fix: Add enforce_new_defaults configuration

Fix barbican policy error Change-Id: I57ebd29906378a67b5d6fe46ae2c584e0abc2a75
2022-09-16 17:41:08 +08:00 · 2022-09-16 17:41:08 +08:00 · 18b61a1089
commit 18b61a1089
parent def775692d
4 changed files with 18 additions and 0 deletions
--- a/doc/source/configuration/settings.rst
+++ b/doc/source/configuration/settings.rst
@ -27,6 +27,7 @@ file ``skyline.yaml.sample`` in ``etc`` directory.
      base_domains:
      - heat_user_domain
      default_region: RegionOne
+      enforce_new_defaults: true
      extension_mapping:
        floating-ip-port-forwarding: neutron_port_forwarding
        fwaas_v2: neutron_firewall
--- a/etc/skyline.yaml.sample
+++ b/etc/skyline.yaml.sample
@ -16,6 +16,7 @@ openstack:
  base_domains:
  - heat_user_domain
  default_region: RegionOne
+  enforce_new_defaults: true
  extension_mapping:
    floating-ip-port-forwarding: neutron_port_forwarding
    fwaas_v2: neutron_firewall
--- a/skyline_apiserver/api/v1/policy.py
+++ b/skyline_apiserver/api/v1/policy.py
@ -25,6 +25,7 @@ from keystoneauth1.exceptions.http import (
 from skyline_apiserver import schemas
 from skyline_apiserver.api import deps
 from skyline_apiserver.client.utils import generate_session, get_access, get_system_scope_access
+from skyline_apiserver.config import CONF
 from skyline_apiserver.log import LOG
 from skyline_apiserver.policy import ENFORCER, UserContext

@ -35,6 +36,8 @@ def _generate_target(profile: schemas.Profile) -> Dict[str, str]:
    return {
        "user_id": profile.user.id,
        "project_id": profile.project.id,
+        # oslo policy
+        "enforce_new_defaults": CONF.openstack.enforce_new_defaults,
        # trove
        "tenant": profile.project.id,
        # keystone
--- a/skyline_apiserver/config/openstack.py
+++ b/skyline_apiserver/config/openstack.py
@ -152,6 +152,18 @@ reclaim_instance_interval = Opt(
    default=60 * 60 * 24 * 7,
 )

+enforce_new_defaults = Opt(
+    name="enforce_new_defaults",
+    description=(
+        "This configuration is associated with `enforce_new_defaults`"
+        "in oslo policy, which you can refer to the oslo policy parameters."
+        "Skyline does not currently support deprecated policy setting, specify"
+        "default:True."
+    ),
+    schema=StrictBool,
+    default=True,
+)
+
 sso_enabled = Opt(
    name="sso_enabled",
    description="enable sso",
@ -177,6 +189,7 @@ sso_region = Opt(

 GROUP_NAME = __name__.split(".")[-1]
 ALL_OPTS = (
+    enforce_new_defaults,
    sso_enabled,
    sso_protocols,
    sso_region,