openstack/oslo.messaging
Code Issues Proposed changes

Add is_admin to safe fields list for notifications

Browse Source 
We encountered bug 2037312 in unit tests when attempting to get this
change rolled out. Heat apparently will attempt to set is_admin using
policy logic if it's not passed in for a new context; this breaks as the
context we are requested doesn't have all the needed information to
exercise the policy logic.

is_admin is just a bool; it's not sensitive; easiest route forward is to
add it to the safe list

Closes-bug: 2037312
Change-Id: I78b08edfcb8115cddd7de9c6c788c0a57c8218a8
This commit is contained in:
Jay Faulkner 2023-09-25 10:28:48 -07:00
parent 7705b4f302
commit c1b606f77e
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
oslo_messaging/notify/notifier.py
View File

@ -180,6 +180,10 @@ def _sanitize_context(ctxt):
'domain_id', 'domain_id',
'user_domain_id', 'user_domain_id',
'project_domain_id', 'project_domain_id',
# NOTE(JayF): Without is_admin; heat will make a roundtrip to policy
# to try to set it to a sane value when instantiating the
# replacement context. Instead, just pass it on.
'is_admin',
'request_id', 'request_id',
'roles', 'roles',
'user_name', 'user_name',