From 103210fb368564166fe4acd11bba60b1cc4a1309 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Thu, 23 Jul 2020 09:42:25 -0700
Subject: [PATCH] koji / hub: set MissingPolicyOk False

This will mean that anything we don't have a policy for will be denied
instead of allowed. We want this (safer) default.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/koji_hub/templates/hub.conf.j2 | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/roles/koji_hub/templates/hub.conf.j2 b/roles/koji_hub/templates/hub.conf.j2
index a320e8a129..53aec2e901 100644
--- a/roles/koji_hub/templates/hub.conf.j2
+++ b/roles/koji_hub/templates/hub.conf.j2
@@ -57,6 +57,12 @@ DisableNotifications = True
 ## subclasses of koji.GenericError).
 # KojiDebug = On
 
+## If MissingPolicyOk is on, and given policy is not set up,
+## policy test will pass as ok. If 'deny' result is desired, set it
+## to off
+# MissingPolicyOk = True
+MissingPolicyOk = False
+
 ## Determines how much detail about exceptions is reported to the client (via faults)
 ## Meaningful values:
 ##   normal - a basic traceback (format_exception)