From f30d5e38f60c9c5abdf9c831dd28ffad306b135b Mon Sep 17 00:00:00 2001
From: Dmitrii Shcherbakov <dmitrii.shcherbakov@canonical.com>
Date: Wed, 10 Nov 2021 18:46:37 +0300
Subject: [PATCH] Revert a admin_and_matching_domain_id rule change

This reverts commit cef78d47fb1dd865e4058e32460adc07b44a105d.
Related-Bug: #1950379

Change-Id: I871eac8af34e49e771ffa8a7d8076d0bbcbb40ae
---
 templates/mitaka/policy.json | 2 +-
 templates/newton/policy.json | 2 +-
 templates/ocata/policy.json  | 2 +-
 templates/queens/policy.json | 2 +-
 templates/rocky/policy.json  | 2 +-
 test-requirements.txt        | 1 +
 6 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/templates/mitaka/policy.json b/templates/mitaka/policy.json
index a8bc3193..34d3cd96 100644
--- a/templates/mitaka/policy.json
+++ b/templates/mitaka/policy.json
@@ -10,7 +10,7 @@
     "service_or_admin": "rule:admin_required or rule:service_role",
     "owner" : "user_id:%(user_id)s or user_id:%(target.token.user_id)s",
     "admin_or_owner": "(rule:admin_required and domain_id:%(target.token.user.domain.id)s) or rule:owner",
-    "admin_and_matching_domain_id": "rule:admin_required and domain_id:%(target.domain_id)s",
+    "admin_and_matching_domain_id": "rule:admin_required and domain_id:%(domain_id)s",
     "service_admin_or_owner": "rule:service_or_admin or rule:owner",
 
     "default": "rule:admin_required",
diff --git a/templates/newton/policy.json b/templates/newton/policy.json
index b9cded11..c92c5f01 100644
--- a/templates/newton/policy.json
+++ b/templates/newton/policy.json
@@ -10,7 +10,7 @@
     "service_or_admin": "rule:admin_required or rule:service_role",
     "owner" : "user_id:%(user_id)s or user_id:%(target.token.user_id)s",
     "admin_or_owner": "(rule:admin_required and domain_id:%(target.token.user.domain.id)s) or rule:owner",
-    "admin_and_matching_domain_id": "rule:admin_required and domain_id:%(target.domain_id)s",
+    "admin_and_matching_domain_id": "rule:admin_required and domain_id:%(domain_id)s",
     "service_admin_or_owner": "rule:service_or_admin or rule:owner",
 
     "default": "rule:admin_required",
diff --git a/templates/ocata/policy.json b/templates/ocata/policy.json
index 23cdb64e..526ea08a 100644
--- a/templates/ocata/policy.json
+++ b/templates/ocata/policy.json
@@ -10,7 +10,7 @@
     "service_or_admin": "rule:admin_required or rule:service_role",
     "owner" : "user_id:%(user_id)s or user_id:%(target.token.user_id)s",
     "admin_or_owner": "(rule:admin_required and domain_id:%(target.token.user.domain.id)s) or rule:owner",
-    "admin_and_matching_domain_id": "rule:admin_required and domain_id:%(target.domain_id)s",
+    "admin_and_matching_domain_id": "rule:admin_required and domain_id:%(domain_id)s",
     "service_admin_or_owner": "rule:service_or_admin or rule:owner",
 
     "default": "rule:admin_required",
diff --git a/templates/queens/policy.json b/templates/queens/policy.json
index d3b5014c..1567e866 100644
--- a/templates/queens/policy.json
+++ b/templates/queens/policy.json
@@ -5,7 +5,7 @@
     "service_or_admin": "rule:admin_required or rule:service_role",
     "owner": "user_id:%(user_id)s or user_id:%(target.token.user_id)s",
     "admin_or_owner": "(rule:admin_required and domain_id:%(target.token.user.domain.id)s) or rule:owner",
-    "admin_and_matching_domain_id": "rule:admin_required and domain_id:%(target.domain_id)s",
+    "admin_and_matching_domain_id": "rule:admin_required and domain_id:%(domain_id)s",
     "service_admin_or_owner": "rule:service_or_admin or rule:owner",
 
     "default": "rule:admin_required",
diff --git a/templates/rocky/policy.json b/templates/rocky/policy.json
index b48dbdd3..58b2a81b 100644
--- a/templates/rocky/policy.json
+++ b/templates/rocky/policy.json
@@ -5,7 +5,7 @@
     "service_or_admin": "rule:admin_required or rule:service_role",
     "owner": "user_id:%(user_id)s or user_id:%(target.token.user_id)s",
     "admin_or_owner": "(rule:admin_required and domain_id:%(target.token.user.domain.id)s) or rule:owner",
-    "admin_and_matching_domain_id": "rule:admin_required and domain_id:%(target.domain_id)s",
+    "admin_and_matching_domain_id": "rule:admin_required and domain_id:%(domain_id)s",
     "service_admin_or_owner": "rule:service_or_admin or rule:owner",
 
     "default": "rule:admin_required",
diff --git a/test-requirements.txt b/test-requirements.txt
index 856887a7..f853625d 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -7,6 +7,7 @@
 #       requirements.  They are intertwined.  Also, Zaza itself should specify
 #       all of its own requirements and if it doesn't, fix it there.
 #
+pyparsing<3.0.0  # aodhclient is pinned in zaza and needs pyparsing < 3.0.0, but cffi also needs it, so pin here.
 cffi==1.14.6; python_version < '3.6'  # cffi 1.15.0 drops support for py35.
 setuptools<50.0.0  # https://github.com/pypa/setuptools/commit/04e3df22df840c6bb244e9b27bc56750c44b7c85