[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
Reviewed: https://review.opendev.org/734157 Committed: https://git.openstack.org/cgit/openstack/oslo.policy/commit/?id=3a7f94a8cc909b9b9c9f32773dea043f659caa37 Submitter: Zuul Branch:stable/queens commit 3a7f94a8cc909b9b9c9f32773dea043f659caa37 Author: Dmitrii Shcherbakov Date: Wed May 27 17:06:25 2020 +0300 Reload files in policy_dirs on primary file change It was determined that rules from policy files located in the directory specified in the policy_dirs option (/etc//policy.d by default) are not re-applied after the rules from the primary policy file is re-applied due to a change. This change introduces additional behavior to make sure the rules from policy_dirs are reapplied if there is a change to the primary policy file. Change-Id: I8a6f8e971d881365c41ea409966723319d5b239a Closes-Bug: #1880959 Related-Bug: #1880847 (cherry picked from commit 75677a31108243e0adddc89f1fbf669053f9573b) (cherry picked from commit c8c138e69d9189345a7366a10b0779ef70b7250e) (cherry picked from commit 5904564bf13bbac7d66e00ec6312487c507f09c4) (cherry picked from commit a49f31d3fc7690e3d15bc2428660b537967c89cc) (cherry picked from commit 622bcf207948174535b4d04f15ef14fb265c834d) ** Tags added: in-stable-queens -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
Reviewed: https://review.opendev.org/734156 Committed: https://git.openstack.org/cgit/openstack/oslo.policy/commit/?id=622bcf207948174535b4d04f15ef14fb265c834d Submitter: Zuul Branch:stable/rocky commit 622bcf207948174535b4d04f15ef14fb265c834d Author: Dmitrii Shcherbakov Date: Wed May 27 17:06:25 2020 +0300 Reload files in policy_dirs on primary file change It was determined that rules from policy files located in the directory specified in the policy_dirs option (/etc//policy.d by default) are not re-applied after the rules from the primary policy file is re-applied due to a change. This change introduces additional behavior to make sure the rules from policy_dirs are reapplied if there is a change to the primary policy file. Change-Id: I8a6f8e971d881365c41ea409966723319d5b239a Closes-Bug: #1880959 Related-Bug: #1880847 (cherry picked from commit 75677a31108243e0adddc89f1fbf669053f9573b) (cherry picked from commit c8c138e69d9189345a7366a10b0779ef70b7250e) (cherry picked from commit 5904564bf13bbac7d66e00ec6312487c507f09c4) (cherry picked from commit a49f31d3fc7690e3d15bc2428660b537967c89cc) ** Tags added: in-stable-rocky -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
This bug was fixed in the package python-oslo.policy - 1.33.1-0ubuntu3~cloud0 --- python-oslo.policy (1.33.1-0ubuntu3~cloud0) xenial-queens; urgency=medium . * New update for the Ubuntu Cloud Archive. . python-oslo.policy (1.33.1-0ubuntu3) bionic; urgency=medium . * d/p/reload-policy-files.patch: Cherry-picked from upstream review to ensure policy directory files are reapplied after change to primary policy file (LP: #1880959). ** Changed in: cloud-archive/queens Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
This bug was fixed in the package python-oslo.policy - 1.33.1-0ubuntu3 --- python-oslo.policy (1.33.1-0ubuntu3) bionic; urgency=medium * d/p/reload-policy-files.patch: Cherry-picked from upstream review to ensure policy directory files are reapplied after change to primary policy file (LP: #1880959). -- Corey Bryant Tue, 14 Jul 2020 09:43:55 -0400 ** Changed in: python-oslo.policy (Ubuntu Bionic) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
Verified xenial/queens (the updated packages got uploaded compared to the check in comment #45): lxc launch ubuntu:xenial oslop-xq Creating oslop-xq Starting oslop-xq lxc exec oslop-bq bash root@oslop-xq:~# lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 16.04.6 LTS Release: 16.04 Codename: xenial root@oslop-xq:~# apt update root@oslop-xq:~# apt install ubuntu-cloud-keyring root@oslop-xq:~# sudo add-apt-repository cloud-archive:queens-proposed root@oslop-xq:~# cat /etc/apt/sources.list.d/cloudarchive-queens-proposed.list deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-proposed/queens main # deb-src http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-proposed/queens main root@oslop-xq:~# apt update && apt install python3-oslo.policy python-oslo.policy python3-oslotest python-oslotest Setting up python-oslo.policy (1.33.1-0ubuntu3~cloud0) ... Setting up python3-oslo.policy (1.33.1-0ubuntu3~cloud0) ... root@oslop-xq:/usr/lib/python2.7/dist-packages/oslo_policy# dpkg -l | grep oslo.policy ii python-oslo.policy 1.33.1-0ubuntu3~cloud0 all RBAC policy enforcement library for OpenStack - Python 2.x ii python3-oslo.policy 1.33.1-0ubuntu3~cloud0 all RBAC policy enforcement library for OpenStack - Python 3.x root@oslop-xq:~# cd /usr/lib/python3/dist-packages/oslo_policy/ root@oslop-xq:/usr/lib/python3/dist-packages/oslo_policy# PYTHONPATH=`realpath tests` ; python3 -m unittest tests.test_policy.EnforcerTest.test_load_directory_after_file_update WARNING [oslo_policy.policy] Policies ['foo'] reference a rule that is not defined. . -- Ran 1 test in 0.086s OK root@oslop-xq:/usr/lib/python3/dist-packages/oslo_policy# cd /usr/lib/python2.7/dist-packages/oslo_policy root@oslop-xq:/usr/lib/python2.7/dist-packages/oslo_policy# root@oslop-xq:/usr/lib/python2.7/dist-packages/oslo_policy# PYTHONPATH=`realpath tests` ; python -m unittest tests.test_policy.EnforcerTest.test_load_directory_after_file_update WARNING [oslo_policy.policy] Policies [u'foo'] reference a rule that is not defined. . -- Ran 1 test in 0.079s OK ** Tags removed: verification-needed verification-queens-needed ** Tags added: verification-done verification-queens-done -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
Also checked the python2.7 package on bionic just in case (unit tests use `six` for compatibility so they work either way): lxc exec oslop bash root@oslop:~# cat # Enable Ubuntu proposed archive > deb http://archive.ubuntu.com/ubuntu/ $(lsb_release -cs)-proposed restricted > main multiverse universe > EOF root@oslop:/usr/lib/python2.7/dist-packages/oslo_policy# cat /etc/apt/sources.list.d/ubuntu-bionic-proposed.list # Enable Ubuntu proposed archive deb http://archive.ubuntu.com/ubuntu/ bionic-proposed restricted main multiverse universe root@oslop:~# apt update && apt install python-oslo.policy python-oslotest Setting up python-oslo.config (1:5.2.0-0ubuntu1) ... update-alternatives: using /usr/bin/python2-oslo-config-generator to provide /usr/bin/oslo-config-generator (oslo-config-generator) in auto mode Setting up python-oslo.policy (1.33.1-0ubuntu3) ... update-alternatives: using /usr/bin/python2-oslopolicy-sample-generator to provide /usr/bin/oslopolicy-sample-generator (oslopolicy-sample-generator) in auto mode update-alternatives: using /usr/bin/python2-oslopolicy-checker to provide /usr/bin/oslopolicy-checker (oslopolicy-checker) in auto mode update-alternatives: using /usr/bin/python2-oslopolicy-policy-generator to provide /usr/bin/oslopolicy-policy-generator (oslopolicy-policy-generator) in auto mode update-alternatives: using /usr/bin/python2-oslopolicy-list-redundant to provide /usr/bin/oslopolicy-list-redundant (oslopolicy-list-redundant) in auto mode root@oslop:/usr/lib/python2.7/dist-packages/oslo_policy# PYTHONPATH=`realpath tests` ; python2 -m unittest tests.test_policy.EnforcerTest.test_load_directory_after_file_update WARNING [oslo_policy.policy] Policies [u'foo'] reference a rule that is not defined. . -- Ran 1 test in 0.122s OK -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
xenial + proposed Queens cloud archive (doesn't look like the changes are there): lxc launch ubuntu:xenial oslop-xq Creating oslop-xq Starting oslop-xq lxc exec oslop-bq bash root@oslop-xq:~# lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description:Ubuntu 16.04.6 LTS Release:16.04 Codename: xenial root@oslop-xq:~# apt update root@oslop-xq:~# apt install ubuntu-cloud-keyring root@oslop-xq:~# sudo add-apt-repository cloud-archive:queens-proposed root@oslop-xq:~# cat /etc/apt/sources.list.d/cloudarchive-queens-proposed.list deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-proposed/queens main # deb-src http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-proposed/queens main root@oslop-xq:~# apt update && apt install python3-oslo.policy python3-oslotest ... Setting up python3-oslo.config (1:5.2.0-0ubuntu1~cloud0) ... update-alternatives: using /usr/bin/python3-oslo-config-generator to provide /usr/bin/oslo-config-generator (oslo-config-generator) in auto mode Setting up python3-oslo.policy (1.33.1-0ubuntu2~cloud0) ... update-alternatives: using /usr/bin/python3-oslopolicy-sample-generator to provide /usr/bin/oslopolicy-sample-generator (oslopolicy-sample-generator) in auto mode update-alternatives: using /usr/bin/python3-oslopolicy-checker to provide /usr/bin/oslopolicy-checker (oslopolicy-checker) in auto mode update-alternatives: using /usr/bin/python3-oslopolicy-policy-generator to provide /usr/bin/oslopolicy-policy-generator (oslopolicy-policy-generator) in auto mode update-alternatives: using /usr/bin/python3-oslopolicy-list-redundant to provide /usr/bin/oslopolicy-list-redundant (oslopolicy-list-redundant) in auto mode root@oslop-xq:~# cd /usr/lib/python3/dist-packages/oslo_policy/ root@oslop-xq:/usr/lib/python3/dist-packages/oslo_policy# PYTHONPATH=`realpath tests` ; python3 -m unittest tests.test_policy.EnforcerTest.test_load_directory_after_file_update E == ERROR: test_load_directory_after_file_update (unittest.loader._FailedTest) -- AttributeError: type object 'EnforcerTest' has no attribute 'test_load_directory_after_file_update' -- Ran 1 test in 0.000s root@oslop-xq:/usr/lib/python3/dist-packages/oslo_policy# apt install python-oslo.policy python-oslotest root@oslop-xq:/usr/lib/python3/dist-packages/oslo_policy# cd /usr/lib/python2.7/dist-packages/oslo_policy/ root@oslop-xq:/usr/lib/python2.7/dist-packages/oslo_policy# PYTHONPATH=`realpath tests` ; python -m unittest tests.test_policy.EnforcerTest.test_load_directory_after_file_update Traceback (most recent call last): File "/usr/lib/python2.7/runpy.py", line 174, in _run_module_as_main "__main__", fname, loader, pkg_name) File "/usr/lib/python2.7/runpy.py", line 72, in _run_code exec code in run_globals File "/usr/lib/python2.7/unittest/__main__.py", line 12, in main(module=None) File "/usr/lib/python2.7/unittest/main.py", line 94, in __init__ self.parseArgs(argv) File "/usr/lib/python2.7/unittest/main.py", line 149, in parseArgs self.createTests() File "/usr/lib/python2.7/unittest/main.py", line 158, in createTests self.module) File "/usr/lib/python2.7/unittest/loader.py", line 130, in loadTestsFromNames suites = [self.loadTestsFromName(name, module) for name in names] File "/usr/lib/python2.7/unittest/loader.py", line 100, in loadTestsFromName parent, obj = obj, getattr(obj, part) AttributeError: type object 'EnforcerTest' has no attribute 'test_load_directory_after_file_update' root@oslop-xq:/usr/lib/python2.7/dist-packages/oslo_policy# apt policy python3-oslo.policy python3-oslo.policy: Installed: 1.33.1-0ubuntu2~cloud0 Candidate: 1.33.1-0ubuntu2~cloud0 Version table: *** 1.33.1-0ubuntu2~cloud0 500 500 http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-proposed/queens/main amd64 Packages 100 /var/lib/dpkg/status 1.6.0-2 500 500 http://archive.ubuntu.com/ubuntu xenial/universe amd64 Packages root@oslop-xq:/usr/lib/python2.7/dist-packages/oslo_policy# apt policy python-oslo.policy python-oslo.policy: Installed: 1.33.1-0ubuntu2~cloud0 Candidate: 1.33.1-0ubuntu2~cloud0 Version table: *** 1.33.1-0ubuntu2~cloud0 500 500 http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-proposed/queens/main amd64 Packages 100 /var/lib/dpkg/status 1.6.0-2 500 500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file To manage notifications about this bug go to:
[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
Bionic: --- lxc launch ubuntu:bionic oslop-b Creating oslop-b Starting oslop-b lxc exec oslop-b bash root@oslop-b:~# lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description:Ubuntu 18.04.4 LTS Release:18.04 Codename: bionic root@oslop-b:~# cat # Enable Ubuntu proposed archive > deb http://archive.ubuntu.com/ubuntu/ $(lsb_release -cs)-proposed restricted > main multiverse universe > EOF root@oslop-b:~# cat /etc/apt/sources.list.d/ubuntu-bionic-proposed.list # Enable Ubuntu proposed archive deb http://archive.ubuntu.com/ubuntu/ bionic-proposed restricted main multiverse universe root@oslop-b:~# apt update && apt install python3-oslo.policy python3-oslotest ... Setting up python3-oslo.config (1:5.2.0-0ubuntu1) ... update-alternatives: using /usr/bin/python3-oslo-config-generator to provide /usr/bin/oslo-config-generator (oslo-config-generator) in auto mode Setting up python3-oslo.policy (1.33.1-0ubuntu3) ... root@oslop-b:~# cd /usr/lib/python3/dist-packages/oslo_policy/ root@oslop-b:/usr/lib/python3/dist-packages/oslo_policy# PYTHONPATH=`realpath tests` ; python3 -m unittest tests.test_policy.EnforcerTest.test_load_directory_after_file_update WARNING [oslo_policy.policy] Policies ['foo'] reference a rule that is not defined. . -- Ran 1 test in 0.144s OK ** Tags removed: verification-needed-bionic ** Tags added: verification-done-bionic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
Hello Dmitrii, or anyone else affected, Accepted python-oslo.policy into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/python- oslo.policy/1.33.1-0ubuntu3 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-bionic. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: python-oslo.policy (Ubuntu Bionic) Status: Triaged => Fix Committed ** Tags removed: verification-done ** Tags added: verification-needed verification-needed-bionic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
This bug was fixed in the package python-oslo.policy - 2.1.1-0ubuntu1~cloud1 --- python-oslo.policy (2.1.1-0ubuntu1~cloud1) bionic-stein; urgency=medium . * d/gbp.conf: Create stable/stein branch. * d/p/reload-policy-files.patch: Cherry-picked from upstream master to ensure policy directory files are reapplied after change to primary policy file (LP: #1880959). ** Changed in: cloud-archive/stein Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
This bug was fixed in the package python-oslo.policy - 2.3.2-0ubuntu1~cloud1 --- python-oslo.policy (2.3.2-0ubuntu1~cloud1) bionic-train; urgency=medium . * d/gbp.conf: Create stable/train branch. * d/p/reload-policy-files.patch: Cherry-picked from upstream master to ensure policy directory files are reapplied after change to primary policy file (LP: #1880959). ** Changed in: cloud-archive/train Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
This bug was fixed in the package python-oslo.policy - 1.38.1-0ubuntu1~cloud1 --- python-oslo.policy (1.38.1-0ubuntu1~cloud1) bionic-rocky; urgency=medium . * d/gbp.conf: Create stable/rocky branch. * d/p/reload-policy-files.patch: Cherry-picked from upstream review to ensure policy directory files are reapplied after change to primary policy file (LP: #1880959). ** Changed in: cloud-archive/rocky Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
This bug was fixed in the package python-oslo.policy - 3.1.0-0ubuntu1.1~cloud0 --- python-oslo.policy (3.1.0-0ubuntu1.1~cloud0) bionic-ussuri; urgency=medium . * New update for the Ubuntu Cloud Archive. . python-oslo.policy (3.1.0-0ubuntu1.1) focal; urgency=medium . * d/gbp.conf: Create stable/ussuri branch. * d/p/reload-policy-files.patch: Cherry-picked from upstream master to ensure policy directory files are reapplied after change to primary policy file (LP: #1880959). ** Changed in: cloud-archive/ussuri Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
@Dmitrii, thanks for the simple test. Just did a quick run through of testing cloud archive packages on bionic. All passed the test: root@b1:~# lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description:Ubuntu 18.04.4 LTS Release:18.04 Codename: bionic root@b1:/usr/lib/python3/dist-packages/oslo_policy# apt policy python3-oslo.policy python3-oslo.policy: Installed: 1.38.1-0ubuntu1~cloud1 Candidate: 3.1.0-0ubuntu1.1~cloud0 Version table: 3.1.0-0ubuntu1.1~cloud0 500 500 http://ubuntu-cloud.archive.canonical.com/ubuntu bionic-proposed/ussuri/main amd64 Packages 2.3.2-0ubuntu1~cloud1 500 500 http://ubuntu-cloud.archive.canonical.com/ubuntu bionic-proposed/train/main amd64 Packages 2.1.1-0ubuntu1~cloud1 500 500 http://ubuntu-cloud.archive.canonical.com/ubuntu bionic-proposed/stein/main amd64 Packages *** 1.38.1-0ubuntu1~cloud1 500 500 http://ubuntu-cloud.archive.canonical.com/ubuntu bionic-proposed/rocky/main amd64 Packages 100 /var/lib/dpkg/status 1.33.1-0ubuntu2 500 500 http://archive.ubuntu.com/ubuntu bionic-updates/universe amd64 Packages 1.33.1-0ubuntu1 500 500 http://archive.ubuntu.com/ubuntu bionic/universe amd64 Packages root@b1:/usr/lib/python3/dist-packages/oslo_policy# PYTHONPATH=`realpath tests` ; python3 -m unittest tests.test_policy.EnforcerTest.test_load_directory_after_file_update WARNING [oslo_policy.policy] Policies ['foo'] reference a rule that is not defined. . -- Ran 1 test in 0.410s OK root@b1:/usr/lib/python3/dist-packages/oslo_policy# apt policy python3-oslo.policy python3-oslo.policy: Installed: 2.1.1-0ubuntu1~cloud1 Candidate: 3.1.0-0ubuntu1.1~cloud0 Version table: 3.1.0-0ubuntu1.1~cloud0 500 500 http://ubuntu-cloud.archive.canonical.com/ubuntu bionic-proposed/ussuri/main amd64 Packages 2.3.2-0ubuntu1~cloud1 500 500 http://ubuntu-cloud.archive.canonical.com/ubuntu bionic-proposed/train/main amd64 Packages *** 2.1.1-0ubuntu1~cloud1 500 500 http://ubuntu-cloud.archive.canonical.com/ubuntu bionic-proposed/stein/main amd64 Packages 100 /var/lib/dpkg/status 1.38.1-0ubuntu1~cloud1 500 500 http://ubuntu-cloud.archive.canonical.com/ubuntu bionic-proposed/rocky/main amd64 Packages 1.33.1-0ubuntu2 500 500 http://archive.ubuntu.com/ubuntu bionic-updates/universe amd64 Packages 1.33.1-0ubuntu1 500 500 http://archive.ubuntu.com/ubuntu bionic/universe amd64 Packages root@b1:/usr/lib/python3/dist-packages/oslo_policy# PYTHONPATH=`realpath tests` ; python3 -m unittest tests.test_policy.EnforcerTest.test_load_directory_after_file_update WARNING [oslo_policy.policy] Policies ['foo'] reference a rule that is not defined. . -- Ran 1 test in 0.233s OK root@b1:/usr/lib/python3/dist-packages/oslo_policy# apt policy python3-oslo.policy python3-oslo.policy: Installed: 2.3.2-0ubuntu1~cloud1 Candidate: 3.1.0-0ubuntu1.1~cloud0 Version table: 3.1.0-0ubuntu1.1~cloud0 500 500 http://ubuntu-cloud.archive.canonical.com/ubuntu bionic-proposed/ussuri/main amd64 Packages *** 2.3.2-0ubuntu1~cloud1 500 500 http://ubuntu-cloud.archive.canonical.com/ubuntu bionic-proposed/train/main amd64 Packages 100 /var/lib/dpkg/status 2.1.1-0ubuntu1~cloud1 500 500 http://ubuntu-cloud.archive.canonical.com/ubuntu bionic-proposed/stein/main amd64 Packages 1.38.1-0ubuntu1~cloud1 500 500 http://ubuntu-cloud.archive.canonical.com/ubuntu bionic-proposed/rocky/main amd64 Packages 1.33.1-0ubuntu2 500 500 http://archive.ubuntu.com/ubuntu bionic-updates/universe amd64 Packages 1.33.1-0ubuntu1 500 500 http://archive.ubuntu.com/ubuntu bionic/universe amd64 Packages root@b1:/usr/lib/python3/dist-packages/oslo_policy# PYTHONPATH=`realpath tests` ; python3 -m unittest tests.test_policy.EnforcerTest.test_load_directory_after_file_update WARNING [oslo_policy.policy] Policies ['foo'] reference a rule that is not defined. . -- Ran 1 test in 0.194s OK root@b1:/usr/lib/python3/dist-packages/oslo_policy# apt policy python3-oslo.policy python3-oslo.policy: Installed: 3.1.0-0ubuntu1.1~cloud0 Candidate: 3.1.0-0ubuntu1.1~cloud0 Version table: *** 3.1.0-0ubuntu1.1~cloud0 500 500 http://ubuntu-cloud.archive.canonical.com/ubuntu bionic-proposed/ussuri/main amd64 Packages 100 /var/lib/dpkg/status 2.3.2-0ubuntu1~cloud1 500 500 http://ubuntu-cloud.archive.canonical.com/ubuntu bionic-proposed/train/main amd64 Packages 2.1.1-0ubuntu1~cloud1 500 500 http://ubuntu-cloud.archive.canonical.com/ubuntu bionic-proposed/stein/main amd64 Packages
[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
This bug was fixed in the package python-oslo.policy - 3.1.0-0ubuntu1.1 --- python-oslo.policy (3.1.0-0ubuntu1.1) focal; urgency=medium * d/gbp.conf: Create stable/ussuri branch. * d/p/reload-policy-files.patch: Cherry-picked from upstream master to ensure policy directory files are reapplied after change to primary policy file (LP: #1880959). -- Corey Bryant Thu, 25 Jun 2020 14:17:43 -0400 ** Changed in: python-oslo.policy (Ubuntu Focal) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
Focal verification: lxc launch ubuntu:focal oslop-f Creating oslop-f Starting oslop-f lxc exec oslop-f bash root@oslop-f:~# lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description:Ubuntu 20.04 LTS Release:20.04 Codename: focal root@oslop-f:~# cat # Enable Ubuntu proposed archive > deb http://archive.ubuntu.com/ubuntu/ $(lsb_release -cs)-proposed restricted > main multiverse universe > EOF root@oslop-f:~# cat /etc/apt/sources.list.d/ubuntu-focal-proposed.list # Enable Ubuntu proposed archive deb http://archive.ubuntu.com/ubuntu/ focal-proposed restricted main multiverse universe root@oslop-f:~# apt update root@oslop-f:~# apt install python3-oslo.policy python3-oslotest Reading package lists... Done Building dependency tree ... Setting up python3-oslo.config (1:8.0.2-0ubuntu1) ... Setting up python3-oslo.policy (3.1.0-0ubuntu1.1) ... cd /usr/lib/python3/dist-packages/oslo_policy/ PYTHONPATH=`realpath tests` ; python3 -m unittest tests.test_policy.EnforcerTest.test_load_directory_after_file_update WARNING [oslo_policy.policy] Policies ['foo'] reference a rule that is not defined. . -- Ran 1 test in 0.102s OK ** Tags removed: verification-needed-focal ** Tags added: verification-done-focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
I've removed the verification-done-focal tag as comment #25 didn't really seem to be about Ubuntu 20.04 LTS (Focal). Please verify this for focal. ** Tags removed: verification-done-focal ** Tags added: verification-needed-focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
New package versions have been uploaded to the rocky-staging PPA and to the bionic unapproved queue. ** Changed in: cloud-archive/mitaka Status: Triaged => Won't Fix ** Changed in: python-oslo.policy (Ubuntu Xenial) Status: Triaged => Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
Marked xenial/mitaka as Won't fix for now as the reporting project (openstack charms) do not exercise policy.d support for mitaka. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
Verified bionic/ussuri: lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description:Ubuntu 18.04.4 LTS Release:18.04 Codename: bionic git show commit 19b9bc6128af181df0da9e2e3f2e2001c93b758a (HEAD -> stable/ussuri, tag: debian/3.1.0-0ubuntu1.1, origin/stable/ussuri) Author: Corey Bryant Date: Thu Jun 25 14:19:37 2020 -0400 releasing package python-oslo.policy version 3.1.0-0ubuntu1.1 root@oslop:/tmp/oslo.policy/python-oslo.policy# quilt push Applying patch debian/patches/reload-policy-files.patch patching file oslo_policy/policy.py patching file oslo_policy/tests/test_policy.py patching file releasenotes/notes/bug-1880959-8f1370a59759d40d.yaml Now at patch debian/patches/reload-policy-files.patch root@oslop:/tmp/oslo.policy/python-oslo.policy# tox -e py36 -- oslo_policy.tests.test_policy.EnforcerTest.test_load_directory_after_file_update GLOB sdist-make: /tmp/oslo.policy/python-oslo.policy/setup.py py36 create: /tmp/oslo.policy/python-oslo.policy/.tox/py36 py36 installdeps: -chttps://releases.openstack.org/constraints/upper/master, -r/tmp/oslo.policy/python-oslo.policy/test-requirements.txt, -r/tmp/oslo.policy/python-oslo.policy/requirements.txt, -r/tmp/oslo.policy/python-oslo.policy/doc/requirements.txt py36 inst: /tmp/oslo.policy/python-oslo.policy/.tox/.tmp/package/1/oslo.policy-3.1.0.zip py36 installed: alabaster==0.7.12,attrs==19.3.0,Babel==2.8.0,bandit==1.5.1,certifi==2020.6.20,chardet==3.0.4,cliff==3.3.0,cmd2==1.1.0,colorama==0.4.3,coverage==5.2,debtcollector==2.1.0,docutils==0.15.2,dulwich==0.20.5,entrypoints==0.3,extras==1.0.0,fixtures==3.0.0,flake8==3.7.9,future==0.18.2,gitdb==4.0.5,GitPython==3.1.3,hacking==3.0.1,idna==2.10,imagesize==1.2.0,importlib-resources==3.0.0,iso8601==0.1.12,Jinja2==2.11.2,linecache2==1.0.0,MarkupSafe==1.1.1,mccabe==0.6.1,msgpack==0.6.1,netaddr==0.8.0,netifaces==0.10.9,openstackdocstheme==2.2.4,oslo.config==8.2.0,oslo.context==3.1.0,oslo.i18n==5.0.0,oslo.policy==3.1.0,oslo.serialization==4.0.0,oslo.utils==4.2.2,oslotest==4.4.0,packaging==20.4,pbr==5.4.5,pkg-resources==0.0.0,prettytable==0.7.2,pycodestyle==2.5.0,pyflakes==2.1.1,Pygments==2.6.1,pyparsing==2.4.7,pyperclip==1.8.0,python-mimeparse==1.6.0,python-subunit==1.4.0,pytz==2020.1,PyYAML==5.3.1,reno==3.1.0,requests==2.23.0,requests-mock==1.8.0,rfc3986==1.4.0,six==1.15.0,smmap==3.0.4,snowballstemmer==2.0.0,Sphinx==3.1.2,sphinxcontrib-apidoc==0.3.0,sphinxcontrib-applehelp==1.0.2,sphinxcontrib-devhelp==1.0.2,sphinxcontrib-htmlhelp==1.0.3,sphinxcontrib-jsmath==1.0.1,sphinxcontrib-qthelp==1.0.3,sphinxcontrib-serializinghtml==1.1.4,stestr==3.0.1,stevedore==2.0.1,testtools==2.4.0,traceback2==1.4.0,unittest2==1.1.0,urllib3==1.25.9,voluptuous==0.11.7,wcwidth==0.2.5,wrapt==1.12.1,zipp==3.1.0 py36 run-test-pre: PYTHONHASHSEED='210469576' py36 run-test: commands[0] | stestr run --slowest oslo_policy.tests.test_policy.EnforcerTest.test_load_directory_after_file_update WARNING [oslo_policy.policy] Policies ['foo'] reference a rule that is not defined. {0} oslo_policy.tests.test_policy.EnforcerTest.test_load_directory_after_file_update [0.004220s] ... ok == Totals == Ran: 1 tests in 0.0042 sec. - Passed: 1 - Skipped: 0 - Expected Fail: 0 - Unexpected Success: 0 - Failed: 0 Sum of execute time for each test: 0.0042 sec. == Worker Balance == - Worker 0 (1 tests) => 0:00:00.004220 Test id Runtime (s) --- oslo_policy.tests.test_policy.EnforcerTest.test_load_directory_after_file_update 0.004 __ summary ___ py36: commands succeeded congratulations :) ** Tags removed: verification-needed-focal ** Tags added: verification-done-focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
Verified for Bionic/Stein: git show HEAD commit f05aa4863cdeff0406f73c02e9209842aab4369f (HEAD -> stable/stein, tag: debian/2.1.1-0ubuntu1_cloud1, origin/stable/stein) Author: Corey Bryant Date: Thu Jun 25 14:40:43 2020 -0400 releasing package python-oslo.policy version 2.1.1-0ubuntu1~cloud1 root@oslop:/tmp/oslo.policy/python-oslo.policy# export QUILT_PATCHES=debian/patches root@oslop:/tmp/oslo.policy/python-oslo.policy# quilt push Applying patch debian/patches/reload-policy-files.patch patching file oslo_policy/policy.py Hunk #3 succeeded at 763 (offset -6 lines). Hunk #4 succeeded at 803 (offset -6 lines). patching file oslo_policy/tests/test_policy.py patching file releasenotes/notes/bug-1880959-8f1370a59759d40d.yaml Now at patch debian/patches/reload-policy-files.patch root@oslop:/tmp/oslo.policy/python-oslo.policy# tox -e py36 -- oslo_policy.tests.test_policy.EnforcerTest.test_load_directory_after_file_update GLOB sdist-make: /tmp/oslo.policy/python-oslo.policy/setup.py py36 inst-nodeps: /tmp/oslo.policy/python-oslo.policy/.tox/dist/oslo.policy-2.1.1.zip py36 installed: alabaster==0.7.12,attrs==19.3.0,Babel==2.8.0,bandit==1.6.2,certifi==2020.6.20,chardet==3.0.4,cliff==3.3.0,cmd2==1.1.0,colorama==0.4.3,coverage==5.2,debtcollector==2.1.0,docutils==0.15.2,dulwich==0.20.5,extras==1.0.0,fixtures==3.0.0,flake8==2.6.2,future==0.18.2,gitdb==4.0.5,GitPython==3.1.3,hacking==1.1.0,idna==2.10,imagesize==1.2.0,importlib-resources==3.0.0,iso8601==0.1.12,Jinja2==2.11.2,linecache2==1.0.0,MarkupSafe==1.1.1,mccabe==0.5.3,mock==3.0.5,msgpack==0.6.1,netaddr==0.8.0,netifaces==0.10.9,openstackdocstheme==2.2.4,oslo.config==8.2.0,oslo.context==3.1.0,oslo.i18n==5.0.0,oslo.policy @ file:///tmp/oslo.policy/python-oslo.policy/.tox/dist/oslo.policy-2.1.1.zip,oslo.serialization==4.0.0,oslo.utils==4.2.2,oslotest==4.4.0,packaging==20.4,pbr==5.4.5,pkg-resources==0.0.0,prettytable==0.7.2,pycodestyle==2.0.0,pyflakes==1.2.3,Pygments==2.6.1,pyparsing==2.4.7,pyperclip==1.8.0,python-mimeparse==1.6.0,python-subunit==1.4.0,pytz==2020.1,PyYAML==5.3.1,reno==3.1.0,requests==2.23.0,requests-mock==1.8.0,rfc3986==1.4.0,six==1.15.0,smmap==3.0.4,snowballstemmer==2.0.0,Sphinx==3.1.2,sphinxcontrib-applehelp==1.0.2,sphinxcontrib-devhelp==1.0.2,sphinxcontrib-htmlhelp==1.0.3,sphinxcontrib-jsmath==1.0.1,sphinxcontrib-qthelp==1.0.3,sphinxcontrib-serializinghtml==1.1.4,stestr==3.0.1,stevedore==2.0.1,testtools==2.4.0,traceback2==1.4.0,unittest2==1.1.0,urllib3==1.25.9,voluptuous==0.11.7,wcwidth==0.2.5,wrapt==1.12.1,zipp==3.1.0 py36 runtests: PYTHONHASHSEED='3801095108' py36 runtests: commands[0] | stestr run --slowest oslo_policy.tests.test_policy.EnforcerTest.test_load_directory_after_file_update WARNING [oslo_policy.policy] Policies ['foo'] reference a rule that is not defined. {0} oslo_policy.tests.test_policy.EnforcerTest.test_load_directory_after_file_update [0.004062s] ... ok == Totals == Ran: 1 tests in 0.0041 sec. - Passed: 1 - Skipped: 0 - Expected Fail: 0 - Unexpected Success: 0 - Failed: 0 Sum of execute time for each test: 0.0041 sec. == Worker Balance == - Worker 0 (1 tests) => 0:00:00.004062 Test id Runtime (s) --- oslo_policy.tests.test_policy.EnforcerTest.test_load_directory_after_file_update 0.004 __ summary ___ py36: commands succeeded congratulations :) ** Tags removed: verification-stein-needed ** Tags added: verification-stein-done -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
Verified on Bionic/Train. git show HEAD commit f61adf33af13ea725acebf4246caaa6949e86000 (HEAD -> stable/train, tag: debian/2.3.2-0ubuntu1_cloud1, origin/stable/train) Author: Corey Bryant Date: Thu Jun 25 14:33:54 2020 -0400 releasing package python-oslo.policy version 2.3.2-0ubuntu1~cloud1 root@oslop:/tmp/oslo.policy/python-oslo.policy# export QUILT_PATCHES=debian/patches root@oslop:/tmp/oslo.policy/python-oslo.policy# quilt push Applying patch debian/patches/reload-policy-files.patch patching file oslo_policy/policy.py Hunk #3 succeeded at 769 (offset -6 lines). Hunk #4 succeeded at 809 (offset -6 lines). patching file oslo_policy/tests/test_policy.py patching file releasenotes/notes/bug-1880959-8f1370a59759d40d.yaml Now at patch debian/patches/reload-policy-files.patch root@oslop:/tmp/oslo.policy/python-oslo.policy# tox -e py36 -- oslo_policy.tests.test_policy.EnforcerTest.test_load_directory_after_file_update GLOB sdist-make: /tmp/oslo.policy/python-oslo.policy/setup.py py36 inst-nodeps: /tmp/oslo.policy/python-oslo.policy/.tox/dist/oslo.policy-2.3.2.zip py36 installed: alabaster==0.7.12,attrs==19.3.0,Babel==2.8.0,bandit==1.5.1,certifi==2020.6.20,chardet==3.0.4,cliff==3.3.0,cmd2==1.1.0,colorama==0.4.3,coverage==5.2,debtcollector==2.1.0,docutils==0.15.2,dulwich==0.20.5,extras==1.0.0,fixtures==3.0.0,flake8==2.6.2,future==0.18.2,gitdb==4.0.5,GitPython==3.1.3,hacking==1.1.0,idna==2.10,imagesize==1.2.0,importlib-resources==3.0.0,iso8601==0.1.12,Jinja2==2.11.2,linecache2==1.0.0,MarkupSafe==1.1.1,mccabe==0.5.3,mock==3.0.5,msgpack==0.6.1,netaddr==0.8.0,netifaces==0.10.9,openstackdocstheme==2.2.4,oslo.config==8.2.0,oslo.context==3.1.0,oslo.i18n==5.0.0,oslo.policy @ file:///tmp/oslo.policy/python-oslo.policy/.tox/dist/oslo.policy-2.3.2.zip,oslo.serialization==4.0.0,oslo.utils==4.2.2,oslotest==4.4.0,packaging==20.4,pbr==5.4.5,pkg-resources==0.0.0,prettytable==0.7.2,pycodestyle==2.0.0,pyflakes==1.2.3,Pygments==2.6.1,pyparsing==2.4.7,pyperclip==1.8.0,python-mimeparse==1.6.0,python-subunit==1.4.0,pytz==2020.1,PyYAML==5.3.1,reno==3.1.0,requests==2.23.0,requests-mock==1.8.0,rfc3986==1.4.0,six==1.15.0,smmap==3.0.4,snowballstemmer==2.0.0,Sphinx==3.1.2,sphinxcontrib-apidoc==0.3.0,sphinxcontrib-applehelp==1.0.2,sphinxcontrib-devhelp==1.0.2,sphinxcontrib-htmlhelp==1.0.3,sphinxcontrib-jsmath==1.0.1,sphinxcontrib-qthelp==1.0.3,sphinxcontrib-serializinghtml==1.1.4,stestr==3.0.1,stevedore==2.0.1,testtools==2.4.0,traceback2==1.4.0,unittest2==1.1.0,urllib3==1.25.9,voluptuous==0.11.7,wcwidth==0.2.5,wrapt==1.12.1,zipp==3.1.0 py36 runtests: PYTHONHASHSEED='3086963030' py36 runtests: commands[0] | stestr run --slowest oslo_policy.tests.test_policy.EnforcerTest.test_load_directory_after_file_update WARNING [oslo_policy.policy] Policies ['foo'] reference a rule that is not defined. {0} oslo_policy.tests.test_policy.EnforcerTest.test_load_directory_after_file_update [0.005167s] ... ok == Totals == Ran: 1 tests in 0.0052 sec. - Passed: 1 - Skipped: 0 - Expected Fail: 0 - Unexpected Success: 0 - Failed: 0 Sum of execute time for each test: 0.0052 sec. == Worker Balance == - Worker 0 (1 tests) => 0:00:00.005167 Test id Runtime (s) --- oslo_policy.tests.test_policy.EnforcerTest.test_load_directory_after_file_update 0.005 __ summary ___ py36: commands succeeded congratulations :) ** Tags removed: verification-train-needed ** Tags added: verification-train-done -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
Verified Ussuri (on Focal): root@oslop-f:/tmp/oslo.policy/python-oslo.policy# git remote show origin * remote origin Fetch URL: https://git.launchpad.net/~ubuntu-server-dev/ubuntu/+source/python-oslo.policy Push URL: https://git.launchpad.net/~ubuntu-server-dev/ubuntu/+source/python-oslo.policy # ... root@oslop-f:/tmp/oslo.policy/python-oslo.policy# git status On branch stable/ussuri Your branch is up to date with 'origin/stable/ussuri'. # ... root@oslop-f:/tmp/oslo.policy/python-oslo.policy# export QUILT_PATCHES=debian/patches root@oslop-f:/tmp/oslo.policy/python-oslo.policy# quilt push Applying patch debian/patches/reload-policy-files.patch patching file oslo_policy/policy.py patching file oslo_policy/tests/test_policy.py patching file releasenotes/notes/bug-1880959-8f1370a59759d40d.yaml Now at patch debian/patches/reload-policy-files.patch root@oslop-f:/tmp/oslo.policy/python-oslo.policy# tox -e py38 -- oslo_policy.tests.test_policy.EnforcerTest.test_load_directory_after_file_update GLOB sdist-make: /tmp/oslo.policy/python-oslo.policy/setup.py py38 inst-nodeps: /tmp/oslo.policy/python-oslo.policy/.tox/.tmp/package/1/oslo.policy-3.1.0.zip py38 installed: alabaster==0.7.12,appdirs==1.4.3,attrs==19.3.0,Babel==2.8.0,bandit==1.5.1,CacheControl==0.12.6,certifi==2020.6.20,chardet==3.0.4,cliff==3.3.0,cmd2==1.1.0,colorama==0.4.3,contextlib2==0.6.0,coverage==5.2,debtcollector==2.1.0,distlib==0.3.0,distro==1.4.0,docutils==0.15.2,dulwich==0.20.5,entrypoints==0.3,extras==1.0.0,fixtures==3.0.0,flake8==3.7.9,future==0.18.2,gitdb==4.0.5,GitPython==3.1.3,hacking==3.0.1,html5lib==1.0.1,idna==2.10,imagesize==1.2.0,ipaddr==2.2.0,iso8601==0.1.12,Jinja2==2.11.2,linecache2==1.0.0,lockfile==0.12.2,MarkupSafe==1.1.1,mccabe==0.6.1,msgpack==0.6.1,netaddr==0.8.0,netifaces==0.10.9,openstackdocstheme==2.2.4,oslo.config==8.2.0,oslo.context==3.1.0,oslo.i18n==5.0.0,oslo.policy==3.1.0,oslo.serialization==4.0.0,oslo.utils==4.2.2,oslotest==4.4.0,packaging==20.4,pbr==5.4.5,pep517==0.8.2,prettytable==0.7.2,progress==1.5,pycodestyle==2.5.0,pyflakes==2.1.1,Pygments==2.6.1,pyparsing==2.4.7,pyperclip==1.8.0,python-mimeparse==1.6.0,python-subunit==1.4.0,pytoml==0.1.21,pytz==2020.1,PyYAML==5.3.1,reno==3.1.0,requests==2.23.0,requests-mock==1.8.0,retrying==1.3.3,rfc3986==1.4.0,six==1.15.0,smmap==3.0.4,snowballstemmer==2.0.0,Sphinx==3.1.2,sphinxcontrib-apidoc==0.3.0,sphinxcontrib-applehelp==1.0.2,sphinxcontrib-devhelp==1.0.2,sphinxcontrib-htmlhelp==1.0.3,sphinxcontrib-jsmath==1.0.1,sphinxcontrib-qthelp==1.0.3,sphinxcontrib-serializinghtml==1.1.4,stestr==3.0.1,stevedore==2.0.1,testtools==2.4.0,traceback2==1.4.0,unittest2==1.1.0,urllib3==1.25.9,voluptuous==0.11.7,wcwidth==0.2.5,webencodings==0.5.1,wrapt==1.12.1 py38 run-test-pre: PYTHONHASHSEED='930512441' py38 run-test: commands[0] | stestr run --slowest oslo_policy.tests.test_policy.EnforcerTest.test_load_directory_after_file_update WARNING [oslo_policy.policy] Policies ['foo'] reference a rule that is not defined. {0} oslo_policy.tests.test_policy.EnforcerTest.test_load_directory_after_file_update [0.003257s] ... ok == Totals == Ran: 1 tests in 0.0033 sec. - Passed: 1 - Skipped: 0 - Expected Fail: 0 - Unexpected Success: 0 - Failed: 0 Sum of execute time for each test: 0.0033 sec. == Worker Balance == - Worker 0 (1 tests) => 0:00:00.003257 Test id Runtime (s) --- oslo_policy.tests.test_policy.EnforcerTest.test_load_directory_after_file_update 0.003 __ summary ___ py38: commands succeeded congratulations :) ** Tags removed: verification-ussuri-needed ** Tags added: verification-ussuri-done -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
sub'd to field high as this is blocking field high bug 1818113 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
Hello Dmitrii, or anyone else affected, Accepted python-oslo.policy into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/python- oslo.policy/3.1.0-0ubuntu1.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-focal. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: python-oslo.policy (Ubuntu Focal) Status: New => Fix Committed ** Tags added: verification-needed verification-needed-focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
Reviewed: https://review.opendev.org/734154 Committed: https://git.openstack.org/cgit/openstack/oslo.policy/commit/?id=5904564bf13bbac7d66e00ec6312487c507f09c4 Submitter: Zuul Branch:stable/train commit 5904564bf13bbac7d66e00ec6312487c507f09c4 Author: Dmitrii Shcherbakov Date: Wed May 27 17:06:25 2020 +0300 Reload files in policy_dirs on primary file change It was determined that rules from policy files located in the directory specified in the policy_dirs option (/etc//policy.d by default) are not re-applied after the rules from the primary policy file is re-applied due to a change. This change introduces additional behavior to make sure the rules from policy_dirs are reapplied if there is a change to the primary policy file. Change-Id: I8a6f8e971d881365c41ea409966723319d5b239a Closes-Bug: #1880959 Related-Bug: #1880847 (cherry picked from commit 75677a31108243e0adddc89f1fbf669053f9573b) (cherry picked from commit c8c138e69d9189345a7366a10b0779ef70b7250e) ** Changed in: cloud-archive/train Status: Triaged => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
This bug was fixed in the package python-oslo.policy - 3.2.0-0ubuntu2~cloud0 --- python-oslo.policy (3.2.0-0ubuntu2~cloud0) focal-victoria; urgency=medium . * New update for the Ubuntu Cloud Archive. . python-oslo.policy (3.2.0-0ubuntu2) groovy; urgency=medium . * d/p/reload-policy-files.patch: Cherry-picked from upstream master to ensure policy directory files are reapplied after change to primary policy file (LP: #1880959). ** Changed in: cloud-archive Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
This bug was fixed in the package python-oslo.policy - 3.2.0-0ubuntu2 --- python-oslo.policy (3.2.0-0ubuntu2) groovy; urgency=medium * d/p/reload-policy-files.patch: Cherry-picked from upstream master to ensure policy directory files are reapplied after change to primary policy file (LP: #1880959). -- Corey Bryant Thu, 25 Jun 2020 10:47:11 -0400 ** Changed in: python-oslo.policy (Ubuntu Groovy) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
** Changed in: cloud-archive Status: Triaged => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
Dmitrii, thanks for all the patches. For ubuntu, fixes have been uploaded to groovy, focal unapproved, train-staging ppa, and stein- staging ppa. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
Eoan is EOL in July so will upload directly to train. ** Changed in: python-oslo.policy (Ubuntu Eoan) Status: Triaged => Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
** Description changed: [Impact] Based on the investigation here https://bugs.launchpad.net/charm-keystone/+bug/1880847 it was determined that rules from policy files located in the directory specified in the policy_dirs option (/etc//policy.d by default) are not re-applied after the rules from the primary policy file is re-applied due to a change. This leads to scenarios where incorrect rule combinations are active. Example from the test case in 1880847: * policy.json gets read with the following rule; "identity:list_credentials": "rule:admin_required or user_id:%(user_id)s", * rule.yaml from policy.d is read with the following rule; {'identity:list_credentials': '!'} * policy.json's mtime gets updated (with or without a content change) and overrides the rule to be "identity:list_credentials": "rule:admin_required or user_id:%(user_id)s", * rule.yaml doesn't get reapplied since it hasn't changed. [Test Case] + == ubuntu == + + The patches include unit tests that ensure the code is behaving as + expected and has not regressed. These tests are run during every package + build. + + == upstream == For a particular version of oslo.policy: * put the attached test (https://bugs.launchpad.net/ubuntu/+source /python- oslo.policy/+bug/1880959/+attachment/5377753/+files/test_1880959.py) under oslo_policy/tests/test_1880959.py; * run tox -e cover -- oslo_policy.tests.test_1880959.EnforcerTest; * observe the failure; # ... testtools.matchers._impl.MismatchError: 'role:fakeA' != 'rule:admin' Ran 1 tests in 0.005s (+0.001s) FAILED (id=1, failures=1) * apply the patch; * run tox -e cover -- oslo_policy.tests.test_1880959.EnforcerTest * observe that the failure is no longer there. - [Regression Potential] The regression potential is low given that there is test coverage in the olso.policy unit tests. ** Changed in: cloud-archive/ussuri Status: Fix Committed => Triaged ** Changed in: cloud-archive/train Status: In Progress => Triaged ** Changed in: cloud-archive/stein Status: In Progress => Triaged ** Changed in: cloud-archive/rocky Status: In Progress => Triaged ** Changed in: cloud-archive/queens Status: In Progress => Triaged ** Changed in: cloud-archive Status: In Progress => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
Reviewed: https://review.opendev.org/734151 Committed: https://git.openstack.org/cgit/openstack/oslo.policy/commit/?id=c8c138e69d9189345a7366a10b0779ef70b7250e Submitter: Zuul Branch:stable/ussuri commit c8c138e69d9189345a7366a10b0779ef70b7250e Author: Dmitrii Shcherbakov Date: Wed May 27 17:06:25 2020 +0300 Reload files in policy_dirs on primary file change It was determined that rules from policy files located in the directory specified in the policy_dirs option (/etc//policy.d by default) are not re-applied after the rules from the primary policy file is re-applied due to a change. This change introduces additional behavior to make sure the rules from policy_dirs are reapplied if there is a change to the primary policy file. Change-Id: I8a6f8e971d881365c41ea409966723319d5b239a Closes-Bug: #1880959 Related-Bug: #1880847 (cherry picked from commit 75677a31108243e0adddc89f1fbf669053f9573b) ** Changed in: cloud-archive/ussuri Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
Yes, the backports themselves include the unit tests necessary to validate the change. https://review.opendev.org/#/q/topic:bug/1880959+(status:open+OR+status:merged) We just need to get a second +2 on some of them. Rocky and Queens backports are blocked on devstack backports to devstack/rocky and devstack/queens referenced in the respective reviews. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
** Tags added: cpe-onsite -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
Corey, to your question in #6 about being able to add this test to the package, the test that Dmitrii linked is actually pulled, almost verbatim, from the linked review. After pulling in the associated change, this test will run as part of the package tests (AFAIU?) so we should be able to validate it fairly cleanly -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
Reviewed: https://review.opendev.org/731218 Committed: https://git.openstack.org/cgit/openstack/oslo.policy/commit/?id=75677a31108243e0adddc89f1fbf669053f9573b Submitter: Zuul Branch:master commit 75677a31108243e0adddc89f1fbf669053f9573b Author: Dmitrii Shcherbakov Date: Wed May 27 17:06:25 2020 +0300 Reload files in policy_dirs on primary file change It was determined that rules from policy files located in the directory specified in the policy_dirs option (/etc//policy.d by default) are not re-applied after the rules from the primary policy file is re-applied due to a change. This change introduces additional behavior to make sure the rules from policy_dirs are reapplied if there is a change to the primary policy file. Change-Id: I8a6f8e971d881365c41ea409966723319d5b239a Closes-Bug: #1880959 Related-Bug: #1880847 ** Changed in: oslo.policy Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
@Dmitrii, Couple questions. Will we be able to test the Ubuntu package with that? Would it make sense for that test to land upstream? Whatever test we decide on we'll need to be able to test against the package version in -proposed to ensure it is fixed. We run upstream unit tests during package builds so that may be an option if the SRU Team is ok with it. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
** Description changed: [Impact] Based on the investigation here https://bugs.launchpad.net/charm-keystone/+bug/1880847 it was determined that rules from policy files located in the directory specified in the policy_dirs option (/etc//policy.d by default) are not re-applied after the rules from the primary policy file is re-applied due to a change. This leads to scenarios where incorrect rule combinations are active. Example from the test case in 1880847: * policy.json gets read with the following rule; "identity:list_credentials": "rule:admin_required or user_id:%(user_id)s", * rule.yaml from policy.d is read with the following rule; {'identity:list_credentials': '!'} * policy.json's mtime gets updated (with or without a content change) and overrides the rule to be "identity:list_credentials": "rule:admin_required or user_id:%(user_id)s", * rule.yaml doesn't get reapplied since it hasn't changed. [Test Case] - TBD + For a particular version of oslo.policy: + + * put the attached test (https://bugs.launchpad.net/ubuntu/+source + /python- + oslo.policy/+bug/1880959/+attachment/5377753/+files/test_1880959.py) + under oslo_policy/tests/test_1880959.py; + + * run tox -e cover -- oslo_policy.tests.test_1880959.EnforcerTest; + * observe the failure; + # ... + testtools.matchers._impl.MismatchError: 'role:fakeA' != 'rule:admin' + Ran 1 tests in 0.005s (+0.001s) + FAILED (id=1, failures=1) + + * apply the patch; + * run tox -e cover -- oslo_policy.tests.test_1880959.EnforcerTest + * observe that the failure is no longer there. + [Regression Potential] - TBD + The regression potential is low given that there is test coverage in the olso.policy unit tests. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
Corey, The simplest way to test this for a particular version would be to put the attached test under oslo_policy/tests/test_1880959.py in a checked out version of oslo.policy and running: tox -e cover -- oslo_policy.tests.test_1880959.EnforcerTest It will fail like below without the patch applied and pass if it is. # ... testtools.matchers._impl.MismatchError: 'role:fakeA' != 'rule:admin' Ran 1 tests in 0.005s (+0.001s) FAILED (id=1, failures=1) ** Attachment added: "test_1880959.py" https://bugs.launchpad.net/ubuntu/+source/python-oslo.policy/+bug/1880959/+attachment/5377753/+files/test_1880959.py -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
Thanks Dmitrii, we'll need to get this backported as far as we can upstream once the fix lands in master. I'll target the rest of the ubuntu and cloud archive releases. Would you be able to add some simple repro steps to the [Test Case] section in the bug description? This can include a juju based deploy. That will help us verify SRU fixes for each release combination once we have fixes in corresponding -proposed pockets available for testing. ** Description changed: - Based on the investigation here https://bugs.launchpad.net/charm- - keystone/+bug/1880847 it was determined that rules from policy files - located in the directory specified in the policy_dirs option - (/etc//policy.d by default) are not re-applied after the - rules from the primary policy file is re-applied due to a change. + [Impact] + Based on the investigation here https://bugs.launchpad.net/charm-keystone/+bug/1880847 it was determined that rules from policy files located in the directory specified in the policy_dirs option (/etc//policy.d by default) are not re-applied after the rules from the primary policy file is re-applied due to a change. This leads to scenarios where incorrect rule combinations are active. Example from the test case in 1880847: * policy.json gets read with the following rule; - "identity:list_credentials": "rule:admin_required or user_id:%(user_id)s", + "identity:list_credentials": "rule:admin_required or user_id:%(user_id)s", * rule.yaml from policy.d is read with the following rule; {'identity:list_credentials': '!'} * policy.json's mtime gets updated (with or without a content change) and overrides the rule to be - "identity:list_credentials": "rule:admin_required or user_id:%(user_id)s", + "identity:list_credentials": "rule:admin_required or user_id:%(user_id)s", * rule.yaml doesn't get reapplied since it hasn't changed. + + [Test Case] + TBD + + [Regression Potential] + TBD ** Also affects: python-oslo.policy (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: python-oslo.policy (Ubuntu Eoan) Importance: Undecided Status: New ** Also affects: python-oslo.policy (Ubuntu Bionic) Importance: Undecided Status: New ** Changed in: python-oslo.policy (Ubuntu Xenial) Status: New => Triaged ** Changed in: python-oslo.policy (Ubuntu Bionic) Status: New => Triaged ** Changed in: python-oslo.policy (Ubuntu Eoan) Status: New => Triaged ** Changed in: python-oslo.policy (Ubuntu Eoan) Importance: Undecided => High ** Changed in: python-oslo.policy (Ubuntu Bionic) Importance: Undecided => High ** Changed in: python-oslo.policy (Ubuntu Xenial) Importance: Undecided => High ** Also affects: cloud-archive Importance: Undecided Status: New ** Also affects: cloud-archive/ussuri Importance: Undecided Status: New ** Also affects: cloud-archive/queens Importance: Undecided Status: New ** Also affects: cloud-archive/train Importance: Undecided Status: New ** Also affects: cloud-archive/stein Importance: Undecided Status: New ** Also affects: cloud-archive/mitaka Importance: Undecided Status: New ** Also affects: cloud-archive/rocky Importance: Undecided Status: New ** Changed in: cloud-archive/mitaka Importance: Undecided => High ** Changed in: cloud-archive/mitaka Status: New => Triaged ** Changed in: cloud-archive/queens Importance: Undecided => High ** Changed in: cloud-archive/queens Status: New => Triaged ** Changed in: cloud-archive/rocky Importance: Undecided => High ** Changed in: cloud-archive/rocky Status: New => Triaged ** Changed in: cloud-archive/stein Importance: Undecided => High ** Changed in: cloud-archive/stein Status: New => Triaged ** Changed in: cloud-archive/train Importance: Undecided => High ** Changed in: cloud-archive/train Status: New => Triaged ** Changed in: cloud-archive/ussuri Importance: Undecided => High ** Changed in: cloud-archive/ussuri Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
Corey, I believe the issue got introduced in Liberty and affects all releases since then: https://opendev.org/openstack/oslo.policy/commit/b5f07dfe4cd4a5d12c7fecbc3954694d934de642 The check in question is still the same in Ussuri and that code hasn't seen much change: https://opendev.org/openstack/oslo.policy/src/commit/d4a2c64fad8b0d8d2df6a447c6c9826deaf24593/oslo_policy/policy.py#L581-L585 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file To manage notifications about this bug go to: https://bugs.launchpad.net/oslo.policy/+bug/1880959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
@dmitrii, Thanks for the patch. What releases does this affect? ** Also affects: python-oslo.policy (Ubuntu Groovy) Importance: Undecided Status: New ** Changed in: python-oslo.policy (Ubuntu Groovy) Status: New => Triaged ** Changed in: python-oslo.policy (Ubuntu Groovy) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file To manage notifications about this bug go to: https://bugs.launchpad.net/oslo.policy/+bug/1880959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
** Also affects: oslo.policy Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file To manage notifications about this bug go to: https://bugs.launchpad.net/oslo.policy/+bug/1880959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file
Fix proposed to branch: master Review: https://review.opendev.org/731218 ** Changed in: oslo.policy Status: New => In Progress ** Changed in: oslo.policy Assignee: (unassigned) => Dmitrii Shcherbakov (dmitriis) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880959 Title: Rules from the policy directory files are not reapplied after changes to the primary policy file To manage notifications about this bug go to: https://bugs.launchpad.net/oslo.policy/+bug/1880959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs