services.py index() missing action=index for authorization

Bug #1471995 reported by Anna Sortland
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Cinder
Fix Released
Medium
Anna Sortland

Bug Description

cinder/api/contrib/services.py does not pass action for 'index':
  authorize(context)
Instead, it should call:
   authorize(context, action='index')
similarly to how update() calls "authorize(context, action='update')".

The corresponding rule should also be added to sample /etc/cinder/policy.json:
   "volume_extension:services:index" : "rule:admin_api"

Anna Sortland (annasort)
Changed in cinder:
assignee: nobody → Anna Sortland (annasort)
Revision history for this message
Anna Sortland (annasort) wrote :

update() is missing action as well in the community code, will add it there too.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to cinder (master)

Fix proposed to branch: master
Review: https://review.openstack.org/201776

Changed in cinder:
status: New → In Progress
Jay Bryant (jsbryant)
Changed in cinder:
importance: Undecided → Medium
Changed in cinder:
assignee: Anna Sortland (annasort) → Matthew Edmonds (edmondsw)
Changed in cinder:
assignee: Matthew Edmonds (edmondsw) → Anna Sortland (annasort)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to cinder (master)

Reviewed: https://review.openstack.org/201776
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=68ec9d7b7fb5fcd8b1e80e0121c8079d69f8fb4d
Submitter: Jenkins
Branch: master

commit 68ec9d7b7fb5fcd8b1e80e0121c8079d69f8fb4d
Author: Anna Sortland <email address hidden>
Date: Tue Jul 14 14:51:51 2015 -0500

    Update authorization actions for services API

    Previously, the services extension used generic authorization check
    "volume_extension:services" for both index and update APIs.

    This change creates separate rules for index and update APIs
    so that it is possible to assign different rules to different users.
    The sample /etc/cinder/policy.json is also updated to include new rules:
        "volume_extension:services:index": "",
        "volume_extension:services:update" : "rule:admin_api"

    Change-Id: Ib57171f5011210861478590bbdfc30cce25e62b4
    Closes-Bug: #1471995
    Closes-Bug: #1471999

Changed in cinder:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in cinder:
milestone: none → liberty-3
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in cinder:
milestone: liberty-3 → 7.0.0
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.