yahoo-eng-team team mailing list archive

[Bug 1636157] [NEW] os-server-groups uses same policy.json rule for all CRUD operations

All os-server-groups REST calls use same rule
(https://github.com/openstack/nova/blob/master/nova/policies/server_groups.py#L29-L31)
instead of having a separate rule for create, delete, show and list
actions on server_groups. This takes away control of RBAC at a REST api
level and is incorrect.

Here are the references of rule being used with respective REST action.
1. create (https://github.com/openstack/nova/blob/stable/newton/nova/api/openstack/compute/server_groups.py#L136)
2. delete(https://github.com/openstack/nova/blob/stable/newton/nova/api/openstack/compute/server_groups.py#L89)
3. show (https://github.com/openstack/nova/blob/stable/newton/nova/api/openstack/compute/server_groups.py#L78)
4. list(https://github.com/openstack/nova/blob/stable/newton/nova/api/openstack/compute/server_groups.py#L120)

seen in newton

** Affects: nova
Importance: Undecided
Assignee: prashkre (prashkre)
Status: New

** Changed in: nova
Assignee: (unassigned) => prashkre (prashkre)

--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1636157

Title:
os-server-groups uses same policy.json rule for all CRUD operations

Status in OpenStack Compute (nova):
New

Bug description:
All os-server-groups REST calls use same rule
(https://github.com/openstack/nova/blob/master/nova/policies/server_groups.py#L29-L31)
instead of having a separate rule for create, delete, show and list
actions on server_groups. This takes away control of RBAC at a REST
api level and is incorrect.

seen in newton

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1636157/+subscriptions

[Bug 1636157] Re: os-server-groups uses same policy.json rule for all CRUD operations
From: OpenStack Infra, 2016-12-13