openstack
/
openstack
Code Issues Proposed changes

Update git submodules 

* Update neutron from branch 'master'
  to aef2f285e4f3cd379d16476698c85328e9a60551
  - Merge "[S-RBAC] Fix policies for CUD subnets APIs"
  - [S-RBAC] Fix policies for CUD subnets APIs
    
    In new, secure RBAC policies for create subnet there was
    rule "ADMIN_OR_PROJECT_MEMBER" used and that was wrong as this rule is
    basically allows any member (PROJECT_MEMBER) create subnet in networks
    visible to them, not necessarily this project needs to be owner of that
    network. So it allowed users to create new subnets in the shared or
    provider networks as well.
    Now policy for create subnet is ADMIN OR NET_OWNER_MEMBER to avoid that.
    
    Additionally this patch also fixes policies for update and delete subnet
    APIs where there was rule NET_OWNER used and that effectively allowed to
    update or delete subnet to the network owner who has READER role only.
    Now this is also fixed by using NET_OWNER_MEMBER rule instead.
    
    Closes-Bug: #2023679
    
    Change-Id: Ia494872b58f368581fb29fa40b7da17e1071db22
This commit is contained in:
Zuul 2023-06-22 11:51:33 +00:00 committed by Gerrit Code Review
parent bbe709ee40
commit 8a8c712d53
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
neutron

@ -1 +1 @@
Subproject commit 8887cdf5d3955021b4e9a51b7f88c75531650581
Subproject commit aef2f285e4f3cd379d16476698c85328e9a60551