yahoo-eng-team team mailing list archive

[changzhi <1895933@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

I create some neutron policies in the file /etc/neutron/policy.json, plus in this policy file, I don't want to anyone to create address scope and set " "create_address_scope": "!" ". 
 
After that, I execute the command line " openstack address scope create test " by the admin user and it works fine.
 
This is not my expected. 
 
After some investigation, I find that in this pr[1], it will return True directly even if the admin user. 
 

This is a bug? Or there are some special things about the Neutron
policy?

Thanks
 
1. https://review.opendev.org/#/c/175238/11/neutron/policy.py

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1895933

Title:
  Admin user can do anything without the control of policy.json

Status in neutron:
  New

Bug description:
  I create some neutron policies in the file /etc/neutron/policy.json, plus in this policy file, I don't want to anyone to create address scope and set " "create_address_scope": "!" ". 
   
  After that, I execute the command line " openstack address scope create test " by the admin user and it works fine.
   
  This is not my expected. 
   
  After some investigation, I find that in this pr[1], it will return True directly even if the admin user. 
   

  This is a bug? Or there are some special things about the Neutron
  policy?

  Thanks
   
  1. https://review.opendev.org/#/c/175238/11/neutron/policy.py

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1895933/+subscriptions