Policy.json is not exhaustive, missing many policy actions
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cinder |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
Currently, Cinder's policy.json does not exhaustively list all the policy actions within Cinder.
For example, volume:attach is enforced in code [0] but is not contained in the policy.json [1].
The implementation for policy enforcement in [0] is:
@functools.
def wrapped(self, context, target_obj, *args, **kwargs):
return func(self, context, target_obj, *args, **kwargs)
return wrapped
This means that each endpoint with @wrap_check_policy decorator above it should
be included in the policy.json but this is not the case.
Currently, the following policy actions are missing:
"volume:
"volume:
"volume:
"volume:
"volume:
"volume:
"volume:
"volume:
"volume:
"volume:
"volume:
"volume:
"volume:
"volume:
"volume:
"volume:
"volume:
[0] https:/
[1] https:/
Changed in cinder: | |
assignee: | nobody → Felipe Monteiro (fm577c) |
description: | updated |
Changed in cinder: | |
status: | New → Invalid |
Changed in cinder: | |
status: | Invalid → New |
description: | updated |
Fix proposed to branch: master /review. openstack. org/451095
Review: https:/