Comment 2 for bug 2017056
Revision history for this message
| Andrew Bogott (andrewbogott) wrote Re: identity:list_services doesn't obey policy.yaml when enforcement is enabled | #2 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
I think this is a real bug.
I may be misreading the code, but it looks to me like the policy code checks the new rule from policy.yaml for auth but also does a separate scope check -- the scope check seems to only use the original rule from code rather than the rule from policy.yaml. So you can only override policies in policy.yaml as long as you don't modify the scope requirements.
This breaks quite a lot of things!