From bc5a2d9741dfea75b7be0448f7322bb1ef6f028c Mon Sep 17 00:00:00 2001
From: Jamie Lennox <jamielennox@gmail.com>
Date: Mon, 11 Jul 2016 11:25:46 +1000
Subject: [PATCH] Use to_policy_values for enforcing policy

oslo_context's to_policy_values provides a standard list of parameters
that policy should be able to be enforced upon. The combination of this
and from_environ lets oslo.context handle adding new values to policy
enforcement.

Closes-Bug: #1602081
Change-Id: I8f70580e7209412800aa7b948602b003392ef238
---
 cinder/context.py | 7 +++++++
 cinder/policy.py  | 4 +++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/cinder/context.py b/cinder/context.py
index a7a654463..6d6274c83 100644
--- a/cinder/context.py
+++ b/cinder/context.py
@@ -145,6 +145,13 @@ class RequestContext(context.RequestContext):
                    user_domain=values.get('user_domain'),
                    project_domain=values.get('project_domain'))
 
+    def to_policy_values(self):
+        policy = super(RequestContext, self).to_policy_values()
+
+        policy['is_admin'] = self.is_admin
+
+        return policy
+
     def elevated(self, read_deleted=None, overwrite=False):
         """Return a version of this context with admin flag set."""
         context = self.deepcopy()
diff --git a/cinder/policy.py b/cinder/policy.py
index a2a097927..9a94d075c 100644
--- a/cinder/policy.py
+++ b/cinder/policy.py
@@ -64,7 +64,9 @@ def enforce(context, action, target):
     """
     init()
 
-    return _ENFORCER.enforce(action, target, context.to_dict(),
+    return _ENFORCER.enforce(action,
+                             target,
+                             context.to_policy_values(),
                              do_raise=True,
                              exc=exception.PolicyNotAuthorized,
                              action=action)