diff options
| author | Dolph Mathews <dolph.mathews@gmail.com> | 2012-08-30 05:58:15 -0500 |
|---|---|---|
| committer | Dolph Mathews <dolph.mathews@gmail.com> | 2012-11-20 14:09:45 -0600 |
| commit | 0e23490a66ff6cafeee12fe62220a5a9eebeac20 (patch) | |
| tree | 24a3408e9ba9946f8ac91df26a3a207c0bfa69ad | |
| parent | 84cd8ff7f31a123a16114c8e1de963ede646d913 (diff) | |
Utilize policy.json by default (bug 1043758)
Change-Id: I03daf10aa4f689fe323e39537c312d1e783db313
| -rw-r--r-- | etc/keystone.conf.sample | 8 | ||||
| -rw-r--r-- | keystone/config.py | 2 | ||||
| -rw-r--r-- | keystone/policy/backends/rules.py | 14 |
3 files changed, 10 insertions, 14 deletions
diff --git a/etc/keystone.conf.sample b/etc/keystone.conf.sample index 13c6c19f..13a78475 100644 --- a/etc/keystone.conf.sample +++ b/etc/keystone.conf.sample @@ -14,6 +14,14 @@ # The port number which the OpenStack Compute service listens on # compute_port = 8774 +# Path to your policy definition containing identity actions +# TODO(dolph): This config method will probably be deprecated during grizzly +# policy_file = policy.json + +# Rule to check if no matching policy definition is found +# FIXME(dolph): This should really be defined as [policy] default_rule +# policy_default_rule = admin_required + # === Logging Options === # Print debugging output # verbose = False diff --git a/keystone/config.py b/keystone/config.py index 62967ecd..9c4805b9 100644 --- a/keystone/config.py +++ b/keystone/config.py @@ -130,6 +130,8 @@ register_str('public_port', default=5000) register_str('onready') register_str('auth_admin_prefix', default='') register_bool('standard-threads', default=False) +register_str('policy_file', default='policy.json') +register_str('policy_default_rule', default=None) #ssl options register_bool('enable', group='ssl', default=False) diff --git a/keystone/policy/backends/rules.py b/keystone/policy/backends/rules.py index c0df430e..0dd7797f 100644 --- a/keystone/policy/backends/rules.py +++ b/keystone/policy/backends/rules.py @@ -24,24 +24,10 @@ from keystone.common import policy as common_policy from keystone.common import utils from keystone import config from keystone import exception -from keystone.openstack.common import cfg from keystone import policy -policy_opts = [ - cfg.StrOpt('policy_file', - default='policy.json', - help=_('JSON file representing policy')), - cfg.StrOpt('policy_default_rule', - default='default', - help=_('Rule checked when requested rule is not found')), -] - - CONF = config.CONF -CONF.register_opts(policy_opts) - - LOG = logging.getLogger(__name__) |