oslo.policy

  1. Bug #1943584
  2. Comment #0

Comment 0 for bug 1943584

Revision history for this message
Mitya Eremeev (mitos) wrote :

1. There is no main policy file (policy.yaml or policy.json),
but there are 2 policy files in policy directory:

# ls /etc/octavia/
certs logging.conf octavia.conf policy.d

# ls /etc/octavia/policy.d/
01-default.yaml 02-custom.yaml

# cat /etc/octavia/policy.d/01-default.yaml
load-balancer:member_and_owner: (role:load-balancer_member or role:member) and rule:load-balancer:owner

# cat /etc/octavia/policy.d/02-custom.yaml
os_load-balancer_api:loadbalancer:get_all: '!'
os_load-balancer_api:pool:get_all: '!'

2. An user with member role asks loadbalancer list and gets response:
Unrecognized schema in response body. (HTTP 403)

3. empty file /etc/octavia/policy.d/02-custom.yaml

# cat /etc/octavia/policy.d/02-custom.yaml
{}

2. An user with member role asks loadbalancer list and gets response:
Unrecognized schema in response body. (HTTP 403)

actual behavior:
user was denied to get loadbalancer list

expected behavior:
User got loadbalancer list