Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / tempest / cbaf22e85dc4b4ee819bc69ad9a294d3f85b372e
commitcbaf22e85dc4b4ee819bc69ad9a294d3f85b372e[log] [tgz]
authorGorka Eguileor <geguileo@redhat.com>Thu Apr 20 17:09:43 2023 +0200
committerDan Smith <dansmith@redhat.com>Wed May 17 11:06:32 2023 -0700
treedba1758c8b9da6c21010fafee6f9dd0b04596d11
parente5da6756b9e7fb8fbedade5d3a428e0a8bff94ff [diff]
Add tests to check attachments are secure

A vulnerability was detected in Cinder that could allow users to access
other people's volumes.

The solution was to limit some of the operations on attached volumes to
only OpenStack services.

This patch adds some negative tests to check that a user cannot directly
call Cinder to detach a volume, force detach it, terminate its
connection, or delete its attachment.

Depends-On: I612905a1bf4a1706cce913c0d8a6df7a240d599a
Related-Bug: #2004555
Change-Id: Ice6532ce7943e9a9363e443515946865541d09c2
6 files changed
tree: dba1758c8b9da6c21010fafee6f9dd0b04596d11
  1. doc/
  2. etc/
  3. playbooks/
  4. releasenotes/
  5. roles/
  6. tempest/
  7. tools/
  8. zuul.d/
  9. .coveragerc
  10. .gitignore
  11. .gitreview
  12. .mailmap
  13. .stestr.conf
  14. bindep.txt
  15. CONTRIBUTING.rst
  16. HACKING.rst
  17. LICENSE
  18. README.rst
  19. requirements.txt
  20. REVIEWING.rst
  21. setup.cfg
  22. setup.py
  23. test-requirements.txt
  24. tox.ini