GenericCheck: nested field match like %(role.name)s does not work without flattening dict
Bug #1678563 reported by
Akihiro Motoki
This bug affects 2 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| oslo.policy |
Triaged
|
Medium
|
Unassigned | ||
Bug Description
The examples of GenericCheck shows like:
- True:%(
- 'Member'
i think these examples expect that 'target' contains a field like "user.enabled" or "role.name", but in most cases we don't have such fields without flattening "target" dict.
keystone has a convenient method to flatten a dict [1] and and it is called before policy enforcement (e.g., [2]).
It would be nice and useful if oslo.policy supports flattening a target dict before policy.check.
Otherwise, examples of GenericCheck should be updated not to include nested fields.
[1] https:/
[2] https:/
| summary: |
GenericCheck: nested field match like %(role.name)s does not work - without flattening dict field + without flattening dict |
Revision history for this message
| Morgan Fainberg (mdrnstm) wrote | #1 |
| Changed in oslo.policy: | |
| status: | New → Triaged |
| importance: | Undecided → Medium |
Revision history for this message
| Yang Youseok (ileixe) wrote | #2 |
To post a comment you must log in.
We should totally merge the flattener to oslo.policy.