]> review.fuel-infra Code Review - openstack-build/cinder-build.git/commitdiff
Code Review / openstack-build / cinder-build.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 34f07c6)
Set default policy for "volume:get"
authorliyingjun <yingjun.li@kylin-cloud.com>
Fri, 17 Jul 2015 07:48:18 +0000 (15:48 +0800)
committerliyingjun <yingjun.li@kylin-cloud.com>
Fri, 17 Jul 2015 07:48:18 +0000 (15:48 +0800)
Currently, there is no policy check defined for "volume:get", so
everyone can get another tenant's volume detail by UUID. It's necessary
to set policy to "rule:admin_or_owner" for "volume:get" by default.

Change-Id: Iefdf7e5703a28856b20d97a885267c01bed6bbb4
Closes-bug: #1475422

etc/cinder/policy.json patch | blob | history

diff --git a/etc/cinder/policy.json b/etc/cinder/policy.json
index 42d157b2aa909fa13ad3e2e6e02fb6179d4c5473..ee319f71c1c877ab7730ed3f84b6a129982c21db 100644 (file)
--- a/etc/cinder/policy.json
+++ b/etc/cinder/policy.json
@@ -7,7 +7,7 @@
 
     "volume:create": "",
     "volume:delete": "",
-    "volume:get": "",
+    "volume:get": "rule:admin_or_owner",
     "volume:get_all": "",
     "volume:get_volume_metadata": "",
     "volume:get_volume_admin_metadata": "rule:admin_api",