Designate

oslopolicy-policy-generator generates unparsable yaml

Bug #2069411 reported by Theresa Schüttig
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Designate
New
Undecided
Unassigned

Bug Description

The result of

oslopolicy-policy-generator --namespace designate --exclude-deprecated

creates yaml with unescaped quotation marks inside some values, causing the services designate-central and designate-producer to crash when using the result as /etc/designate/policy.yaml

Keys that need to be addressed are:
* create_recordset
* get_recordset
* get_zone

Output:

"admin": "role:admin or is_admin:True"
"owner": "project_id:%(tenant_id)s"
"admin_or_owner": "rule:admin or rule:owner"
"default": "(role:admin) or (role:member and project_id:%(project_id)s)"
"create_blacklist": "role:admin"
"find_blacklists": "role:admin"
"get_blacklist": "role:admin"
"update_blacklist": "role:admin"
"delete_blacklist": "role:admin"
"use_blacklisted_zone": "role:admin"
"all_tenants": "role:admin"
"edit_managed_records": "role:admin"
"use_low_ttl": "role:admin"
"use_sudo": "role:admin"
"hard_delete": "role:admin"
"create_pool": "role:admin"
"find_pools": "role:admin"
"find_pool": "role:admin"
"get_pool": "role:admin"
"update_pool": "role:admin"
"delete_pool": "role:admin"
"zone_create_forced_pool": "role:admin"
"get_quotas": "(role:admin) or (role:reader and project_id:%(project_id)s) or (True:%(all_tenants)s and role:reader)"
"set_quota": "role:admin"
"reset_quotas": "role:admin"
"find_records": "(role:admin) or (role:reader and project_id:%(project_id)s)"
"count_records": "(role:admin) or (role:reader and project_id:%(project_id)s)"
"create_recordset": "(role:member and project_id:%(project_id)s) and ('PRIMARY':%(zone_type)s) or (role:admin) and ('PRIMARY':%(zone_type)s) or (role:admin) and ('SECONDARY':%(zone_type)s) or ("True":%(zone_shared)s) and ('PRIMARY':%(zone_type)s)"
"get_recordsets": "(role:admin) or (role:reader and project_id:%(project_id)s)"
"get_recordset": "(role:admin) or (role:reader and project_id:%(project_id)s) or ("True":%(zone_shared)s)"
"find_recordset": "(role:admin) or (role:reader and project_id:%(project_id)s)"
"find_recordsets": "(role:admin) or (role:reader and project_id:%(project_id)s)"
"update_recordset": "(role:member and project_id:%(project_id)s) and ('PRIMARY':%(zone_type)s) or (role:admin) and ('PRIMARY':%(zone_type)s) or (role:admin) and ('SECONDARY':%(zone_type)s) or role:member and (project_id:%(recordset_project_id)s) and ('PRIMARY':%(zone_type)s)"
"delete_recordset": "(role:member and project_id:%(project_id)s) and ('PRIMARY':%(zone_type)s) or (role:admin) and ('PRIMARY':%(zone_type)s) or (role:admin) and ('SECONDARY':%(zone_type)s) or role:member and (project_id:%(recordset_project_id)s) and ('PRIMARY':%(zone_type)s)"
"count_recordset": "(role:admin) or (role:reader and project_id:%(project_id)s)"
"find_service_status": "role:admin"
"find_service_statuses": "role:admin"
"update_service_status": "role:admin"
"get_zone_share": "(role:admin) or (role:member and project_id:%(project_id)s)"
"share_zone": "(role:admin) or (role:member and project_id:%(project_id)s)"
"find_zone_shares": "@"
"find_project_zone_share": "(role:admin) or (role:member and project_id:%(project_id)s)"
"unshare_zone": "(role:admin) or (role:member and project_id:%(project_id)s)"
"find_tenants": "role:admin"
"get_tenant": "role:admin"
"count_tenants": "role:admin"
"create_tld": "role:admin"
"find_tlds": "role:admin"
"get_tld": "role:admin"
"update_tld": "role:admin"
"delete_tld": "role:admin"
"create_tsigkey": "role:admin"
"find_tsigkeys": "role:admin"
"get_tsigkey": "role:admin"
"update_tsigkey": "role:admin"
"delete_tsigkey": "role:admin"
"create_zone": "(role:admin) or (role:member and project_id:%(project_id)s)"
"get_zones": "(role:admin) or (role:reader and project_id:%(project_id)s)"
"get_zone": "(role:admin) or (role:reader and project_id:%(project_id)s) or ("True":%(zone_shared)s)"
"get_zone_servers": "(role:admin) or (role:reader and project_id:%(project_id)s)"
"get_zone_ns_records": "(role:admin) or (role:reader and project_id:%(project_id)s)"
"find_zones": "(role:admin) or (role:reader and project_id:%(project_id)s)"
"update_zone": "(role:admin) or (role:member and project_id:%(project_id)s)"
"delete_zone": "(role:admin) or (role:member and project_id:%(project_id)s)"
"xfr_zone": "(role:admin) or (role:member and project_id:%(project_id)s)"
"abandon_zone": "role:admin"
"count_zones": "(role:admin) or (role:reader and project_id:%(project_id)s)"
"count_zones_pending_notify": "(role:admin) or (role:reader and project_id:%(project_id)s)"
"purge_zones": "role:admin"
"pool_move_zone": "role:admin"
"zone_export": "(role:admin) or (role:member and project_id:%(project_id)s)"
"create_zone_export": "(role:admin) or (role:member and project_id:%(project_id)s)"
"find_zone_exports": "(role:admin) or (role:reader and project_id:%(project_id)s)"
"get_zone_export": "(role:admin) or (role:reader and project_id:%(project_id)s)"
"update_zone_export": "(role:admin) or (role:member and project_id:%(project_id)s)"
"delete_zone_export": "(role:admin) or (role:member and project_id:%(project_id)s)"
"create_zone_import": "(role:admin) or (role:member and project_id:%(project_id)s)"
"find_zone_imports": "(role:admin) or (role:reader and project_id:%(project_id)s)"
"get_zone_import": "(role:admin) or (role:reader and project_id:%(project_id)s)"
"update_zone_import": "(role:admin) or (role:member and project_id:%(project_id)s)"
"delete_zone_import": "(role:admin) or (role:member and project_id:%(project_id)s)"
"create_zone_transfer_accept": "((role:admin) or (role:member and project_id:%(project_id)s)) or project_id:%(target_project_id)s or None:%(target_project_id)s"
"get_zone_transfer_accept": "(role:admin) or (role:reader and project_id:%(project_id)s)"
"find_zone_transfer_accepts": "role:admin"
"create_zone_transfer_request": "(role:admin) or (role:member and project_id:%(project_id)s)"
"get_zone_transfer_request": "((role:admin) or (role:member and project_id:%(project_id)s)) or project_id:%(target_project_id)s or None:%(target_project_id)s"
"get_zone_transfer_request_detailed": "(role:admin) or (role:reader and project_id:%(project_id)s)"
"find_zone_transfer_requests": "@"
"update_zone_transfer_request": "(role:admin) or (role:member and project_id:%(project_id)s)"
"delete_zone_transfer_request": "(role:admin) or (role:member and project_id:%(project_id)s)"

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.