Cinder

  1. Bug #1472031
  2. Comment #23

Comment 23 for bug 1472031

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to cinder (master)

Reviewed: https://review.openstack.org/217899
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=7686777023b6703230850280be895c154ef8f07d
Submitter: Jenkins
Branch: master

commit 7686777023b6703230850280be895c154ef8f07d
Author: Anna Sortland <email address hidden>
Date: Thu Aug 27 15:36:11 2015 -0500

    Earlier authority check for create volume API

    create() API in cinder/volume/api.py does the authority check
    in cinder/volume/flows/api/create_volume.py.
    This creates potential for disclosing information during error checking
    prior to user authorization being checked.
    This fix will do authority check to create() itself, so that
    it is done before proceeding with the rest of code flow.

    Change-Id: I27dbdf5f3ae4e3d681cdbf77df10706721254ffc
    Closes-Bug: #1472031