Barbican

Do we really need to RBAC protect version resource

Bug #1290445 reported by Arvind Tiwari on 2014-03-10

6

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Barbican	Fix Released	High	Arvind Tiwari	Barbican icehouse

Bug Description

Barbican does RBAC check for version call, which does not seems correct behavior.

We should should remove the RBAC check for the version call.

Arvind Tiwari (arvind-tiwari) on 2014-03-10

Changed in barbican:
assignee:	nobody → Arvind Tiwari (arvind-tiwari)

Revision history for this message

Chad Lung (chad-lung) wrote on 2014-03-10:

#1

I don't think we need the version call protected. I think though if we are to remove the protection on the endpoint then we should adopt the OpenStack way of handling API versions, http://docs.openstack.org/api/openstack-compute/2/content/Versions-d1e1193.html#d6e808

Thoughts?

Revision history for this message

Arvind Tiwari (arvind-tiwari) wrote on 2014-03-10:

#2

Yes, I am with you on the version but with this bug we are going to fix the RBAC issue only.

Thoughts?

Revision history for this message

Chad Lung (chad-lung) wrote on 2014-03-10:

#3

This will require changes to the Barbican DevStack (sanity check) script as well. So this fix will have to be synced with that.

Revision history for this message

John Wood (john-wood-w) wrote on 2014-03-10:

#4

Arvind, do you have a fix in mind? I'm curious how to disable authentication processing for select resource/URI-paths, such as '/', or '/v1'.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-03-10: Fix proposed to barbican (master)

#5

Fix proposed to branch: master
Review: https://review.openstack.org/79420

Changed in barbican:
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-03-19: Fix merged to barbican (master)

#6

Reviewed: https://review.openstack.org/79420
Committed: https://git.openstack.org/cgit/stackforge/barbican/commit/?id=617addcbc70a36973eddce6b6bfad88e1df2ec8b
Submitter: Jenkins
Branch: master

commit 617addcbc70a36973eddce6b6bfad88e1df2ec8b
Author: Arvind Tiwari <email address hidden>
Date: Mon Mar 10 13:26:45 2014 -0600

Barbican should not do rbac on version api call

Closes-Bug: #1290445

Change-Id: Idcd52600542b017f54c25a75ec0ab37348eb109d

Changed in barbican:
status:	In Progress → Fix Committed

John Wood (john-wood-w) on 2014-04-15

Changed in barbican:
milestone:	none → icehouse
importance:	Undecided → High

John Vrbanac (john.vrbanac) on 2014-04-15

Changed in barbican:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.