We are pumped to announce the release of:
oslo.policy 1.33.0: Oslo Policy library
This release is part of the queens release series.
The source is available from:
https://git.openstack.org/cgit/openstack/oslo.policy
Download the package from:
https://pypi.python.org/pypi/oslo.policy
Please report issues through launchpad:
https://bugs.launchpad.net/oslo.policy
For more details, please see below.
1.33.0 ^^^^^^
New Features
* A new configuration option has been added to the "[oslo_policy]" group called "enforce_scope". When set to "True", oslo.policy will raise an "InvalidScope" exception if the context passed into the enforce method doesn't match the policy's "scope_types". If "False", a warning will be logged for operators. Note that operators should only enable this option once they've audited their users to ensure system users have roles on the system. This could potentially prevent some users from being able to make system-level API calls. This will also give other services the flexibility to fix long- standing RBAC issues in OpenStack once they start introducing "scope_types" for policies used in their service.
Changes in oslo.policy 1.32.2..1.33.0 -------------------------------------
8835af6 Add a release note for enforce_scope 5dc2ab7 Add configuration option for enforcing scope
Diffstat (except docs and test files) -------------------------------------
oslo_policy/opts.py | 10 ++++++++++ oslo_policy/policy.py | 10 ++-------- .../notes/enforce_scope_types-1e92f6a34e4173ef.yaml | 13 +++++++++++++ 4 files changed, 26 insertions(+), 9 deletions(-)