From 45a01414689e917f6adb17f99deb71830837fa97 Mon Sep 17 00:00:00 2001 From: Jay Faulkner Date: Mon, 25 Sep 2023 10:28:48 -0700 Subject: [PATCH] Add is_admin to safe fields list for notifications We encountered bug 2037312 in unit tests when attempting to get this change rolled out. Heat apparently will attempt to set is_admin using policy logic if it's not passed in for a new context; this breaks as the context we are requested doesn't have all the needed information to exercise the policy logic. is_admin is just a bool; it's not sensitive; easiest route forward is to add it to the safe list Closes-bug: 2037312 Change-Id: I78b08edfcb8115cddd7de9c6c788c0a57c8218a8 (cherry picked from commit c1b606f77e69a2829fcfdb74b8b3f646d4b60929) (cherry picked from commit 29623702fc1ebce240b6d368ee95ab9f479d5e02) --- oslo_messaging/notify/notifier.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/oslo_messaging/notify/notifier.py b/oslo_messaging/notify/notifier.py index 5fa0ebeeb..1407e9fb0 100644 --- a/oslo_messaging/notify/notifier.py +++ b/oslo_messaging/notify/notifier.py @@ -180,6 +180,10 @@ def _sanitize_context(ctxt): 'domain_id', 'user_domain_id', 'project_domain_id', + # NOTE(JayF): Without is_admin; heat will make a roundtrip to policy + # to try to set it to a sane value when instantiating the + # replacement context. Instead, just pass it on. + 'is_admin', 'request_id', 'roles', 'user_name',