osdir.com

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Openstack-security] [Bug 1792047] Re: keystone rbacenforcer not populating policy dict with view args


Reviewed:  https://review.openstack.org/601875
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=4975b79e8174587f7639347939cf679460d4896b
Submitter: Zuul
Branch:    master

commit 4975b79e8174587f7639347939cf679460d4896b
Author: morgan fainberg <morgan.fainberg at gmail.com>
Date:   Tue Sep 11 16:03:54 2018 -0700

    Ensure view args is in policy dict
    
    The policy_dict (in enforcement) was not populating the view args
    in a similar manner to the old style @protected decorator. This
    change ensures that we mirror the old behavior (required for
    proper use of v3cloud policy).
    
    Change-Id: Ida9009a95a874be9cc60c3152d4e3225726562eb
    Partial-Bug: #1776504
    Closes-Bug: #1792047


** Changed in: keystone
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of OpenStack
Security SIG, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1792047

Title:
  keystone rbacenforcer not populating policy dict with view args

Status in OpenStack Identity (keystone):
  Fix Released
Status in OpenStack Identity (keystone) rocky series:
  In Progress
Status in OpenStack Identity (keystone) stein series:
  Fix Released

Bug description:
  The old @protected decorator pushed the view arguments into the
  policy_dict for enforcement purposes[0]. This was missed in the new
  RBACEnforcer.

  [0]
  https://github.com/openstack/keystone/blob/294ca38554bb229f66a772e7dba35a5b08a36b20/keystone/common/authorization.py#L152

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1792047/+subscriptions