openstack
/
nova
Code Issues Proposed changes
nova/nova/api/openstack/compute
History
Ghanshyam Mann 58701be615 Fix os-ips policy to be admin_or_owner 
os-ips API policy is default to admin_or_owner[1] but API
is allowed for everyone.

We can see the test trying with other project context can access the API
- https://review.opendev.org/#/c/715477

This is because API does not pass the server project_id in policy target[2]
and if no target is passed then, policy.py add the default targets which is
nothing but context.project_id (allow for everyone who try to access)[3]

This commit fix this policy by passing the server's project_id in policy
target.

Closes-bug: #1869396
[1] eaf08c0b7b/nova/policies/ips.py (L27)

Change-Id: Ie7bcb6537f90813cc5b23d69c886037d25b15a42
 		2020-03-28 20:56:46 -05:00
..
schemas Define Cyborg ARQ binding notification event. 2020-03-01 13:52:51 -08:00
views Merge "Fix os-keypairs pagination links" 2020-03-09 12:25:11 +00:00
__init__.py Use plain routes list for '/servers' endpoint instead of stevedore 2017-04-25 22:38:33 +08:00
admin_actions.py Ensure controllers all call super 2019-06-15 16:40:00 +01:00
admin_password.py Ensure controllers all call super 2019-06-15 16:40:00 +01:00
agents.py Multiple API cleanup changes 2019-08-12 08:52:38 -05:00
aggregates.py Validate id as integer for os-aggregates 2020-03-06 12:46:12 +01:00
assisted_volume_snapshots.py Pass the actual target in os-assisted_volume_snapshots policy 2020-03-02 11:52:52 +00:00
attach_interfaces.py Add new default roles in os-atttach-inerfaces policies 2020-03-07 06:28:14 +08:00
availability_zone.py Pass the actual target in os-availability-zone policy 2020-03-04 09:46:41 +00:00
baremetal_nodes.py trivial: Remove dead code 2019-12-12 10:55:02 +00:00
cells.py Remove '/os-cells' REST APIs 2019-04-16 18:26:13 +01:00
certificates.py Remove extensions module 2017-12-20 11:35:38 +08:00
cloudpipe.py Remove extensions module 2017-12-20 11:35:38 +08:00
console_auth_tokens.py Remove nova-consoleauth 2019-07-05 15:04:47 +00:00
console_output.py Fix os-console-output policy to be admin_or_owner 2020-03-05 15:32:02 +00:00
consoles.py Remove 'os-consoles' API 2019-11-22 16:09:36 +00:00
create_backup.py Fix os-create-backup policy to be admin_or_owner 2020-03-06 01:39:03 +00:00
deferred_delete.py Add new default roles in os-deferred_delete policies 2020-03-05 13:20:30 -06:00
evacuate.py Add service version check for evacuate with qos 2020-03-18 19:06:45 +01:00
extension_info.py Remove unused methods 2019-09-04 15:26:59 +09:00
fixed_ips.py Remove support for /os-fixed-ips REST API 2018-06-26 09:20:28 -04:00
flavor_access.py Remove extensions module 2017-12-20 11:35:38 +08:00
flavor_manage.py Remove unnecessary parentheses 2020-02-25 09:00:01 +00:00
flavors.py Multiple API cleanup changes 2019-08-12 08:52:38 -05:00
flavors_extraspecs.py Remove extensions module 2017-12-20 11:35:38 +08:00
floating_ip_dns.py Remove support for /os-floating-ip-dns REST API 2018-07-18 22:23:45 -04:00
floating_ip_pools.py nova-net: Remove layer of indirection in 'nova.network' 2020-01-15 14:57:49 +00:00
floating_ips.py nova-net: Remove unnecessary exception handling, mocks 2020-02-18 11:45:39 +00:00
floating_ips_bulk.py Remove support for /os-floating-ips-bulk REST API 2018-07-18 22:23:45 -04:00
fping.py Remove support for /os-fping REST API 2018-05-10 15:26:13 -04:00
helpers.py remove personality extension 2016-06-24 14:44:53 -04:00
hosts.py nova-net: Remove references to nova-net service from tests 2019-11-29 17:20:02 +00:00
hypervisors.py Remove unnecessary parentheses 2020-02-25 09:00:01 +00:00
image_metadata.py Remove 'nova.image.api' module 2020-02-18 11:45:39 +00:00
images.py Remove 'nova.image.api' module 2020-02-18 11:45:39 +00:00
instance_actions.py Add new default roles in os-instance-actions policies 2020-03-19 09:35:54 +08:00
instance_usage_audit_log.py Ensure controllers all call super 2019-06-15 16:40:00 +01:00
ips.py Fix os-ips policy to be admin_or_owner 2020-03-28 20:56:46 -05:00
keypairs.py Adds view builders for keypairs controller 2019-10-22 18:02:45 +00:00
limits.py Multiple API cleanup changes 2019-08-12 08:52:38 -05:00
lock_server.py Ensure controllers all call super 2019-06-15 16:40:00 +01:00
migrate_server.py Add service version check for live migrate with qos 2020-03-18 19:03:13 +01:00
migrations.py Filter migrations by user_id/project_id 2019-10-14 11:35:11 -07:00
multinic.py nova-net: Remove unused nova-network objects 2020-02-18 13:19:43 +00:00
networks.py nova-net: Remove layer of indirection in 'nova.network' 2020-01-15 14:57:49 +00:00
networks_associate.py Remove (most) '/os-networks' REST APIs 2019-11-18 16:25:47 +00:00
pause_server.py Ensure controllers all call super 2019-06-15 16:40:00 +01:00
quota_classes.py nova-net: Remove 'networks' quota 2019-11-22 16:49:31 +00:00
quota_sets.py nova-net: Remove 'networks' quota 2019-11-22 16:49:31 +00:00
remote_consoles.py Ensure controllers all call super 2019-06-15 16:40:00 +01:00
rescue.py Ensure controllers all call super 2019-06-15 16:40:00 +01:00
rest_api_version_history.rst Non-Admin user can filter their instances by more filters 2020-03-15 17:35:49 +01:00
routes.py Add image caching API for aggregates 2019-10-15 21:22:31 -04:00
security_group_default_rules.py Remove 'os-security-group-default-rules' REST API 2019-11-18 16:25:47 +00:00
security_groups.py nova-net: Remove unused parameters 2020-02-18 14:07:58 +00:00
server_diagnostics.py Ensure controllers all call super 2019-06-15 16:40:00 +01:00
server_external_events.py Define Cyborg ARQ binding notification event. 2020-03-01 13:52:51 -08:00
server_groups.py Multiple API cleanup changes 2019-08-12 08:52:38 -05:00
server_metadata.py Ensure controllers all call super 2019-06-15 16:40:00 +01:00
server_migrations.py Merge "Remove compute compat checks for aborting queued live migrations" 2019-10-23 08:08:36 +00:00
server_password.py Ensure controllers all call super 2019-06-15 16:40:00 +01:00
server_tags.py Ensure controllers all call super 2019-06-15 16:40:00 +01:00
server_topology.py Remove unnecessary parentheses 2020-02-25 09:00:01 +00:00
servers.py Merge "Non-Admin user can filter their instances by more filters" 2020-03-26 14:29:46 +00:00
services.py Add new default roles in os-services API policies 2019-12-03 23:40:07 +00:00
shelve.py Enable unshelve with qos ports 2020-03-18 17:38:55 +01:00
simple_tenant_usage.py Multiple API cleanup changes 2019-08-12 08:52:38 -05:00
suspend_server.py Reject live migration and suspend on SEV guests 2019-09-10 13:59:02 +01:00
tenant_networks.py nova-net: Remove layer of indirection in 'nova.network' 2020-01-15 14:57:49 +00:00
versions.py Merge ResourceV21 obj into Resource obj 2017-12-21 19:33:35 +08:00
versionsV21.py Remove extensions module 2017-12-20 11:35:38 +08:00
virtual_interfaces.py Remove support for /os-virtual-interfaces REST API 2018-06-06 21:14:39 +00:00
volumes.py Fix os-volumes-attachments policy to be admin_or_owner 2020-03-06 15:25:16 +08:00
wsgi.py Add pbr-installed wsgi application for metadata api 2017-05-02 16:58:11 +00:00