[AAA-248] Incorrect behavior in aaa-policy in aaa version 0.17.2 (Netconf-5.0.0) - OpenDaylight JIRA

XML

Word

Printable

Details

Type: Bug
Status: Open
Priority: Medium
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
- aaa-0.17.2

Description

Using the Netconf version 5.0.0 and which includes aaa version 0.17.2.

While user is assigned with a policy to perform only 'GET' operation is also able to perform 'PUT' operation.

Step 1: Creation of user.

curl --user admin:admin --request POST 'http://<controller IP>:8181/auth/v1/users' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--data '

{ "name": "abc", "description": "User to perform only read operation", "enabled": 1, "email": "abc@xyz.com", "password": "abc@123", "domainid": "sdn" }

Step 2: Assigning role to the user

curl --user admin:admin --request POST 'http://<controller_IP>:8181/auth/v1/domains/sdn/users/abc@sdn/roles' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--data '

{ "roleid": "read_only@sdn", "domainid": "sdn" }

Step 3: Assigning policy to the role

{
"aaa:policies": [
{
"aaa:resource": "/rests/data/network-topology:network-topology/topology=topology-netconf/node=node_id/**",
"aaa:permissions": [

{ "aaa:role": "read_only", "aaa:actions": [ "get" ] }

]
}
]
}

Summary: User is assigned with authorization to perform 'GET' operation only but it is allowing to perform 'PUT' operation as well.

Attachments

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Venkatrangan Govindarajan

Reporter:: Arun Venkatesha

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 31/Jan/23 12:19 PM

Updated:: 31/Jan/23 12:19 PM