[Openstack-security] [openstack/nova] SecurityImpact review request change I02da6cc8c766e5f43689449ef63121122f537b5b
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Tue Jul 14 12:43:48 UTC 2015
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/160205
Log:
commit 1dbb322813cfa26600ae4d1ce9c3880a56f29aca
Author: He Jie Xu <hejie.xu at intel.com>
Date: Mon Mar 2 08:08:44 2015 +0800
Remove db layer hard-code permission checks for quota_class_get_all_by_name
This patch removes the hard-code permission checks for db call
quota_class_get_all_by_name.
For v2 api, there already have same hard-code permission checks in REST API
layer, so it is back-compatible.
For v2.1 api, to distinguish show and update permission, this patch adds
new rule for show method.
Partially implements bp nova-api-policy-final-part
SecurityImpact
UpgradeImpact: Due to the db layer permission checks deleted, they need
default policy rule instead of that. In this patch,
"os_compute_api:os-quota-class-sets:show" was updated with a default
rule. Admin will be notfied to update their policy configure file to keep
the behavior as before.
Change-Id: I02da6cc8c766e5f43689449ef63121122f537b5b
More information about the Openstack-security
mailing list