Glance

v2 API doesn't have any policy checks

Bug #1036846 reported by Brian Waldon
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Glance
Fix Released
Critical
Brian Waldon
Glance 2012.2 "folsom"

Bug Description

The v1 api has several policy checks littered throughout the code. It uses glance.api.policy to authorize actions against the policy json blob. As we don't have a domain model, we need to manually write this into the v2 api implementation as well.

Alex Meade (alex-meade)
Changed in glance:
assignee: nobody → Alex Meade (alex-meade)
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to glance (master)

Fix proposed to branch: master
Review: https://review.openstack.org/11412

Brian Waldon (bcwaldon)
Changed in glance:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to glance (master)

Reviewed: https://review.openstack.org/11412
Committed: http://github.com/openstack/glance/commit/e7073d028aa4c5221dba16b3d48a43189067fed9
Submitter: Jenkins
Branch: master

commit e7073d028aa4c5221dba16b3d48a43189067fed9
Author: Alex Meade <email address hidden>
Date: Wed Aug 15 12:27:00 2012 -0400

    Add policy enforcment for v2 api.

    This patch adds policy checks in the images controller for all actions that need
    to be enforced. It also fixed an issue with unit tests where the v1 unitests
    were testing less than they should be. This was due to the default policy being
    overridden in the test and causing a forbidden to be raised whenever policys
    were changed, regardless of the policy rule added.

    Fixes bug 1036846

    Change-Id: Ib351d8c1e13164d02b02685c808b30045f7850ea

Changed in glance:
status: Fix Committed → In Progress
assignee: Alex Meade (alex-meade) → Brian Waldon (bcwaldon)
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in glance:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in glance:
milestone: folsom-rc1 → 2012.2
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.