non-admin shouldn't get the ['host', 'traceback'] of os-instance-actions's events
Bug #1866292 reported by
Brin Zhang
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
In https:/
In microversion 2.62, 2.58 and 2.51 we checeked the non admin get response, but ['traceback'] (2.58 and 2.51) and ['host', 'traceback'](2.62) just only get by admin role [2].
Bellow error comes from https:/
Exception info see http://
https:/ /review. opendev. org/#/c/ 706179/ 8 what happen is, in my patch where I deprecated wrong policy rule, event policy is deprecated with admin_or_owner and so does non-admin was able to access the traceback of events.