rbac-create should return an duplicated error when use same 'object_id','object_type' and 'target_tenant'
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Won't Fix
|
Undecided
|
rajiv |
Bug Description
RBAC entry should be unique by combination of 'object_
But in fact, if we only change the 'action' value, we can get another entry with same 'object_
the process is:
[root@localhost devstack]# neutron rbac-create a539e28b-
Created a new rbac_policy:
+------
| Field | Value |
+------
| action | access_as_shared |
| id | 0897f09b-
| object_id | a539e28b-
| object_type | network |
| target_tenant | tenant_id |
| tenant_id | aced7a29bb134de
+------
[root@localhost devstack]# neutron rbac-create a539e28b-
Created a new rbac_policy:
+------
| Field | Value |
+------
| action | access_as_external |
| id | 2c12609e-
| object_id | a539e28b-
| object_type | network |
| target_tenant | tenant_id |
| tenant_id | aced7a29bb134de
+------
[root@localhost devstack]#
Changed in neutron: | |
assignee: | nobody → JianGang Weng (weng-jiangang) |
tags: | added: access-control |
tags: | added: low-hanging-fruit |
Changed in neutron: | |
assignee: | nobody → rajiv (rajiv-kumar) |
This bug is > 180 days without activity. We are unsetting assignee and milestone and setting status to Incomplete in order to allow its expiry in 60 days.
If the bug is still valid, then update the bug status.