Add is_admin to safe fields list for notifications

We encountered bug 2037312 in unit tests when attempting to get this change rolled out. Heat apparently will attempt to set is_admin using policy logic if it's not passed in for a new context; this breaks as the context we are requested doesn't have all the needed information to exercise the policy logic. is_admin is just a bool; it's not sensitive; easiest route forward is to add it to the safe list Closes-bug: 2037312 Change-Id: I78b08edfcb8115cddd7de9c6c788c0a57c8218a8
2023-09-25 10:28:48 -07:00 · 2023-09-25 10:28:48 -07:00 · c1b606f77e
commit c1b606f77e
parent 7705b4f302
1 changed files with 4 additions and 0 deletions
--- a/oslo_messaging/notify/notifier.py
+++ b/oslo_messaging/notify/notifier.py
@ -180,6 +180,10 @@ def _sanitize_context(ctxt):
        'domain_id',
        'user_domain_id',
        'project_domain_id',
+        # NOTE(JayF): Without is_admin; heat will make a roundtrip to policy
+        #             to try to set it to a sane value when instantiating the
+        #             replacement context. Instead, just pass it on.
+        'is_admin',
        'request_id',
        'roles',
        'user_name',