OpenStack Block Storage (Cinder)

Go to file

TommyLike 7391070474 Add missing 'target_obj' when perform policy check Generally, we have to pass target object to ``authorize`` when enforce policy check, but this is ignored during our develop and review process for a long time, and the potential issue is anyone can handle the target resource as ``authorize`` will always succeed if rule is defined ``admin_or_owner`` [1]. Luckily, for most of those APIs this security concern is protected by our database access code [2] that only project scope resource is allowed. However, there is one API that do have security issue when administrator change the rule into "admin_or_owner". 1. "volume reset_status", which cinder will update the resource directly in the database, procedure to reproduce bug is described on the launchpad. This patch intends to correct most of cases which can be easily figured out in case of future code changes. [1]: `73e6e3c147/cinder/context.py (L206)` [2]: `73e6e3c147/cinder/db/sqlalchemy/api.py (L3058)` [3]: `73e6e3c147/cinder/api/contrib/admin_actions.py (L161)` Partial-Bug: #1714858 Change-Id: I351b3ddf8dfe29da8d854d4038d64ca7be17390f		2018-03-19 19:02:00 +08:00
api-ref/source	Merge "Support cross AZ backups"	2018-03-18 01:26:19 +00:00
cinder	Add missing 'target_obj' when perform policy check	2018-03-19 19:02:00 +08:00
contrib/block-box	Bump up the API microversion in cinder.rc	2017-12-22 06:18:09 -08:00
doc	Merge "VMAX docs - prefix emc-vmax-driver.rst with 'dell-'"	2018-03-18 01:52:18 +00:00
etc/cinder	Remove utils.read_file_as_root()	2018-03-02 05:29:02 -05:00
playbooks/legacy/cinder-tempest-dsvm-lvm-lio-barbican	Rename lio job to lio-barbican	2018-01-30 14:41:56 -05:00
rally-jobs	Switch Rally Task To format V2	2017-10-13 08:37:57 +00:00
releasenotes	Merge "Adds a Cache for Volumes Created from Snapshots with Quobyte"	2018-03-18 01:26:38 +00:00
tools	Add policy documentation and sample file	2017-10-20 10:47:34 +08:00
.coveragerc	Update .coveragerc after the removal of openstack directory	2016-10-17 19:09:37 +05:30
.gitignore	Add doc/source/_static/cinder.policy.yaml.sample to .gitignore	2017-11-15 16:46:57 +09:00
.gitreview	Initial fork out of Nova.	2012-05-03 10:48:26 -07:00
.stestr.conf	Add .stestr.conf configuration	2017-10-10 00:46:42 +00:00
.zuul.yaml	Make the LVM Barbican job vote	2018-03-09 11:15:51 -05:00
CONTRIBUTING.rst	Optimize the link address	2017-04-08 15:03:44 +08:00
HACKING.rst	Fix wrong links in Cinder	2017-09-07 11:55:44 +08:00
LICENSE	Initial fork out of Nova.	2012-05-03 10:48:26 -07:00
README.rst	Update links in README	2018-03-11 00:09:35 +08:00
babel.cfg	Initial fork out of Nova.	2012-05-03 10:48:26 -07:00
bindep.txt	Do not explicitly list thin provisioning tools for RPM	2018-01-02 10:52:44 -06:00
driver-requirements.txt	Add driver-requirements entry for storpool	2018-01-02 09:54:49 -05:00
pylintrc	Use six to fix imports on Python 3	2015-06-11 17:19:19 +02:00
requirements.txt	Updated from global requirements	2018-03-14 05:24:52 +00:00
setup.cfg	Add python 3.5 in classifier	2018-02-05 13:04:04 -06:00
setup.py	Updated from global requirements	2017-03-02 23:53:29 +00:00
test-requirements.txt	Updated from global requirements	2018-02-01 07:06:24 +00:00
tox.ini	Merge "Enable hash randomization in unit tests"	2018-02-22 04:56:52 +00:00

README.rst

Team and repository tags

CINDER

You have come across a storage service for an open cloud computing service. It has identified itself as Cinder. It was abstracted from the Nova project.

Wiki: https://wiki.openstack.org/Cinder
Developer docs: https://docs.openstack.org/cinder/latest/

Getting Started

If you'd like to run from the master branch, you can clone the git repo:

git clone https://git.openstack.org/openstack/cinder.git

For developer information please see HACKING.rst

You can raise bugs here https://bugs.launchpad.net/cinder

Python client

https://git.openstack.org/cgit/openstack/python-cinderclient