← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #66428

[Bug 1705485] Re: policy rule identity:change password is no longer needed

  Thread PreviousDate PreviousThread Next 
Reviewed:  https://review.openstack.org/485818
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=77bf1ad0b8991abb6c7ebba608fde27a3fd01c09
Submitter: Jenkins
Branch:    master

commit 77bf1ad0b8991abb6c7ebba608fde27a3fd01c09
Author: Lance Bragstad <lbragstad@xxxxxxxxx>
Date:   Thu Jul 20 20:45:42 2017 +0000

    Remove policy for self-service password changes
    
    The self-service password API was left intentionally
    unprotected in a change during the stable/ocata cycle:
    
      I4d3421c56642cfdbb25cb33b3aaaacbac4c64dd1
    
    The default policy was not removed from the same config and as a
    result it was migrated into code during the policy-in-code work.
    This isn't necessary since it's not used to protect anything. Policy
    should still be enforced on administrative password resets, but that
    is done using the `update_user` API.
    
    Change-Id: I431f5ef9d6d5d689a06736640d22997fbddb869c
    Closes-Bug: 1705485


** Changed in: keystone
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1705485

Title:
  policy rule identity:change password is no longer needed

Status in OpenStack Identity (keystone):
  Fix Released

Bug description:
  With policy in code changes below rule is added in
  keystone/common/policies/user.py, but enforcement of this rule is
  removed with change-set [0] against user change_password API. As this
  rule is no longer used, it can be removed.

      policy.DocumentedRuleDefault(
          name=base.IDENTITY % 'change_password',
          check_str=base.RULE_ADMIN_OR_OWNER,
          description='Self-service password change.',
          operations=[{'path': '/v3/users/{user_id}/password',
                       'method': 'POST'}])

  
  [0] https://github.com/openstack/keystone/commit/3ae73b67522bf388a0fdcecceb662831d853a313

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1705485/+subscriptions

References

  Thread PreviousDate PreviousThread Next