List security groups by project admin may return 500
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
Medium
|
Slawek Kaplonski |
Bug Description
When new RBAC policies and scopes are enforced in Neutron, there are system and project admins and project admin don't have access to resources from other projects.
Now, when project admin tries to list security groups for other project, empty list should be returned but as Neutron tries to ensure that default security group for that project is created it may happen that request will go to https:/
In such case I think that context.elevated() should be used to get SG from DB. If user don't have permission to see it, it will be filtered out later by policy.
Fix proposed to branch: master /review. opendev. org/c/openstack /neutron/ +/798821
Review: https:/