yahoo-eng-team team mailing list archive

[Vadym Markov <2037002@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

Update of Neutron object tags ignores policies for this object update.
So, reader user can update tags for all objects of his project

Reproduced on Devstack - Yoga. Newer releases up to master have no
changes here, so also should be affected

Steps to reproduce:
All operations in default alt_demo project, which has all needed users provisioned by default

1. Create network object, i.e. floating ip using alt_demo user - as project admin
2. Re-login as alt_demo_reader and try to update tags for this floating

Tags are updated successfully, but reader user has no rights for
floating update - "update_floatingip" policy enabled for at least member

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2037002

Title:
  Reader can update object tag

Status in neutron:
  New

Bug description:
  Update of Neutron object tags ignores policies for this object update.
  So, reader user can update tags for all objects of his project

  Reproduced on Devstack - Yoga. Newer releases up to master have no
  changes here, so also should be affected

  Steps to reproduce:
  All operations in default alt_demo project, which has all needed users provisioned by default

  1. Create network object, i.e. floating ip using alt_demo user - as project admin
  2. Re-login as alt_demo_reader and try to update tags for this floating

  Tags are updated successfully, but reader user has no rights for
  floating update - "update_floatingip" policy enabled for at least
  member

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2037002/+subscriptions