Enable secure rbac
This setting policies (RBAC) new defaults and scope to ``True`` by default. Note: This should only merged, after at least a cycle gap to allow operators to adopt new changes. Depends-On: https://review.opendev.org/c/openstack/magnum-tempest-plugin/+/877086 Change-Id: I6db4eaa64e2efd455dc3d37ccc74ebd8e7a5dbb2
This commit is contained in:
parent
db51771dc6
commit
f0a88910d7
|
@ -59,12 +59,10 @@
|
|||
- release-notes-jobs-python3
|
||||
check:
|
||||
jobs:
|
||||
- magnum-tempest-plugin-tests-api
|
||||
- magnum-tempest-plugin-tests-api-rbac
|
||||
- magnum-container-build
|
||||
gate:
|
||||
jobs:
|
||||
- magnum-tempest-plugin-tests-api
|
||||
- magnum-tempest-plugin-tests-api-rbac
|
||||
post:
|
||||
jobs:
|
||||
|
|
|
@ -32,11 +32,16 @@ LOG = logging.getLogger(__name__)
|
|||
_ENFORCER = None
|
||||
CONF = cfg.CONF
|
||||
|
||||
# TODO(gmann): Remove setting the default value of config policy_file
|
||||
# once oslo_policy change the default value to 'policy.yaml'.
|
||||
# https://github.com/openstack/oslo.policy/blob/a626ad12fe5a3abd49d70e3e5b95589d279ab578/oslo_policy/opts.py#L49
|
||||
# TODO(ricolin): Remove overriding the default value of config options
|
||||
# 'policy_file', 'enforce_scope', and 'enforce_new_defaults' once
|
||||
# oslo_policy change their default value to what is overridden here.
|
||||
DEFAULT_POLICY_FILE = 'policy.yaml'
|
||||
opts.set_defaults(CONF, DEFAULT_POLICY_FILE)
|
||||
opts.set_defaults(
|
||||
CONF,
|
||||
DEFAULT_POLICY_FILE,
|
||||
enforce_scope=True,
|
||||
enforce_new_defaults=True
|
||||
)
|
||||
|
||||
|
||||
# we can get a policy enforcer by this init.
|
||||
|
|
Loading…
Reference in New Issue