clustertemplate:publish should be admin only by default

Bug #1687887 reported by Ricardo Rocha
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Magnum
Fix Released
Undecided
Ricardo Rocha

Bug Description

Current the default magnum policy has clustertemplate:publish being rule:admin_or_owner, which means any user can create a public cluster template.

Change this to rule:admin_api to make the operation admin only by default.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to magnum (master)

Fix proposed to branch: master
Review: https://review.openstack.org/462058

Changed in magnum:
assignee: nobody → Ricardo Rocha (rocha-porto)
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to magnum (master)

Reviewed: https://review.openstack.org/462058
Committed: https://git.openstack.org/cgit/openstack/magnum/commit/?id=12052b1253782655397a26b1c50a0a2b7b539eaa
Submitter: Jenkins
Branch: master

commit 12052b1253782655397a26b1c50a0a2b7b539eaa
Author: Ricardo Rocha <email address hidden>
Date: Wed May 3 11:47:05 2017 +0200

    Set clustertemplate:publish to admin only

    Set the clustertemplate:publish policy to be admin only by default -
    currently it is admin_or_user, which means any openstack user can create
    a public cluster template.

    Update tests for bay model and cluster template, splitting tests
    requiring admin credentials into a separate class.

    Change-Id: I0bfb57c569863f1ecf7d697cd5ac161a9a710432
    Closes-Bug: #1687887

Changed in magnum:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to magnum (stable/ocata)

Fix proposed to branch: stable/ocata
Review: https://review.openstack.org/462728

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to magnum (stable/ocata)

Reviewed: https://review.openstack.org/462728
Committed: https://git.openstack.org/cgit/openstack/magnum/commit/?id=bf8a7d986a03592903725b2588fb67880e18686a
Submitter: Jenkins
Branch: stable/ocata

commit bf8a7d986a03592903725b2588fb67880e18686a
Author: Ricardo Rocha <email address hidden>
Date: Wed May 3 11:47:05 2017 +0200

    Set clustertemplate:publish to admin only

    Set the clustertemplate:publish policy to be admin only by default -
    currently it is admin_or_user, which means any openstack user can create
    a public cluster template.

    Update tests for bay model and cluster template, splitting tests
    requiring admin credentials into a separate class.

    Change-Id: I0bfb57c569863f1ecf7d697cd5ac161a9a710432
    Closes-Bug: #1687887
    (cherry picked from commit 12052b1253782655397a26b1c50a0a2b7b539eaa)

tags: added: in-stable-ocata
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/magnum 4.1.2

This issue was fixed in the openstack/magnum 4.1.2 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/magnum 5.0.0

This issue was fixed in the openstack/magnum 5.0.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.