Cinder

services.py index() missing action=index for authorization

Bug #1471995 reported by Anna Sortland on 2015-07-06

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Cinder	Fix Released	Medium	Anna Sortland	Cinder 7.0.0 "liberty"

Bug Description

cinder/api/contrib/services.py does not pass action for 'index':
authorize(context)
Instead, it should call:
authorize(context, action='index')
similarly to how update() calls "authorize(context, action='update')".

The corresponding rule should also be added to sample /etc/cinder/policy.json:
"volume_extension:services:index" : "rule:admin_api"

Anna Sortland (annasort) on 2015-07-06

Changed in cinder:
assignee:	nobody → Anna Sortland (annasort)

Revision history for this message

Anna Sortland (annasort) wrote on 2015-07-14:

update() is missing action as well in the community code, will add it there too.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-07-14: Fix proposed to cinder (master)

Fix proposed to branch: master
Review: https://review.openstack.org/201776

Changed in cinder:
status:	New → In Progress

Jay Bryant (jsbryant) on 2015-07-16

Changed in cinder:
importance:	Undecided → Medium

OpenStack Infra (hudson-openstack) on 2015-08-07

Changed in cinder:
assignee:	Anna Sortland (annasort) → Matthew Edmonds (edmondsw)

OpenStack Infra (hudson-openstack) on 2015-08-07

Changed in cinder:
assignee:	Matthew Edmonds (edmondsw) → Anna Sortland (annasort)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-08-11: Fix merged to cinder (master)

Reviewed: https://review.openstack.org/201776
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=68ec9d7b7fb5fcd8b1e80e0121c8079d69f8fb4d
Submitter: Jenkins
Branch: master

commit 68ec9d7b7fb5fcd8b1e80e0121c8079d69f8fb4d
Author: Anna Sortland <email address hidden>
Date: Tue Jul 14 14:51:51 2015 -0500

Update authorization actions for services API

Previously, the services extension used generic authorization check
"volume_extension:services" for both index and update APIs.

    This change creates separate rules for index and update APIs
    so that it is possible to assign different rules to different users.
    The sample /etc/cinder/policy.json is also updated to include new rules:
        "volume_extension:services:index": "",
        "volume_extension:services:update" : "rule:admin_api"

    Change-Id: Ib57171f5011210861478590bbdfc30cce25e62b4
    Closes-Bug: #1471995
    Closes-Bug: #1471999

Changed in cinder:
status:	In Progress → Fix Committed

Thierry Carrez (ttx) on 2015-09-03

Changed in cinder:
milestone:	none → liberty-3
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2015-10-15

Changed in cinder:
milestone:	liberty-3 → 7.0.0

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.