de243e7a72
When service register their policy rule oslo policy does not copy the rule and instead work on the original object. -bd9d47aa36/oslo_policy/policy.py (L1104)policy enforcer modify the default rules in _handle_deprecated_rule(). -bd9d47aa36/oslo_policy/policy.py (L767-L774)In any case, oslo policy should make copy of the registered rules. Another thing it fix is setting of flag RuleDefault._deprecated_rule_handled. Flag _deprecated_rule_handled is set to True when _handle_deprecated_rule() is called irrespective of it actually handle the deprecated rule and add it in OR checks. We should set this flag when acutally deprecated rule is handled so that if any condition change like config flag or file rules we correctly handle deprecated rules. Closes-Bug: #1914095 Closes-Bug: #1914592 Story: 2008556 Task: 41687 Change-Id: I154213dabd4d9eef760f0a4c9a852d504638ca8d
328 B
328 B