yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1579111] [NEW] Project/Volumes page do not respect polic.json value

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Paul Karikh <pkarikh@xxxxxxxxxxxx>
Date: Fri, 06 May 2016 15:14:08 -0000
Reply-to: Bug 1579111 <1579111@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

Let's assume that user/operator wants to restrict access to the Volumes page via policy.json file. 
Looks like the best way to do it is to set '"volume:get_all": ["rule:context_is_admin"],' in cinder_policy.json file.
But if we do so and restart Horizon - nothing happens. 
Volumes panel has following restrictions:
permissions = ('openstack.services.volume', 'openstack.services.volumev2'),

Looks like we need to add some policy checks for this panel.

** Affects: horizon
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1579111

Title:
  Project/Volumes page do not respect polic.json value

Status in OpenStack Dashboard (Horizon):
  New

Bug description:
  Let's assume that user/operator wants to restrict access to the Volumes page via policy.json file. 
  Looks like the best way to do it is to set '"volume:get_all": ["rule:context_is_admin"],' in cinder_policy.json file.
  But if we do so and restart Horizon - nothing happens. 
  Volumes panel has following restrictions:
  permissions = ('openstack.services.volume', 'openstack.services.volumev2'),

  Looks like we need to add some policy checks for this panel.

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1579111/+subscriptions

Follow ups

[Bug 1579111] Re: Project/Volumes page do not respect policy.json value
From: OpenStack Infra, 2016-10-28