Cinder

[policy] Non-admin roles able to perform volume_extension:volume_host_attribute

Bug #1660835 reported by Samantha Blanco on 2017-01-31

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Cinder	New	Undecided	Unassigned

Bug Description

Cinder policy.json declares volume_extension:volume_host_attribute as admin_api, but non-admin roles are able to perform this operation.

Revision history for this message

Danny Al-Gaaf (danny-al-gaaf) wrote on 2017-02-01:

Does this also work for you e.g. for volume_extension:hosts ?

Revision history for this message

Samantha Blanco (sblanco1) wrote on 2017-02-06:

I have the same issue with volume_extension:hosts.
I noticed that the volume_extension:volume_host_attribute tempest test is not listed as an admin test. Is this a mistake in tempest?

Revision history for this message

Ritesh Paiboina (rsritesh) wrote on 2017-05-08:

Hi,

Can you please tell me how are you trying to reproduce this issue.

And what is the full name of tempest case you have referred in the comment.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.