diff options
author | Zuul <zuul@review.opendev.org> | 2021-09-17 13:56:28 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2021-09-17 13:56:28 +0000 |
commit | 667c6da08d423888f1df85d639fef058553f6169 (patch) | |
tree | 420ea29d8738c191e3d40a10cae3bc2ea1d34b1c | |
parent | 6b5215331622ba1dc15b5332a91752aa3ce0f6c4 (diff) | |
parent | 83b4c1144c4c3dda7fac887fd6bd5ea285cac7ea (diff) | |
download | cinder-stable/stein.tar.gz |
Merge "Correct group:reset_group_snapshot_status policy" into stable/steinstein-eolstable/stein
-rw-r--r-- | cinder/policies/group_snapshot_actions.py | 2 | ||||
-rw-r--r-- | releasenotes/notes/bug-1908315-020fea3e244d49bb.yaml | 38 |
2 files changed, 39 insertions, 1 deletions
diff --git a/cinder/policies/group_snapshot_actions.py b/cinder/policies/group_snapshot_actions.py index 6a766d602..e74e0b173 100644 --- a/cinder/policies/group_snapshot_actions.py +++ b/cinder/policies/group_snapshot_actions.py @@ -24,7 +24,7 @@ RESET_STATUS = 'group:reset_group_snapshot_status' group_snapshot_actions_policies = [ policy.DocumentedRuleDefault( name=RESET_STATUS, - check_str=base.RULE_ADMIN_OR_OWNER, + check_str=base.RULE_ADMIN_API, description="Reset status of group snapshot.", operations=[ { diff --git a/releasenotes/notes/bug-1908315-020fea3e244d49bb.yaml b/releasenotes/notes/bug-1908315-020fea3e244d49bb.yaml new file mode 100644 index 000000000..f5a227641 --- /dev/null +++ b/releasenotes/notes/bug-1908315-020fea3e244d49bb.yaml @@ -0,0 +1,38 @@ +--- +upgrade: + - | + This release contains a fix for `Bug #1908315 + <https://bugs.launchpad.net/cinder/+bug/1908315>`_, which changes the + default value of the policy governing the Block Storage API action + `Reset group snapshot status + <https://docs.openstack.org/api-ref/block-storage/v3/#reset-group-snapshot-status>`_ + to make the action administrator-only. This policy was inadvertently + changed to be admin-or-owner during the Queens development cycle. + + The policy is named ``group:reset_group_snapshot_status``. + + * If you have a custom value for this policy in your cinder policy + configuration file, this change to the default value will not affect + you. + * If you have been aware of this regression and like the current + (incorrect) behavior, you may add the following line to your cinder + policy configuration file to restore that behavior:: + + "group:reset_group_snapshot_status": "rule:admin_or_owner" + + This setting is *not recommended* by the Cinder project team, as it + may allow end users to put a group snapshot into an invalid status with + indeterminate consequences. + + For more information about the cinder policy configuration file, see the + `policy.yaml + <https://docs.openstack.org/cinder/latest/configuration/block-storage/samples/policy.yaml.html>`_ + section of the Cinder Configuration Guide. +fixes: + - | + `Bug #1908315 <https://bugs.launchpad.net/cinder/+bug/1908315>`_: Corrected + the default checkstring for the ``group:reset_group_snapshot_status`` + policy to make it admin-only. This policy governs the Block Storage API + action `Reset group snapshot status + <https://docs.openstack.org/api-ref/block-storage/v3/#reset-group-snapshot-status>`_, + which by default is supposed to be an adminstrator-only action. |