yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1185196] Re: nova api for server_list does not list for arbitrary project

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: David Lyle <david.lyle@xxxxxx>
Date: Fri, 12 Jul 2013 06:12:53 -0000
Reply-to: Bug 1185196 <1185196@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

There is there nothing blocking the value for project_id and all_tenants
to True in the search_opts parameter to server_list.  Thus allowing an
admin to request instances for any arbitrary project.

** Changed in: horizon
     Assignee: David Lyle (david-lyle) => (unassigned)

** Changed in: horizon
       Status: Confirmed => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1185196

Title:
  nova api for server_list does not list for arbitrary project

Status in OpenStack Dashboard (Horizon):
  Invalid

Bug description:
  In openstack.api.nova in the server_list function there is this block
  of code for searching for projects:

      if all_tenants:
          search_opts['all_tenants'] = True
      else:
          search_opts['project_id'] = request.user.tenant_id

  
  This means users either need to have the user scoped to an exact tenant or they need to request servers for all tenants.  What if someone wants to see a particular project's server list that is not on the user scoping?   This seems more powerful / robust and still support the original intent:

      if all_tenants:
          search_opts['all_tenants'] = True
      elif 'project_id' not in search_opts:
          search_opts['project_id'] = request.user.tenant_id

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1185196/+subscriptions