DocumentedRuleDefault.scope_types doesn't show up in generated policy docs

Bug #1773473 reported by Matt Riedemann
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
oslo.policy
Fix Released
Undecided
Lance Bragstad

Bug Description

The 'scope_types' values (if specified) don't show up in the generated policy docs, and it seems like they should since if you're enforcing scope then they can affect how RBAC works in your cloud.

Revision history for this message
Lance Bragstad (lbragstad) wrote :

I can confirm this in keystone's configuration documentation since we specify scope_types for domains [0], but they aren't rendered in the configuration guide [1]. Nice catch.

[0] https://github.com/openstack/keystone/blob/37ce5417418f8acbd27f3dacb70c605b0fe48301/keystone/common/policies/domain.py#L21
[1] https://docs.openstack.org/keystone/latest/configuration/policy.html

Changed in oslo.policy:
status: New → Confirmed
Revision history for this message
Lance Bragstad (lbragstad) wrote :

I also agree with the need to expose this information through documentation. We should make it as easy as possible for people using the API to figure out what kind of token they need to use.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to oslo.policy (master)

Fix proposed to branch: master
Review: https://review.openstack.org/571807

Changed in oslo.policy:
assignee: nobody → Lance Bragstad (lbragstad)
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to oslo.policy (master)

Reviewed: https://review.openstack.org/571807
Committed: https://git.openstack.org/cgit/openstack/oslo.policy/commit/?id=eb1546fdfc157ebce0d52cbee54e2898d13de245
Submitter: Zuul
Branch: master

commit eb1546fdfc157ebce0d52cbee54e2898d13de245
Author: Lance Bragstad <email address hidden>
Date: Fri Jun 1 19:50:53 2018 +0000

    Update sphinxext to include scope_types in docs

    Since we've added ``scope_types`` as an attribute to policy rules, it
    makes sense to include this information in documentation. End users
    will need to know what type of scope is required to pass a specific
    policy rule when services start incorporating system scope and scope
    types.

    Change-Id: I86d89e9f45740b39cef04773cec8846c1ab97c3a
    Closes-Bug: 1773473

Changed in oslo.policy:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/oslo.policy 1.37.0

This issue was fixed in the openstack/oslo.policy 1.37.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.