From 304bc201c004d549de408c75cfe731eb65fde78d Mon Sep 17 00:00:00 2001 From: Adam Young Date: Mon, 12 Sep 2016 21:39:45 -0400 Subject: [PATCH] Use to_policy_values for policy credentials The base oslo.context defines to_policy_values with all the information that it expects a service to require to enforce policy. Use that instead of throwing everything in to_dict at policy enforcement. Change-Id: I0a42b4425e9dd1bd062c48792c4d116dd370afe3 Closes-Bug: #1602081 --- nova/context.py | 5 +++++ nova/policy.py | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/nova/context.py b/nova/context.py index 5d464f034f..4d5854261c 100644 --- a/nova/context.py +++ b/nova/context.py @@ -277,6 +277,11 @@ class RequestContext(context.RequestContext): raise return False + def to_policy_values(self): + policy = super(RequestContext, self).to_policy_values() + policy['is_admin'] = self.is_admin + return policy + def __str__(self): return "" % self.to_dict() diff --git a/nova/policy.py b/nova/policy.py index 26e0f05a60..c77865ddf1 100644 --- a/nova/policy.py +++ b/nova/policy.py @@ -152,7 +152,7 @@ def authorize(context, action, target, do_raise=True, exc=None): do_raise is False. """ init() - credentials = context.to_dict() + credentials = context.to_policy_values() if not exc: exc = exception.PolicyNotAuthorized try: @@ -177,7 +177,7 @@ def check_is_admin(context): init() # the target is user-self - credentials = context.to_dict() + credentials = context.to_policy_values() target = credentials return _ENFORCER.authorize('context_is_admin', target, credentials)