[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file

[OpenStack Infra]

Reviewed:  https://review.opendev.org/734157
Committed: 
https://git.openstack.org/cgit/openstack/oslo.policy/commit/?id=3a7f94a8cc909b9b9c9f32773dea043f659caa37
Submitter: Zuul
Branch:stable/queens

commit 3a7f94a8cc909b9b9c9f32773dea043f659caa37
Author: Dmitrii Shcherbakov 
Date:   Wed May 27 17:06:25 2020 +0300

Reload files in policy_dirs on primary file change

It was determined that rules from policy files located in the directory
specified in the policy_dirs option (/etc//policy.d by
default) are not re-applied after the rules from the primary policy file
is re-applied due to a change.

This change introduces additional behavior to make sure the rules from
policy_dirs are reapplied if there is a change to the primary policy
file.

Change-Id: I8a6f8e971d881365c41ea409966723319d5b239a
Closes-Bug: #1880959
Related-Bug: #1880847
(cherry picked from commit 75677a31108243e0adddc89f1fbf669053f9573b)
(cherry picked from commit c8c138e69d9189345a7366a10b0779ef70b7250e)
(cherry picked from commit 5904564bf13bbac7d66e00ec6312487c507f09c4)
(cherry picked from commit a49f31d3fc7690e3d15bc2428660b537967c89cc)
(cherry picked from commit 622bcf207948174535b4d04f15ef14fb265c834d)


** Tags added: in-stable-queens

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1880959

Title:
  Rules from the policy directory files are not reapplied after changes
  to the primary policy file

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file

[OpenStack Infra]

Reviewed:  https://review.opendev.org/734156
Committed: 
https://git.openstack.org/cgit/openstack/oslo.policy/commit/?id=622bcf207948174535b4d04f15ef14fb265c834d
Submitter: Zuul
Branch:stable/rocky

commit 622bcf207948174535b4d04f15ef14fb265c834d
Author: Dmitrii Shcherbakov 
Date:   Wed May 27 17:06:25 2020 +0300

Reload files in policy_dirs on primary file change

It was determined that rules from policy files located in the directory
specified in the policy_dirs option (/etc//policy.d by
default) are not re-applied after the rules from the primary policy file
is re-applied due to a change.

This change introduces additional behavior to make sure the rules from
policy_dirs are reapplied if there is a change to the primary policy
file.

Change-Id: I8a6f8e971d881365c41ea409966723319d5b239a
Closes-Bug: #1880959
Related-Bug: #1880847
(cherry picked from commit 75677a31108243e0adddc89f1fbf669053f9573b)
(cherry picked from commit c8c138e69d9189345a7366a10b0779ef70b7250e)
(cherry picked from commit 5904564bf13bbac7d66e00ec6312487c507f09c4)
(cherry picked from commit a49f31d3fc7690e3d15bc2428660b537967c89cc)


** Tags added: in-stable-rocky

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1880959

Title:
  Rules from the policy directory files are not reapplied after changes
  to the primary policy file

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file

[Corey Bryant]

This bug was fixed in the package python-oslo.policy - 1.33.1-0ubuntu3~cloud0
---

 python-oslo.policy (1.33.1-0ubuntu3~cloud0) xenial-queens; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 python-oslo.policy (1.33.1-0ubuntu3) bionic; urgency=medium
 .
   * d/p/reload-policy-files.patch: Cherry-picked from upstream review
 to ensure policy directory files are reapplied after change to primary
 policy file (LP: #1880959).


** Changed in: cloud-archive/queens
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1880959

Title:
  Rules from the policy directory files are not reapplied after changes
  to the primary policy file

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file

[Launchpad Bug Tracker]

This bug was fixed in the package python-oslo.policy - 1.33.1-0ubuntu3

---
python-oslo.policy (1.33.1-0ubuntu3) bionic; urgency=medium

  * d/p/reload-policy-files.patch: Cherry-picked from upstream review
to ensure policy directory files are reapplied after change to primary
policy file (LP: #1880959).

 -- Corey Bryant   Tue, 14 Jul 2020 09:43:55
-0400

** Changed in: python-oslo.policy (Ubuntu Bionic)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1880959

Title:
  Rules from the policy directory files are not reapplied after changes
  to the primary policy file

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file

[Dmitrii Shcherbakov]

Verified xenial/queens (the updated packages got uploaded compared to
the check in comment #45):

lxc launch ubuntu:xenial oslop-xq
Creating oslop-xq
Starting oslop-xq

lxc exec oslop-bq bash

root@oslop-xq:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.6 LTS
Release: 16.04
Codename: xenial

root@oslop-xq:~# apt update
root@oslop-xq:~# apt install ubuntu-cloud-keyring

root@oslop-xq:~# sudo add-apt-repository cloud-archive:queens-proposed

root@oslop-xq:~# cat /etc/apt/sources.list.d/cloudarchive-queens-proposed.list
deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-proposed/queens main
# deb-src http://ubuntu-cloud.archive.canonical.com/ubuntu 
xenial-proposed/queens main

root@oslop-xq:~# apt update && apt install python3-oslo.policy 
python-oslo.policy python3-oslotest python-oslotest
Setting up python-oslo.policy (1.33.1-0ubuntu3~cloud0) ...
Setting up python3-oslo.policy (1.33.1-0ubuntu3~cloud0) ...

root@oslop-xq:/usr/lib/python2.7/dist-packages/oslo_policy# dpkg -l | grep 
oslo.policy
ii  python-oslo.policy   1.33.1-0ubuntu3~cloud0 
all  RBAC policy enforcement library for OpenStack - Python 2.x
ii  python3-oslo.policy  1.33.1-0ubuntu3~cloud0 
all  RBAC policy enforcement library for OpenStack - Python 3.x

root@oslop-xq:~# cd /usr/lib/python3/dist-packages/oslo_policy/

root@oslop-xq:/usr/lib/python3/dist-packages/oslo_policy# PYTHONPATH=`realpath 
tests` ; python3 -m unittest 
tests.test_policy.EnforcerTest.test_load_directory_after_file_update
 WARNING [oslo_policy.policy] Policies ['foo'] reference a rule that is not 
defined.
.
--
Ran 1 test in 0.086s

OK


root@oslop-xq:/usr/lib/python3/dist-packages/oslo_policy# cd 
/usr/lib/python2.7/dist-packages/oslo_policy
root@oslop-xq:/usr/lib/python2.7/dist-packages/oslo_policy# 

root@oslop-xq:/usr/lib/python2.7/dist-packages/oslo_policy# 
PYTHONPATH=`realpath tests` ; python -m unittest 
tests.test_policy.EnforcerTest.test_load_directory_after_file_update
 WARNING [oslo_policy.policy] Policies [u'foo'] reference a rule that is not 
defined.
.
--
Ran 1 test in 0.079s

OK


** Tags removed: verification-needed verification-queens-needed
** Tags added: verification-done verification-queens-done

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1880959

Title:
  Rules from the policy directory files are not reapplied after changes
  to the primary policy file

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file

[Dmitrii Shcherbakov]

Also checked the python2.7 package on bionic just in case (unit tests
use `six` for compatibility so they work either way):

lxc exec oslop bash
root@oslop:~# cat  # Enable Ubuntu proposed archive
> deb http://archive.ubuntu.com/ubuntu/ $(lsb_release -cs)-proposed restricted 
> main multiverse universe
> EOF

root@oslop:/usr/lib/python2.7/dist-packages/oslo_policy# cat 
/etc/apt/sources.list.d/ubuntu-bionic-proposed.list 
# Enable Ubuntu proposed archive
deb http://archive.ubuntu.com/ubuntu/ bionic-proposed restricted main 
multiverse universe


root@oslop:~# apt update && apt install python-oslo.policy python-oslotest


Setting up python-oslo.config (1:5.2.0-0ubuntu1) ...
update-alternatives: using /usr/bin/python2-oslo-config-generator to provide 
/usr/bin/oslo-config-generator (oslo-config-generator) in auto mode
Setting up python-oslo.policy (1.33.1-0ubuntu3) ...
update-alternatives: using /usr/bin/python2-oslopolicy-sample-generator to 
provide /usr/bin/oslopolicy-sample-generator (oslopolicy-sample-generator) in 
auto mode
update-alternatives: using /usr/bin/python2-oslopolicy-checker to provide 
/usr/bin/oslopolicy-checker (oslopolicy-checker) in auto mode
update-alternatives: using /usr/bin/python2-oslopolicy-policy-generator to 
provide /usr/bin/oslopolicy-policy-generator (oslopolicy-policy-generator) in 
auto mode
update-alternatives: using /usr/bin/python2-oslopolicy-list-redundant to 
provide /usr/bin/oslopolicy-list-redundant (oslopolicy-list-redundant) in auto 
mode


root@oslop:/usr/lib/python2.7/dist-packages/oslo_policy# PYTHONPATH=`realpath 
tests` ; python2 -m unittest 
tests.test_policy.EnforcerTest.test_load_directory_after_file_update
 WARNING [oslo_policy.policy] Policies [u'foo'] reference a rule that is not 
defined.
.
--
Ran 1 test in 0.122s

OK

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1880959

Title:
  Rules from the policy directory files are not reapplied after changes
  to the primary policy file

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file

[Dmitrii Shcherbakov]

xenial + proposed Queens cloud archive (doesn't look like the changes
are there):

lxc launch ubuntu:xenial oslop-xq 
Creating oslop-xq
Starting oslop-xq


lxc exec oslop-bq bash

root@oslop-xq:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:Ubuntu 16.04.6 LTS
Release:16.04
Codename:   xenial


root@oslop-xq:~# apt update
root@oslop-xq:~# apt install ubuntu-cloud-keyring

root@oslop-xq:~# sudo add-apt-repository cloud-archive:queens-proposed

root@oslop-xq:~# cat /etc/apt/sources.list.d/cloudarchive-queens-proposed.list
deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-proposed/queens main
# deb-src http://ubuntu-cloud.archive.canonical.com/ubuntu 
xenial-proposed/queens main

root@oslop-xq:~# apt update && apt install python3-oslo.policy python3-oslotest
...
Setting up python3-oslo.config (1:5.2.0-0ubuntu1~cloud0) ...
update-alternatives: using /usr/bin/python3-oslo-config-generator to provide 
/usr/bin/oslo-config-generator (oslo-config-generator) in auto mode
Setting up python3-oslo.policy (1.33.1-0ubuntu2~cloud0) ...
update-alternatives: using /usr/bin/python3-oslopolicy-sample-generator to 
provide /usr/bin/oslopolicy-sample-generator (oslopolicy-sample-generator) in 
auto mode
update-alternatives: using /usr/bin/python3-oslopolicy-checker to provide 
/usr/bin/oslopolicy-checker (oslopolicy-checker) in auto mode
update-alternatives: using /usr/bin/python3-oslopolicy-policy-generator to 
provide /usr/bin/oslopolicy-policy-generator (oslopolicy-policy-generator) in 
auto mode
update-alternatives: using /usr/bin/python3-oslopolicy-list-redundant to 
provide /usr/bin/oslopolicy-list-redundant (oslopolicy-list-redundant) in auto 
mode

root@oslop-xq:~#  cd /usr/lib/python3/dist-packages/oslo_policy/

root@oslop-xq:/usr/lib/python3/dist-packages/oslo_policy# PYTHONPATH=`realpath 
tests` ; python3 -m unittest 
tests.test_policy.EnforcerTest.test_load_directory_after_file_update
E
==
ERROR: test_load_directory_after_file_update (unittest.loader._FailedTest)
--
AttributeError: type object 'EnforcerTest' has no attribute 
'test_load_directory_after_file_update'

--
Ran 1 test in 0.000s


root@oslop-xq:/usr/lib/python3/dist-packages/oslo_policy# apt install 
python-oslo.policy python-oslotest

root@oslop-xq:/usr/lib/python3/dist-packages/oslo_policy# cd
/usr/lib/python2.7/dist-packages/oslo_policy/

root@oslop-xq:/usr/lib/python2.7/dist-packages/oslo_policy# 
PYTHONPATH=`realpath tests` ; python -m unittest 
tests.test_policy.EnforcerTest.test_load_directory_after_file_update
Traceback (most recent call last):
  File "/usr/lib/python2.7/runpy.py", line 174, in _run_module_as_main
"__main__", fname, loader, pkg_name)
  File "/usr/lib/python2.7/runpy.py", line 72, in _run_code
exec code in run_globals
  File "/usr/lib/python2.7/unittest/__main__.py", line 12, in 
main(module=None)
  File "/usr/lib/python2.7/unittest/main.py", line 94, in __init__
self.parseArgs(argv)
  File "/usr/lib/python2.7/unittest/main.py", line 149, in parseArgs
self.createTests()
  File "/usr/lib/python2.7/unittest/main.py", line 158, in createTests
self.module)
  File "/usr/lib/python2.7/unittest/loader.py", line 130, in loadTestsFromNames
suites = [self.loadTestsFromName(name, module) for name in names]
  File "/usr/lib/python2.7/unittest/loader.py", line 100, in loadTestsFromName
parent, obj = obj, getattr(obj, part)
AttributeError: type object 'EnforcerTest' has no attribute 
'test_load_directory_after_file_update'


root@oslop-xq:/usr/lib/python2.7/dist-packages/oslo_policy# apt policy 
python3-oslo.policy
python3-oslo.policy:
  Installed: 1.33.1-0ubuntu2~cloud0
  Candidate: 1.33.1-0ubuntu2~cloud0
  Version table:
 *** 1.33.1-0ubuntu2~cloud0 500
500 http://ubuntu-cloud.archive.canonical.com/ubuntu 
xenial-proposed/queens/main amd64 Packages
100 /var/lib/dpkg/status
 1.6.0-2 500
500 http://archive.ubuntu.com/ubuntu xenial/universe amd64 Packages
root@oslop-xq:/usr/lib/python2.7/dist-packages/oslo_policy# apt policy 
python-oslo.policy
python-oslo.policy:
  Installed: 1.33.1-0ubuntu2~cloud0
  Candidate: 1.33.1-0ubuntu2~cloud0
  Version table:
 *** 1.33.1-0ubuntu2~cloud0 500
500 http://ubuntu-cloud.archive.canonical.com/ubuntu 
xenial-proposed/queens/main amd64 Packages
100 /var/lib/dpkg/status
 1.6.0-2 500
500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1880959

Title:
  Rules from the policy directory files are not reapplied after changes
  to the primary policy file

To manage notifications about this bug go to:

[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file

[Dmitrii Shcherbakov]

Bionic:
---

lxc launch ubuntu:bionic oslop-b
Creating oslop-b
Starting oslop-b

lxc exec oslop-b bash


root@oslop-b:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:Ubuntu 18.04.4 LTS
Release:18.04
Codename:   bionic


root@oslop-b:~# cat  # Enable Ubuntu proposed archive
> deb http://archive.ubuntu.com/ubuntu/ $(lsb_release -cs)-proposed restricted 
> main multiverse universe
> EOF

root@oslop-b:~#  cat /etc/apt/sources.list.d/ubuntu-bionic-proposed.list 
# Enable Ubuntu proposed archive
deb http://archive.ubuntu.com/ubuntu/ bionic-proposed restricted main 
multiverse universe


root@oslop-b:~# apt update && apt install python3-oslo.policy python3-oslotest
...
Setting up python3-oslo.config (1:5.2.0-0ubuntu1) ...
update-alternatives: using /usr/bin/python3-oslo-config-generator to provide 
/usr/bin/oslo-config-generator (oslo-config-generator) in auto mode
Setting up python3-oslo.policy (1.33.1-0ubuntu3) ...

root@oslop-b:~# cd /usr/lib/python3/dist-packages/oslo_policy/


root@oslop-b:/usr/lib/python3/dist-packages/oslo_policy# PYTHONPATH=`realpath 
tests` ; python3 -m unittest 
tests.test_policy.EnforcerTest.test_load_directory_after_file_update
 WARNING [oslo_policy.policy] Policies ['foo'] reference a rule that is not 
defined.
.
--
Ran 1 test in 0.144s

OK


** Tags removed: verification-needed-bionic
** Tags added: verification-done-bionic

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1880959

Title:
  Rules from the policy directory files are not reapplied after changes
  to the primary policy file

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file

[Brian Murray]

Hello Dmitrii, or anyone else affected,

Accepted python-oslo.policy into bionic-proposed. The package will build
now and be available at https://launchpad.net/ubuntu/+source/python-
oslo.policy/1.33.1-0ubuntu3 in a few hours, and then in the -proposed
repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, what testing has been
performed on the package and change the tag from verification-needed-
bionic to verification-done-bionic. If it does not fix the bug for you,
please add a comment stating that, and change the tag to verification-
failed-bionic. In either case, without details of your testing we will
not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

** Changed in: python-oslo.policy (Ubuntu Bionic)
   Status: Triaged => Fix Committed

** Tags removed: verification-done
** Tags added: verification-needed verification-needed-bionic

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1880959

Title:
  Rules from the policy directory files are not reapplied after changes
  to the primary policy file

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file

[Corey Bryant]

This bug was fixed in the package python-oslo.policy - 2.1.1-0ubuntu1~cloud1
---

 python-oslo.policy (2.1.1-0ubuntu1~cloud1) bionic-stein; urgency=medium
 .
   * d/gbp.conf: Create stable/stein branch.
   * d/p/reload-policy-files.patch: Cherry-picked from upstream master
 to ensure policy directory files are reapplied after change to primary
 policy file (LP: #1880959).


** Changed in: cloud-archive/stein
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1880959

Title:
  Rules from the policy directory files are not reapplied after changes
  to the primary policy file

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file

[Corey Bryant]

This bug was fixed in the package python-oslo.policy - 2.3.2-0ubuntu1~cloud1
---

 python-oslo.policy (2.3.2-0ubuntu1~cloud1) bionic-train; urgency=medium
 .
   * d/gbp.conf: Create stable/train branch.
   * d/p/reload-policy-files.patch: Cherry-picked from upstream master
 to ensure policy directory files are reapplied after change to primary
 policy file (LP: #1880959).


** Changed in: cloud-archive/train
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1880959

Title:
  Rules from the policy directory files are not reapplied after changes
  to the primary policy file

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file

[Corey Bryant]

This bug was fixed in the package python-oslo.policy - 1.38.1-0ubuntu1~cloud1
---

 python-oslo.policy (1.38.1-0ubuntu1~cloud1) bionic-rocky; urgency=medium
 .
   * d/gbp.conf: Create stable/rocky branch.
   * d/p/reload-policy-files.patch: Cherry-picked from upstream review
 to ensure policy directory files are reapplied after change to primary
 policy file (LP: #1880959).


** Changed in: cloud-archive/rocky
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1880959

Title:
  Rules from the policy directory files are not reapplied after changes
  to the primary policy file

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file

[Corey Bryant]

This bug was fixed in the package python-oslo.policy - 3.1.0-0ubuntu1.1~cloud0
---

 python-oslo.policy (3.1.0-0ubuntu1.1~cloud0) bionic-ussuri; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 python-oslo.policy (3.1.0-0ubuntu1.1) focal; urgency=medium
 .
   * d/gbp.conf: Create stable/ussuri branch.
   * d/p/reload-policy-files.patch: Cherry-picked from upstream master
 to ensure policy directory files are reapplied after change to primary
 policy file (LP: #1880959).


** Changed in: cloud-archive/ussuri
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1880959

Title:
  Rules from the policy directory files are not reapplied after changes
  to the primary policy file

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file

[Corey Bryant]

@Dmitrii, thanks for the simple test.

Just did a quick run through of testing cloud archive packages on
bionic. All passed the test:

root@b1:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:Ubuntu 18.04.4 LTS
Release:18.04
Codename:   bionic

root@b1:/usr/lib/python3/dist-packages/oslo_policy# apt policy 
python3-oslo.policy
python3-oslo.policy:
  Installed: 1.38.1-0ubuntu1~cloud1
  Candidate: 3.1.0-0ubuntu1.1~cloud0
  Version table:
 3.1.0-0ubuntu1.1~cloud0 500
500 http://ubuntu-cloud.archive.canonical.com/ubuntu 
bionic-proposed/ussuri/main amd64 Packages
 2.3.2-0ubuntu1~cloud1 500
500 http://ubuntu-cloud.archive.canonical.com/ubuntu 
bionic-proposed/train/main amd64 Packages
 2.1.1-0ubuntu1~cloud1 500
500 http://ubuntu-cloud.archive.canonical.com/ubuntu 
bionic-proposed/stein/main amd64 Packages
 *** 1.38.1-0ubuntu1~cloud1 500
500 http://ubuntu-cloud.archive.canonical.com/ubuntu 
bionic-proposed/rocky/main amd64 Packages
100 /var/lib/dpkg/status
 1.33.1-0ubuntu2 500
500 http://archive.ubuntu.com/ubuntu bionic-updates/universe amd64 
Packages
 1.33.1-0ubuntu1 500
500 http://archive.ubuntu.com/ubuntu bionic/universe amd64 Packages

root@b1:/usr/lib/python3/dist-packages/oslo_policy# PYTHONPATH=`realpath tests` 
; python3 -m unittest 
tests.test_policy.EnforcerTest.test_load_directory_after_file_update
 WARNING [oslo_policy.policy] Policies ['foo'] reference a rule that is not 
defined.
.
--
Ran 1 test in 0.410s

OK

root@b1:/usr/lib/python3/dist-packages/oslo_policy# apt policy 
python3-oslo.policy
python3-oslo.policy:
  Installed: 2.1.1-0ubuntu1~cloud1
  Candidate: 3.1.0-0ubuntu1.1~cloud0
  Version table:
 3.1.0-0ubuntu1.1~cloud0 500
500 http://ubuntu-cloud.archive.canonical.com/ubuntu 
bionic-proposed/ussuri/main amd64 Packages
 2.3.2-0ubuntu1~cloud1 500
500 http://ubuntu-cloud.archive.canonical.com/ubuntu 
bionic-proposed/train/main amd64 Packages
 *** 2.1.1-0ubuntu1~cloud1 500
500 http://ubuntu-cloud.archive.canonical.com/ubuntu 
bionic-proposed/stein/main amd64 Packages
100 /var/lib/dpkg/status
 1.38.1-0ubuntu1~cloud1 500
500 http://ubuntu-cloud.archive.canonical.com/ubuntu 
bionic-proposed/rocky/main amd64 Packages
 1.33.1-0ubuntu2 500
500 http://archive.ubuntu.com/ubuntu bionic-updates/universe amd64 
Packages
 1.33.1-0ubuntu1 500
500 http://archive.ubuntu.com/ubuntu bionic/universe amd64 Packages

root@b1:/usr/lib/python3/dist-packages/oslo_policy# PYTHONPATH=`realpath tests` 
; python3 -m unittest 
tests.test_policy.EnforcerTest.test_load_directory_after_file_update
 WARNING [oslo_policy.policy] Policies ['foo'] reference a rule that is not 
defined.
.
--
Ran 1 test in 0.233s

OK

root@b1:/usr/lib/python3/dist-packages/oslo_policy# apt policy 
python3-oslo.policy
python3-oslo.policy:
  Installed: 2.3.2-0ubuntu1~cloud1
  Candidate: 3.1.0-0ubuntu1.1~cloud0
  Version table:
 3.1.0-0ubuntu1.1~cloud0 500
500 http://ubuntu-cloud.archive.canonical.com/ubuntu 
bionic-proposed/ussuri/main amd64 Packages
 *** 2.3.2-0ubuntu1~cloud1 500
500 http://ubuntu-cloud.archive.canonical.com/ubuntu 
bionic-proposed/train/main amd64 Packages
100 /var/lib/dpkg/status
 2.1.1-0ubuntu1~cloud1 500
500 http://ubuntu-cloud.archive.canonical.com/ubuntu 
bionic-proposed/stein/main amd64 Packages
 1.38.1-0ubuntu1~cloud1 500
500 http://ubuntu-cloud.archive.canonical.com/ubuntu 
bionic-proposed/rocky/main amd64 Packages
 1.33.1-0ubuntu2 500
500 http://archive.ubuntu.com/ubuntu bionic-updates/universe amd64 
Packages
 1.33.1-0ubuntu1 500
500 http://archive.ubuntu.com/ubuntu bionic/universe amd64 Packages

root@b1:/usr/lib/python3/dist-packages/oslo_policy# PYTHONPATH=`realpath tests` 
; python3 -m unittest 
tests.test_policy.EnforcerTest.test_load_directory_after_file_update
 WARNING [oslo_policy.policy] Policies ['foo'] reference a rule that is not 
defined.
.
--
Ran 1 test in 0.194s

OK

root@b1:/usr/lib/python3/dist-packages/oslo_policy# apt policy 
python3-oslo.policy
python3-oslo.policy:
  Installed: 3.1.0-0ubuntu1.1~cloud0
  Candidate: 3.1.0-0ubuntu1.1~cloud0
  Version table:
 *** 3.1.0-0ubuntu1.1~cloud0 500
500 http://ubuntu-cloud.archive.canonical.com/ubuntu 
bionic-proposed/ussuri/main amd64 Packages
100 /var/lib/dpkg/status
 2.3.2-0ubuntu1~cloud1 500
500 http://ubuntu-cloud.archive.canonical.com/ubuntu 
bionic-proposed/train/main amd64 Packages
 2.1.1-0ubuntu1~cloud1 500
500 http://ubuntu-cloud.archive.canonical.com/ubuntu 
bionic-proposed/stein/main amd64 Packages
 

[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file

[Launchpad Bug Tracker]

This bug was fixed in the package python-oslo.policy - 3.1.0-0ubuntu1.1

---
python-oslo.policy (3.1.0-0ubuntu1.1) focal; urgency=medium

  * d/gbp.conf: Create stable/ussuri branch.
  * d/p/reload-policy-files.patch: Cherry-picked from upstream master
to ensure policy directory files are reapplied after change to primary
policy file (LP: #1880959).

 -- Corey Bryant   Thu, 25 Jun 2020 14:17:43
-0400

** Changed in: python-oslo.policy (Ubuntu Focal)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1880959

Title:
  Rules from the policy directory files are not reapplied after changes
  to the primary policy file

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file

[Dmitrii Shcherbakov]

Focal verification:

lxc launch ubuntu:focal oslop-f
Creating oslop-f
Starting oslop-f

lxc exec oslop-f bash

root@oslop-f:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:Ubuntu 20.04 LTS
Release:20.04
Codename:   focal

root@oslop-f:~# cat  # Enable Ubuntu proposed archive
> deb http://archive.ubuntu.com/ubuntu/ $(lsb_release -cs)-proposed restricted 
> main multiverse universe
> EOF

root@oslop-f:~# cat /etc/apt/sources.list.d/ubuntu-focal-proposed.list 
# Enable Ubuntu proposed archive
deb http://archive.ubuntu.com/ubuntu/ focal-proposed restricted main multiverse 
universe

root@oslop-f:~# apt update

root@oslop-f:~# apt install python3-oslo.policy python3-oslotest
Reading package lists... Done
Building dependency tree   
...
Setting up python3-oslo.config (1:8.0.2-0ubuntu1) ...
Setting up python3-oslo.policy (3.1.0-0ubuntu1.1) ...

cd /usr/lib/python3/dist-packages/oslo_policy/

PYTHONPATH=`realpath tests` ; python3 -m unittest 
tests.test_policy.EnforcerTest.test_load_directory_after_file_update
 WARNING [oslo_policy.policy] Policies ['foo'] reference a rule that is not 
defined.
.
--
Ran 1 test in 0.102s

OK


** Tags removed: verification-needed-focal
** Tags added: verification-done-focal

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1880959

Title:
  Rules from the policy directory files are not reapplied after changes
  to the primary policy file

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file

[Brian Murray]

I've removed the verification-done-focal tag as comment #25 didn't
really seem to be about Ubuntu 20.04 LTS (Focal). Please verify this for
focal.

** Tags removed: verification-done-focal
** Tags added: verification-needed-focal

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1880959

Title:
  Rules from the policy directory files are not reapplied after changes
  to the primary policy file

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file

[Corey Bryant]

New package versions have been uploaded to the rocky-staging PPA and to
the bionic unapproved queue.

** Changed in: cloud-archive/mitaka
   Status: Triaged => Won't Fix

** Changed in: python-oslo.policy (Ubuntu Xenial)
   Status: Triaged => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1880959

Title:
  Rules from the policy directory files are not reapplied after changes
  to the primary policy file

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file

[Corey Bryant]

Marked xenial/mitaka as Won't fix for now as the reporting project
(openstack charms) do not exercise policy.d support for mitaka.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1880959

Title:
  Rules from the policy directory files are not reapplied after changes
  to the primary policy file

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file

[Corey Bryant]

** Tags removed: verification-needed
** Tags added: verification-done

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1880959

Title:
  Rules from the policy directory files are not reapplied after changes
  to the primary policy file

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file

[Dmitrii Shcherbakov]

Verified bionic/ussuri:

lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:Ubuntu 18.04.4 LTS
Release:18.04
Codename:   bionic


git show
commit 19b9bc6128af181df0da9e2e3f2e2001c93b758a (HEAD -> stable/ussuri, tag: 
debian/3.1.0-0ubuntu1.1, origin/stable/ussuri)
Author: Corey Bryant 
Date:   Thu Jun 25 14:19:37 2020 -0400

releasing package python-oslo.policy version 3.1.0-0ubuntu1.1


root@oslop:/tmp/oslo.policy/python-oslo.policy# quilt push
Applying patch debian/patches/reload-policy-files.patch
patching file oslo_policy/policy.py
patching file oslo_policy/tests/test_policy.py
patching file releasenotes/notes/bug-1880959-8f1370a59759d40d.yaml

Now at patch debian/patches/reload-policy-files.patch


root@oslop:/tmp/oslo.policy/python-oslo.policy# tox -e py36 -- 
oslo_policy.tests.test_policy.EnforcerTest.test_load_directory_after_file_update
GLOB sdist-make: /tmp/oslo.policy/python-oslo.policy/setup.py
py36 create: /tmp/oslo.policy/python-oslo.policy/.tox/py36
py36 installdeps: -chttps://releases.openstack.org/constraints/upper/master, 
-r/tmp/oslo.policy/python-oslo.policy/test-requirements.txt, 
-r/tmp/oslo.policy/python-oslo.policy/requirements.txt, 
-r/tmp/oslo.policy/python-oslo.policy/doc/requirements.txt
py36 inst: 
/tmp/oslo.policy/python-oslo.policy/.tox/.tmp/package/1/oslo.policy-3.1.0.zip
py36 installed: 
alabaster==0.7.12,attrs==19.3.0,Babel==2.8.0,bandit==1.5.1,certifi==2020.6.20,chardet==3.0.4,cliff==3.3.0,cmd2==1.1.0,colorama==0.4.3,coverage==5.2,debtcollector==2.1.0,docutils==0.15.2,dulwich==0.20.5,entrypoints==0.3,extras==1.0.0,fixtures==3.0.0,flake8==3.7.9,future==0.18.2,gitdb==4.0.5,GitPython==3.1.3,hacking==3.0.1,idna==2.10,imagesize==1.2.0,importlib-resources==3.0.0,iso8601==0.1.12,Jinja2==2.11.2,linecache2==1.0.0,MarkupSafe==1.1.1,mccabe==0.6.1,msgpack==0.6.1,netaddr==0.8.0,netifaces==0.10.9,openstackdocstheme==2.2.4,oslo.config==8.2.0,oslo.context==3.1.0,oslo.i18n==5.0.0,oslo.policy==3.1.0,oslo.serialization==4.0.0,oslo.utils==4.2.2,oslotest==4.4.0,packaging==20.4,pbr==5.4.5,pkg-resources==0.0.0,prettytable==0.7.2,pycodestyle==2.5.0,pyflakes==2.1.1,Pygments==2.6.1,pyparsing==2.4.7,pyperclip==1.8.0,python-mimeparse==1.6.0,python-subunit==1.4.0,pytz==2020.1,PyYAML==5.3.1,reno==3.1.0,requests==2.23.0,requests-mock==1.8.0,rfc3986==1.4.0,six==1.15.0,smmap==3.0.4,snowballstemmer==2.0.0,Sphinx==3.1.2,sphinxcontrib-apidoc==0.3.0,sphinxcontrib-applehelp==1.0.2,sphinxcontrib-devhelp==1.0.2,sphinxcontrib-htmlhelp==1.0.3,sphinxcontrib-jsmath==1.0.1,sphinxcontrib-qthelp==1.0.3,sphinxcontrib-serializinghtml==1.1.4,stestr==3.0.1,stevedore==2.0.1,testtools==2.4.0,traceback2==1.4.0,unittest2==1.1.0,urllib3==1.25.9,voluptuous==0.11.7,wcwidth==0.2.5,wrapt==1.12.1,zipp==3.1.0
py36 run-test-pre: PYTHONHASHSEED='210469576'
py36 run-test: commands[0] | stestr run --slowest 
oslo_policy.tests.test_policy.EnforcerTest.test_load_directory_after_file_update
 WARNING [oslo_policy.policy] Policies ['foo'] reference a rule that is not 
defined.
{0} 
oslo_policy.tests.test_policy.EnforcerTest.test_load_directory_after_file_update
 [0.004220s] ... ok

==
Totals
==
Ran: 1 tests in 0.0042 sec.
 - Passed: 1
 - Skipped: 0
 - Expected Fail: 0
 - Unexpected Success: 0
 - Failed: 0
Sum of execute time for each test: 0.0042 sec.

==
Worker Balance
==
 - Worker 0 (1 tests) => 0:00:00.004220
Test id 
  Runtime (s)

  ---
oslo_policy.tests.test_policy.EnforcerTest.test_load_directory_after_file_update
  0.004
__ 
summary 
___
  py36: commands succeeded
  congratulations :)


** Tags removed: verification-needed-focal
** Tags added: verification-done-focal

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1880959

Title:
  Rules from the policy directory files are not reapplied after changes
  to the primary policy file

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file

[Dmitrii Shcherbakov]

Verified for Bionic/Stein:

git show HEAD
commit f05aa4863cdeff0406f73c02e9209842aab4369f (HEAD -> stable/stein, tag: 
debian/2.1.1-0ubuntu1_cloud1, origin/stable/stein)
Author: Corey Bryant 
Date:   Thu Jun 25 14:40:43 2020 -0400

releasing package python-oslo.policy version 2.1.1-0ubuntu1~cloud1


root@oslop:/tmp/oslo.policy/python-oslo.policy# export
QUILT_PATCHES=debian/patches


root@oslop:/tmp/oslo.policy/python-oslo.policy# quilt push
Applying patch debian/patches/reload-policy-files.patch
patching file oslo_policy/policy.py
Hunk #3 succeeded at 763 (offset -6 lines).
Hunk #4 succeeded at 803 (offset -6 lines).
patching file oslo_policy/tests/test_policy.py
patching file releasenotes/notes/bug-1880959-8f1370a59759d40d.yaml

Now at patch debian/patches/reload-policy-files.patch


root@oslop:/tmp/oslo.policy/python-oslo.policy# tox -e py36 -- 
oslo_policy.tests.test_policy.EnforcerTest.test_load_directory_after_file_update
GLOB sdist-make: /tmp/oslo.policy/python-oslo.policy/setup.py
py36 inst-nodeps: 
/tmp/oslo.policy/python-oslo.policy/.tox/dist/oslo.policy-2.1.1.zip
py36 installed: 
alabaster==0.7.12,attrs==19.3.0,Babel==2.8.0,bandit==1.6.2,certifi==2020.6.20,chardet==3.0.4,cliff==3.3.0,cmd2==1.1.0,colorama==0.4.3,coverage==5.2,debtcollector==2.1.0,docutils==0.15.2,dulwich==0.20.5,extras==1.0.0,fixtures==3.0.0,flake8==2.6.2,future==0.18.2,gitdb==4.0.5,GitPython==3.1.3,hacking==1.1.0,idna==2.10,imagesize==1.2.0,importlib-resources==3.0.0,iso8601==0.1.12,Jinja2==2.11.2,linecache2==1.0.0,MarkupSafe==1.1.1,mccabe==0.5.3,mock==3.0.5,msgpack==0.6.1,netaddr==0.8.0,netifaces==0.10.9,openstackdocstheme==2.2.4,oslo.config==8.2.0,oslo.context==3.1.0,oslo.i18n==5.0.0,oslo.policy
 @ 
file:///tmp/oslo.policy/python-oslo.policy/.tox/dist/oslo.policy-2.1.1.zip,oslo.serialization==4.0.0,oslo.utils==4.2.2,oslotest==4.4.0,packaging==20.4,pbr==5.4.5,pkg-resources==0.0.0,prettytable==0.7.2,pycodestyle==2.0.0,pyflakes==1.2.3,Pygments==2.6.1,pyparsing==2.4.7,pyperclip==1.8.0,python-mimeparse==1.6.0,python-subunit==1.4.0,pytz==2020.1,PyYAML==5.3.1,reno==3.1.0,requests==2.23.0,requests-mock==1.8.0,rfc3986==1.4.0,six==1.15.0,smmap==3.0.4,snowballstemmer==2.0.0,Sphinx==3.1.2,sphinxcontrib-applehelp==1.0.2,sphinxcontrib-devhelp==1.0.2,sphinxcontrib-htmlhelp==1.0.3,sphinxcontrib-jsmath==1.0.1,sphinxcontrib-qthelp==1.0.3,sphinxcontrib-serializinghtml==1.1.4,stestr==3.0.1,stevedore==2.0.1,testtools==2.4.0,traceback2==1.4.0,unittest2==1.1.0,urllib3==1.25.9,voluptuous==0.11.7,wcwidth==0.2.5,wrapt==1.12.1,zipp==3.1.0
py36 runtests: PYTHONHASHSEED='3801095108'
py36 runtests: commands[0] | stestr run --slowest 
oslo_policy.tests.test_policy.EnforcerTest.test_load_directory_after_file_update
 WARNING [oslo_policy.policy] Policies ['foo'] reference a rule that is not 
defined.
{0} 
oslo_policy.tests.test_policy.EnforcerTest.test_load_directory_after_file_update
 [0.004062s] ... ok

==
Totals
==
Ran: 1 tests in 0.0041 sec.
 - Passed: 1
 - Skipped: 0
 - Expected Fail: 0
 - Unexpected Success: 0
 - Failed: 0
Sum of execute time for each test: 0.0041 sec.

==
Worker Balance
==
 - Worker 0 (1 tests) => 0:00:00.004062
Test id 
  Runtime (s)

  ---
oslo_policy.tests.test_policy.EnforcerTest.test_load_directory_after_file_update
  0.004
__ 
summary 
___
  py36: commands succeeded
  congratulations :)


** Tags removed: verification-stein-needed
** Tags added: verification-stein-done

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1880959

Title:
  Rules from the policy directory files are not reapplied after changes
  to the primary policy file

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file

[Dmitrii Shcherbakov]

Verified on Bionic/Train.

git show HEAD
commit f61adf33af13ea725acebf4246caaa6949e86000 (HEAD -> stable/train, tag: 
debian/2.3.2-0ubuntu1_cloud1, origin/stable/train)
Author: Corey Bryant 
Date:   Thu Jun 25 14:33:54 2020 -0400

releasing package python-oslo.policy version 2.3.2-0ubuntu1~cloud1


root@oslop:/tmp/oslo.policy/python-oslo.policy# export 
QUILT_PATCHES=debian/patches
root@oslop:/tmp/oslo.policy/python-oslo.policy# quilt push
Applying patch debian/patches/reload-policy-files.patch
patching file oslo_policy/policy.py
Hunk #3 succeeded at 769 (offset -6 lines).
Hunk #4 succeeded at 809 (offset -6 lines).
patching file oslo_policy/tests/test_policy.py
patching file releasenotes/notes/bug-1880959-8f1370a59759d40d.yaml

Now at patch debian/patches/reload-policy-files.patch

root@oslop:/tmp/oslo.policy/python-oslo.policy# tox -e py36 -- 
oslo_policy.tests.test_policy.EnforcerTest.test_load_directory_after_file_update
GLOB sdist-make: /tmp/oslo.policy/python-oslo.policy/setup.py
py36 inst-nodeps: 
/tmp/oslo.policy/python-oslo.policy/.tox/dist/oslo.policy-2.3.2.zip
py36 installed: 
alabaster==0.7.12,attrs==19.3.0,Babel==2.8.0,bandit==1.5.1,certifi==2020.6.20,chardet==3.0.4,cliff==3.3.0,cmd2==1.1.0,colorama==0.4.3,coverage==5.2,debtcollector==2.1.0,docutils==0.15.2,dulwich==0.20.5,extras==1.0.0,fixtures==3.0.0,flake8==2.6.2,future==0.18.2,gitdb==4.0.5,GitPython==3.1.3,hacking==1.1.0,idna==2.10,imagesize==1.2.0,importlib-resources==3.0.0,iso8601==0.1.12,Jinja2==2.11.2,linecache2==1.0.0,MarkupSafe==1.1.1,mccabe==0.5.3,mock==3.0.5,msgpack==0.6.1,netaddr==0.8.0,netifaces==0.10.9,openstackdocstheme==2.2.4,oslo.config==8.2.0,oslo.context==3.1.0,oslo.i18n==5.0.0,oslo.policy
 @ 
file:///tmp/oslo.policy/python-oslo.policy/.tox/dist/oslo.policy-2.3.2.zip,oslo.serialization==4.0.0,oslo.utils==4.2.2,oslotest==4.4.0,packaging==20.4,pbr==5.4.5,pkg-resources==0.0.0,prettytable==0.7.2,pycodestyle==2.0.0,pyflakes==1.2.3,Pygments==2.6.1,pyparsing==2.4.7,pyperclip==1.8.0,python-mimeparse==1.6.0,python-subunit==1.4.0,pytz==2020.1,PyYAML==5.3.1,reno==3.1.0,requests==2.23.0,requests-mock==1.8.0,rfc3986==1.4.0,six==1.15.0,smmap==3.0.4,snowballstemmer==2.0.0,Sphinx==3.1.2,sphinxcontrib-apidoc==0.3.0,sphinxcontrib-applehelp==1.0.2,sphinxcontrib-devhelp==1.0.2,sphinxcontrib-htmlhelp==1.0.3,sphinxcontrib-jsmath==1.0.1,sphinxcontrib-qthelp==1.0.3,sphinxcontrib-serializinghtml==1.1.4,stestr==3.0.1,stevedore==2.0.1,testtools==2.4.0,traceback2==1.4.0,unittest2==1.1.0,urllib3==1.25.9,voluptuous==0.11.7,wcwidth==0.2.5,wrapt==1.12.1,zipp==3.1.0
py36 runtests: PYTHONHASHSEED='3086963030'
py36 runtests: commands[0] | stestr run --slowest 
oslo_policy.tests.test_policy.EnforcerTest.test_load_directory_after_file_update
 WARNING [oslo_policy.policy] Policies ['foo'] reference a rule that is not 
defined.
{0} 
oslo_policy.tests.test_policy.EnforcerTest.test_load_directory_after_file_update
 [0.005167s] ... ok

==
Totals
==
Ran: 1 tests in 0.0052 sec.
 - Passed: 1
 - Skipped: 0
 - Expected Fail: 0
 - Unexpected Success: 0
 - Failed: 0
Sum of execute time for each test: 0.0052 sec.

==
Worker Balance
==
 - Worker 0 (1 tests) => 0:00:00.005167
Test id 
  Runtime (s)

  ---
oslo_policy.tests.test_policy.EnforcerTest.test_load_directory_after_file_update
  0.005
__ 
summary 
___
  py36: commands succeeded
  congratulations :)


** Tags removed: verification-train-needed
** Tags added: verification-train-done

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1880959

Title:
  Rules from the policy directory files are not reapplied after changes
  to the primary policy file

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file

[Dmitrii Shcherbakov]

Verified Ussuri (on Focal):

root@oslop-f:/tmp/oslo.policy/python-oslo.policy# git remote show origin
* remote origin
  Fetch URL: 
https://git.launchpad.net/~ubuntu-server-dev/ubuntu/+source/python-oslo.policy
  Push  URL: 
https://git.launchpad.net/~ubuntu-server-dev/ubuntu/+source/python-oslo.policy
# ...

root@oslop-f:/tmp/oslo.policy/python-oslo.policy# git status
On branch stable/ussuri
Your branch is up to date with 'origin/stable/ussuri'.
# ...

root@oslop-f:/tmp/oslo.policy/python-oslo.policy# export 
QUILT_PATCHES=debian/patches
root@oslop-f:/tmp/oslo.policy/python-oslo.policy# quilt push
Applying patch debian/patches/reload-policy-files.patch
patching file oslo_policy/policy.py
patching file oslo_policy/tests/test_policy.py
patching file releasenotes/notes/bug-1880959-8f1370a59759d40d.yaml

Now at patch debian/patches/reload-policy-files.patch


root@oslop-f:/tmp/oslo.policy/python-oslo.policy# tox -e py38 -- 
oslo_policy.tests.test_policy.EnforcerTest.test_load_directory_after_file_update
GLOB sdist-make: /tmp/oslo.policy/python-oslo.policy/setup.py
py38 inst-nodeps: 
/tmp/oslo.policy/python-oslo.policy/.tox/.tmp/package/1/oslo.policy-3.1.0.zip
py38 installed: 
alabaster==0.7.12,appdirs==1.4.3,attrs==19.3.0,Babel==2.8.0,bandit==1.5.1,CacheControl==0.12.6,certifi==2020.6.20,chardet==3.0.4,cliff==3.3.0,cmd2==1.1.0,colorama==0.4.3,contextlib2==0.6.0,coverage==5.2,debtcollector==2.1.0,distlib==0.3.0,distro==1.4.0,docutils==0.15.2,dulwich==0.20.5,entrypoints==0.3,extras==1.0.0,fixtures==3.0.0,flake8==3.7.9,future==0.18.2,gitdb==4.0.5,GitPython==3.1.3,hacking==3.0.1,html5lib==1.0.1,idna==2.10,imagesize==1.2.0,ipaddr==2.2.0,iso8601==0.1.12,Jinja2==2.11.2,linecache2==1.0.0,lockfile==0.12.2,MarkupSafe==1.1.1,mccabe==0.6.1,msgpack==0.6.1,netaddr==0.8.0,netifaces==0.10.9,openstackdocstheme==2.2.4,oslo.config==8.2.0,oslo.context==3.1.0,oslo.i18n==5.0.0,oslo.policy==3.1.0,oslo.serialization==4.0.0,oslo.utils==4.2.2,oslotest==4.4.0,packaging==20.4,pbr==5.4.5,pep517==0.8.2,prettytable==0.7.2,progress==1.5,pycodestyle==2.5.0,pyflakes==2.1.1,Pygments==2.6.1,pyparsing==2.4.7,pyperclip==1.8.0,python-mimeparse==1.6.0,python-subunit==1.4.0,pytoml==0.1.21,pytz==2020.1,PyYAML==5.3.1,reno==3.1.0,requests==2.23.0,requests-mock==1.8.0,retrying==1.3.3,rfc3986==1.4.0,six==1.15.0,smmap==3.0.4,snowballstemmer==2.0.0,Sphinx==3.1.2,sphinxcontrib-apidoc==0.3.0,sphinxcontrib-applehelp==1.0.2,sphinxcontrib-devhelp==1.0.2,sphinxcontrib-htmlhelp==1.0.3,sphinxcontrib-jsmath==1.0.1,sphinxcontrib-qthelp==1.0.3,sphinxcontrib-serializinghtml==1.1.4,stestr==3.0.1,stevedore==2.0.1,testtools==2.4.0,traceback2==1.4.0,unittest2==1.1.0,urllib3==1.25.9,voluptuous==0.11.7,wcwidth==0.2.5,webencodings==0.5.1,wrapt==1.12.1
py38 run-test-pre: PYTHONHASHSEED='930512441'
py38 run-test: commands[0] | stestr run --slowest 
oslo_policy.tests.test_policy.EnforcerTest.test_load_directory_after_file_update
 WARNING [oslo_policy.policy] Policies ['foo'] reference a rule that is not 
defined.
{0} 
oslo_policy.tests.test_policy.EnforcerTest.test_load_directory_after_file_update
 [0.003257s] ... ok

==
Totals
==
Ran: 1 tests in 0.0033 sec.
 - Passed: 1
 - Skipped: 0
 - Expected Fail: 0
 - Unexpected Success: 0
 - Failed: 0
Sum of execute time for each test: 0.0033 sec.

==
Worker Balance
==
 - Worker 0 (1 tests) => 0:00:00.003257
Test id 
  Runtime (s)

  ---
oslo_policy.tests.test_policy.EnforcerTest.test_load_directory_after_file_update
  0.003
__ 
summary 
___
  py38: commands succeeded
  congratulations :)


** Tags removed: verification-ussuri-needed
** Tags added: verification-ussuri-done

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1880959

Title:
  Rules from the policy directory files are not reapplied after changes
  to the primary policy file

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file

[Jason Hobbs]

sub'd to field high as this is blocking field high bug 1818113

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1880959

Title:
  Rules from the policy directory files are not reapplied after changes
  to the primary policy file

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file

[Brian Murray]

Hello Dmitrii, or anyone else affected,

Accepted python-oslo.policy into focal-proposed. The package will build
now and be available at https://launchpad.net/ubuntu/+source/python-
oslo.policy/3.1.0-0ubuntu1.1 in a few hours, and then in the -proposed
repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, what testing has been
performed on the package and change the tag from verification-needed-
focal to verification-done-focal. If it does not fix the bug for you,
please add a comment stating that, and change the tag to verification-
failed-focal. In either case, without details of your testing we will
not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

** Changed in: python-oslo.policy (Ubuntu Focal)
   Status: New => Fix Committed

** Tags added: verification-needed verification-needed-focal

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1880959

Title:
  Rules from the policy directory files are not reapplied after changes
  to the primary policy file

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file

[OpenStack Infra]

Reviewed:  https://review.opendev.org/734154
Committed: 
https://git.openstack.org/cgit/openstack/oslo.policy/commit/?id=5904564bf13bbac7d66e00ec6312487c507f09c4
Submitter: Zuul
Branch:stable/train

commit 5904564bf13bbac7d66e00ec6312487c507f09c4
Author: Dmitrii Shcherbakov 
Date:   Wed May 27 17:06:25 2020 +0300

Reload files in policy_dirs on primary file change

It was determined that rules from policy files located in the directory
specified in the policy_dirs option (/etc//policy.d by
default) are not re-applied after the rules from the primary policy file
is re-applied due to a change.

This change introduces additional behavior to make sure the rules from
policy_dirs are reapplied if there is a change to the primary policy
file.

Change-Id: I8a6f8e971d881365c41ea409966723319d5b239a
Closes-Bug: #1880959
Related-Bug: #1880847
(cherry picked from commit 75677a31108243e0adddc89f1fbf669053f9573b)
(cherry picked from commit c8c138e69d9189345a7366a10b0779ef70b7250e)


** Changed in: cloud-archive/train
   Status: Triaged => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1880959

Title:
  Rules from the policy directory files are not reapplied after changes
  to the primary policy file

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file

[Corey Bryant]

This bug was fixed in the package python-oslo.policy - 3.2.0-0ubuntu2~cloud0
---

 python-oslo.policy (3.2.0-0ubuntu2~cloud0) focal-victoria; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 python-oslo.policy (3.2.0-0ubuntu2) groovy; urgency=medium
 .
   * d/p/reload-policy-files.patch: Cherry-picked from upstream master
 to ensure policy directory files are reapplied after change to primary
 policy file (LP: #1880959).


** Changed in: cloud-archive
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1880959

Title:
  Rules from the policy directory files are not reapplied after changes
  to the primary policy file

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file

[Launchpad Bug Tracker]

This bug was fixed in the package python-oslo.policy - 3.2.0-0ubuntu2

---
python-oslo.policy (3.2.0-0ubuntu2) groovy; urgency=medium

  * d/p/reload-policy-files.patch: Cherry-picked from upstream master
to ensure policy directory files are reapplied after change to primary
policy file (LP: #1880959).

 -- Corey Bryant   Thu, 25 Jun 2020 10:47:11
-0400

** Changed in: python-oslo.policy (Ubuntu Groovy)
   Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1880959

Title:
  Rules from the policy directory files are not reapplied after changes
  to the primary policy file

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file

[Corey Bryant]

** Changed in: cloud-archive
   Status: Triaged => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1880959

Title:
  Rules from the policy directory files are not reapplied after changes
  to the primary policy file

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file

[Corey Bryant]

Dmitrii, thanks for all the patches. For ubuntu, fixes have been
uploaded to groovy, focal unapproved, train-staging ppa, and stein-
staging ppa.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1880959

Title:
  Rules from the policy directory files are not reapplied after changes
  to the primary policy file

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file

[Corey Bryant]

Eoan is EOL in July so will upload directly to train.

** Changed in: python-oslo.policy (Ubuntu Eoan)
   Status: Triaged => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1880959

Title:
  Rules from the policy directory files are not reapplied after changes
  to the primary policy file

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file

[Corey Bryant]

** Description changed:

  [Impact]
  Based on the investigation here 
https://bugs.launchpad.net/charm-keystone/+bug/1880847 it was determined that 
rules from policy files located in the directory specified in the policy_dirs 
option (/etc//policy.d by default) are not re-applied after the 
rules from the primary policy file is re-applied due to a change.
  
  This leads to scenarios where incorrect rule combinations are active.
  
  Example from the test case in 1880847:
  
  * policy.json gets read with the following rule;
  "identity:list_credentials": "rule:admin_required or user_id:%(user_id)s",
  * rule.yaml from policy.d is read with the following rule;
  {'identity:list_credentials': '!'}
  * policy.json's mtime gets updated (with or without a content change) and 
overrides the rule to be
  "identity:list_credentials": "rule:admin_required or user_id:%(user_id)s",
  * rule.yaml doesn't get reapplied since it hasn't changed.
  
  [Test Case]
+ == ubuntu ==
+ 
+ The patches include unit tests that ensure the code is behaving as
+ expected and has not regressed. These tests are run during every package
+ build.
+ 
+ == upstream ==
  For a particular version of oslo.policy:
  
  * put the attached test (https://bugs.launchpad.net/ubuntu/+source
  /python-
  oslo.policy/+bug/1880959/+attachment/5377753/+files/test_1880959.py)
  under oslo_policy/tests/test_1880959.py;
  
  * run tox -e cover -- oslo_policy.tests.test_1880959.EnforcerTest;
  * observe the failure;
  # ...
  testtools.matchers._impl.MismatchError: 'role:fakeA' != 'rule:admin'
  Ran 1 tests in 0.005s (+0.001s)
  FAILED (id=1, failures=1)
  
  * apply the patch;
  * run tox -e cover -- oslo_policy.tests.test_1880959.EnforcerTest
  * observe that the failure is no longer there.
  
- 
  [Regression Potential]
  The regression potential is low given that there is test coverage in the 
olso.policy unit tests.

** Changed in: cloud-archive/ussuri
   Status: Fix Committed => Triaged

** Changed in: cloud-archive/train
   Status: In Progress => Triaged

** Changed in: cloud-archive/stein
   Status: In Progress => Triaged

** Changed in: cloud-archive/rocky
   Status: In Progress => Triaged

** Changed in: cloud-archive/queens
   Status: In Progress => Triaged

** Changed in: cloud-archive
   Status: In Progress => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1880959

Title:
  Rules from the policy directory files are not reapplied after changes
  to the primary policy file

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file

[OpenStack Infra]

Reviewed:  https://review.opendev.org/734151
Committed: 
https://git.openstack.org/cgit/openstack/oslo.policy/commit/?id=c8c138e69d9189345a7366a10b0779ef70b7250e
Submitter: Zuul
Branch:stable/ussuri

commit c8c138e69d9189345a7366a10b0779ef70b7250e
Author: Dmitrii Shcherbakov 
Date:   Wed May 27 17:06:25 2020 +0300

Reload files in policy_dirs on primary file change

It was determined that rules from policy files located in the directory
specified in the policy_dirs option (/etc//policy.d by
default) are not re-applied after the rules from the primary policy file
is re-applied due to a change.

This change introduces additional behavior to make sure the rules from
policy_dirs are reapplied if there is a change to the primary policy
file.

Change-Id: I8a6f8e971d881365c41ea409966723319d5b239a
Closes-Bug: #1880959
Related-Bug: #1880847
(cherry picked from commit 75677a31108243e0adddc89f1fbf669053f9573b)


** Changed in: cloud-archive/ussuri
   Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1880959

Title:
  Rules from the policy directory files are not reapplied after changes
  to the primary policy file

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file

[Dmitrii Shcherbakov]

Yes, the backports themselves include the unit tests necessary to
validate the change.

https://review.opendev.org/#/q/topic:bug/1880959+(status:open+OR+status:merged)

We just need to get a second +2 on some of them.

Rocky and Queens backports are blocked on devstack backports to
devstack/rocky and devstack/queens referenced in the respective reviews.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1880959

Title:
  Rules from the policy directory files are not reapplied after changes
  to the primary policy file

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file

[Pedro Guimarães]

** Tags added: cpe-onsite

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1880959

Title:
  Rules from the policy directory files are not reapplied after changes
  to the primary policy file

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file

[Chris MacNaughton]

Corey, to your question in #6 about being able to add this test to the
package, the test that Dmitrii linked is actually pulled, almost
verbatim, from the linked review. After pulling in the associated
change, this test will run as part of the package tests (AFAIU?) so we
should be able to validate it fairly cleanly

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1880959

Title:
  Rules from the policy directory files are not reapplied after changes
  to the primary policy file

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file

[OpenStack Infra]

Reviewed:  https://review.opendev.org/731218
Committed: 
https://git.openstack.org/cgit/openstack/oslo.policy/commit/?id=75677a31108243e0adddc89f1fbf669053f9573b
Submitter: Zuul
Branch:master

commit 75677a31108243e0adddc89f1fbf669053f9573b
Author: Dmitrii Shcherbakov 
Date:   Wed May 27 17:06:25 2020 +0300

Reload files in policy_dirs on primary file change

It was determined that rules from policy files located in the directory
specified in the policy_dirs option (/etc//policy.d by
default) are not re-applied after the rules from the primary policy file
is re-applied due to a change.

This change introduces additional behavior to make sure the rules from
policy_dirs are reapplied if there is a change to the primary policy
file.

Change-Id: I8a6f8e971d881365c41ea409966723319d5b239a
Closes-Bug: #1880959
Related-Bug: #1880847


** Changed in: oslo.policy
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1880959

Title:
  Rules from the policy directory files are not reapplied after changes
  to the primary policy file

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file

[Corey Bryant]

@Dmitrii, Couple questions. Will we be able to test the Ubuntu package
with that? Would it make sense for that test to land upstream? Whatever
test we decide on we'll need to be able to test against the package
version in -proposed to ensure it is fixed. We run upstream unit tests
during package builds so that may be an option if the SRU Team is ok
with it.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1880959

Title:
  Rules from the policy directory files are not reapplied after changes
  to the primary policy file

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file

[Dmitrii Shcherbakov]

** Description changed:

  [Impact]
  Based on the investigation here 
https://bugs.launchpad.net/charm-keystone/+bug/1880847 it was determined that 
rules from policy files located in the directory specified in the policy_dirs 
option (/etc//policy.d by default) are not re-applied after the 
rules from the primary policy file is re-applied due to a change.
  
  This leads to scenarios where incorrect rule combinations are active.
  
  Example from the test case in 1880847:
  
  * policy.json gets read with the following rule;
  "identity:list_credentials": "rule:admin_required or user_id:%(user_id)s",
  * rule.yaml from policy.d is read with the following rule;
  {'identity:list_credentials': '!'}
  * policy.json's mtime gets updated (with or without a content change) and 
overrides the rule to be
  "identity:list_credentials": "rule:admin_required or user_id:%(user_id)s",
  * rule.yaml doesn't get reapplied since it hasn't changed.
  
  [Test Case]
- TBD
+ For a particular version of oslo.policy:
+ 
+ * put the attached test (https://bugs.launchpad.net/ubuntu/+source
+ /python-
+ oslo.policy/+bug/1880959/+attachment/5377753/+files/test_1880959.py)
+ under oslo_policy/tests/test_1880959.py;
+ 
+ * run tox -e cover -- oslo_policy.tests.test_1880959.EnforcerTest;
+ * observe the failure;
+ # ...
+ testtools.matchers._impl.MismatchError: 'role:fakeA' != 'rule:admin'
+ Ran 1 tests in 0.005s (+0.001s)
+ FAILED (id=1, failures=1)
+ 
+ * apply the patch;
+ * run tox -e cover -- oslo_policy.tests.test_1880959.EnforcerTest
+ * observe that the failure is no longer there.
+ 
  
  [Regression Potential]
- TBD
+ The regression potential is low given that there is test coverage in the 
olso.policy unit tests.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1880959

Title:
  Rules from the policy directory files are not reapplied after changes
  to the primary policy file

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file

[Dmitrii Shcherbakov]

Corey,

The simplest way to test this for a particular version would be to put
the attached test under oslo_policy/tests/test_1880959.py in a checked
out version of oslo.policy and running:

tox -e cover -- oslo_policy.tests.test_1880959.EnforcerTest

It will fail like below without the patch applied and pass if it is.

# ...
testtools.matchers._impl.MismatchError: 'role:fakeA' != 'rule:admin'
Ran 1 tests in 0.005s (+0.001s)
FAILED (id=1, failures=1)

** Attachment added: "test_1880959.py"
   
https://bugs.launchpad.net/ubuntu/+source/python-oslo.policy/+bug/1880959/+attachment/5377753/+files/test_1880959.py

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1880959

Title:
  Rules from the policy directory files are not reapplied after changes
  to the primary policy file

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file

[Corey Bryant]

Thanks Dmitrii, we'll need to get this backported as far as we can
upstream once the fix lands in master. I'll target the rest of the
ubuntu and cloud archive releases. Would you be able to add some simple
repro steps to the [Test Case] section in the bug description? This can
include a juju based deploy. That will help us verify SRU fixes for each
release combination once we have fixes in corresponding -proposed
pockets available for testing.

** Description changed:

- Based on the investigation here https://bugs.launchpad.net/charm-
- keystone/+bug/1880847 it was determined that rules from policy files
- located in the directory specified in the policy_dirs option
- (/etc//policy.d by default) are not re-applied after the
- rules from the primary policy file is re-applied due to a change.
+ [Impact]
+ Based on the investigation here 
https://bugs.launchpad.net/charm-keystone/+bug/1880847 it was determined that 
rules from policy files located in the directory specified in the policy_dirs 
option (/etc//policy.d by default) are not re-applied after the 
rules from the primary policy file is re-applied due to a change.
  
  This leads to scenarios where incorrect rule combinations are active.
  
  Example from the test case in 1880847:
  
  * policy.json gets read with the following rule;
- "identity:list_credentials": "rule:admin_required or user_id:%(user_id)s",
+ "identity:list_credentials": "rule:admin_required or user_id:%(user_id)s",
  * rule.yaml from policy.d is read with the following rule;
  {'identity:list_credentials': '!'}
  * policy.json's mtime gets updated (with or without a content change) and 
overrides the rule to be
- "identity:list_credentials": "rule:admin_required or user_id:%(user_id)s",
+ "identity:list_credentials": "rule:admin_required or user_id:%(user_id)s",
  * rule.yaml doesn't get reapplied since it hasn't changed.
+ 
+ [Test Case]
+ TBD
+ 
+ [Regression Potential]
+ TBD

** Also affects: python-oslo.policy (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: python-oslo.policy (Ubuntu Eoan)
   Importance: Undecided
   Status: New

** Also affects: python-oslo.policy (Ubuntu Bionic)
   Importance: Undecided
   Status: New

** Changed in: python-oslo.policy (Ubuntu Xenial)
   Status: New => Triaged

** Changed in: python-oslo.policy (Ubuntu Bionic)
   Status: New => Triaged

** Changed in: python-oslo.policy (Ubuntu Eoan)
   Status: New => Triaged

** Changed in: python-oslo.policy (Ubuntu Eoan)
   Importance: Undecided => High

** Changed in: python-oslo.policy (Ubuntu Bionic)
   Importance: Undecided => High

** Changed in: python-oslo.policy (Ubuntu Xenial)
   Importance: Undecided => High

** Also affects: cloud-archive
   Importance: Undecided
   Status: New

** Also affects: cloud-archive/ussuri
   Importance: Undecided
   Status: New

** Also affects: cloud-archive/queens
   Importance: Undecided
   Status: New

** Also affects: cloud-archive/train
   Importance: Undecided
   Status: New

** Also affects: cloud-archive/stein
   Importance: Undecided
   Status: New

** Also affects: cloud-archive/mitaka
   Importance: Undecided
   Status: New

** Also affects: cloud-archive/rocky
   Importance: Undecided
   Status: New

** Changed in: cloud-archive/mitaka
   Importance: Undecided => High

** Changed in: cloud-archive/mitaka
   Status: New => Triaged

** Changed in: cloud-archive/queens
   Importance: Undecided => High

** Changed in: cloud-archive/queens
   Status: New => Triaged

** Changed in: cloud-archive/rocky
   Importance: Undecided => High

** Changed in: cloud-archive/rocky
   Status: New => Triaged

** Changed in: cloud-archive/stein
   Importance: Undecided => High

** Changed in: cloud-archive/stein
   Status: New => Triaged

** Changed in: cloud-archive/train
   Importance: Undecided => High

** Changed in: cloud-archive/train
   Status: New => Triaged

** Changed in: cloud-archive/ussuri
   Importance: Undecided => High

** Changed in: cloud-archive/ussuri
   Status: New => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1880959

Title:
  Rules from the policy directory files are not reapplied after changes
  to the primary policy file

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file

[Dmitrii Shcherbakov]

Corey, I believe the issue got introduced in Liberty and affects all
releases since then:
https://opendev.org/openstack/oslo.policy/commit/b5f07dfe4cd4a5d12c7fecbc3954694d934de642

The check in question is still the same in Ussuri and that code hasn't seen 
much change:
https://opendev.org/openstack/oslo.policy/src/commit/d4a2c64fad8b0d8d2df6a447c6c9826deaf24593/oslo_policy/policy.py#L581-L585

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1880959

Title:
  Rules from the policy directory files are not reapplied after changes
  to the primary policy file

To manage notifications about this bug go to:
https://bugs.launchpad.net/oslo.policy/+bug/1880959/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file

[Corey Bryant]

@dmitrii, Thanks for the patch. What releases does this affect?

** Also affects: python-oslo.policy (Ubuntu Groovy)
   Importance: Undecided
   Status: New

** Changed in: python-oslo.policy (Ubuntu Groovy)
   Status: New => Triaged

** Changed in: python-oslo.policy (Ubuntu Groovy)
   Importance: Undecided => High

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1880959

Title:
  Rules from the policy directory files are not reapplied after changes
  to the primary policy file

To manage notifications about this bug go to:
https://bugs.launchpad.net/oslo.policy/+bug/1880959/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file

[Dmitrii Shcherbakov]

** Also affects: oslo.policy
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1880959

Title:
  Rules from the policy directory files are not reapplied after changes
  to the primary policy file

To manage notifications about this bug go to:
https://bugs.launchpad.net/oslo.policy/+bug/1880959/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file

[OpenStack Infra]

Fix proposed to branch: master
Review: https://review.opendev.org/731218

** Changed in: oslo.policy
   Status: New => In Progress

** Changed in: oslo.policy
 Assignee: (unassigned) => Dmitrii Shcherbakov (dmitriis)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1880959

Title:
  Rules from the policy directory files are not reapplied after changes
  to the primary policy file

To manage notifications about this bug go to:
https://bugs.launchpad.net/oslo.policy/+bug/1880959/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs