From 454693d250e7085cefef30e1b43608477f34a345 Mon Sep 17 00:00:00 2001 From: Vishvananda Ishaya Date: Mon, 20 Aug 2012 10:25:21 -0700 Subject: Allow non-string items in the creds dict. The generic checking in policy allows us to match against data from the creds_dict using a very simple syntax. For example, in policy.json if you had something like: "some_action": [["project_id:foo"]] it would only allow project foo to perform that action, but something like: "some_action": [["is_admin:True"]] where is_admin is a boolean fails. This modifies the check to convert the value to unicode before attempting to compare it. It includes a test. Fixes bug 1039132 Change-Id: I0e53a6ea2709212d4a1536f901bcf1e717a232ca --- openstack/common/policy.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'openstack') diff --git a/openstack/common/policy.py b/openstack/common/policy.py index fd1d7d3..4cd5a43 100644 --- a/openstack/common/policy.py +++ b/openstack/common/policy.py @@ -296,5 +296,5 @@ def _check_generic(brain, match_kind, match, target_dict, cred_dict): # TODO(termie): do dict inspection via dot syntax match = match % target_dict if match_kind in cred_dict: - return match == cred_dict[match_kind] + return match == unicode(cred_dict[match_kind]) return False -- cgit