Designate

API v2 allows editing of managed=True records

Bug #1441283 reported by Graham Hayes
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Designate
Fix Released
Critical
Graham Hayes
Designate 2015.1.0 "kilo"

Bug Description

We do not check if a record is managed before sending changes to storage

Graham Hayes (grahamhayes)
Changed in designate:
importance: Undecided → Critical
assignee: nobody → Graham Hayes (grahamhayes)
milestone: none → kilo-rc1
status: New → Triaged
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to designate (master)

Fix proposed to branch: master
Review: https://review.openstack.org/171621

Changed in designate:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to designate (master)

Reviewed: https://review.openstack.org/171621
Committed: https://git.openstack.org/cgit/openstack/designate/commit/?id=a4f3ad90b9f7d9a98b47c5adcf949d5f45c3ded4
Submitter: Jenkins
Branch: master

commit a4f3ad90b9f7d9a98b47c5adcf949d5f45c3ded4
Author: Graham Hayes <email address hidden>
Date: Wed Apr 8 14:26:12 2015 +0100

    Restrict editing of managed records to policy based ACL

    * Added new context param (edit_managed_records)
    * Added new HTTP Header (X-Designate-Edit-Managed-Records:True)
    * Added new HTTP Query param (?edit_managed_records=True)
    * Added policy check (edit_managed_records), defaulting to rule:admin

    Change-Id: Ib68369fd7302384fd4fbd1396baa513265edb0a0
    Closes-Bug: #1441283

Changed in designate:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in designate:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in designate:
milestone: kilo-rc1 → 2015.1.0
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.