commit 46415541a790869d9f5a5a5cc821852730b98149
Author: Rajat Dhasmana <email address hidden>
Date: Tue Jan 11 04:56:51 2022 -0500
Volume transfers: Remove duplicate policy check
There is an initial policy check in the transfers accept API[1]
which validates correctly if the user is authorized to perform
the operation or not. However, we've a duplicate check in the volume
API layer which passes a target object (volume) while authorizing
which is wrong for this API. While authorizing, we enforce check on
the project id of the target object i.e. volume in this case which,
before the transfer operation is completed, contains the project id
of source project hence making the validation wrong.
In the case of transfers API, any project is able to accept the transfer
given they've the auth key required to secure the transfer accept
So this patch removes the duplicate policy check.
Reviewed: https:/ /review. opendev. org/c/openstack /cinder/ +/824474 /opendev. org/openstack/ cinder/ commit/ 46415541a790869 d9f5a5a5cc82185 2730b98149
Committed: https:/
Submitter: "Zuul (22348)"
Branch: stable/xena
commit 46415541a790869 d9f5a5a5cc82185 2730b98149
Author: Rajat Dhasmana <email address hidden>
Date: Tue Jan 11 04:56:51 2022 -0500
Volume transfers: Remove duplicate policy check
There is an initial policy check in the transfers accept API[1]
which validates correctly if the user is authorized to perform
the operation or not. However, we've a duplicate check in the volume
API layer which passes a target object (volume) while authorizing
which is wrong for this API. While authorizing, we enforce check on
the project id of the target object i.e. volume in this case which,
before the transfer operation is completed, contains the project id
of source project hence making the validation wrong.
In the case of transfers API, any project is able to accept the transfer
given they've the auth key required to secure the transfer accept
So this patch removes the duplicate policy check.
[1] https:/ /opendev. org/openstack/ cinder/ src/branch/ master/ cinder/ transfer/ api.py# L225
Conflicts:
cinder/ volume/ api.py
Closes-Bug: #1950474 d9d8bbf7e6e9145 8db7e5654be 72391563927acb0 86fdbe5e5c)
Change-Id: I3930bff90df835
(cherry picked from commit 7ba9935a6e1e8a5