Designate Dashboard

Incorrect policy request for Zones dashboard

Bug #1949207 reported by Vadym Markov on 2021-10-29

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Designate Dashboard	New	Undecided	Unassigned

Bug Description

Currently, default policy for 'create_recordset' is '(role:admin and system_scope:all) and ('SECONDARY':%(zone_type)s)' . This rule is scoped to single zone and needs to pass 'zone_type' in policy request target. But for now, only single request without any payload is passed. It leads to 'allowed' response for every zone if policy file is absent, and to 'not allowed' for every zone if default policy file deployed correctly.

Revision history for this message

Vadym Markov (vmarkov) wrote on 2021-11-24:

Proposed WIP patch

https://review.opendev.org/c/openstack/designate-dashboard/+/816189

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.