Rules from the policy directory files are not reapplied after changes to the primary policy file
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu Cloud Archive |
Fix Released
|
High
|
Unassigned | ||
Mitaka |
Won't Fix
|
High
|
Unassigned | ||
Queens |
Fix Released
|
High
|
Unassigned | ||
Rocky |
Fix Released
|
High
|
Unassigned | ||
Stein |
Fix Released
|
High
|
Unassigned | ||
Train |
Fix Released
|
High
|
Unassigned | ||
Ussuri |
Fix Released
|
High
|
Unassigned | ||
oslo.policy |
Fix Released
|
Undecided
|
Dmitrii Shcherbakov | ||
python-oslo.policy (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Xenial |
Won't Fix
|
High
|
Unassigned | ||
Bionic |
Fix Released
|
High
|
Unassigned | ||
Eoan |
Won't Fix
|
High
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
Groovy |
Fix Released
|
High
|
Unassigned |
Bug Description
[Impact]
Based on the investigation here https:/
This leads to scenarios where incorrect rule combinations are active.
Example from the test case in 1880847:
* policy.json gets read with the following rule;
"identity:
* rule.yaml from policy.d is read with the following rule;
{'identity:
* policy.json's mtime gets updated (with or without a content change) and overrides the rule to be
"identity:
* rule.yaml doesn't get reapplied since it hasn't changed.
[Test Case]
== ubuntu ==
The patches include unit tests that ensure the code is behaving as expected and has not regressed. These tests are run during every package build.
== upstream ==
For a particular version of oslo.policy:
* put the attached test (https:/
* run tox -e cover -- oslo_policy.
* observe the failure;
# ...
testtools.
Ran 1 tests in 0.005s (+0.001s)
FAILED (id=1, failures=1)
* apply the patch;
* run tox -e cover -- oslo_policy.
* observe that the failure is no longer there.
[Regression Potential]
The regression potential is low given that there is test coverage in the olso.policy unit tests.
description: | updated |
tags: | added: cpe-onsite |
description: | updated |
Changed in cloud-archive: | |
status: | In Progress → Triaged |
Changed in cloud-archive: | |
status: | Triaged → Fix Committed |
tags: |
added: verification-done removed: verification-needed |
Fix proposed to branch: master /review. opendev. org/731218
Review: https:/