OpenStack Security Advisory

  1. Bug #1824248
  2. Comment #61

Comment 61 for bug 1824248

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/stein)

Reviewed: https://review.opendev.org/688716
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=47890e9b85826951387fedb57ab474bd20ab1c3b
Submitter: Zuul
Branch: stable/stein

commit 47890e9b85826951387fedb57ab474bd20ab1c3b
Author: Slawek Kaplonski <email address hidden>
Date: Thu Sep 12 22:02:52 2019 +0200

    List SG rules which belongs to tenant's SG

    In case when user's security group contains rules created e.g.
    by admin, and such rules has got admin's tenant as tenant_id,
    owner of security group should be able to see those rules.
    Some time ago this was addressed for request:

    GET /v2.0/security-groups/<sec_group_id>

    But it is also required to behave in same way for

    GET /v2.0/security-group-rules

    So this patch fixes this behaviour for listing of security
    group rules.
    To achieve that this patch also adds new policy rule:
    ADMIN_OWNER_OR_SG_OWNER which is similar to already existing
    ADMIN_OWNER_OR_NETWORK_OWNER used e.g. for listing or creating
    ports.

    Change-Id: I09114712582d2d38d14cf1683b87a8ce3a8e8c3c
    Closes-Bug: #1824248
    (cherry picked from commit b898d2e3c08b50e576ee849fbe8614c66f360c62)