yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1485104] Re: Redundant rule:cloud_admin in list_role_assignments v3 policy file

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Doug Hellmann <doug@xxxxxxxxxxxxxxxx>
Date: Thu, 03 Sep 2015 18:15:50 -0000
Reply-to: Bug 1485104 <1485104@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: keystone
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1485104

Title:
  Redundant rule:cloud_admin in list_role_assignments v3 policy file

Status in Keystone:
  Fix Released

Bug description:
  policy.v3cloudsample.json contains the following three lines :

      "admin_on_domain_filter" : "rule:cloud_admin or (rule:admin_required and domain_id:%(scope.domain.id)s)",
      "admin_on_project_filter" : "rule:cloud_admin or (rule:admin_required and project_id:%(scope.project.id)s)",
      "identity:list_role_assignments": "rule:admin_on_domain_filter or rule:admin_on_project_filter",

  With rule:cloud_admin being included in both sub-rules, it is then
  included twice within the final rule. The two sub-rules are currently
  only utilized in the one location.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1485104/+subscriptions

References

[Bug 1485104] [NEW] Redundant rule:cloud_admin in list_role_assignments v3 policy file
From: Timothy Symanczyk, 2015-08-14