yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1705485] [NEW] policy rule identity:change password is no longer needed

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: prashkre <1705485@xxxxxxxxxxxxxxxxxx>
Date: Thu, 20 Jul 2017 13:38:46 -0000
Reply-to: Bug 1705485 <1705485@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

With policy in code changes below rule is added in
keystone/common/policies/user.py, but enforcement of this rule is
removed with change-set [0] against user change_password API. As this
rule is no longer used, it can be removed.

    policy.DocumentedRuleDefault(
        name=base.IDENTITY % 'change_password',
        check_str=base.RULE_ADMIN_OR_OWNER,
        description='Self-service password change.',
        operations=[{'path': '/v3/users/{user_id}/password',
                     'method': 'POST'}])


[0] https://github.com/openstack/keystone/commit/3ae73b67522bf388a0fdcecceb662831d853a313

** Affects: keystone
     Importance: Undecided
         Status: New

** Summary changed:

- policy rule identity:change_password is not used with change_password API
+ policy rule identity:change password is not enforced with API

** Summary changed:

- policy rule identity:change password is not enforced with API
+ policy rule identity:change password is no longer needed

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1705485

Title:
  policy rule identity:change password is no longer needed

Status in OpenStack Identity (keystone):
  New

Bug description:
  With policy in code changes below rule is added in
  keystone/common/policies/user.py, but enforcement of this rule is
  removed with change-set [0] against user change_password API. As this
  rule is no longer used, it can be removed.

      policy.DocumentedRuleDefault(
          name=base.IDENTITY % 'change_password',
          check_str=base.RULE_ADMIN_OR_OWNER,
          description='Self-service password change.',
          operations=[{'path': '/v3/users/{user_id}/password',
                       'method': 'POST'}])

  
  [0] https://github.com/openstack/keystone/commit/3ae73b67522bf388a0fdcecceb662831d853a313

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1705485/+subscriptions

Follow ups

[Bug 1705485] Re: policy rule identity:change password is no longer needed
From: OpenStack Infra, 2017-08-04