** Changed in: nova Status: Incomplete => Invalid -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1246987
Title: check_policy does not work correctly Status in OpenStack Compute (Nova): Invalid Bug description: function check_policy(context, 'method', target) If target is instance object, this check_policy function does not work like expected. Because target is not dict. e.g. /etc/nova/policy.json: "startstop_api": "is_admin:True or (project_id:%(project_id)s and role:comp_startstop and user_id:%(user_id)s)", "compute:start": "rule:startstop_api", "compute:stop": "rule:startstop_api", above controls does not work never. ./nova/compute/api.py should revise. I fixed like below. [root@nova-all0001 compute]# diff -rup api.old.py api.py --- api.old.py 2013-11-01 15:42:22.086922939 +0900 +++ api.py 2013-11-01 14:38:12.407905965 +0900 @@ -194,7 +194,10 @@ def policy_decorator(scope): def outer(func): @functools.wraps(func) def wrapped(self, context, target, *args, **kwargs): - check_policy(context, func.__name__, target, scope) + if not isinstance(target, dict): # Y.Kawada + r_target = dict(target.iteritems()) + + check_policy(context, func.__name__, r_target, scope) return func(self, context, target, *args, **kwargs) return wrapped return outer To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1246987/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp