yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1144427] Re: policy provide access to the response

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Morgan Fainberg <morgan.fainberg@xxxxxxxxx>
Date: Tue, 02 Feb 2016 20:34:49 -0000
Reply-to: Bug 1144427 <1144427@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This has already been implemented with the callbacks in the @protected
decoreator. Marking as now invalid.

** Changed in: keystone
       Status: Confirmed => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1144427

Title:
  policy provide access to the response

Status in OpenStack Identity (keystone):
  Invalid

Bug description:
  Many of the API calls do not have enough information from the request
  to determine if the user should get access to the response data.  For
  example,  IN Keystone, when performing the operation GET
  /trusts/{trust_id}, it is only once the trust has been fetched from
  the Data base that we know if a user is the trustor or trustee.

  The policy interface needs to be able to optionally filter on the
  response values as opposed to just the request values.  It also needs
  to be able to specify whether a denied response should return a 401 or
  a 404 for a denied resource.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1144427/+subscriptions