Cinder

  1. Bug #1950474
  2. Comment #2

Comment 2 for bug 1950474

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to cinder (master)

Reviewed: https://review.opendev.org/c/openstack/cinder/+/824131
Committed: https://opendev.org/openstack/cinder/commit/7ba9935a6e1e8a572391563927acb086fdbe5e5c
Submitter: "Zuul (22348)"
Branch: master

commit 7ba9935a6e1e8a572391563927acb086fdbe5e5c
Author: Rajat Dhasmana <email address hidden>
Date: Tue Jan 11 04:56:51 2022 -0500

    Volume transfers: Remove duplicate policy check

    There is an initial policy check in the transfers accept API[1]
    which validates correctly if the user is authorized to perform
    the operation or not. However, we've a duplicate check in the volume
    API layer which passes a target object (volume) while authorizing
    which is wrong for this API. While authorizing, we enforce check on
    the project id of the target object i.e. volume in this case which,
    before the transfer operation is completed, contains the project id
    of source project hence making the validation wrong.
    In the case of transfers API, any project is able to accept the transfer
    given they've the auth key required to secure the transfer accept
    So this patch removes the duplicate policy check.

    [1] https://opendev.org/openstack/cinder/src/branch/master/cinder/transfer/api.py#L225

    Closes-Bug: #1950474
    Change-Id: I3930bff90df835d9d8bbf7e6e91458db7e5654be