0dc5c4edab
The oslo.policy library actually accepts context objects as a first class citizen, instead of a hand-built `creds` dictionary. This is a perferred approach because it's easier for services to use oslo.context to generate a context object that they can automatically pass to oslo.policy for enforcement instead of inspecting the context object and building a dictionary manually to pass to oslo.policy. This commit makes allows keystone to partake in this by pulling the keystone request object, which is a subclass of oslo.context's RequestContext object, and uses it in enforcement. Additionally, we're overriding the to_policy_values() method of oslo.context in order to make sure we port keystone-specific values to the policy dict representation of a context object. This ensures we have values present that we rely on with our default policies. This commit also bumps the lower requirement for oslo.policy to make sure we're always using a version that understands context objects. Change-Id: I63e713f4aebf3e8cf5189a6060569d2828bc364d |
||
|---|---|---|
| .. | ||
| flask | ||
| __init__.py | ||
| backends.py | ||
| wsgi.py | ||