yahoo-eng-team team mailing list archive

[Timothy Symanczyk <timothy_symanczyk@xxxxxxxxxxxx>]

Public bug reported:

policy.v3cloudsample.json contains the following three lines :

    "admin_on_domain_filter" : "rule:cloud_admin or (rule:admin_required and domain_id:%(scope.domain.id)s)",
    "admin_on_project_filter" : "rule:cloud_admin or (rule:admin_required and project_id:%(scope.project.id)s)",
    "identity:list_role_assignments": "rule:admin_on_domain_filter or rule:admin_on_project_filter",

With rule:cloud_admin being included in both sub-rules, it is then
included twice within the final rule. The two sub-rules are currently
only utilized in the one location.

** Affects: keystone
     Importance: Undecided
     Assignee: Timothy Symanczyk (timothy-symanczyk)
         Status: New

** Changed in: keystone
     Assignee: (unassigned) => Timothy Symanczyk (timothy-symanczyk)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1485104

Title:
  Redundant rule:cloud_admin in list_role_assignments v3 policy file

Status in Keystone:
  New

Bug description:
  policy.v3cloudsample.json contains the following three lines :

      "admin_on_domain_filter" : "rule:cloud_admin or (rule:admin_required and domain_id:%(scope.domain.id)s)",
      "admin_on_project_filter" : "rule:cloud_admin or (rule:admin_required and project_id:%(scope.project.id)s)",
      "identity:list_role_assignments": "rule:admin_on_domain_filter or rule:admin_on_project_filter",

  With rule:cloud_admin being included in both sub-rules, it is then
  included twice within the final rule. The two sub-rules are currently
  only utilized in the one location.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1485104/+subscriptions