*** This bug is a security vulnerability ***
Public security bug reported:
The typical config has nova using the 'neutron' user in the 'service' project
to do operations against Neutron. The 'neutron' user should not require the
'admin' role on the 'service' project to do all the operations it needs to do
against Neutron. Neutron's default policy.json should allow the 'neutron' user
(i.e., users with the 'service' role) to do all the operations it needs to do
against Neutron, rather than requiring 'admin'.
Nova is allocating networks and creating ports, so these operations need
to allow the 'service' role to perform these operations, too.
** Affects: neutron
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1445475
Title:
neutron service user should not require admin
Status in OpenStack Neutron (virtual network service):
New
Bug description:
The typical config has nova using the 'neutron' user in the 'service' project
to do operations against Neutron. The 'neutron' user should not require the
'admin' role on the 'service' project to do all the operations it needs to do
against Neutron. Neutron's default policy.json should allow the 'neutron' user
(i.e., users with the 'service' role) to do all the operations it needs to do
against Neutron, rather than requiring 'admin'.
Nova is allocating networks and creating ports, so these operations
need to allow the 'service' role to perform these operations, too.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1445475/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
