unpause server API policy is allowed for everyone even policy defaults is admin_or_owner
Bug #1869841 reported by
Ghanshyam Mann
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
Undecided
|
Ghanshyam Mann |
Bug Description
unpause server API policy is default to admin_or_owner[1] but API is allowed for everyone.
We can see the test trying with other project context can access the API
- https:/
This is because API does not pass the server project_id in policy target
- https:/
and if no target is passed then, policy.py add the default targets which is nothing but context.project_id (allow for everyone try to access)
- https:/
tags: | added: policy |
To post a comment you must log in.
Fix proposed to branch: master /review. opendev. org/716165
Review: https:/