/devstack/lib/scope.sh
@ -14,9 +14,9 @@

 function configure_enforce_scope {
    iniset $KEYSTONE_CONF oslo_policy enforce_scope true
+    iniset $KEYSTONE_CONF oslo_policy enforce_new_defaults true
    iniset $KEYSTONE_CONF oslo_policy policy_file policy.yaml
    sudo systemctl restart devstack@keystone
-    oslopolicy-policy-generator --namespace keystone > /etc/keystone/policy.yaml
 }

 function configure_protection_tests {