Policy checks should not be executed by worker
Bug #1517177 reported by
Davide Agnello
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Cue |
Fix Released
|
Medium
|
Saurabh Surana | ||
Bug Description
The API process should be validating policy before submitting a job to the job board. When API/Objects/DB layers were added, policy checks were added to the Objects layer. Cue worker did not exist then. Since the worker needs to access and update DB records, it interfaces through the Objects layer. This requires the Worker to do policy validation.
If a user's request policy is validated by the API prior to submitting a job for the worker, this would avoid invalid jobs being submitted by the API.
| Changed in cue: | |
| importance: | Undecided → Medium |
| Changed in cue: | |
| assignee: | nobody → Saurabh Surana (saurabh-surana) |
| Changed in cue: | |
| status: | New → In Progress |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to cue (master) | #1 |
| Changed in cue: | |
| status: | In Progress → Fix Released |
To post a comment you must log in.
Reviewed: https:/
Committed: https:/
Submitter: Jenkins
Branch: master
commit 880a1037786fddf
Author: Saurabh Surana <email address hidden>
Date: Tue Dec 8 14:46:23 2015 -0800
policy checks are now being done in the api layer
API layer talks to object layer to get DB records, it then
uses that DB record and context object to perform policy checks
to determine if the necessary API request has required
authorization to access the REST endpoint/resource.
Modified tests to use new methods in API which are doing
policy checks.
Closes-Bug: 1517177
Depends-On: I385c161bc10d6a
Change-Id: I767f59061cc9aa