← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #09986

[Bug 1281911] [NEW] instance_usage_audit_log API should not be accessable by non-admin users

  Thread PreviousDate PreviousThread Next 
Public bug reported:

According to policy.json of Nova, admin user only can get
instance_usage_audit_log but non-admin user can do it now:

$ source openrc demo
$ curl -i 'http://10.21.42.153:8774/v2/a68aa28aa2f645c8b0b02b9ab063d0cd/os-instance_usage_audit_log' -X GET -H "X-Auth-Project-Id: demo" -H "User-Agent: python-novaclient" -H "Accept: application/json" -H "X-Auth-Token: [..]
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 335
X-Compute-Request-Id: req-b462b346-d524-46e6-9d88-08da8ee2d9ab
Date: Wed, 19 Feb 2014 13:44:52 GMT

{"instance_usage_audit_logs": {"total_errors": 0, "total_instances": 0, "log": {}, "num_hosts_running": 0, "num_hosts_done": 0, "num_hosts_not_run": 1, "hosts_not_run": ["oomichi-dev"], "overall_status": "0 of 1 hosts done. 0 errors.", "period_ending": "2014-02-01 00:00:00", "period_beginning": "2014-01-01 00:00:00", "num_hosts": 1}}
$

** Affects: nova
     Importance: Undecided
     Assignee: Ken'ichi Ohmichi (oomichi)
         Status: In Progress

** Changed in: nova
     Assignee: (unassigned) => Ken'ichi Ohmichi (oomichi)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1281911

Title:
  instance_usage_audit_log API should not be accessable by non-admin
  users

Status in OpenStack Compute (Nova):
  In Progress

Bug description:
  According to policy.json of Nova, admin user only can get
  instance_usage_audit_log but non-admin user can do it now:

  $ source openrc demo
  $ curl -i 'http://10.21.42.153:8774/v2/a68aa28aa2f645c8b0b02b9ab063d0cd/os-instance_usage_audit_log' -X GET -H "X-Auth-Project-Id: demo" -H "User-Agent: python-novaclient" -H "Accept: application/json" -H "X-Auth-Token: [..]
  HTTP/1.1 200 OK
  Content-Type: application/json
  Content-Length: 335
  X-Compute-Request-Id: req-b462b346-d524-46e6-9d88-08da8ee2d9ab
  Date: Wed, 19 Feb 2014 13:44:52 GMT

  {"instance_usage_audit_logs": {"total_errors": 0, "total_instances": 0, "log": {}, "num_hosts_running": 0, "num_hosts_done": 0, "num_hosts_not_run": 1, "hosts_not_run": ["oomichi-dev"], "overall_status": "0 of 1 hosts done. 0 errors.", "period_ending": "2014-02-01 00:00:00", "period_beginning": "2014-01-01 00:00:00", "num_hosts": 1}}
  $

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1281911/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next