OpenStack Security Advisory

  1. Bug #1824248
  2. Comment #60

Comment 60 for bug 1824248

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/train)

Reviewed: https://review.opendev.org/688715
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=a6b55d760bee4ea228a466cd45193f77eae53978
Submitter: Zuul
Branch: stable/train

commit a6b55d760bee4ea228a466cd45193f77eae53978
Author: Slawek Kaplonski <email address hidden>
Date: Thu Sep 12 22:02:52 2019 +0200

    List SG rules which belongs to tenant's SG

    In case when user's security group contains rules created e.g.
    by admin, and such rules has got admin's tenant as tenant_id,
    owner of security group should be able to see those rules.
    Some time ago this was addressed for request:

    GET /v2.0/security-groups/<sec_group_id>

    But it is also required to behave in same way for

    GET /v2.0/security-group-rules

    So this patch fixes this behaviour for listing of security
    group rules.
    To achieve that this patch also adds new policy rule:
    ADMIN_OWNER_OR_SG_OWNER which is similar to already existing
    ADMIN_OWNER_OR_NETWORK_OWNER used e.g. for listing or creating
    ports.

    Change-Id: I09114712582d2d38d14cf1683b87a8ce3a8e8c3c
    Closes-Bug: #1824248