yahoo-eng-team team mailing list archive

[Brant Knudson <bknudson@xxxxxxxxxx>]

*** This bug is a security vulnerability ***

Public security bug reported:


The typical config has nova using the 'neutron' user in the 'service' project to do operations against Neutron. The 'neutron' user should not require the 'admin' role on the 'service' project to do all the operations it needs to do against Neutron. Neutron's default policy.json should allow the 'neutron' user (i.e., users with the 'service' role) to do all the operations it needs to do against Neutron, rather than requiring 'admin'.

Nova is allocating networks and creating ports, so these operations need
to allow the 'service' role to perform these operations, too.

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1445475

Title:
  neutron service user should not require admin

Status in OpenStack Neutron (virtual network service):
  New

Bug description:
  
  The typical config has nova using the 'neutron' user in the 'service' project to do operations against Neutron. The 'neutron' user should not require the 'admin' role on the 'service' project to do all the operations it needs to do against Neutron. Neutron's default policy.json should allow the 'neutron' user (i.e., users with the 'service' role) to do all the operations it needs to do against Neutron, rather than requiring 'admin'.

  Nova is allocating networks and creating ports, so these operations
  need to allow the 'service' role to perform these operations, too.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1445475/+subscriptions