2021-09-14 12:25:05 |
Mitya Eremeev |
description |
1. There is no main policy file (policy.yaml or policy.json),
but there are 2 policy files in policy directory:
# ls /etc/octavia/
certs logging.conf octavia.conf policy.d
# ls /etc/octavia/policy.d/
01-default.yaml 02-custom.yaml
# cat /etc/octavia/policy.d/01-default.yaml
load-balancer:member_and_owner: (role:load-balancer_member or role:member) and rule:load-balancer:owner
# cat /etc/octavia/policy.d/02-custom.yaml
os_load-balancer_api:loadbalancer:get_all: '!'
os_load-balancer_api:pool:get_all: '!'
2. An user with member role asks loadbalancer list and gets response:
Unrecognized schema in response body. (HTTP 403)
3. empty file /etc/octavia/policy.d/02-custom.yaml
# cat /etc/octavia/policy.d/02-custom.yaml
{}
2. An user with member role asks loadbalancer list and gets response:
Unrecognized schema in response body. (HTTP 403)
actual behavior:
user was denied to get loadbalancer list
expected behavior:
User got loadbalancer list |
1. There is no main policy file (policy.yaml or policy.json),
but there are 2 policy files in policy directory:
# ls /etc/octavia/
certs logging.conf octavia.conf policy.d
# ls /etc/octavia/policy.d/
01-default.yaml 02-custom.yaml
# cat /etc/octavia/policy.d/01-default.yaml
load-balancer:member_and_owner: (role:load-balancer_member or role:member) and rule:load-balancer:owner
# cat /etc/octavia/policy.d/02-custom.yaml
os_load-balancer_api:loadbalancer:get_all: '!'
os_load-balancer_api:pool:get_all: '!'
2. An user with member role asks loadbalancer list and gets response:
Unrecognized schema in response body. (HTTP 403)
3. empty file /etc/octavia/policy.d/02-custom.yaml
# cat /etc/octavia/policy.d/02-custom.yaml
{}
4. An user with member role asks loadbalancer list and gets response:
Unrecognized schema in response body. (HTTP 403)
actual behavior:
user was denied to get loadbalancer list
expected behavior:
User got loadbalancer list |
|