OpenStack Identity (keystone)

Redundant rule:cloud_admin in list_role_assignments v3 policy file

Bug #1485104 reported by Timothy Symanczyk
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Fix Released
Low
Timothy Symanczyk
OpenStack Identity (keystone) 8.0.0 "liberty"

Bug Description

policy.v3cloudsample.json contains the following three lines :

    "admin_on_domain_filter" : "rule:cloud_admin or (rule:admin_required and domain_id:%(scope.domain.id)s)",
    "admin_on_project_filter" : "rule:cloud_admin or (rule:admin_required and project_id:%(scope.project.id)s)",
    "identity:list_role_assignments": "rule:admin_on_domain_filter or rule:admin_on_project_filter",

With rule:cloud_admin being included in both sub-rules, it is then included twice within the final rule. The two sub-rules are currently only utilized in the one location.

Timothy Symanczyk (timothy-symanczyk)
Changed in keystone:
assignee: nobody → Timothy Symanczyk (timothy-symanczyk)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/213338

Changed in keystone:
status: New → In Progress
Steve Martinelli (stevemar)
Changed in keystone:
importance: Undecided → Low
milestone: none → liberty-3
Revision history for this message
Dolph Mathews (dolph) wrote :

I'm setting this to incomplete because the proposed change does not eliminate a redundancy. Please close this bug if the change should be abandoned.

Changed in keystone:
status: In Progress → Incomplete
Revision history for this message
Timothy Symanczyk (timothy-symanczyk) wrote :

Changing back to In Progress. There appears to have been a misunderstanding that is now resolved, and people seem to now agree that the change removes a legitimate redundancy.

Changed in keystone:
status: Incomplete → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/213338
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=85b81583955bf30ed0e82347e8159235ee839b9a
Submitter: Jenkins
Branch: master

commit 85b81583955bf30ed0e82347e8159235ee839b9a
Author: Timothy Symanczyk <email address hidden>
Date: Thu Aug 13 23:49:40 2015 -0700

    Simplify rule in sample v3 policy file

    Remove redundant rule:cloud_admin from list_role_assignment
    rule in sample v3 policy file.

    Closes-Bug: #1485104

    Change-Id: I0b65585c675c5b249d92cdce412efa7f3ac3c41b

Changed in keystone:
status: In Progress → Fix Committed
Doug Hellmann (doug-hellmann)
Changed in keystone:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in keystone:
milestone: liberty-3 → 8.0.0
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.