OpenStack Identity (keystone)

Remove unused policy rule for trust

Bug #1444748 reported by Lin Hua Cheng
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Fix Released
Low
Lin Hua Cheng
OpenStack Identity (keystone) 8.0.0 "liberty"

Bug Description

There are couple of policy rule that are unused for trust, even if the user updates the rule it won't impact the policy check.

we should clean this up to avoid confusion.

This is step #1 as for fixing the policy rule for trust. See : https://bugs.launchpad.net/keystone/+bug/1280084

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/174155

Changed in keystone:
assignee: nobody → Lin Hua Cheng (lin-hua-cheng)
status: New → In Progress
Revision history for this message
Dolph Mathews (dolph) wrote :

Eek, that's super misleading. Although the presence of that rule would have no negative impact on the operation of Keystone, I'm tempted to suggest this for backporting as well, just to avoid bugs being filed in the future.

Changed in keystone:
importance: Undecided → Low
Revision history for this message
Lin Hua Cheng (lin-hua-cheng) wrote :

Yeah. I tried to consume the rule, but ended up breaking backward compatibility for upgrades. I had to fix the policy.json, but that file doesn't get updated during upgrade. So the users will end-up in a broken state. You can find more details in https://bugs.launchpad.net/keystone/+bug/1280084

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/174155
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=060081cc9136bb9eae12ec59263002078bc5d4b8
Submitter: Jenkins
Branch: master

commit 060081cc9136bb9eae12ec59263002078bc5d4b8
Author: lin-hua-cheng <email address hidden>
Date: Wed Apr 15 16:33:09 2015 -0700

    Remove unused policy rule for get_trust

    The policy rule for get_trust is misleading for operators
    since it is not used by the trust controller.

    Change-Id: I885ccbafef8bb9ca73ca6fab110176291bb3a542
    Closes-Bug: #1444748

Changed in keystone:
status: In Progress → Fix Committed
Doug Hellmann (doug-hellmann)
Changed in keystone:
milestone: none → liberty-1
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in keystone:
milestone: liberty-1 → 8.0.0
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.