OpenStack Dashboard (Horizon)

RBAC not preventing a creation of subnet via creation of new network

Bug #1398845 reported by Roey Dekel on 2014-12-03

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Dashboard (Horizon)	Fix Released	Medium	Timur Sufiev	OpenStack Dashboard (Horizon) newton-2 "n2"

Bug Description

Changing "create_subnet" to "role:admin" in neutron_policy.json is not preventing from non-admin user the creation of a new subnet while creating new network (new network button)

Tags:

Lin Hua Cheng (lin-hua-cheng) on 2014-12-03

Changed in horizon:
status:	New → Confirmed
assignee:	nobody → Lin Hua Cheng (lin-hua-cheng)

Lin Hua Cheng (lin-hua-cheng) on 2014-12-03

Changed in horizon:
assignee:	Lin Hua Cheng (lin-hua-cheng) → nobody

Timur Sufiev (tsufiev-x) on 2014-12-03

Changed in horizon:
assignee:	nobody → Timur Sufiev (tsufiev-x)

Revision history for this message

Timur Sufiev (tsufiev-x) wrote on 2014-12-11:

If the following policy rule is changed to 'context_is_admin' at Neutron side, then the subnet creation fails. Horizon should behave consistently regarding the Neutron policies - i.e., shouldn't allow to specify subnet details in case it is not allowed to create subnet.

Changed in horizon:
importance:	Undecided → Medium

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-12-26: Fix proposed to horizon (master)

Fix proposed to branch: master
Review: https://review.openstack.org/144153

Changed in horizon:
status:	Confirmed → In Progress

OpenStack Infra (hudson-openstack) on 2015-03-07

Changed in horizon:
assignee:	Timur Sufiev (tsufiev-x) → Lin Hua Cheng (lin-hua-cheng)

OpenStack Infra (hudson-openstack) on 2015-03-10

Changed in horizon:
assignee:	Lin Hua Cheng (lin-hua-cheng) → Timur Sufiev (tsufiev-x)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-03-18: Change abandoned on horizon (master)

Change abandoned by David Lyle (<email address hidden>) on branch: master
Review: https://review.openstack.org/144153
Reason: This review is > 4 weeks without comment, and failed Jenkins the last time it was checked. We are abandoning this for now. Feel free to reactivate the review by pressing the restore button and leaving a 'recheck' comment to get fresh test results.

Timur Sufiev (tsufiev-x) on 2016-06-08

Changed in horizon:
milestone:	none → newton-2

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-06-17: Fix merged to horizon (master)

Reviewed: https://review.openstack.org/144153
Committed: https://git.openstack.org/cgit/openstack/horizon/commit/?id=3befade1411783af088b0e72b08f8ff3701b02c8
Submitter: Jenkins
Branch: master

commit 3befade1411783af088b0e72b08f8ff3701b02c8
Author: Timur Sufiev <email address hidden>
Date: Wed Dec 24 10:23:52 2014 -0800

Prevent creation of subnet via RBAC during new network creation

    Wire (('network', 'create_subnet'),) policy rules into the
    CreateNetwork workflow, effectively hiding the steps related to
    creating Subnet in case it is forbidden via Neutron policy.

Change-Id: I18c6e333e6a19a99f8154654c6455750a87e95df
closes-Bug: #1398845

Changed in horizon:
status:	In Progress → Fix Released

Revision history for this message

Doug Hellmann (doug-hellmann) wrote on 2016-07-13: Fix included in openstack/horizon 10.0.0.0b2

This issue was fixed in the openstack/horizon 10.0.0.0b2 development milestone.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.