[release-announce] [oslo] oslo.policy 1.33.0 (queens)
no-reply at openstack.org
no-reply at openstack.org
Tue Jan 2 22:44:28 UTC 2018
We are pumped to announce the release of:
oslo.policy 1.33.0: Oslo Policy library
This release is part of the queens release series.
The source is available from:
https://git.openstack.org/cgit/openstack/oslo.policy
Download the package from:
https://pypi.python.org/pypi/oslo.policy
Please report issues through launchpad:
https://bugs.launchpad.net/oslo.policy
For more details, please see below.
1.33.0
^^^^^^
New Features
* A new configuration option has been added to the "[oslo_policy]"
group called "enforce_scope". When set to "True", oslo.policy will
raise an "InvalidScope" exception if the context passed into the
enforce method doesn't match the policy's "scope_types". If "False",
a warning will be logged for operators. Note that operators should
only enable this option once they've audited their users to ensure
system users have roles on the system. This could potentially
prevent some users from being able to make system-level API calls.
This will also give other services the flexibility to fix long-
standing RBAC issues in OpenStack once they start introducing
"scope_types" for policies used in their service.
Changes in oslo.policy 1.32.2..1.33.0
-------------------------------------
8835af6 Add a release note for enforce_scope
5dc2ab7 Add configuration option for enforcing scope
Diffstat (except docs and test files)
-------------------------------------
oslo_policy/opts.py | 10 ++++++++++
oslo_policy/policy.py | 10 ++--------
.../notes/enforce_scope_types-1e92f6a34e4173ef.yaml | 13 +++++++++++++
4 files changed, 26 insertions(+), 9 deletions(-)
More information about the Release-announce
mailing list