Comment 3 for bug 1824442

Revision history for this message
Jeremy Stanley (fungi) wrote :

Okay, so to clarify further, the Manila API has privileged access to data provided by the Neutron API and is either unaware as to which pieces are restricted by admin policy or is able to find out but has not implemented a comparable filter... or is it that Manila is performing the related Neutron query with its service credentials when it should be proxying the user's credentials for this particular purpose?

Alternatively, is it expected that operators should set similar policy filters in both Neutron and Manila to avoid this condition, but that it's not clearly documented?