Cinder

  1. Bug #1950474
  2. Comment #5

Comment 5 for bug 1950474

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to cinder (stable/xena)

Reviewed: https://review.opendev.org/c/openstack/cinder/+/824474
Committed: https://opendev.org/openstack/cinder/commit/46415541a790869d9f5a5a5cc821852730b98149
Submitter: "Zuul (22348)"
Branch: stable/xena

commit 46415541a790869d9f5a5a5cc821852730b98149
Author: Rajat Dhasmana <email address hidden>
Date: Tue Jan 11 04:56:51 2022 -0500

    Volume transfers: Remove duplicate policy check

    There is an initial policy check in the transfers accept API[1]
    which validates correctly if the user is authorized to perform
    the operation or not. However, we've a duplicate check in the volume
    API layer which passes a target object (volume) while authorizing
    which is wrong for this API. While authorizing, we enforce check on
    the project id of the target object i.e. volume in this case which,
    before the transfer operation is completed, contains the project id
    of source project hence making the validation wrong.
    In the case of transfers API, any project is able to accept the transfer
    given they've the auth key required to secure the transfer accept
    So this patch removes the duplicate policy check.

    [1] https://opendev.org/openstack/cinder/src/branch/master/cinder/transfer/api.py#L225

    Conflicts:
          cinder/volume/api.py

    Closes-Bug: #1950474
    Change-Id: I3930bff90df835d9d8bbf7e6e91458db7e5654be
    (cherry picked from commit 7ba9935a6e1e8a572391563927acb086fdbe5e5c)