From 0e23490a66ff6cafeee12fe62220a5a9eebeac20 Mon Sep 17 00:00:00 2001
From: Dolph Mathews <dolph.mathews@gmail.com>
Date: Thu, 30 Aug 2012 05:58:15 -0500
Subject: [PATCH] Utilize policy.json by default (bug 1043758)

Change-Id: I03daf10aa4f689fe323e39537c312d1e783db313
---
 etc/keystone.conf.sample          |  8 ++++++++
 keystone/config.py                |  2 ++
 keystone/policy/backends/rules.py | 14 --------------
 3 files changed, 10 insertions(+), 14 deletions(-)

diff --git a/etc/keystone.conf.sample b/etc/keystone.conf.sample
index 13c6c19f39..13a78475db 100644
--- a/etc/keystone.conf.sample
+++ b/etc/keystone.conf.sample
@@ -14,6 +14,14 @@
 # The port number which the OpenStack Compute service listens on
 # compute_port = 8774
 
+# Path to your policy definition containing identity actions
+# TODO(dolph): This config method will probably be deprecated during grizzly
+# policy_file = policy.json
+
+# Rule to check if no matching policy definition is found
+# FIXME(dolph): This should really be defined as [policy] default_rule
+# policy_default_rule = admin_required
+
 # === Logging Options ===
 # Print debugging output
 # verbose = False
diff --git a/keystone/config.py b/keystone/config.py
index 62967ecd34..9c4805b991 100644
--- a/keystone/config.py
+++ b/keystone/config.py
@@ -130,6 +130,8 @@ register_str('public_port', default=5000)
 register_str('onready')
 register_str('auth_admin_prefix', default='')
 register_bool('standard-threads', default=False)
+register_str('policy_file', default='policy.json')
+register_str('policy_default_rule', default=None)
 
 #ssl options
 register_bool('enable', group='ssl', default=False)
diff --git a/keystone/policy/backends/rules.py b/keystone/policy/backends/rules.py
index c0df430e99..0dd7797fda 100644
--- a/keystone/policy/backends/rules.py
+++ b/keystone/policy/backends/rules.py
@@ -24,24 +24,10 @@ from keystone.common import policy as common_policy
 from keystone.common import utils
 from keystone import config
 from keystone import exception
-from keystone.openstack.common import cfg
 from keystone import policy
 
 
-policy_opts = [
-    cfg.StrOpt('policy_file',
-               default='policy.json',
-               help=_('JSON file representing policy')),
-    cfg.StrOpt('policy_default_rule',
-               default='default',
-               help=_('Rule checked when requested rule is not found')),
-]
-
-
 CONF = config.CONF
-CONF.register_opts(policy_opts)
-
-
 LOG = logging.getLogger(__name__)