GET limits API policy is allowed for everyone but policy defaults is admin_or_owner
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
Undecided
|
Ghanshyam Mann |
Bug Description
limits API policy is allowed for everyone but policy is default to admin_or_owner[1].
This is because API does not pass the project_id in policy target so that oslo policy can decide the ownership.
https:/
and if no target is passed then, policy.py add the default targets which is nothing but context.project_id (allow for everyone try to access)
- https:/
There is no owner things in limits and every projects can get its own limits. We need to make default to RULE_ANY which means allowed to everyone.
tags: | added: policy |
Fix proposed to branch: master /review. opendev. org/715672
Review: https:/