yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1931571] Re: Nova ignores reader role conventions in default policies

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1931571@xxxxxxxxxxxxxxxxxx>
Date: Mon, 17 Oct 2022 04:17:23 -0000
Reply-to: Bug 1931571 <1931571@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

[Expired for OpenStack Compute (nova) because there has been no activity
for 60 days.]

** Changed in: nova
       Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1931571

Title:
  Nova ignores reader role conventions in default policies

Status in OpenStack Compute (nova):
  Expired

Bug description:
  In keystone, if I grant someone the reader role on a project the
  readonly (role reader) user is able to create a new instance within
  the project.

  Openstack Version: wallaby

  1. Create a user within a project and add role reader to the user.
  2. Login with the readonly user into the project and try to create an instance.

  Florian

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1931571/+subscriptions

References

[Bug 1931571] [NEW] Nova ignores reader role conventions in default policies
From: Florian Faltermeier, 2021-06-10