Author: Douglas Mendizábal <dmendiza@redhat.com>
Date: Thu, 25 Jan 2024 15:37:50 -0500
Description: Fix policies for groups
 This patch fixes a couple of broken policies in the groups resource.
Change-Id: Ia47ecc71c04bcb50c2e0d677a99b3754ffbc1c04
Origin: upstream, https://review.opendev.org/c/openstack/keystone/+/906892
Last-Update: 2025-10-30

diff --git a/keystone/common/policies/group.py b/keystone/common/policies/group.py
index 024ee65..8c8293c 100644
--- a/keystone/common/policies/group.py
+++ b/keystone/common/policies/group.py
@@ -21,7 +21,7 @@
     'user_id:%(user_id)s'
 )
 ADMIN_OR_SYSTEM_READER_OR_DOMAIN_READER_FOR_TARGET_OR_OWNER = (
-    '(' + base.RULE_ADMIN_REQUIRED + ') or (' +
+    '(' + base.RULE_ADMIN_REQUIRED + ') or ' +
     SYSTEM_READER_OR_DOMAIN_READER_FOR_TARGET_USER_OR_OWNER
 )
 
@@ -32,7 +32,7 @@
     'domain_id:%(target.user.domain_id)s)'
 )
 ADMIN_OR_SYSTEM_READER_OR_DOMAIN_READER_FOR_TARGET_GROUP = (
-    '(' + base.RULE_ADMIN_REQUIRED + ') or (' +
+    '(' + base.RULE_ADMIN_REQUIRED + ') or ' +
     SYSTEM_READER_OR_DOMAIN_READER_FOR_TARGET_GROUP_USER
 )