Policy rule position errors
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Invalid
|
Undecided
|
Unassigned | ||
oslo.policy |
Triaged
|
Medium
|
Ian Cordasco |
Bug Description
In the policy.
Changed in oslo.policy: | |
assignee: | nobody → Ian Cordasco (icordasc) |
Changed in oslo.policy: | |
status: | Confirmed → Triaged |
This sounds like a bug in the way the rules processor is working. This may not actually be a bug in keystone but a bug in the oslo policy library or a way we're invoking the enforcer.
I'm curious what happens in the case the token matches rule:admin and domain_id" in the second case.