os-attach-interfaces API policy is allowed for everyone even policy defaults is admin_or_owner
Bug #1861464 reported by
Ghanshyam Mann
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
Low
|
John Garbutt |
Bug Description
os-attach-
We can see the test trying with other project context can access the API
- https:/
This is because API does not pass the server project_id in policy target
- https:/
and if no target is passed then, policy.py add the default targets which is nothing but context.project_id (allow for everyone try to access)
- https:/
tags: | added: policy-defaults-refresh |
tags: | added: policy |
Changed in nova: | |
assignee: | Ghanshyam Mann (ghanshyammann) → John Garbutt (johngarbutt) |
To post a comment you must log in.
Fix proposed to branch: master /review. opendev. org/705135
Review: https:/