Invalid policy rules generated when a target is deprecated
Bug #1845209 reported by
Ben Nemec
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
oslo.policy |
Fix Released
|
High
|
Ben Nemec |
Bug Description
If the target for a policy rule is deprecated but the rule name remains the same, the policy generator improperly creates a rule that looks something like "my_rule: rule:my_rule". This is a circular reference and will break policy handling.
We already fixed this on master (for Train), but didn't open a bug about it. Since we should backport the fix I'm opening this bug so we have one to reference.
Changed in oslo.policy: | |
status: | Triaged → Fix Released |
To post a comment you must log in.
Reviewed: https:/ /review. opendev. org/684316 /git.openstack. org/cgit/ openstack/ oslo.policy/ commit/ ?id=1e9b2f0dac2 7e2865a26a085f7 6525c7a93ddcee
Committed: https:/
Submitter: Zuul
Branch: stable/stein
commit 1e9b2f0dac27e28 65a26a085f76525 c7a93ddcee
Author: Lance Bragstad <email address hidden>
Date: Thu Jul 25 16:28:01 2019 +0000
Only alias when policy names change
Previously, oslo.policy would generate policy files with aliased names
in the event the name was changing for backwards compatibility. This
isn't needed if the name isn't changing and only the check string is
changing.
This patch adds a conditional to the generator logic that only aliases
the old name to the new name if the name is changing. Otherwise, it
only outputs comments about the deprecation.
Co-Authored-By: Ben Nemec <email address hidden> a5096832023441d 2e6166db92a 6fb7f7f5156056d 5206d71046)
Closes-Bug: 1845209
Change-Id: I89ff60354e4751
(cherry picked from commit 9641e5ca0d75837