diff options
| author | Vishvananda Ishaya <vishvananda@gmail.com> | 2012-08-20 10:25:21 -0700 |
|---|---|---|
| committer | Vishvananda Ishaya <vishvananda@gmail.com> | 2012-08-20 10:25:21 -0700 |
| commit | 454693d250e7085cefef30e1b43608477f34a345 (patch) | |
| tree | 9c364a66014b9756c0cf1b7bb8d5d02c5d1f19e3 /openstack | |
| parent | f7b87701444d035e82ae6ac6954e8ad84aab5baf (diff) | |
| download | oslo-454693d250e7085cefef30e1b43608477f34a345.tar.gz oslo-454693d250e7085cefef30e1b43608477f34a345.tar.xz oslo-454693d250e7085cefef30e1b43608477f34a345.zip | |
Allow non-string items in the creds dict.
The generic checking in policy allows us to match against data from the
creds_dict using a very simple syntax. For example, in policy.json if
you had something like:
"some_action": [["project_id:foo"]]
it would only allow project foo to perform that action, but something
like:
"some_action": [["is_admin:True"]]
where is_admin is a boolean fails.
This modifies the check to convert the value to unicode before
attempting to compare it. It includes a test.
Fixes bug 1039132
Change-Id: I0e53a6ea2709212d4a1536f901bcf1e717a232ca
Diffstat (limited to 'openstack')
| -rw-r--r-- | openstack/common/policy.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/openstack/common/policy.py b/openstack/common/policy.py index fd1d7d3..4cd5a43 100644 --- a/openstack/common/policy.py +++ b/openstack/common/policy.py @@ -296,5 +296,5 @@ def _check_generic(brain, match_kind, match, target_dict, cred_dict): # TODO(termie): do dict inspection via dot syntax match = match % target_dict if match_kind in cred_dict: - return match == cred_dict[match_kind] + return match == unicode(cred_dict[match_kind]) return False |