diff --git a/keystone/common/policy.py b/keystone/common/policy.py
index 4ec0a0f996..d5e8619e21 100644
--- a/keystone/common/policy.py
+++ b/keystone/common/policy.py
@@ -35,6 +35,17 @@ def init():
         register_rules(_ENFORCER)
 
 
+def get_enforcer():
+    # Here we pass an empty list of arguments because there aren't any
+    # arguments that oslo.config or oslo.policy shouldn't already understand
+    # from the CONF object. This makes things easier here because we don't have
+    # to parse arguments passed in from the command line and remove unexpected
+    # arguments before building a Config object.
+    CONF([], project='keystone')
+    init()
+    return _ENFORCER
+
+
 def enforce(credentials, action, target, do_raise=True):
     """Verify that the action is valid on the target in this context.
 
diff --git a/keystone/tests/unit/test_policy.py b/keystone/tests/unit/test_policy.py
index 485198d119..54587f399a 100644
--- a/keystone/tests/unit/test_policy.py
+++ b/keystone/tests/unit/test_policy.py
@@ -15,6 +15,7 @@
 
 import json
 import os
+import subprocess
 import uuid
 
 from oslo_policy import policy as common_policy
@@ -213,3 +214,18 @@ class PolicyJsonTestCase(unit.TestCase):
 
         doc_targets = list(read_doc_targets())
         self.assertItemsEqual(policy_keys, doc_targets + policy_rule_keys)
+
+
+class GeneratePolicyFileTestCase(unit.TestCase):
+
+    def test_policy_generator_from_command_line(self):
+        # This test ensures keystone.common.policy:get_enforcer ignores
+        # unexpected arguments before handing them off to oslo.config, which
+        # will fail and prevent users from generating policy files.
+        ret_val = subprocess.Popen(
+            ['oslopolicy-policy-generator', '--namespace', 'keystone'],
+            stdout=subprocess.PIPE,
+            stderr=subprocess.PIPE
+        )
+        ret_val.communicate()
+        self.assertEqual(ret_val.returncode, 0)
diff --git a/releasenotes/notes/bug-1740951-82b7e4bd608742ab.yaml b/releasenotes/notes/bug-1740951-82b7e4bd608742ab.yaml
new file mode 100644
index 0000000000..5b76503467
--- /dev/null
+++ b/releasenotes/notes/bug-1740951-82b7e4bd608742ab.yaml
@@ -0,0 +1,8 @@
+---
+fixes:
+  - |
+    [`bug 1740951 <https://bugs.launchpad.net/keystone/+bug/1740951>`_]
+    A new method was added that made it so oslo.policy sample generation
+    scripts can be used with keystone. The ``oslopolicy-policy-generator``
+    script will now generate a policy file containing overrides and defaults
+    registered in code.
diff --git a/setup.cfg b/setup.cfg
index f03acd1fc9..67ab508a81 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -181,6 +181,9 @@ oslo.policy.policies =
     # the default defined polices.
     keystone = keystone.common.policies:list_rules
 
+oslo.policy.enforcer =
+    keystone = keystone.common.policy:get_enforcer
+
 paste.filter_factory =
     healthcheck = oslo_middleware:Healthcheck.factory
     cors = oslo_middleware:CORS.factory