[AAA-248] Incorrect behavior in aaa-policy in aaa version 0.17.2 (Netconf-5.0.0) Created: 31/Jan/23  Updated: 31/Jan/23

Status: Open
Project: aaa
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Medium
Reporter: Arun Venkatesha Assignee: Venkatrangan Govindarajan
Resolution: Unresolved Votes: 0
Labels: aaa-0.17.2
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   

Using the Netconf version 5.0.0 and which includes aaa version 0.17.2.

While user is assigned with a policy to perform only 'GET' operation is also able to perform 'PUT' operation.

Step 1: Creation of user.

curl --user admin:admin --request POST 'http://<controller IP>:8181/auth/v1/users' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--data '

{     "name": "abc",     "description": "User to perform only read operation",     "enabled": 1,     "email": "abc@xyz.com",     "password": "abc@123",     "domainid": "sdn" }

'

Step 2: Assigning role to the user

curl --user admin:admin --request POST 'http://<controller_IP>:8181/auth/v1/domains/sdn/users/abc@sdn/roles' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--data '

{     "roleid": "read_only@sdn",     "domainid": "sdn" }

'

Step 3: Assigning policy to the role

{
    "aaa:policies": [
        {
            "aaa:resource": "/rests/data/network-topology:network-topology/topology=topology-netconf/node=node_id/**",
            "aaa:permissions": [
               

{                     "aaa:role": "read_only",                     "aaa:actions": [                         "get"                     ]                 }

            ]
        }
    ]
}

Summary: User is assigned with authorization to perform 'GET' operation only but it is allowing to perform 'PUT' operation as well.
Generated at Wed Feb 07 19:09:02 UTC 2024 using Jira 8.20.10#820010-sha1:ace47f9899e9ee25d7157d59aa17ab06aee30d3d.