openstack
/
ironic
Code Issues Proposed changes
ironic/ironic/api
History
Julia Kreger e9dfe5ddaa Port/Portgroup project scoped access 
This patch implements the project scoped rbac policies for a
system and project scoped deployment of ironic. Because of the
nature of Ports and Portgroups, along with the subcontroller
resources, this change was a little more invasive than was
originally anticipated. In that process, along with some
discussion in the #openstack-ironic IRC channel, that it
would be most security concious to respond only with 404s if
the user simply does not have access to the underlying node
object.

In essence, their view of the universe has been restricted as
they have less acess rights, and we appropriately enforce that.
Not expecting that, or not conciously being aware of that, can
quickly lead to confusion though. Possibly a day or more of
Julia's life as well, but it comes down to perceptions and
awareness.

Change-Id: I68c5f2bae76ca313ba77285747dc6b1bc8b623b9
 		2021-03-02 15:45:03 -08:00
..
controllers Port/Portgroup project scoped access 2021-03-02 15:45:03 -08:00
middleware Encapsulate auth_token middleware 2020-05-15 09:49:54 +12:00
__init__.py Abstract away pecan.request/response 2019-07-16 17:47:13 +02:00
app.py Enable Basic HTTP authentication middleware 2020-06-05 01:15:08 +12:00
config.py Fix W504 errors 2018-05-09 06:11:30 -07:00
functions.py Use getfullargspec to inspect functions 2020-07-01 17:25:09 +02:00
hooks.py Enable Basic HTTP authentication middleware 2020-06-05 01:15:08 +12:00
method.py JSON conversion followup change 2020-11-26 11:05:48 +13:00
wsgi.py Make oslo.i18n an optional dependency 2020-04-02 14:10:21 +02:00