bf644e8274
In the runbooks change, I43555ef72cb882adcada2ed875fda40eed0dd034, new policies were added for a user sending a list of service steps or clean steps to the API. This was done with the generic check_policy helper, however the helper does not understand how to populate the ``node`` mapping data to enable RBAC rule value matching. Doing so requires a special node policy checker method. As such, the policy checker was changed, and additional tests were added. One final note, strucutrally the new policies were being checked *after* we stated to do state verification of the request. RBAC checks should be performed upfront... which also eases the burden of testing the RBAC model. Accordingly, the policy checks were moved together in the provision state logic. Closes-Bug: 2086823 Change-Id: I18c56cb4becf9e6181689ddc0f1c7433327a3aa6
13 lines
548 B
YAML
13 lines
548 B
YAML
---
|
|
fixes:
|
|
- |
|
|
Fixes newly added policy rules,
|
|
``baremetal:node:set_provision_state:clean_steps`` and
|
|
``baremetal:node:set_provision_state:service_steps``which impacted
|
|
``project scoped`` users utilizing the ``2024.2`` release of Ironic
|
|
where they were attempting to invoke ``service`` or ``clean``
|
|
provision state commands.
|
|
This was due to a misunderstanding of the correct policy checker to
|
|
invoke, and additional testing has been added around these functions
|
|
to ensure they work as expected moving forward.
|