I've switched the security advisory task to "won't fix" since this
shouldn't need an advisory published (class Y bug per
https://wiki.openstack.org/wiki/Vulnerability_Management#Incident_report_taxonomy
).
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1429126
Title:
miss moving unlock_override policy enforcement into V2.1 REST API
layer
Status in OpenStack Compute (Nova):
Confirmed
Status in OpenStack Security Advisories:
Won't Fix
Bug description:
Commit 01be083 misses unlock_override policy check in V2.1 REST API
layer.
The V2.1 REST API can always call this policy check, for this is no
skip_policy_check coniditon in underlying layer.
But for V2.1 API, we should not check any policy in underlying layer.
This is the principle of V2.1 API policy.
https://blueprints.launchpad.net/openstack/?searchtext=v3-api-policy
https://review.openstack.org/#/c/147782/ has cleaned it. But it miss this
one.
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1429126/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
