yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1155379] Re: Typo in policy.json

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Wed, 29 May 2013 11:05:08 -0000
Reply-to: Bug 1155379 <1155379@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: quantum
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to quantum.
https://bugs.launchpad.net/bugs/1155379

Title:
  Typo in policy.json

Status in OpenStack Quantum (virtual network service):
  Fix Released

Bug description:
  The following lines have an extra colon:

  "create_qos_queue:": "rule:admin_only",
  "get_qos_queue:": "rule:admin_only",
  "get_qos_queues:": "rule:admin_only",

  As a result the corresponding enforce check (in NVP plugin) checks for
  admin_or_owner instead of admin_only.

  However since there the object to check in passed in the form
  resource: {<...object..>} the tenant_id attribute is not available to
  the policy engine (as it's nested in the value of the 'resource' key),
  and therefore the 'owner' part of the 'admin_or_owner' check always
  fails.

  It looks like we are in that situation where two wrongs make a right,
  but it's probably worth fixing both of them

To manage notifications about this bug go to:
https://bugs.launchpad.net/quantum/+bug/1155379/+subscriptions