Octavia needs to validate the requester has permission to create/update objects
Bug #1662985 reported by
Michael Johnson
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
octavia |
Fix Released
|
High
|
Michael Johnson |
Bug Description
Once keystone is available we need to make sure we are validating that the user has permission for the resources they are accessing.
1. Make sure that requests specifying a project id (lb create) either matches the requester project ID or is an admin role users.
2. Make sure any requests for objects (load_balancer, listener, etc.) have a keystone project_id that matches the object's project_id or has an admin role.
This can be implemented as a hook.
Changed in octavia: | |
status: | Triaged → In Progress |
assignee: | nobody → Michael Johnson (johnsom) |
To post a comment you must log in.
Last patch in the chain: https:/ /review. openstack. org/#/c/ 475980/