oslo.policy

DocumentedRuleDefault.scope_types doesn't show up in generated policy docs

Bug #1773473 reported by Matt Riedemann on 2018-05-26

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	oslo.policy	Fix Released	Undecided	Lance Bragstad

Bug Description

The 'scope_types' values (if specified) don't show up in the generated policy docs, and it seems like they should since if you're enforcing scope then they can affect how RBAC works in your cloud.

Revision history for this message

Lance Bragstad (lbragstad) wrote on 2018-05-26:

I can confirm this in keystone's configuration documentation since we specify scope_types for domains [0], but they aren't rendered in the configuration guide [1]. Nice catch.

[0] https://github.com/openstack/keystone/blob/37ce5417418f8acbd27f3dacb70c605b0fe48301/keystone/common/policies/domain.py#L21
[1] https://docs.openstack.org/keystone/latest/configuration/policy.html

Changed in oslo.policy:
status:	New → Confirmed

Revision history for this message

Lance Bragstad (lbragstad) wrote on 2018-06-01:

I also agree with the need to expose this information through documentation. We should make it as easy as possible for people using the API to figure out what kind of token they need to use.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-06-01: Fix proposed to oslo.policy (master)

Fix proposed to branch: master
Review: https://review.openstack.org/571807

Changed in oslo.policy:
assignee:	nobody → Lance Bragstad (lbragstad)
status:	Confirmed → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-06-01: Fix merged to oslo.policy (master)

Reviewed: https://review.openstack.org/571807
Committed: https://git.openstack.org/cgit/openstack/oslo.policy/commit/?id=eb1546fdfc157ebce0d52cbee54e2898d13de245
Submitter: Zuul
Branch: master

commit eb1546fdfc157ebce0d52cbee54e2898d13de245
Author: Lance Bragstad <email address hidden>
Date: Fri Jun 1 19:50:53 2018 +0000

Update sphinxext to include scope_types in docs

    Since we've added ``scope_types`` as an attribute to policy rules, it
    makes sense to include this information in documentation. End users
    will need to know what type of scope is required to pass a specific
    policy rule when services start incorporating system scope and scope
    types.

Change-Id: I86d89e9f45740b39cef04773cec8846c1ab97c3a
Closes-Bug: 1773473

Changed in oslo.policy:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-06-05: Fix included in openstack/oslo.policy 1.37.0

This issue was fixed in the openstack/oslo.policy 1.37.0 release.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.