[rbac] Reader user able to delete attachment
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cinder |
New
|
Undecided
|
Unassigned |
Bug Description
Reader user able to delete attachment.
The expected response code is 403 (forbidden) but the actual response is 200.
From tempest logs:
2023-08-15 19:30:27,232 92236 INFO [tempest.
2023-08-15 19:30:27,233 92236 DEBUG [tempest.
Body: None
Response - Headers: {'date': 'Tue, 15 Aug 2023 19:30:26 GMT', 'server': 'Apache/2.4.52 (Ubuntu)', 'content-type': 'application/json', 'x-compute-
Body: b'{"attachments": []}'
I've seen similar bug reports but these lack quite fundamental information.
- What is the version of OpenStack( especially cinder) you are using ? new_defaults = True in cinder.conf ?
- Did you set [oslo_policy] enforce_
- Can you share cinder.conf and any customozed policies if you have created ones ?
- We may need tempest.conf to ensure that request is done by reader role user