Don't reset rules without overwriting

If an user uses Enforcer without overwriting (Enforcer(overwrite=False)) we should not reset rules and only update loaded rules. Enforcer without overwriting is a weird behavior, but it is supported at this moment. Maybe it will be eliminated in future because it's misleading. Operator cannot conclude what rules are loaded by simply looking in config files. Change-Id: I2871407f8c7417a016415ccc166c1f37a9e17908 Closes-Bug: 1943584
2021-10-21 14:45:52 +00:00 · 2021-10-21 14:45:52 +00:00 · 302643b027
parent 949289e094
commit 302643b027
1 changed files with 2 additions and 2 deletions
--- a/oslo_policy/policy.py
+++ b/oslo_policy/policy.py
@ -657,12 +657,12 @@ class Enforcer(object):
                # rules in main policy file. And after that we apply rules
                # from every policy directory.
                if self.policy_path:
-                    if not policy_file_rules_changed:
+                    if not policy_file_rules_changed and self.overwrite:
                        self._load_policy_file(path=self.policy_path,
                                               force_reload=True,
                                               overwrite=self.overwrite
                                               )
-                else:
+                elif self.overwrite:
                    self.rules = Rules(default_rule=self.default_rule)
                for path in existing_policy_dirs:
                    self._walk_through_policy_directory(