ansible-collections-openstack

Can't create multiple rbac policies for same object_id but different target_project_id

Bug #2108996 reported by Matthias Rabe on 2025-04-24

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	ansible-collections-openstack	New	Undecided	Unassigned

Bug Description

The code checks only whether there already is a policy with the same object_id but it should also take the target_project_id into consideration.

I think, something like this should be ok:

--- .ansible/collections/ansible_collections/openstack/cloud/plugins/modules/neutron_rbac_policy.py.orig 2025-04-24 15:24:08.641739800 +0200
+++ .ansible/collections/ansible_collections/openstack/cloud/plugins/modules/neutron_rbac_policy.py 2025-04-24 15:15:08.018158410 +0200
@@ -274,8 +274,8 @@
policies = self.conn.network.rbac_policies(**kwargs)

return [p for p in policies
- if any(p[k] == self.params[k]
- for k in ['object_id'])]
+ if all(p[k] == self.params[k]
+ for k in ['object_id', 'target_project_id'])]

def _update(self, policy, update):
attributes = update.get('attributes')whether

See original description

Matthias Rabe (matthias-rabe) on 2025-04-24

description:

updated

Matthias Rabe (matthias-rabe) on 2025-04-24

summary:

- Can't create multiple rbac policies with ansible for same object_id but
- different target_project_id
+ Can't create multiple rbac policies for same object_id but different
+ target_project_id

Revision history for this message

Dmitriy Rabotyagov (noonedeadpunk) wrote on 2025-04-24:

I believe you intended to report that to ansible-collections-openstack SIG, as OpenStack-Ansible is a project for deploying OpenStack with Ansible.

no longer affects:

openstack-ansible

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.