yahoo-eng-team team mailing list archive

[David Lyle <dklyle0@xxxxxxxxx>]

Public bug reported:

A recent change fixed a role leak in nova
https://github.com/openstack/nova/commit/55e63f83a7caec5a8d85b7532c501e1b846295ba
changed the default policy for "compute:get_all_tenants" policy rule.
This exposes that quotas.py is passing incorrect parameters using
"all_tenants=True".

The result for non-admin users is:

Forbidden at /project/network_topology/

Policy doesn't allow compute:get_all_tenants to be performed. (HTTP 403)

** Affects: horizon
     Importance: High
     Assignee: David Lyle (david-lyle)
         Status: New


** Tags: nova

** Description changed:

  A recent change fixed a role leak in nova
  https://github.com/openstack/nova/commit/55e63f83a7caec5a8d85b7532c501e1b846295ba
  changed the default policy for "compute:get_all_tenants" policy rule.
  This exposes that quotas.py is passing incorrect parameters using
  "all_tenants=True".
  
- The result is:
+ The result for non-admin users is:
  
  Forbidden at /project/network_topology/
  
  Policy doesn't allow compute:get_all_tenants to be performed. (HTTP 403)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1468551

Title:
  nova server_list called incorrectly in quota.py

Status in OpenStack Dashboard (Horizon):
  New

Bug description:
  A recent change fixed a role leak in nova
  https://github.com/openstack/nova/commit/55e63f83a7caec5a8d85b7532c501e1b846295ba
  changed the default policy for "compute:get_all_tenants" policy rule.
  This exposes that quotas.py is passing incorrect parameters using
  "all_tenants=True".

  The result for non-admin users is:

  Forbidden at /project/network_topology/

  Policy doesn't allow compute:get_all_tenants to be performed. (HTTP
  403)

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1468551/+subscriptions