From 5a4f399d6c3c675afab5a1bd961db6a39e37ac1b Mon Sep 17 00:00:00 2001
From: liyingjun <yingjun.li@kylin-cloud.com>
Date: Fri, 17 Jul 2015 15:48:18 +0800
Subject: [PATCH] Set default policy for "volume:get"

Currently, there is no policy check defined for "volume:get", so
everyone can get another tenant's volume detail by UUID. It's necessary
to set policy to "rule:admin_or_owner" for "volume:get" by default.

Change-Id: Iefdf7e5703a28856b20d97a885267c01bed6bbb4
Closes-bug: #1475422
---
 etc/cinder/policy.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/etc/cinder/policy.json b/etc/cinder/policy.json
index 42d157b2a..ee319f71c 100644
--- a/etc/cinder/policy.json
+++ b/etc/cinder/policy.json
@@ -7,7 +7,7 @@
 
     "volume:create": "",
     "volume:delete": "",
-    "volume:get": "",
+    "volume:get": "rule:admin_or_owner",
     "volume:get_all": "",
     "volume:get_volume_metadata": "",
     "volume:get_volume_admin_metadata": "rule:admin_api",
-- 
2.45.2