Modify policy parser to combine custom and default policy files.
Currently, the rbac policy parser file tries to:
1) Read the custom policy file if it exists
2) Otherwise check if the default policy file exists in code
The problem with this approach is:
- What if the custom policy file does not specify all policy actions?
This is problematic when it comes to validating the policy action:
is it defined or not?
- This also holds true for default policy files which may not define
all the policy actions enforced by the service explicitly.
This patch partially fixes this issue by 1) using all the
default policy actions defined in code, if they exist and 2)
overwriting any default policy actions with the custom
policy actions provided by the user in a custom policy file.
The end result is that the Patrole framework uses as many policy actions
as possible for reference, while using as many custom-defined policy
actions as possible. This patch, therefore, makes it more feasible to
throw an exception if a policy action is invalid.
Change-Id: Idb6b8a99170fd32097940d5b23182f5e43956548
Depends-On: I7feb522b2ea5f56e48982169c7ebbb2ec2ef2cb3
4 files changed