[Yahoo-eng-team] [Bug 1782840] [NEW] No policy enforcement for several delete metadef APIs

2018-07-20 Thread Rick Bartra
Public bug reported: There is no policy enforcement for the following APIs: Delete namespace: https://developer.openstack.org/api-ref/image/v2 /metadefs-index.html#delete-namespace Delete object: https://developer.openstack.org/api-ref/image/v2 /metadefs-index.html#delete-object Remove resource

[Yahoo-eng-team] [Bug 1778994] [NEW] Compute services (os-services) API not granular enough by policy and code

2018-06-27 Thread Rick Bartra
hieve RBAC granularity, new policy actions should be introduced and checked by the os-services API. ** Affects: nova Importance: Undecided Assignee: Rick Bartra (rb560u) Status: New ** Changed in: nova Assignee: (unassigned) => Rick Bartra (rb560u) -- You received this bug

[Yahoo-eng-team] [Bug 1675147] [NEW] Compute flavor management not granular enough by policy and code

2017-03-22 Thread Rick Bartra
Public bug reported: We need the Nova policy and code to support more granularity (i.e. Create/Read/Update/Delete) for Flavor management. Current policy check only checks os_compute_api:os-flavor-manage and action(s) are missing in the nova policy-in-code. Each API should have its own policy actio

[Yahoo-eng-team] [Bug 1638344] [NEW] Horizon checks a neutron policy.json action that does not exists - "remove_router" doesn't exists in the neutron policy.json

2016-11-01 Thread Rick Bartra
Public bug reported: Horizon checks the "remove_router" neutron action which doesn't exists in the neutron policy.json. Neutron also doesn't check the "remove_router" action in the policy.json when performing the "neutron firewall-update --no-routers" CLI command. Horizon policy check: https: