[api-sig][neutron] Question on oslo policy assertion when supplied attribute equals the default

Michael McCune msm at redhat.com
Tue Apr 23 14:22:27 UTC 2019


On Tue, Apr 23, 2019 at 10:05 AM Ben Nemec <openstack at nemebean.com> wrote:
> Assuming you have permission to make the API call in the first place,
> wouldn't you be able to determine the defaults based on the results of
> the API call anyway? As in, I create a network and don't pass any value
> for the shared attribute, then I look at the created network and see
> that shared is False by default.
>

that makes reasonable sense to me, and i would imagine something similar.

> Maybe there are defaults that aren't so easily observable, but in
> general I wouldn't consider them sensitive data. However, I am not a
> security guru so take my opinion for what it's worth.

yeah, for me this is where i would rather a neutron expert respond. i
would like to agree with your reasoning as it makes good sense, and i
think this is a relatively minor issue, but i am just not fully aware
of the extent.

i don't want to make this into a bigger issue than it is, i'm just
pointing it out for greater inspection. it sounds like this is a minor
issue and most likely won't cause any security risk.

peace o/



More information about the openstack-discuss mailing list