OpenStack Identity (keystone)

sample policy.json should use new format

Bug #1152662 reported by Brant Knudson on 2013-03-08

6

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	Fix Released	Wishlist	Brant Knudson	OpenStack Identity (keystone) 2014.1 "icehouse"

Bug Description

Keystone's sample policy.json (keystone/etc/policy.json) should switch to using the new format because it's easier to read and understand. The new format is used by nova, for example, see https://github.com/openstack/nova/blob/master/etc/nova/policy.json:

{
    "context_is_admin": "role:admin",
    "admin_or_owner": "is_admin:True or project_id:%(project_id)s",
    "default": "rule:admin_or_owner",

...

vs keystone's:

{
    "admin_required": [["role:admin"], ["is_admin:1"]],
    "owner" : [["user_id:%(user_id)s"]],
    "admin_or_owner": [["rule:admin_required"], ["rule:owner"]],

Dolph Mathews (dolph) on 2013-03-12

Changed in keystone:
status:	New → Triaged
importance:	Undecided → Wishlist

Volmar Oliveira Jr (volmar-junior) on 2013-07-18

Changed in keystone:
assignee:	nobody → Volmar Oliveira Jr (volmar-junior)

Revision history for this message

Volmar Oliveira Jr (volmar-junior) wrote on 2013-07-18:

#1

How about add to the policy sample file the instructions to create one? Basically add the same information described here on comments

https://github.com/openstack/keystone/blob/master/keystone/openstack/common/policy.py

Revision history for this message

Dolph Mathews (dolph) wrote on 2013-07-18:

#2

There's no way to add comments to a *.json file and still have it be immediately parseable as JSON.

Revision history for this message

Dolph Mathews (dolph) wrote on 2013-09-25:

#3

Unassigning due to inactivity.

Changed in keystone:
assignee:	Volmar Oliveira Jr (volmar-junior) → nobody

Revision history for this message

Dolph Mathews (dolph) wrote on 2013-09-25:

#4

I should take back comment #2, sort of. You can redundantly define keys in JSON and only the last one is parsed as the actual value:

>>> print json.loads('{"key": "Documentation.", "key": "value"}')
{u'key': u'value'}

Which lets you inject comments and such as inline documentation.

Revision history for this message

Jeffrey Zhang (jeffrey4l) wrote on 2013-09-27:

#5

Is this feature is implemented already? I check the current policy file in the keystone. I is using the new format.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-10-30: Fix proposed to keystone (master)

#6

Fix proposed to branch: master
Review: https://review.openstack.org/54635

Changed in keystone:
assignee:	nobody → Brant Knudson (blk-u)
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-11-12: Fix merged to keystone (master)

#7

Reviewed: https://review.openstack.org/54635
Committed: http://github.com/openstack/keystone/commit/1fb00caa4095ff38c54fcbea9f871e1d3ed75a05
Submitter: Jenkins
Branch: master

commit 1fb00caa4095ff38c54fcbea9f871e1d3ed75a05
Author: Brant Knudson <email address hidden>
Date: Wed Oct 30 16:33:38 2013 -0500

Change sample policy files to use policy language

The sample policy files were using the old style for rules.

This changes the policy files to use the new policy language
for rules.

Change-Id: I532b941c9b14b68b449e2cd7165d01a1f1031b05
Closes-Bug: #1152662

Changed in keystone:
status:	In Progress → Fix Committed

Thierry Carrez (ttx) on 2013-12-04

Changed in keystone:
milestone:	none → icehouse-1
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2014-04-17

Changed in keystone:
milestone:	icehouse-1 → 2014.1

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.