Invalid policy rules generated when a target is deprecated
Bug #1845209 reported by
Ben Nemec
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| oslo.policy |
Fix Released
|
High
|
Ben Nemec | ||
Bug Description
If the target for a policy rule is deprecated but the rule name remains the same, the policy generator improperly creates a rule that looks something like "my_rule: rule:my_rule". This is a circular reference and will break policy handling.
We already fixed this on master (for Train), but didn't open a bug about it. Since we should backport the fix I'm opening this bug so we have one to reference.
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to oslo.policy (stable/stein) | #1 |
| tags: | added: in-stable-stein |
| Changed in oslo.policy: | |
| status: | Triaged → Fix Released |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix included in openstack/oslo.policy 2.1.2 | #2 |
To post a comment you must log in.
Reviewed: https:/
Committed: https:/
Submitter: Zuul
Branch: stable/stein
commit 1e9b2f0dac27e28
Author: Lance Bragstad <email address hidden>
Date: Thu Jul 25 16:28:01 2019 +0000
Only alias when policy names change
Previously, oslo.policy would generate policy files with aliased names
in the event the name was changing for backwards compatibility. This
isn't needed if the name isn't changing and only the check string is
changing.
This patch adds a conditional to the generator logic that only aliases
the old name to the new name if the name is changing. Otherwise, it
only outputs comments about the deprecation.
Co-Authored-By: Ben Nemec <email address hidden>
Closes-Bug: 1845209
Change-Id: I89ff60354e4751
(cherry picked from commit 9641e5ca0d75837