yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1429126] Re: miss moving unlock_override policy enforcement into V2.1 REST API layer

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Jeremy Stanley <fungi@xxxxxxxxxxx>
Date: Mon, 09 Mar 2015 13:04:06 -0000
Reply-to: Bug 1429126 <1429126@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I've switched the security advisory task to "won't fix" since this
shouldn't need an advisory published (class Y bug per
https://wiki.openstack.org/wiki/Vulnerability_Management#Incident_report_taxonomy
).

** Changed in: ossa
       Status: Incomplete => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1429126

Title:
  miss moving unlock_override policy enforcement into V2.1 REST API
  layer

Status in OpenStack Compute (Nova):
  Confirmed
Status in OpenStack Security Advisories:
  Won't Fix

Bug description:
  Commit 01be083 misses unlock_override policy check in V2.1 REST API
  layer.

  The V2.1 REST API can always call this policy check, for this is no
  skip_policy_check coniditon in underlying layer.

    But for V2.1 API, we should not check any policy in underlying layer.
    This is the principle of V2.1 API policy. https://blueprints.launchpad.net/openstack/?searchtext=v3-api-policy
    https://review.openstack.org/#/c/147782/ has cleaned it. But it miss this one.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1429126/+subscriptions