From 7ee75f638af7f17285508b10ac49346a51677714 Mon Sep 17 00:00:00 2001 From: Andrew Laski Date: Fri, 1 Jul 2016 14:10:22 -0400 Subject: [PATCH] Remove final use of _ENFORCER.enforce _ENFORCER.enforce checks policy but does not require that the policy has been registered beforehand. _ENFORCER.authorize does require that the policy is registered. By not using enforce we can be sure that all used policies are registered and will therefore show up in sample file generation. Change-Id: I9e986e2c42e8341b910cf8c3a10042fa24c8c8d8 Partially-Implements: bp policy-in-code --- nova/policy.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nova/policy.py b/nova/policy.py index b6299c07243c..d9ed11abfc59 100644 --- a/nova/policy.py +++ b/nova/policy.py @@ -129,7 +129,7 @@ def check_is_admin(context): # the target is user-self credentials = context.to_dict() target = credentials - return _ENFORCER.enforce('context_is_admin', target, credentials) + return _ENFORCER.authorize('context_is_admin', target, credentials) @policy.register('is_admin')