yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1675822] Re: Allow policy actions in code to be importable for RBAC testing

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Anthony Washington <anthony.washington@xxxxxxxxx>
Date: Tue, 04 Apr 2017 15:21:00 -0000
Reply-to: Bug 1675822 <1675822@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Patch finally merged to master https://review.openstack.org/#/c/443344/
:)

** Changed in: keystone
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1675822

Title:
  Allow policy actions in code to be importable for RBAC testing

Status in OpenStack Identity (keystone):
  Fix Committed

Bug description:
  Now that Keystone is defining all of its policy actions in code, it is
  no longer possible to read the keystone policy.json in order to
  retrieve an exhaustive list of all the Keystone policy actions,
  necessary for RBAC testing by Patrole.

  Currently, Nova has its policy actions in code [0] and allows them to
  be imported via setup.cfg [1].

  Keystone can do the same thing as Nova by adding

  oslo.policy.policies =
      keystone = keystone.common.policies:list_rules

  to its setup.cfg.

  Moreover, oslo.policy currently uses the "oslo.policy.policies"
  extension by default [2] in order to generate a sample policy file.

  This bug fix, therefore, solves both issues.

  [0] https://github.com/openstack/nova/blob/master/nova/policies/__init__.py
  [1] https://github.com/openstack/nova/blob/master/setup.cfg
  [2] https://github.com/openstack/oslo.policy/blob/master/oslo_policy/generator.py

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1675822/+subscriptions

References

[Bug 1675822] [NEW] Allow policy actions in code to be importable for RBAC testing
From: Felipe Monteiro, 2017-03-24