Cinder

non-admin users can't get volume type's extra spec even the policy is set to non-admin

Bug #1648717 reported by wangxiyuan
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Cinder
Fix Released
Undecided
wangxiyuan

Bug Description

branch: master

Reproduce:
1. admin user create a public volume type with extra spec in it.
2. set the policy "volume_extension:access_types_extra_specs": "rule:admin_api" to non admin or empty.
3. use non admin users to list or show the volume type.

The result is that the non admin user can't get the volume type's extra spec even the policy are allowed.

wangxiyuan (wangxiyuan)
Changed in cinder:
assignee: nobody → wangxiyuan (wangxiyuan)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to cinder (master)

Fix proposed to branch: master
Review: https://review.openstack.org/409030

Changed in cinder:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to cinder (master)

Reviewed: https://review.openstack.org/409030
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=38434795445270efdbec9c0471e36498fc1045ca
Submitter: Jenkins
Branch: master

commit 38434795445270efdbec9c0471e36498fc1045ca
Author: wangxiyuan <email address hidden>
Date: Fri Dec 9 15:40:38 2016 +0800

    Don't drop the volume type's extra spec at DB layer

    Now the volume type's extra spec will be always dropped at
    DB layer if the request is non admin. But this behavior is
    controled by policy. We should return the extra specs to API and
    let the policy check to decide whether drop it or not.

    Change-Id: I1130a53a02da7aa4b8eb0587186331166d2b9bc1
    Closes-bug: #1648717

Changed in cinder:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/cinder 10.0.0.0b3

This issue was fixed in the openstack/cinder 10.0.0.0b3 development milestone.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.