** Changed in: nova
Status: Incomplete => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1246987
Title:
check_policy does not work correctly
Status in OpenStack Compute (Nova):
Invalid
Bug description:
function
check_policy(context, 'method', target)
If target is instance object, this check_policy function does not work like
expected.
Because target is not dict.
e.g.
/etc/nova/policy.json:
"startstop_api": "is_admin:True or (project_id:%(project_id)s and
role:comp_startstop and user_id:%(user_id)s)",
"compute:start": "rule:startstop_api",
"compute:stop": "rule:startstop_api",
above controls does not work never.
./nova/compute/api.py should revise.
I fixed like below.
[root@nova-all0001 compute]# diff -rup api.old.py api.py
--- api.old.py 2013-11-01 15:42:22.086922939 +0900
+++ api.py 2013-11-01 14:38:12.407905965 +0900
@@ -194,7 +194,10 @@ def policy_decorator(scope):
def outer(func):
@functools.wraps(func)
def wrapped(self, context, target, *args, **kwargs):
- check_policy(context, func.__name__, target, scope)
+ if not isinstance(target, dict): # Y.Kawada
+ r_target = dict(target.iteritems())
+
+ check_policy(context, func.__name__, r_target, scope)
return func(self, context, target, *args, **kwargs)
return wrapped
return outer
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1246987/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
