openstack/oslo.messaging
Code Issues Proposed changes

Add is_admin to safe fields list for notifications

Browse Source 
We encountered bug 2037312 in unit tests when attempting to get this
change rolled out. Heat apparently will attempt to set is_admin using
policy logic if it's not passed in for a new context; this breaks as the
context we are requested doesn't have all the needed information to
exercise the policy logic.

is_admin is just a bool; it's not sensitive; easiest route forward is to
add it to the safe list

Closes-bug: 2037312
Change-Id: I78b08edfcb8115cddd7de9c6c788c0a57c8218a8
(cherry picked from commit c1b606f77e69a2829fcfdb74b8b3f646d4b60929)
(cherry picked from commit 29623702fc1ebce240b6d368ee95ab9f479d5e02)
This commit is contained in:
Jay Faulkner 2023-09-25 10:28:48 -07:00 committed by Takashi Kajinami
parent b8b4375885
commit 45a0141468
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
oslo_messaging/notify/notifier.py
View File

@ -180,6 +180,10 @@ def _sanitize_context(ctxt):
'domain_id', 'domain_id',
'user_domain_id', 'user_domain_id',
'project_domain_id', 'project_domain_id',
# NOTE(JayF): Without is_admin; heat will make a roundtrip to policy
# to try to set it to a sane value when instantiating the
# replacement context. Instead, just pass it on.
'is_admin',
'request_id', 'request_id',
'roles', 'roles',
'user_name', 'user_name',