Gitiles
Code Review Sign In
spfactory.storpool.com / devstack / 8615563df47261d9c6dab7c5badbceb399d0e14d^! / . / lib / keystone
commit8615563df47261d9c6dab7c5badbceb399d0e14d[log] [tgz]
authorGrzegorz Grasza <xek@redhat.com>Mon Oct 18 16:52:06 2021 +0200
committerGrzegorz Grasza <xek@redhat.com>Tue Apr 26 14:17:20 2022 +0200
treeafd9108fd082d0bc88762e04b99235bb2be00a04
parent8339df03993daed2334c7086241d8fdc935b05f6 [diff] [blame]
Global option for enforcing scope (ENFORCE_SCOPE)

This updates each devstack service library, to use it as the
default value for service-specific RBAC configuration.

Change-Id: I41061d042206c411ee3dd94ce91098e612af7ae7

diff --git a/lib/keystone b/lib/keystone
index a4c8a52..80a136f 100644
--- a/lib/keystone
+++ b/lib/keystone

@@ -265,7 +265,7 @@
         iniset $KEYSTONE_CONF security_compliance lockout_duration $KEYSTONE_LOCKOUT_DURATION
         iniset $KEYSTONE_CONF security_compliance unique_last_password_count $KEYSTONE_UNIQUE_LAST_PASSWORD_COUNT
     fi
-    if [[ "$KEYSTONE_ENFORCE_SCOPE" == True ]] ; then
+    if [[ "$KEYSTONE_ENFORCE_SCOPE" == True || "$ENFORCE_SCOPE" == True ]] ; then
         iniset $KEYSTONE_CONF oslo_policy enforce_scope true
         iniset $KEYSTONE_CONF oslo_policy enforce_new_defaults true
         iniset $KEYSTONE_CONF oslo_policy policy_file policy.yaml