[Openstack-security] [openstack/nova] SecurityImpact review request change Icddc7e5cc1c11ab3d272f61a2ef623d3f750030c
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Tue Jul 14 12:43:41 UTC 2015
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/160206
Log:
commit 725c54e60ac8b6e6c236fdcdc0d76be373337ecd
Author: He Jie Xu <hejie.xu at intel.com>
Date: Mon Mar 2 08:42:11 2015 +0800
Remove db layer hard-code permission checks for quota_class_create/update
This patch removes db layer hard-code permission checks for
quota_class_create/update.
For v2 API, this patch adds back-comptiable permission checks at REST
API layer.
For v2.1 API, this patch adds new rule for update method.
Partially implements bp nova-api-policy-final-part
SecurityImpact
UpgradeImpact: Due to the db layer permission checks deleted, the policy
rule "os_compute_api:os-quota-class-sets:update" was updated with
a default that match the permission as before. Admin should be notified
to update their policy configuration to keep permission as before.
Change-Id: Icddc7e5cc1c11ab3d272f61a2ef623d3f750030c
More information about the Openstack-security
mailing list