Reviewed: https://review.openstack.org/482359 Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=fa88f6844873b53065123b6b4c311c8fd94ede4d Submitter: Jenkins Branch: master
commit fa88f6844873b53065123b6b4c311c8fd94ede4d Author: Matthew Edmonds <[email protected]> Date: Mon Jul 10 18:51:52 2017 -0400 fix assert_admin The assert_admin method was broken by an earlier Pike commit [1] which caused it to check for the "identity:admin_required" policy rule (which is not defined) instead of the "admin_required" rule. This changes check_policy to take the action instead of a function name, allowing the caller to decide whether they want to prepend "identity:" or not. [1] 40c118d6ba94b15d6f66da618e1d368a0f876340 Change-Id: Ief05967361959a0bd194af3e77af198936e4a71f Closes-Bug: #1703467 ** Changed in: keystone Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1703467 Title: assert_admin is checking default policy rule not admin_required Status in OpenStack Identity (keystone): Fix Released Bug description: https://github.com/openstack/keystone/commit/40c118d6ba94b15d6f66da618e1d368a0f876340 broke all places calling assert_admin. Previously, assert_admin checked the "admin_required" rule. With that change, assert_admin now checks the "identity:admin_required" rule. That rule is not defined, so what actually gets checked is the default rule. We must fix this before shipping Pike to avoid breaking backward compatibility. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1703467/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
