yahoo-eng-team team mailing list archive

[OpenStack Infra <1520180@xxxxxxxxxxxxxxxxxx>]

Reviewed:  https://review.openstack.org/234457
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=293c3e01efce74d110ff34703a9e68ce2cd782e6
Submitter: Jenkins
Branch:    master

commit 293c3e01efce74d110ff34703a9e68ce2cd782e6
Author: Salvatore Orlando <salv.orlando@xxxxxxxxx>
Date:   Tue Oct 13 15:08:47 2015 -0700

    Pecan: Fixes and tests for the policy enforcement hook
    
    As PolicyNotAuthorizedException is raised in a hook, the
    ExceptionTranslationHook is not invoked for it; therefore a 500
    response is returned whereas a 403 was expected. This patch
    explicitly handles the exception in the hook in order to ensure
    the appropriate response code is returned.
    
    Moreover, the structure of the 'before' hook prevented checks
    on DELETE requests from being performed. As a result the check
    was not performed at all (checks on the 'after' hook only pertain
    GET requests). This patch changes the logic of the 'before' hook
    by ensuring the item to authorize acces to is loaded both on PUT
    and DELETE requests.
    
    This patch also adds functional tests specific for the policy
    enforcement hook.
    
    Change-Id: I8c76cb05568df47648cff71a107cfe701b286bb7
    Closes-Bug: #1520180
    Closes-Bug: #1505831


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1520180

Title:
  Pecan: no authZ check on DELETE operations

Status in neutron:
  Fix Released

Bug description:
  Authorization checks are completely skipped on DELETE operations both in the 'before' and in the 'after' hooks.
  This does not look great, and should be fixed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1520180/+subscriptions