Public bug reported:
Update of Neutron object tags ignores policies for this object update.
So, reader user can update tags for all objects of his project
Reproduced on Devstack - Yoga. Newer releases up to master have no
changes here, so also should be affected
Steps to reproduce:
All operations in default alt_demo project, which has all needed users
provisioned by default
1. Create network object, i.e. floating ip using alt_demo user - as project
admin
2. Re-login as alt_demo_reader and try to update tags for this floating
Tags are updated successfully, but reader user has no rights for
floating update - "update_floatingip" policy enabled for at least member
** Affects: neutron
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2037002
Title:
Reader can update object tag
Status in neutron:
New
Bug description:
Update of Neutron object tags ignores policies for this object update.
So, reader user can update tags for all objects of his project
Reproduced on Devstack - Yoga. Newer releases up to master have no
changes here, so also should be affected
Steps to reproduce:
All operations in default alt_demo project, which has all needed users
provisioned by default
1. Create network object, i.e. floating ip using alt_demo user - as project
admin
2. Re-login as alt_demo_reader and try to update tags for this floating
Tags are updated successfully, but reader user has no rights for
floating update - "update_floatingip" policy enabled for at least
member
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2037002/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
