[Openstack-security] [Bug 1445335] [NEW] create/delete flavor permissions should be controlled by policy.json

Divya K Konoor dikonoor at in.ibm.com
Fri Apr 17 06:20:45 UTC 2015


Public bug reported:

The create/delete flavor rest api always expects the user to be of admin
privileges and ignores the rule defined in the nova/policy.json. This
behavior is observed after these changes >>
https://review.openstack.org/#/c/150352/.

The expected behavior is that the permissions are controlled as per the
rule defined in the policy file and should not mandate that only an
admin should be able to create/delete a flavor

** Affects: nova
     Importance: High
     Assignee: Divya K Konoor (dikonoor)
         Status: Confirmed


** Tags: kilo-rc-potential nova security

** Changed in: nova
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1445335

Title:
  create/delete flavor permissions should be controlled by policy.json

Status in OpenStack Compute (Nova):
  Confirmed

Bug description:
  The create/delete flavor rest api always expects the user to be of
  admin privileges and ignores the rule defined in the nova/policy.json.
  This behavior is observed after these changes >>
  https://review.openstack.org/#/c/150352/.

  The expected behavior is that the permissions are controlled as per
  the rule defined in the policy file and should not mandate that only
  an admin should be able to create/delete a flavor

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1445335/+subscriptions




More information about the Openstack-security mailing list