OpenStack Identity (keystone)

RFE: allow regexes in blacklist and whitelist conditionals

Bug #1880252 reported by Jason Anderson
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Fix Released
Low
Jason Anderson

Bug Description

Currently a regex can be used in the "any_of_one" and "not_any_of" conditionals, allowing operators to specify rules not bound to a static set of expected values. However, this is not supported for the "whitelist" or "blacklist" conditional type.

Having regex support in these types would bring more flexibility when crafting mappings, for example to only map an IdP group to a Keystone group if it has a pattern like "CloudUsers-.*".

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.opendev.org/730423

Changed in keystone:
assignee: nobody → Jason Anderson (jasonandersonatuchicago)
status: New → In Progress
Vishakha Agarwal (vishakha.agarwal)
Changed in keystone:
importance: Undecided → Low
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.opendev.org/730423
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=feaf03443807676e0cf56b7a4458b978a065a132
Submitter: Zuul
Branch: master

commit feaf03443807676e0cf56b7a4458b978a065a132
Author: Jason Anderson <email address hidden>
Date: Fri May 22 16:37:36 2020 -0500

    Support regexes in whitelists/blacklists

    This adds support for the "regex" flag for both the "whitelist" and
    "blacklist" conditional types. Before, only the "any_one_of" and
    "not_any_of" conditionals supported this. Similar to the pre-existing
    regex logic, the patterns are matched from the beginning of the string,
    meaning you may need prefix them with ".*" if you do not care about the
    first characters of the match.

    Closes-Bug: #1880252
    Change-Id: Ia51f47a58712c7230753f2cfa0c87b83a7339bf9

Changed in keystone:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.