[Group.of.nepali.translators] [Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
This bug was fixed in the package python-oslo.policy - 1.33.1-0ubuntu3~cloud0 --- python-oslo.policy (1.33.1-0ubuntu3~cloud0) xenial-queens; urgency=medium . * New update for the Ubuntu Cloud Archive. . python-oslo.policy (1.33.1-0ubuntu3) bionic; urgency=medium . * d/p/reload-policy-files.patch: Cherry-picked from upstream review to ensure policy directory files are reapplied after change to primary policy file (LP: #1880959). ** Changed in: cloud-archive/queens Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file Status in Ubuntu Cloud Archive: Fix Released Status in Ubuntu Cloud Archive mitaka series: Won't Fix Status in Ubuntu Cloud Archive queens series: Fix Released Status in Ubuntu Cloud Archive rocky series: Fix Released Status in Ubuntu Cloud Archive stein series: Fix Released Status in Ubuntu Cloud Archive train series: Fix Released Status in Ubuntu Cloud Archive ussuri series: Fix Released Status in oslo.policy: Fix Released Status in python-oslo.policy package in Ubuntu: Fix Released Status in python-oslo.policy source package in Xenial: Won't Fix Status in python-oslo.policy source package in Bionic: Fix Released Status in python-oslo.policy source package in Eoan: Won't Fix Status in python-oslo.policy source package in Focal: Fix Released Status in python-oslo.policy source package in Groovy: Fix Released Bug description: [Impact] Based on the investigation here https://bugs.launchpad.net/charm-keystone/+bug/1880847 it was determined that rules from policy files located in the directory specified in the policy_dirs option (/etc//policy.d by default) are not re-applied after the rules from the primary policy file is re-applied due to a change. This leads to scenarios where incorrect rule combinations are active. Example from the test case in 1880847: * policy.json gets read with the following rule; "identity:list_credentials": "rule:admin_required or user_id:%(user_id)s", * rule.yaml from policy.d is read with the following rule; {'identity:list_credentials': '!'} * policy.json's mtime gets updated (with or without a content change) and overrides the rule to be "identity:list_credentials": "rule:admin_required or user_id:%(user_id)s", * rule.yaml doesn't get reapplied since it hasn't changed. [Test Case] == ubuntu == The patches include unit tests that ensure the code is behaving as expected and has not regressed. These tests are run during every package build. == upstream == For a particular version of oslo.policy: * put the attached test (https://bugs.launchpad.net/ubuntu/+source /python- oslo.policy/+bug/1880959/+attachment/5377753/+files/test_1880959.py) under oslo_policy/tests/test_1880959.py; * run tox -e cover -- oslo_policy.tests.test_1880959.EnforcerTest; * observe the failure; # ... testtools.matchers._impl.MismatchError: 'role:fakeA' != 'rule:admin' Ran 1 tests in 0.005s (+0.001s) FAILED (id=1, failures=1) * apply the patch; * run tox -e cover -- oslo_policy.tests.test_1880959.EnforcerTest * observe that the failure is no longer there. [Regression Potential] The regression potential is low given that there is test coverage in the olso.policy unit tests. To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
This bug was fixed in the package python-oslo.policy - 1.33.1-0ubuntu3 --- python-oslo.policy (1.33.1-0ubuntu3) bionic; urgency=medium * d/p/reload-policy-files.patch: Cherry-picked from upstream review to ensure policy directory files are reapplied after change to primary policy file (LP: #1880959). -- Corey Bryant Tue, 14 Jul 2020 09:43:55 -0400 ** Changed in: python-oslo.policy (Ubuntu Bionic) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file Status in Ubuntu Cloud Archive: Fix Released Status in Ubuntu Cloud Archive mitaka series: Won't Fix Status in Ubuntu Cloud Archive queens series: Fix Committed Status in Ubuntu Cloud Archive rocky series: Fix Released Status in Ubuntu Cloud Archive stein series: Fix Released Status in Ubuntu Cloud Archive train series: Fix Released Status in Ubuntu Cloud Archive ussuri series: Fix Released Status in oslo.policy: Fix Released Status in python-oslo.policy package in Ubuntu: Fix Released Status in python-oslo.policy source package in Xenial: Won't Fix Status in python-oslo.policy source package in Bionic: Fix Released Status in python-oslo.policy source package in Eoan: Won't Fix Status in python-oslo.policy source package in Focal: Fix Released Status in python-oslo.policy source package in Groovy: Fix Released Bug description: [Impact] Based on the investigation here https://bugs.launchpad.net/charm-keystone/+bug/1880847 it was determined that rules from policy files located in the directory specified in the policy_dirs option (/etc//policy.d by default) are not re-applied after the rules from the primary policy file is re-applied due to a change. This leads to scenarios where incorrect rule combinations are active. Example from the test case in 1880847: * policy.json gets read with the following rule; "identity:list_credentials": "rule:admin_required or user_id:%(user_id)s", * rule.yaml from policy.d is read with the following rule; {'identity:list_credentials': '!'} * policy.json's mtime gets updated (with or without a content change) and overrides the rule to be "identity:list_credentials": "rule:admin_required or user_id:%(user_id)s", * rule.yaml doesn't get reapplied since it hasn't changed. [Test Case] == ubuntu == The patches include unit tests that ensure the code is behaving as expected and has not regressed. These tests are run during every package build. == upstream == For a particular version of oslo.policy: * put the attached test (https://bugs.launchpad.net/ubuntu/+source /python- oslo.policy/+bug/1880959/+attachment/5377753/+files/test_1880959.py) under oslo_policy/tests/test_1880959.py; * run tox -e cover -- oslo_policy.tests.test_1880959.EnforcerTest; * observe the failure; # ... testtools.matchers._impl.MismatchError: 'role:fakeA' != 'rule:admin' Ran 1 tests in 0.005s (+0.001s) FAILED (id=1, failures=1) * apply the patch; * run tox -e cover -- oslo_policy.tests.test_1880959.EnforcerTest * observe that the failure is no longer there. [Regression Potential] The regression potential is low given that there is test coverage in the olso.policy unit tests. To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
This bug was fixed in the package python-oslo.policy - 2.1.1-0ubuntu1~cloud1 --- python-oslo.policy (2.1.1-0ubuntu1~cloud1) bionic-stein; urgency=medium . * d/gbp.conf: Create stable/stein branch. * d/p/reload-policy-files.patch: Cherry-picked from upstream master to ensure policy directory files are reapplied after change to primary policy file (LP: #1880959). ** Changed in: cloud-archive/stein Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file Status in Ubuntu Cloud Archive: Fix Released Status in Ubuntu Cloud Archive mitaka series: Won't Fix Status in Ubuntu Cloud Archive queens series: Triaged Status in Ubuntu Cloud Archive rocky series: Fix Released Status in Ubuntu Cloud Archive stein series: Fix Released Status in Ubuntu Cloud Archive train series: Fix Released Status in Ubuntu Cloud Archive ussuri series: Fix Released Status in oslo.policy: Fix Released Status in python-oslo.policy package in Ubuntu: Fix Released Status in python-oslo.policy source package in Xenial: Won't Fix Status in python-oslo.policy source package in Bionic: Triaged Status in python-oslo.policy source package in Eoan: Won't Fix Status in python-oslo.policy source package in Focal: Fix Released Status in python-oslo.policy source package in Groovy: Fix Released Bug description: [Impact] Based on the investigation here https://bugs.launchpad.net/charm-keystone/+bug/1880847 it was determined that rules from policy files located in the directory specified in the policy_dirs option (/etc//policy.d by default) are not re-applied after the rules from the primary policy file is re-applied due to a change. This leads to scenarios where incorrect rule combinations are active. Example from the test case in 1880847: * policy.json gets read with the following rule; "identity:list_credentials": "rule:admin_required or user_id:%(user_id)s", * rule.yaml from policy.d is read with the following rule; {'identity:list_credentials': '!'} * policy.json's mtime gets updated (with or without a content change) and overrides the rule to be "identity:list_credentials": "rule:admin_required or user_id:%(user_id)s", * rule.yaml doesn't get reapplied since it hasn't changed. [Test Case] == ubuntu == The patches include unit tests that ensure the code is behaving as expected and has not regressed. These tests are run during every package build. == upstream == For a particular version of oslo.policy: * put the attached test (https://bugs.launchpad.net/ubuntu/+source /python- oslo.policy/+bug/1880959/+attachment/5377753/+files/test_1880959.py) under oslo_policy/tests/test_1880959.py; * run tox -e cover -- oslo_policy.tests.test_1880959.EnforcerTest; * observe the failure; # ... testtools.matchers._impl.MismatchError: 'role:fakeA' != 'rule:admin' Ran 1 tests in 0.005s (+0.001s) FAILED (id=1, failures=1) * apply the patch; * run tox -e cover -- oslo_policy.tests.test_1880959.EnforcerTest * observe that the failure is no longer there. [Regression Potential] The regression potential is low given that there is test coverage in the olso.policy unit tests. To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
This bug was fixed in the package python-oslo.policy - 1.38.1-0ubuntu1~cloud1 --- python-oslo.policy (1.38.1-0ubuntu1~cloud1) bionic-rocky; urgency=medium . * d/gbp.conf: Create stable/rocky branch. * d/p/reload-policy-files.patch: Cherry-picked from upstream review to ensure policy directory files are reapplied after change to primary policy file (LP: #1880959). ** Changed in: cloud-archive/rocky Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file Status in Ubuntu Cloud Archive: Fix Released Status in Ubuntu Cloud Archive mitaka series: Won't Fix Status in Ubuntu Cloud Archive queens series: Triaged Status in Ubuntu Cloud Archive rocky series: Fix Released Status in Ubuntu Cloud Archive stein series: Fix Released Status in Ubuntu Cloud Archive train series: Fix Released Status in Ubuntu Cloud Archive ussuri series: Fix Released Status in oslo.policy: Fix Released Status in python-oslo.policy package in Ubuntu: Fix Released Status in python-oslo.policy source package in Xenial: Won't Fix Status in python-oslo.policy source package in Bionic: Triaged Status in python-oslo.policy source package in Eoan: Won't Fix Status in python-oslo.policy source package in Focal: Fix Released Status in python-oslo.policy source package in Groovy: Fix Released Bug description: [Impact] Based on the investigation here https://bugs.launchpad.net/charm-keystone/+bug/1880847 it was determined that rules from policy files located in the directory specified in the policy_dirs option (/etc//policy.d by default) are not re-applied after the rules from the primary policy file is re-applied due to a change. This leads to scenarios where incorrect rule combinations are active. Example from the test case in 1880847: * policy.json gets read with the following rule; "identity:list_credentials": "rule:admin_required or user_id:%(user_id)s", * rule.yaml from policy.d is read with the following rule; {'identity:list_credentials': '!'} * policy.json's mtime gets updated (with or without a content change) and overrides the rule to be "identity:list_credentials": "rule:admin_required or user_id:%(user_id)s", * rule.yaml doesn't get reapplied since it hasn't changed. [Test Case] == ubuntu == The patches include unit tests that ensure the code is behaving as expected and has not regressed. These tests are run during every package build. == upstream == For a particular version of oslo.policy: * put the attached test (https://bugs.launchpad.net/ubuntu/+source /python- oslo.policy/+bug/1880959/+attachment/5377753/+files/test_1880959.py) under oslo_policy/tests/test_1880959.py; * run tox -e cover -- oslo_policy.tests.test_1880959.EnforcerTest; * observe the failure; # ... testtools.matchers._impl.MismatchError: 'role:fakeA' != 'rule:admin' Ran 1 tests in 0.005s (+0.001s) FAILED (id=1, failures=1) * apply the patch; * run tox -e cover -- oslo_policy.tests.test_1880959.EnforcerTest * observe that the failure is no longer there. [Regression Potential] The regression potential is low given that there is test coverage in the olso.policy unit tests. To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
This bug was fixed in the package python-oslo.policy - 2.3.2-0ubuntu1~cloud1 --- python-oslo.policy (2.3.2-0ubuntu1~cloud1) bionic-train; urgency=medium . * d/gbp.conf: Create stable/train branch. * d/p/reload-policy-files.patch: Cherry-picked from upstream master to ensure policy directory files are reapplied after change to primary policy file (LP: #1880959). ** Changed in: cloud-archive/train Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file Status in Ubuntu Cloud Archive: Fix Released Status in Ubuntu Cloud Archive mitaka series: Won't Fix Status in Ubuntu Cloud Archive queens series: Triaged Status in Ubuntu Cloud Archive rocky series: Fix Released Status in Ubuntu Cloud Archive stein series: Fix Released Status in Ubuntu Cloud Archive train series: Fix Released Status in Ubuntu Cloud Archive ussuri series: Fix Released Status in oslo.policy: Fix Released Status in python-oslo.policy package in Ubuntu: Fix Released Status in python-oslo.policy source package in Xenial: Won't Fix Status in python-oslo.policy source package in Bionic: Triaged Status in python-oslo.policy source package in Eoan: Won't Fix Status in python-oslo.policy source package in Focal: Fix Released Status in python-oslo.policy source package in Groovy: Fix Released Bug description: [Impact] Based on the investigation here https://bugs.launchpad.net/charm-keystone/+bug/1880847 it was determined that rules from policy files located in the directory specified in the policy_dirs option (/etc//policy.d by default) are not re-applied after the rules from the primary policy file is re-applied due to a change. This leads to scenarios where incorrect rule combinations are active. Example from the test case in 1880847: * policy.json gets read with the following rule; "identity:list_credentials": "rule:admin_required or user_id:%(user_id)s", * rule.yaml from policy.d is read with the following rule; {'identity:list_credentials': '!'} * policy.json's mtime gets updated (with or without a content change) and overrides the rule to be "identity:list_credentials": "rule:admin_required or user_id:%(user_id)s", * rule.yaml doesn't get reapplied since it hasn't changed. [Test Case] == ubuntu == The patches include unit tests that ensure the code is behaving as expected and has not regressed. These tests are run during every package build. == upstream == For a particular version of oslo.policy: * put the attached test (https://bugs.launchpad.net/ubuntu/+source /python- oslo.policy/+bug/1880959/+attachment/5377753/+files/test_1880959.py) under oslo_policy/tests/test_1880959.py; * run tox -e cover -- oslo_policy.tests.test_1880959.EnforcerTest; * observe the failure; # ... testtools.matchers._impl.MismatchError: 'role:fakeA' != 'rule:admin' Ran 1 tests in 0.005s (+0.001s) FAILED (id=1, failures=1) * apply the patch; * run tox -e cover -- oslo_policy.tests.test_1880959.EnforcerTest * observe that the failure is no longer there. [Regression Potential] The regression potential is low given that there is test coverage in the olso.policy unit tests. To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
This bug was fixed in the package python-oslo.policy - 3.1.0-0ubuntu1.1~cloud0 --- python-oslo.policy (3.1.0-0ubuntu1.1~cloud0) bionic-ussuri; urgency=medium . * New update for the Ubuntu Cloud Archive. . python-oslo.policy (3.1.0-0ubuntu1.1) focal; urgency=medium . * d/gbp.conf: Create stable/ussuri branch. * d/p/reload-policy-files.patch: Cherry-picked from upstream master to ensure policy directory files are reapplied after change to primary policy file (LP: #1880959). ** Changed in: cloud-archive/ussuri Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file Status in Ubuntu Cloud Archive: Fix Released Status in Ubuntu Cloud Archive mitaka series: Won't Fix Status in Ubuntu Cloud Archive queens series: Triaged Status in Ubuntu Cloud Archive rocky series: Fix Released Status in Ubuntu Cloud Archive stein series: Fix Released Status in Ubuntu Cloud Archive train series: Fix Released Status in Ubuntu Cloud Archive ussuri series: Fix Released Status in oslo.policy: Fix Released Status in python-oslo.policy package in Ubuntu: Fix Released Status in python-oslo.policy source package in Xenial: Won't Fix Status in python-oslo.policy source package in Bionic: Triaged Status in python-oslo.policy source package in Eoan: Won't Fix Status in python-oslo.policy source package in Focal: Fix Released Status in python-oslo.policy source package in Groovy: Fix Released Bug description: [Impact] Based on the investigation here https://bugs.launchpad.net/charm-keystone/+bug/1880847 it was determined that rules from policy files located in the directory specified in the policy_dirs option (/etc//policy.d by default) are not re-applied after the rules from the primary policy file is re-applied due to a change. This leads to scenarios where incorrect rule combinations are active. Example from the test case in 1880847: * policy.json gets read with the following rule; "identity:list_credentials": "rule:admin_required or user_id:%(user_id)s", * rule.yaml from policy.d is read with the following rule; {'identity:list_credentials': '!'} * policy.json's mtime gets updated (with or without a content change) and overrides the rule to be "identity:list_credentials": "rule:admin_required or user_id:%(user_id)s", * rule.yaml doesn't get reapplied since it hasn't changed. [Test Case] == ubuntu == The patches include unit tests that ensure the code is behaving as expected and has not regressed. These tests are run during every package build. == upstream == For a particular version of oslo.policy: * put the attached test (https://bugs.launchpad.net/ubuntu/+source /python- oslo.policy/+bug/1880959/+attachment/5377753/+files/test_1880959.py) under oslo_policy/tests/test_1880959.py; * run tox -e cover -- oslo_policy.tests.test_1880959.EnforcerTest; * observe the failure; # ... testtools.matchers._impl.MismatchError: 'role:fakeA' != 'rule:admin' Ran 1 tests in 0.005s (+0.001s) FAILED (id=1, failures=1) * apply the patch; * run tox -e cover -- oslo_policy.tests.test_1880959.EnforcerTest * observe that the failure is no longer there. [Regression Potential] The regression potential is low given that there is test coverage in the olso.policy unit tests. To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
This bug was fixed in the package python-oslo.policy - 3.1.0-0ubuntu1.1 --- python-oslo.policy (3.1.0-0ubuntu1.1) focal; urgency=medium * d/gbp.conf: Create stable/ussuri branch. * d/p/reload-policy-files.patch: Cherry-picked from upstream master to ensure policy directory files are reapplied after change to primary policy file (LP: #1880959). -- Corey Bryant Thu, 25 Jun 2020 14:17:43 -0400 ** Changed in: python-oslo.policy (Ubuntu Focal) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file Status in Ubuntu Cloud Archive: Fix Released Status in Ubuntu Cloud Archive mitaka series: Won't Fix Status in Ubuntu Cloud Archive queens series: Triaged Status in Ubuntu Cloud Archive rocky series: Fix Committed Status in Ubuntu Cloud Archive stein series: Fix Committed Status in Ubuntu Cloud Archive train series: Fix Committed Status in Ubuntu Cloud Archive ussuri series: Fix Committed Status in oslo.policy: Fix Released Status in python-oslo.policy package in Ubuntu: Fix Released Status in python-oslo.policy source package in Xenial: Won't Fix Status in python-oslo.policy source package in Bionic: Triaged Status in python-oslo.policy source package in Eoan: Won't Fix Status in python-oslo.policy source package in Focal: Fix Released Status in python-oslo.policy source package in Groovy: Fix Released Bug description: [Impact] Based on the investigation here https://bugs.launchpad.net/charm-keystone/+bug/1880847 it was determined that rules from policy files located in the directory specified in the policy_dirs option (/etc//policy.d by default) are not re-applied after the rules from the primary policy file is re-applied due to a change. This leads to scenarios where incorrect rule combinations are active. Example from the test case in 1880847: * policy.json gets read with the following rule; "identity:list_credentials": "rule:admin_required or user_id:%(user_id)s", * rule.yaml from policy.d is read with the following rule; {'identity:list_credentials': '!'} * policy.json's mtime gets updated (with or without a content change) and overrides the rule to be "identity:list_credentials": "rule:admin_required or user_id:%(user_id)s", * rule.yaml doesn't get reapplied since it hasn't changed. [Test Case] == ubuntu == The patches include unit tests that ensure the code is behaving as expected and has not regressed. These tests are run during every package build. == upstream == For a particular version of oslo.policy: * put the attached test (https://bugs.launchpad.net/ubuntu/+source /python- oslo.policy/+bug/1880959/+attachment/5377753/+files/test_1880959.py) under oslo_policy/tests/test_1880959.py; * run tox -e cover -- oslo_policy.tests.test_1880959.EnforcerTest; * observe the failure; # ... testtools.matchers._impl.MismatchError: 'role:fakeA' != 'rule:admin' Ran 1 tests in 0.005s (+0.001s) FAILED (id=1, failures=1) * apply the patch; * run tox -e cover -- oslo_policy.tests.test_1880959.EnforcerTest * observe that the failure is no longer there. [Regression Potential] The regression potential is low given that there is test coverage in the olso.policy unit tests. To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
New package versions have been uploaded to the rocky-staging PPA and to the bionic unapproved queue. ** Changed in: cloud-archive/mitaka Status: Triaged => Won't Fix ** Changed in: python-oslo.policy (Ubuntu Xenial) Status: Triaged => Won't Fix -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file Status in Ubuntu Cloud Archive: Fix Released Status in Ubuntu Cloud Archive mitaka series: Won't Fix Status in Ubuntu Cloud Archive queens series: Triaged Status in Ubuntu Cloud Archive rocky series: In Progress Status in Ubuntu Cloud Archive stein series: Fix Committed Status in Ubuntu Cloud Archive train series: Fix Committed Status in Ubuntu Cloud Archive ussuri series: Fix Committed Status in oslo.policy: Fix Released Status in python-oslo.policy package in Ubuntu: Fix Released Status in python-oslo.policy source package in Xenial: Won't Fix Status in python-oslo.policy source package in Bionic: Triaged Status in python-oslo.policy source package in Eoan: Won't Fix Status in python-oslo.policy source package in Focal: Fix Committed Status in python-oslo.policy source package in Groovy: Fix Released Bug description: [Impact] Based on the investigation here https://bugs.launchpad.net/charm-keystone/+bug/1880847 it was determined that rules from policy files located in the directory specified in the policy_dirs option (/etc//policy.d by default) are not re-applied after the rules from the primary policy file is re-applied due to a change. This leads to scenarios where incorrect rule combinations are active. Example from the test case in 1880847: * policy.json gets read with the following rule; "identity:list_credentials": "rule:admin_required or user_id:%(user_id)s", * rule.yaml from policy.d is read with the following rule; {'identity:list_credentials': '!'} * policy.json's mtime gets updated (with or without a content change) and overrides the rule to be "identity:list_credentials": "rule:admin_required or user_id:%(user_id)s", * rule.yaml doesn't get reapplied since it hasn't changed. [Test Case] == ubuntu == The patches include unit tests that ensure the code is behaving as expected and has not regressed. These tests are run during every package build. == upstream == For a particular version of oslo.policy: * put the attached test (https://bugs.launchpad.net/ubuntu/+source /python- oslo.policy/+bug/1880959/+attachment/5377753/+files/test_1880959.py) under oslo_policy/tests/test_1880959.py; * run tox -e cover -- oslo_policy.tests.test_1880959.EnforcerTest; * observe the failure; # ... testtools.matchers._impl.MismatchError: 'role:fakeA' != 'rule:admin' Ran 1 tests in 0.005s (+0.001s) FAILED (id=1, failures=1) * apply the patch; * run tox -e cover -- oslo_policy.tests.test_1880959.EnforcerTest * observe that the failure is no longer there. [Regression Potential] The regression potential is low given that there is test coverage in the olso.policy unit tests. To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
This bug was fixed in the package python-oslo.policy - 3.2.0-0ubuntu2~cloud0 --- python-oslo.policy (3.2.0-0ubuntu2~cloud0) focal-victoria; urgency=medium . * New update for the Ubuntu Cloud Archive. . python-oslo.policy (3.2.0-0ubuntu2) groovy; urgency=medium . * d/p/reload-policy-files.patch: Cherry-picked from upstream master to ensure policy directory files are reapplied after change to primary policy file (LP: #1880959). ** Changed in: cloud-archive Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file Status in Ubuntu Cloud Archive: Fix Released Status in Ubuntu Cloud Archive mitaka series: Triaged Status in Ubuntu Cloud Archive queens series: Triaged Status in Ubuntu Cloud Archive rocky series: Triaged Status in Ubuntu Cloud Archive stein series: Triaged Status in Ubuntu Cloud Archive train series: Triaged Status in Ubuntu Cloud Archive ussuri series: Triaged Status in oslo.policy: Fix Released Status in python-oslo.policy package in Ubuntu: Fix Released Status in python-oslo.policy source package in Xenial: Triaged Status in python-oslo.policy source package in Bionic: Triaged Status in python-oslo.policy source package in Eoan: Won't Fix Status in python-oslo.policy source package in Groovy: Fix Released Bug description: [Impact] Based on the investigation here https://bugs.launchpad.net/charm-keystone/+bug/1880847 it was determined that rules from policy files located in the directory specified in the policy_dirs option (/etc//policy.d by default) are not re-applied after the rules from the primary policy file is re-applied due to a change. This leads to scenarios where incorrect rule combinations are active. Example from the test case in 1880847: * policy.json gets read with the following rule; "identity:list_credentials": "rule:admin_required or user_id:%(user_id)s", * rule.yaml from policy.d is read with the following rule; {'identity:list_credentials': '!'} * policy.json's mtime gets updated (with or without a content change) and overrides the rule to be "identity:list_credentials": "rule:admin_required or user_id:%(user_id)s", * rule.yaml doesn't get reapplied since it hasn't changed. [Test Case] == ubuntu == The patches include unit tests that ensure the code is behaving as expected and has not regressed. These tests are run during every package build. == upstream == For a particular version of oslo.policy: * put the attached test (https://bugs.launchpad.net/ubuntu/+source /python- oslo.policy/+bug/1880959/+attachment/5377753/+files/test_1880959.py) under oslo_policy/tests/test_1880959.py; * run tox -e cover -- oslo_policy.tests.test_1880959.EnforcerTest; * observe the failure; # ... testtools.matchers._impl.MismatchError: 'role:fakeA' != 'rule:admin' Ran 1 tests in 0.005s (+0.001s) FAILED (id=1, failures=1) * apply the patch; * run tox -e cover -- oslo_policy.tests.test_1880959.EnforcerTest * observe that the failure is no longer there. [Regression Potential] The regression potential is low given that there is test coverage in the olso.policy unit tests. To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
This bug was fixed in the package python-oslo.policy - 3.2.0-0ubuntu2 --- python-oslo.policy (3.2.0-0ubuntu2) groovy; urgency=medium * d/p/reload-policy-files.patch: Cherry-picked from upstream master to ensure policy directory files are reapplied after change to primary policy file (LP: #1880959). -- Corey Bryant Thu, 25 Jun 2020 10:47:11 -0400 ** Changed in: python-oslo.policy (Ubuntu Groovy) Status: Triaged => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file Status in Ubuntu Cloud Archive: Fix Committed Status in Ubuntu Cloud Archive mitaka series: Triaged Status in Ubuntu Cloud Archive queens series: Triaged Status in Ubuntu Cloud Archive rocky series: Triaged Status in Ubuntu Cloud Archive stein series: Triaged Status in Ubuntu Cloud Archive train series: Triaged Status in Ubuntu Cloud Archive ussuri series: Triaged Status in oslo.policy: Fix Released Status in python-oslo.policy package in Ubuntu: Fix Released Status in python-oslo.policy source package in Xenial: Triaged Status in python-oslo.policy source package in Bionic: Triaged Status in python-oslo.policy source package in Eoan: Won't Fix Status in python-oslo.policy source package in Groovy: Fix Released Bug description: [Impact] Based on the investigation here https://bugs.launchpad.net/charm-keystone/+bug/1880847 it was determined that rules from policy files located in the directory specified in the policy_dirs option (/etc//policy.d by default) are not re-applied after the rules from the primary policy file is re-applied due to a change. This leads to scenarios where incorrect rule combinations are active. Example from the test case in 1880847: * policy.json gets read with the following rule; "identity:list_credentials": "rule:admin_required or user_id:%(user_id)s", * rule.yaml from policy.d is read with the following rule; {'identity:list_credentials': '!'} * policy.json's mtime gets updated (with or without a content change) and overrides the rule to be "identity:list_credentials": "rule:admin_required or user_id:%(user_id)s", * rule.yaml doesn't get reapplied since it hasn't changed. [Test Case] == ubuntu == The patches include unit tests that ensure the code is behaving as expected and has not regressed. These tests are run during every package build. == upstream == For a particular version of oslo.policy: * put the attached test (https://bugs.launchpad.net/ubuntu/+source /python- oslo.policy/+bug/1880959/+attachment/5377753/+files/test_1880959.py) under oslo_policy/tests/test_1880959.py; * run tox -e cover -- oslo_policy.tests.test_1880959.EnforcerTest; * observe the failure; # ... testtools.matchers._impl.MismatchError: 'role:fakeA' != 'rule:admin' Ran 1 tests in 0.005s (+0.001s) FAILED (id=1, failures=1) * apply the patch; * run tox -e cover -- oslo_policy.tests.test_1880959.EnforcerTest * observe that the failure is no longer there. [Regression Potential] The regression potential is low given that there is test coverage in the olso.policy unit tests. To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
Eoan is EOL in July so will upload directly to train. ** Changed in: python-oslo.policy (Ubuntu Eoan) Status: Triaged => Won't Fix -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file Status in Ubuntu Cloud Archive: Triaged Status in Ubuntu Cloud Archive mitaka series: Triaged Status in Ubuntu Cloud Archive queens series: Triaged Status in Ubuntu Cloud Archive rocky series: Triaged Status in Ubuntu Cloud Archive stein series: Triaged Status in Ubuntu Cloud Archive train series: Triaged Status in Ubuntu Cloud Archive ussuri series: Triaged Status in oslo.policy: Fix Released Status in python-oslo.policy package in Ubuntu: Triaged Status in python-oslo.policy source package in Xenial: Triaged Status in python-oslo.policy source package in Bionic: Triaged Status in python-oslo.policy source package in Eoan: Won't Fix Status in python-oslo.policy source package in Groovy: Triaged Bug description: [Impact] Based on the investigation here https://bugs.launchpad.net/charm-keystone/+bug/1880847 it was determined that rules from policy files located in the directory specified in the policy_dirs option (/etc//policy.d by default) are not re-applied after the rules from the primary policy file is re-applied due to a change. This leads to scenarios where incorrect rule combinations are active. Example from the test case in 1880847: * policy.json gets read with the following rule; "identity:list_credentials": "rule:admin_required or user_id:%(user_id)s", * rule.yaml from policy.d is read with the following rule; {'identity:list_credentials': '!'} * policy.json's mtime gets updated (with or without a content change) and overrides the rule to be "identity:list_credentials": "rule:admin_required or user_id:%(user_id)s", * rule.yaml doesn't get reapplied since it hasn't changed. [Test Case] == ubuntu == The patches include unit tests that ensure the code is behaving as expected and has not regressed. These tests are run during every package build. == upstream == For a particular version of oslo.policy: * put the attached test (https://bugs.launchpad.net/ubuntu/+source /python- oslo.policy/+bug/1880959/+attachment/5377753/+files/test_1880959.py) under oslo_policy/tests/test_1880959.py; * run tox -e cover -- oslo_policy.tests.test_1880959.EnforcerTest; * observe the failure; # ... testtools.matchers._impl.MismatchError: 'role:fakeA' != 'rule:admin' Ran 1 tests in 0.005s (+0.001s) FAILED (id=1, failures=1) * apply the patch; * run tox -e cover -- oslo_policy.tests.test_1880959.EnforcerTest * observe that the failure is no longer there. [Regression Potential] The regression potential is low given that there is test coverage in the olso.policy unit tests. To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
Reviewed: https://review.opendev.org/731218 Committed: https://git.openstack.org/cgit/openstack/oslo.policy/commit/?id=75677a31108243e0adddc89f1fbf669053f9573b Submitter: Zuul Branch:master commit 75677a31108243e0adddc89f1fbf669053f9573b Author: Dmitrii Shcherbakov Date: Wed May 27 17:06:25 2020 +0300 Reload files in policy_dirs on primary file change It was determined that rules from policy files located in the directory specified in the policy_dirs option (/etc//policy.d by default) are not re-applied after the rules from the primary policy file is re-applied due to a change. This change introduces additional behavior to make sure the rules from policy_dirs are reapplied if there is a change to the primary policy file. Change-Id: I8a6f8e971d881365c41ea409966723319d5b239a Closes-Bug: #1880959 Related-Bug: #1880847 ** Changed in: oslo.policy Status: In Progress => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file Status in Ubuntu Cloud Archive: Triaged Status in Ubuntu Cloud Archive mitaka series: Triaged Status in Ubuntu Cloud Archive queens series: Triaged Status in Ubuntu Cloud Archive rocky series: Triaged Status in Ubuntu Cloud Archive stein series: Triaged Status in Ubuntu Cloud Archive train series: Triaged Status in Ubuntu Cloud Archive ussuri series: Triaged Status in oslo.policy: Fix Released Status in python-oslo.policy package in Ubuntu: Triaged Status in python-oslo.policy source package in Xenial: Triaged Status in python-oslo.policy source package in Bionic: Triaged Status in python-oslo.policy source package in Eoan: Triaged Status in python-oslo.policy source package in Groovy: Triaged Bug description: [Impact] Based on the investigation here https://bugs.launchpad.net/charm-keystone/+bug/1880847 it was determined that rules from policy files located in the directory specified in the policy_dirs option (/etc//policy.d by default) are not re-applied after the rules from the primary policy file is re-applied due to a change. This leads to scenarios where incorrect rule combinations are active. Example from the test case in 1880847: * policy.json gets read with the following rule; "identity:list_credentials": "rule:admin_required or user_id:%(user_id)s", * rule.yaml from policy.d is read with the following rule; {'identity:list_credentials': '!'} * policy.json's mtime gets updated (with or without a content change) and overrides the rule to be "identity:list_credentials": "rule:admin_required or user_id:%(user_id)s", * rule.yaml doesn't get reapplied since it hasn't changed. [Test Case] For a particular version of oslo.policy: * put the attached test (https://bugs.launchpad.net/ubuntu/+source /python- oslo.policy/+bug/1880959/+attachment/5377753/+files/test_1880959.py) under oslo_policy/tests/test_1880959.py; * run tox -e cover -- oslo_policy.tests.test_1880959.EnforcerTest; * observe the failure; # ... testtools.matchers._impl.MismatchError: 'role:fakeA' != 'rule:admin' Ran 1 tests in 0.005s (+0.001s) FAILED (id=1, failures=1) * apply the patch; * run tox -e cover -- oslo_policy.tests.test_1880959.EnforcerTest * observe that the failure is no longer there. [Regression Potential] The regression potential is low given that there is test coverage in the olso.policy unit tests. To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
Thanks Dmitrii, we'll need to get this backported as far as we can upstream once the fix lands in master. I'll target the rest of the ubuntu and cloud archive releases. Would you be able to add some simple repro steps to the [Test Case] section in the bug description? This can include a juju based deploy. That will help us verify SRU fixes for each release combination once we have fixes in corresponding -proposed pockets available for testing. ** Description changed: - Based on the investigation here https://bugs.launchpad.net/charm- - keystone/+bug/1880847 it was determined that rules from policy files - located in the directory specified in the policy_dirs option - (/etc//policy.d by default) are not re-applied after the - rules from the primary policy file is re-applied due to a change. + [Impact] + Based on the investigation here https://bugs.launchpad.net/charm-keystone/+bug/1880847 it was determined that rules from policy files located in the directory specified in the policy_dirs option (/etc//policy.d by default) are not re-applied after the rules from the primary policy file is re-applied due to a change. This leads to scenarios where incorrect rule combinations are active. Example from the test case in 1880847: * policy.json gets read with the following rule; - "identity:list_credentials": "rule:admin_required or user_id:%(user_id)s", + "identity:list_credentials": "rule:admin_required or user_id:%(user_id)s", * rule.yaml from policy.d is read with the following rule; {'identity:list_credentials': '!'} * policy.json's mtime gets updated (with or without a content change) and overrides the rule to be - "identity:list_credentials": "rule:admin_required or user_id:%(user_id)s", + "identity:list_credentials": "rule:admin_required or user_id:%(user_id)s", * rule.yaml doesn't get reapplied since it hasn't changed. + + [Test Case] + TBD + + [Regression Potential] + TBD ** Also affects: python-oslo.policy (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: python-oslo.policy (Ubuntu Eoan) Importance: Undecided Status: New ** Also affects: python-oslo.policy (Ubuntu Bionic) Importance: Undecided Status: New ** Changed in: python-oslo.policy (Ubuntu Xenial) Status: New => Triaged ** Changed in: python-oslo.policy (Ubuntu Bionic) Status: New => Triaged ** Changed in: python-oslo.policy (Ubuntu Eoan) Status: New => Triaged ** Changed in: python-oslo.policy (Ubuntu Eoan) Importance: Undecided => High ** Changed in: python-oslo.policy (Ubuntu Bionic) Importance: Undecided => High ** Changed in: python-oslo.policy (Ubuntu Xenial) Importance: Undecided => High ** Also affects: cloud-archive Importance: Undecided Status: New ** Also affects: cloud-archive/ussuri Importance: Undecided Status: New ** Also affects: cloud-archive/queens Importance: Undecided Status: New ** Also affects: cloud-archive/train Importance: Undecided Status: New ** Also affects: cloud-archive/stein Importance: Undecided Status: New ** Also affects: cloud-archive/mitaka Importance: Undecided Status: New ** Also affects: cloud-archive/rocky Importance: Undecided Status: New ** Changed in: cloud-archive/mitaka Importance: Undecided => High ** Changed in: cloud-archive/mitaka Status: New => Triaged ** Changed in: cloud-archive/queens Importance: Undecided => High ** Changed in: cloud-archive/queens Status: New => Triaged ** Changed in: cloud-archive/rocky Importance: Undecided => High ** Changed in: cloud-archive/rocky Status: New => Triaged ** Changed in: cloud-archive/stein Importance: Undecided => High ** Changed in: cloud-archive/stein Status: New => Triaged ** Changed in: cloud-archive/train Importance: Undecided => High ** Changed in: cloud-archive/train Status: New => Triaged ** Changed in: cloud-archive/ussuri Importance: Undecided => High ** Changed in: cloud-archive/ussuri Status: New => Triaged -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file Status in Ubuntu Cloud Archive: Triaged Status in Ubuntu Cloud Archive mitaka series: Triaged Status in Ubuntu Cloud Archive queens series: Triaged Status in Ubuntu Cloud Archive rocky series: Triaged Status in Ubuntu Cloud Archive stein series: Triaged Status in Ubuntu Cloud Archive train series: Triaged Status in Ubuntu Cloud Archive ussuri series: Triaged Status in oslo.policy: In Progress Status in python-oslo.policy package in Ubuntu: Triaged Status in python-oslo.policy source package in Xenial: Triaged Status in