Reviewed: https://review.openstack.org/601882 Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=0c71cdd23bd2a7e4f7ec1a5ecec91f3ed7457d00 Submitter: Zuul Branch: stable/rocky commit 0c71cdd23bd2a7e4f7ec1a5ecec91f3ed7457d00 Author: morgan fainberg <morgan.fainberg at gmail.com> Date: Tue Sep 11 16:03:54 2018 -0700 Ensure view args is in policy dict The policy_dict (in enforcement) was not populating the view args in a similar manner to the old style @protected decorator. This change ensures that we mirror the old behavior (required for proper use of v3cloud policy). Conflicts: keystone/tests/unit/common/test_rbac_enforcer.py Change-Id: Ida9009a95a874be9cc60c3152d4e3225726562eb Partial-Bug: #1776504 Closes-Bug: #1792047 (cherry picked from commit 4975b79e8174587f7639347939cf679460d4896b) ** Changed in: keystone/rocky Status: In Progress => Fix Committed -- You received this bug notification because you are a member of OpenStack Security SIG, which is subscribed to OpenStack. https://bugs.launchpad.net/bugs/1792047 Title: keystone rbacenforcer not populating policy dict with view args Status in OpenStack Identity (keystone): Fix Released Status in OpenStack Identity (keystone) rocky series: Fix Committed Status in OpenStack Identity (keystone) stein series: Fix Released Bug description: The old @protected decorator pushed the view arguments into the policy_dict for enforcement purposes[0]. This was missed in the new RBACEnforcer. [0] https://github.com/openstack/keystone/blob/294ca38554bb229f66a772e7dba35a5b08a36b20/keystone/common/authorization.py#L152 To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1792047/+subscriptions