From df8f8eed1ed4f61e1dbe211299b439b159de563a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Douglas=20Mendiz=C3=A1bal?= <dmendiza@redhat.com>
Date: Thu, 25 Jan 2024 15:37:50 -0500
Subject: [PATCH] Fix policies for groups

This patch fixes a couple of broken policies in the groups resource.

Change-Id: Ia47ecc71c04bcb50c2e0d677a99b3754ffbc1c04
---
 keystone/common/policies/group.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/keystone/common/policies/group.py b/keystone/common/policies/group.py
index 024ee65f75..8c8293cd39 100644
--- a/keystone/common/policies/group.py
+++ b/keystone/common/policies/group.py
@@ -21,7 +21,7 @@ SYSTEM_READER_OR_DOMAIN_READER_FOR_TARGET_USER_OR_OWNER = (
     'user_id:%(user_id)s'
 )
 ADMIN_OR_SYSTEM_READER_OR_DOMAIN_READER_FOR_TARGET_OR_OWNER = (
-    '(' + base.RULE_ADMIN_REQUIRED + ') or (' +
+    '(' + base.RULE_ADMIN_REQUIRED + ') or ' +
     SYSTEM_READER_OR_DOMAIN_READER_FOR_TARGET_USER_OR_OWNER
 )
 
@@ -32,7 +32,7 @@ SYSTEM_READER_OR_DOMAIN_READER_FOR_TARGET_GROUP_USER = (
     'domain_id:%(target.user.domain_id)s)'
 )
 ADMIN_OR_SYSTEM_READER_OR_DOMAIN_READER_FOR_TARGET_GROUP = (
-    '(' + base.RULE_ADMIN_REQUIRED + ') or (' +
+    '(' + base.RULE_ADMIN_REQUIRED + ') or ' +
     SYSTEM_READER_OR_DOMAIN_READER_FOR_TARGET_GROUP_USER
 )