commit 6303741be2394de9301f03f28f7ad20216aad7f6
Author: Goutham Pacha Ravi <email address hidden>
Date: Wed Sep 14 22:13:11 2022 -0700
[RBAC] Return 404 if share is inaccessible
When a user is prevented from listing a non-public
share, the API service would return a 403 Forbidden.
This isn't consistent with the API SIG's guidance
on resources restricted by virtue of RBAC policy since
users with malicious intent may use the signal to
mean that the resource exists.
Depends-On: I27fdd7dfffeb15965b66dbb3f6b1568c11ff9ad4
Change-Id: I7e05dcb343c932cc7fec8d395919053d0a1801ce
Closes-Bug: #1901210
Signed-off-by: Goutham Pacha Ravi <email address hidden>
Reviewed: https:/ /review. opendev. org/c/openstack /manila/ +/857807 /opendev. org/openstack/ manila/ commit/ 6303741be2394de 9301f03f28f7ad2 0216aad7f6
Committed: https:/
Submitter: "Zuul (22348)"
Branch: master
commit 6303741be2394de 9301f03f28f7ad2 0216aad7f6
Author: Goutham Pacha Ravi <email address hidden>
Date: Wed Sep 14 22:13:11 2022 -0700
[RBAC] Return 404 if share is inaccessible
When a user is prevented from listing a non-public
share, the API service would return a 403 Forbidden.
This isn't consistent with the API SIG's guidance
on resources restricted by virtue of RBAC policy since
users with malicious intent may use the signal to
mean that the resource exists.
Depends-On: I27fdd7dfffeb15 965b66dbb3f6b15 68c11ff9ad4 cc7fec8d3959190 53d0a1801ce
Change-Id: I7e05dcb343c932
Closes-Bug: #1901210
Signed-off-by: Goutham Pacha Ravi <email address hidden>