[Openstack-security] [Bug 1445335] Re: create/delete flavor permissions should be controlled by policy.json
Alex Xu
soulxu at gmail.com
Fri Apr 17 06:25:40 UTC 2015
This is the regression, the original patch assume the user request's
context is pass down to the db call. But actually it is not, the code
always pass fake admin context.
So should fix it to keep the v2 API behavor as before. And it should be
backport to Kilo
** Changed in: nova
Importance: Undecided => High
** Tags added: kilo-rc-potential
--
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1445335
Title:
create/delete flavor permissions should be controlled by policy.json
Status in OpenStack Compute (Nova):
Confirmed
Bug description:
The create/delete flavor rest api always expects the user to be of
admin privileges and ignores the rule defined in the nova/policy.json.
This behavior is observed after these changes >>
https://review.openstack.org/#/c/150352/.
The expected behavior is that the permissions are controlled as per
the rule defined in the policy file and should not mandate that only
an admin should be able to create/delete a flavor
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1445335/+subscriptions
More information about the Openstack-security
mailing list