tempest/add-volume-detach-libs-2cbb3ca924aed0ac.yaml at cfdbbb0ac3d29be21ddd85fd0befb64c45b95424 - tempest - OpenDev: Free Software Needs Free Tools

openstack/tempest

Gorka Eguileor cbaf22e85d Add tests to check attachments are secure

A vulnerability was detected in Cinder that could allow users to access
other people's volumes.

The solution was to limit some of the operations on attached volumes to
only OpenStack services.

This patch adds some negative tests to check that a user cannot directly
call Cinder to detach a volume, force detach it, terminate its
connection, or delete its attachment.

Depends-On: I612905a1bf4a1706cce913c0d8a6df7a240d599a
Related-Bug: #2004555
Change-Id: Ice6532ce7943e9a9363e443515946865541d09c2

2023-05-17 11:06:32 -07:00

6 lines

128 B

YAML

Raw Blame History

 ---
 features:
   - |
     Add delete_attachment to the v3 AttachmentsClient and terminate_connection
     to the v3 VolumesClient.