In the policy modules, the load_rules will always load the rules from the cache or config file when check the policy.
So the set_rules doesn't work. and the Enforcer init with rules also does not work.
for example:
ENFORCER = policy.Enforcer()
ENFORCER.set_rules({'a': 'b'})
self.assertEqual(self.enforcer.rules, {'a': 'b'}) --- success
action = 'a'
creds = {'roles': ''}
self.assertEqual(self.enforcer.enforce(action, {}, creds), True) -- failed
the last assert failed just because in the enforce() would call load_rules() and rewrote the rules using the config file (policy.json), the file is modified.
https://github.com/openstack/oslo-incubator/blob/master/openstack/common/policy.py#L228
Fix proposed to branch: master /review. openstack. org/72848
Review: https:/