Current policy.json role assignments are error prone for deployment modifications
Bug #1497646 reported by
John Wood
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Barbican |
Fix Released
|
Wishlist
|
Dave McCowan |
Bug Description
The first five policy.json rules define the Barbican roles. All other rules below these should then only reference these roles via their 'rule' definitions. This supports deployers modifying these roles to suit corporate role naming conventions.
However, there are some direct 'role:xxxx' reference in the non-role rules, violating don't repeat yourself (DRY). Rather than making deployers find all the place where roles are in the policy file, it is less error prone to just replace those role references with a 'rule:xxxx' reference.
Changed in barbican: | |
assignee: | nobody → John Wood (john-wood-w) |
importance: | Undecided → Medium |
assignee: | John Wood (john-wood-w) → nobody |
importance: | Medium → Wishlist |
Changed in barbican: | |
assignee: | nobody → Dave McCowan (dave-mccowan) |
status: | New → In Progress |
Changed in barbican: | |
milestone: | none → liberty-rc1 |
status: | Fix Committed → Fix Released |
Changed in barbican: | |
milestone: | liberty-rc1 → 1.0.0 |
To post a comment you must log in.
Reviewed: https:/ /review. openstack. org/225509 /git.openstack. org/cgit/ openstack/ barbican/ commit/ ?id=c4e01a2d5b1 3bc13ff027c2099 e9c4b03157939b
Committed: https:/
Submitter: Jenkins
Branch: master
commit c4e01a2d5b13bc1 3ff027c2099e9c4 b03157939b
Author: Dave McCowan <email address hidden>
Date: Sun Sep 20 16:24:33 2015 -0400
Change roles to rules in policy.json file
Each role should be assigned exactly one to a rule, and only the rule
should be used thereafter in the policy.json file. For consistency,
I also remove _role as a suffix for rule names.
Change-Id: I412a2516690b3b e622c9cf7e0a959 e8a796b1923
Closes-bug: #1497646