Allow regular user to list subnets on shared networks

Bug #1039591 reported by Salvatore Orlando
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Fix Released
High
Salvatore Orlando

Bug Description

Current policy configuration prevents regular users for listing subnets on shared network, because the policy is set to admin_or_owner.

It is important for nova (and possibly horizon) integration that a regular user can retrieve information for all subnets on a shared network. By construction all the subnets on a shared network are shared.

This can be achieved by exposing the shared attribute for subnets to the policy engine, and then enforcing resource-based policy which apply distinct rules to shared and private objects, as we do for networks.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to quantum (master)

Fix proposed to branch: master
Review: https://review.openstack.org/11717

Changed in quantum:
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to quantum (master)

Reviewed: https://review.openstack.org/11717
Committed: http://github.com/openstack/quantum/commit/3dbaa356b9d0af75f5a4102d3e881ca803c895e2
Submitter: Jenkins
Branch: master

commit 3dbaa356b9d0af75f5a4102d3e881ca803c895e2
Author: Salvatore Orlando <email address hidden>
Date: Tue Aug 21 08:26:24 2012 -0700

    Enable users to list subnets on shared networks

    Fixes bug 1039591

    This patch will enable regular users to list subnets on a shared
    network by exposing the subnet's "shared" attribute to the policy
    engine, and letting it applying different rules if the subnet is
    shared or private.

    Change-Id: If204f1e352c114e16251586c743f5b7fe2d1ad7d

Changed in quantum:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in quantum:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in quantum:
milestone: folsom-rc1 → 2012.2
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.