Use to_policy_values for policy credentials

The base oslo.context defines to_policy_values with all the information that it expects a service to require to enforce policy. Use that instead of throwing everything in to_dict at policy enforcement. Refer in patch 341905 [1] [1] https://review.openstack.org/#/c/341905/ Change-Id: I2b964c202de902ee628160c299dca734c8991589 Closes-Bug: #1602081
2017-10-03 14:38:04 +07:00
parent d4ac683a6b
commit 3c6d246d88
2 changed files with 7 additions and 2 deletions
--- a/zun/common/context.py
+++ b/zun/common/context.py
@@ -88,6 +88,11 @@ class RequestContext(context.RequestContext):
                      'all_tenants': self.all_tenants})
        return value

+    def to_policy_values(self):
+        policy = super(RequestContext, self).to_policy_values()
+        policy['is_admin'] = self.is_admin
+        return policy
+
    @classmethod
    def from_dict(cls, values):
        return cls(**values)
--- a/zun/common/policy.py
+++ b/zun/common/policy.py
@@ -86,7 +86,7 @@ def enforce(context, rule=None, target=None,
                 expression.
    """
    enforcer = init()
-    credentials = context.to_dict()
+    credentials = context.to_policy_values()
    if not exc:
        exc = exception.PolicyNotAuthorized
    if target is None:
@@ -142,5 +142,5 @@ def check_is_admin(context):
    """
    init()
    target = {}
-    credentials = context.to_dict()
+    credentials = context.to_policy_values()
    return _ENFORCER.enforce('context_is_admin', target, credentials)