Octavia needs to validate the requester has permission to create/update objects
Bug #1662985 reported by
Michael Johnson
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| octavia |
Fix Released
|
High
|
Michael Johnson | ||
Bug Description
Once keystone is available we need to make sure we are validating that the user has permission for the resources they are accessing.
1. Make sure that requests specifying a project id (lb create) either matches the requester project ID or is an admin role users.
2. Make sure any requests for objects (load_balancer, listener, etc.) have a keystone project_id that matches the object's project_id or has an admin role.
This can be implemented as a hook.
| Changed in octavia: | |
| status: | Triaged → In Progress |
| assignee: | nobody → Michael Johnson (johnsom) |
Revision history for this message
| Michael Johnson (johnsom) wrote | #1 |
| Changed in octavia: | |
| status: | In Progress → Fix Released |
To post a comment you must log in.
Last patch in the chain: https:/