Use OrderedDict to process policy.json rules
All openstack projects are currently using keystone_policy module
to add, update or delete rules from policy.json file. This module
basically gets existing rules from policy.json file and changes
them.
keystone_policy.rule_list currently imports rules as simple
dictionary. Python dictionaries are unordered and order matters
for policy.json file. As a result, it is possible to break the
services with 100% legitimate operation.
This patch switches to ordered dictionaries and fixes the issue
reported in PROD-13979.
Change-Id: Icdf94e76eff394b72041aa24b1716ae5c9afd463
diff --git a/_modules/keystone_policy.py b/_modules/keystone_policy.py
index 4e3ae6d..4803150 100644
--- a/_modules/keystone_policy.py
+++ b/_modules/keystone_policy.py
@@ -2,6 +2,8 @@
import json
import logging
+from collections import OrderedDict
+
import yaml
LOG = logging.getLogger(__name__)
@@ -15,7 +17,7 @@
try:
with io.open(path, 'r') as file_handle:
rules = yaml.safe_load(file_handle) or {}
- rules = {str(k): str(v) for (k, v) in rules.items()}
+ rules = OrderedDict(str(k): str(v) for (k, v) in rules.items())
except Exception as e:
msg = "Unable to load policy file %s: %s" % (path, repr(e))
LOG.debug(msg)