Use OrderedDict to process policy.json rules All openstack projects are currently using keystone_policy module to add, update or delete rules from policy.json file. This module basically gets existing rules from policy.json file and changes them. keystone_policy.rule_list currently imports rules as simple dictionary. Python dictionaries are unordered and order matters for policy.json file. As a result, it is possible to break the services with 100% legitimate operation. This patch switches to ordered dictionaries and fixes the issue reported in PROD-13979. Change-Id: Icdf94e76eff394b72041aa24b1716ae5c9afd463

commit: e124c3b316223fad6c0d54abf0a474f5337cfd2d [log] [tgz]
author: Alexey Stupnikov <astupnikov@mirantis.com> Thu Oct 19 19:58:09 2017 +0300
committer: Alexey Stupnikov <astupnikov@mirantis.com> Thu Oct 19 20:07:23 2017 +0300
tree: 648f2f4d077a0bc2d5ea0f8f2896d7e416a026e6
parent: ffb15612f7f8032f68fb3085e2375c67dfa98c44 [diff]
diff --git a/_modules/keystone_policy.py b/_modules/keystone_policy.py
index 4e3ae6d..4803150 100644
--- a/_modules/keystone_policy.py
+++ b/_modules/keystone_policy.py

@@ -2,6 +2,8 @@
 import json
 import logging
 
+from collections import OrderedDict
+
 import yaml
 
 LOG = logging.getLogger(__name__)
@@ -15,7 +17,7 @@
     try:
         with io.open(path, 'r') as file_handle:
             rules = yaml.safe_load(file_handle) or {}
-        rules = {str(k): str(v) for (k, v) in rules.items()}
+        rules = OrderedDict(str(k): str(v) for (k, v) in rules.items())
     except Exception as e:
         msg = "Unable to load policy file %s: %s" % (path, repr(e))
         LOG.debug(msg)
commit	e124c3b316223fad6c0d54abf0a474f5337cfd2d	[log] [tgz]
author	Alexey Stupnikov <astupnikov@mirantis.com>	Thu Oct 19 19:58:09 2017 +0300
committer	Alexey Stupnikov <astupnikov@mirantis.com>	Thu Oct 19 20:07:23 2017 +0300
tree	648f2f4d077a0bc2d5ea0f8f2896d7e416a026e6
parent	ffb15612f7f8032f68fb3085e2375c67dfa98c44 [diff]