Comment 3 for bug 1933269

Revision history for this message
Erno Kuvaja (jokke) wrote :

So first of all this behaviour is not just when Secure RBAC is enabled, project scoping just did not change the situation as it should have.

If Project (Tenant) X has admin account expected to be scoped as _Secure_ RBAC defines it and that project scoped admin in fact has admin privileges across all tenants, is able to access and modify all images in the system, yeah it is a security issue. Makes me even more worried if it was deliberately made so, yet not documented. I did not test this but I'm assuming it behaves the same way across domains as well.

This makes multitenancy interoperability impossible with any APIs that actually expects projects having properly scoped roles and needs admin accounts.

Unlike the rest of the Secure RBAC work this also needs to be addressed only in one place https://opendev.org/openstack/glance/src/branch/master/glance/api/policy.py#L99-L106 to be effective.