← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1271426] Re: protected property change not rejected if a subsequent rule match accepts them

 

** Also affects: glance/havana
   Importance: Undecided
       Status: New

** Changed in: glance/havana
   Importance: Undecided => High

** Changed in: glance/havana
       Status: New => In Progress

** Changed in: glance/havana
     Assignee: (unassigned) => Thomas Leaman (thomas-leaman)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1271426

Title:
  protected property change not rejected if a subsequent rule match
  accepts them

Status in OpenStack Image Registry and Delivery Service (Glance):
  Fix Committed
Status in Glance havana series:
  In Progress

Bug description:
  See initial report here: http://lists.openstack.org/pipermail
  /openstack-dev/2014-January/024861.html

  What is happening is that if there is a specific rule that would
  reject an action and a less specific rule that comes after that would
  accept the action, then the action is being accepted. It should be
  rejected.

  This is because we iterate through the property protection rules
  rather than just finding the first match. This bug does not occur when
  policies are used to determine property protections, only when roles
  are used directly.

To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1271426/+subscriptions


References