Finer access control in os-volume_attachments

Bug #1108222 reported by Andrew Laski
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Fix Released
Undecided
Andrew Laski

Bug Description

Currently it is only possible to restrict access through policy.json to the volumes API extension in an all or nothing way. There is not a way to allow a user with role 'a' to view details of volumes and attachments, while requiring role 'b' to create/delete them.

Andrew Laski (alaski)
Changed in nova:
assignee: nobody → Andrew Laski (alaski)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/20643

Changed in nova:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (master)

Reviewed: https://review.openstack.org/20643
Committed: http://github.com/openstack/nova/commit/0ff6b52ff2838943870ac34c0cd7921023df4474
Submitter: Jenkins
Branch: master

commit 0ff6b52ff2838943870ac34c0cd7921023df4474
Author: Andrew Laski <email address hidden>
Date: Mon Jan 28 16:32:05 2013 -0500

    Finer access control in os-volume_attachments

    Allows policy.json access controls to authorize requests for specific
    actions, rather than just being an all or nothing control for the entire
    extension.

    Bug 1108222
    DocImpact
    Change-Id: I78e1f596f22434a73bec3952ed024e4d58faac51

Changed in nova:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in nova:
milestone: none → grizzly-3
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in nova:
milestone: grizzly-3 → 2013.1
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.