Need to enforce project ownership of subCAs
Bug #1501862 reported by
Dave McCowan
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Barbican |
Fix Released
|
Critical
|
Dave McCowan |
Bug Description
The add-to-project and create CA commands can only be performed by a project administrator when the target CA is either a root CA or a subCA owned by the admin's project.
Checks should be added to enforce this condition.
Changed in barbican: | |
assignee: | nobody → Dave McCowan (dave-mccowan) |
status: | New → In Progress |
Changed in barbican: | |
importance: | Undecided → Critical |
no longer affects: | barbican/kilo |
no longer affects: | barbican/liberty |
Changed in barbican: | |
milestone: | liberty-rc2 → mitaka-1 |
Changed in barbican: | |
status: | Fix Committed → Fix Released |
Changed in barbican: | |
milestone: | liberty-rc2 → 1.0.0 |
To post a comment you must log in.
Reviewed: https:/ /review. openstack. org/230062 /git.openstack. org/cgit/ openstack/ barbican/ commit/ ?id=8bbf06caae2 9c1cafa16f4ed8d b83938b9cf94f3
Committed: https:/
Submitter: Jenkins
Branch: master
commit 8bbf06caae29c1c afa16f4ed8db839 38b9cf94f3
Author: Dave McCowan <email address hidden>
Date: Thu Oct 1 14:13:15 2015 -0400
Enforce project ownership of subCAs
The add-to-project and create CA commands can only be performed by
a project administrator when the target CA is either a root CA
or a subCA owned by the admin's project.
This CR adds checks to enforce this condition.
Change-Id: Ifbd7bb471b137a 5549a8e627344f8 f02adda2ed1
Closes-bug: #1501862