RBAC for analytics needs ownership check
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Juniper Openstack | Status tracked in Trunk | |||||
R4.1 |
New
|
Critical
|
Suresh Vinapamula | |||
Trunk |
New
|
Critical
|
Suresh Vinapamula |
Bug Description
A user of Project1 with Read access for VN can list/get all the VNs in the system. We should be restricting the user to read only the VNs under the project which he is authenticated to along with the shared VNs.
Config API server does ownership access check to take care of this which needs to be done for analytics api too.
(Pdb) pp connections.
'ctest-
(Pdb) pp connections.
ctest-TestAnaly
[{u'href': u'http://
u'name': u'default-
{u'href': u'http://
u'name': u'default-
{u'href': u'http://
u'name': u'default-
{u'href': u'http://
u'name': u'default-
{u'href': u'http://
u'name': u'default-
{u'href': u'http://
u'name': u'default-
(Pdb)
RBAC rule is virtual-network.* CRUD for tenant-user under tenant ctest-TestAnaly
tags: | added: blocker releaseblocker |
Root-cause same as https:/ /bugs.launchpad .net/juniperope nstack/ trunk/+ bug/1728324