yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #29520
[Bug 1432100] [NEW] non-admin user can delete a network without any project assoicate with nova-network's Vlan manager
Public bug reported:
Use admin user create new network called 'net1'
alex@hp-pc:~/code/devstack$ source ./openrc admin admin
alex@hp-pc:~/code/devstack$ nova network-list
+--------------------------------------+---------+-------------+
| ID | Label | Cidr |
+--------------------------------------+---------+-------------+
| 5fed3168-0ae8-4f2c-904c-dd750698fbca | private | 10.0.0.0/24 |
+--------------------------------------+---------+-------------+
alex@hp-pc:~/code/devstack$ nova network-create net1 --fixed-range-v4
20.0.0.0/24
alex@hp-pc:~/code/devstack$ nova network-list
+--------------------------------------+---------+-------------+
| ID | Label | Cidr |
+--------------------------------------+---------+-------------+
| 5fed3168-0ae8-4f2c-904c-dd750698fbca | private | 10.0.0.0/24 |
| e6b5a972-be01-4f54-acfb-eae53ae67cec | net1 | 20.0.0.0/24 |
+--------------------------------------+---------+-------------+
alex@hp-pc:~/code/devstack$ nova network-show net1
+---------------------+--------------------------------------+
| Property | Value |
+---------------------+--------------------------------------+
| bridge | br101 |
| bridge_interface | eth0 |
| broadcast | 20.0.0.255 |
| cidr | 20.0.0.0/24 |
| cidr_v6 | - |
| created_at | 2015-03-14T04:20:22.000000 |
| deleted | False |
| deleted_at | - |
| dhcp_server | 20.0.0.1 |
| dhcp_start | 20.0.0.3 |
| dns1 | 8.8.4.4 |
| dns2 | - |
| enable_dhcp | True |
| gateway | 20.0.0.1 |
| gateway_v6 | - |
| host | - |
| id | e6b5a972-be01-4f54-acfb-eae53ae67cec |
| injected | False |
| label | net1 |
| mtu | - |
| multi_host | False |
| netmask | 255.255.255.0 |
| netmask_v6 | - |
| priority | - |
| project_id | - |
| rxtx_base | - |
| share_address | False |
| updated_at | - |
| vlan | 101 |
| vpn_private_address | 20.0.0.2 |
| vpn_public_address | - |
| vpn_public_port | 1001 |
+---------------------+--------------------------------------+
Switch to non-admin user 'demo', then the demo user can't see the net1, but demo user can delete it by id directly.
alex@hp-pc:~/code/devstack$ source ./openrc demo demo
alex@hp-pc:~/code/devstack$ nova tenant-network-list
+----+-------+------+
| ID | Label | CIDR |
+----+-------+------+
+----+-------+------+
alex@hp-pc:~/code/devstack$ nova tenant-network-delete e6b5a972-be01-4f54-acfb-eae53ae67cec
** Affects: nova
Importance: Undecided
Assignee: Alex Xu (xuhj)
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1432100
Title:
non-admin user can delete a network without any project assoicate with
nova-network's Vlan manager
Status in OpenStack Compute (Nova):
New
Bug description:
Use admin user create new network called 'net1'
alex@hp-pc:~/code/devstack$ source ./openrc admin admin
alex@hp-pc:~/code/devstack$ nova network-list
+--------------------------------------+---------+-------------+
| ID | Label | Cidr |
+--------------------------------------+---------+-------------+
| 5fed3168-0ae8-4f2c-904c-dd750698fbca | private | 10.0.0.0/24 |
+--------------------------------------+---------+-------------+
alex@hp-pc:~/code/devstack$ nova network-create net1 --fixed-range-v4
20.0.0.0/24
alex@hp-pc:~/code/devstack$ nova network-list
+--------------------------------------+---------+-------------+
| ID | Label | Cidr |
+--------------------------------------+---------+-------------+
| 5fed3168-0ae8-4f2c-904c-dd750698fbca | private | 10.0.0.0/24 |
| e6b5a972-be01-4f54-acfb-eae53ae67cec | net1 | 20.0.0.0/24 |
+--------------------------------------+---------+-------------+
alex@hp-pc:~/code/devstack$ nova network-show net1
+---------------------+--------------------------------------+
| Property | Value |
+---------------------+--------------------------------------+
| bridge | br101 |
| bridge_interface | eth0 |
| broadcast | 20.0.0.255 |
| cidr | 20.0.0.0/24 |
| cidr_v6 | - |
| created_at | 2015-03-14T04:20:22.000000 |
| deleted | False |
| deleted_at | - |
| dhcp_server | 20.0.0.1 |
| dhcp_start | 20.0.0.3 |
| dns1 | 8.8.4.4 |
| dns2 | - |
| enable_dhcp | True |
| gateway | 20.0.0.1 |
| gateway_v6 | - |
| host | - |
| id | e6b5a972-be01-4f54-acfb-eae53ae67cec |
| injected | False |
| label | net1 |
| mtu | - |
| multi_host | False |
| netmask | 255.255.255.0 |
| netmask_v6 | - |
| priority | - |
| project_id | - |
| rxtx_base | - |
| share_address | False |
| updated_at | - |
| vlan | 101 |
| vpn_private_address | 20.0.0.2 |
| vpn_public_address | - |
| vpn_public_port | 1001 |
+---------------------+--------------------------------------+
Switch to non-admin user 'demo', then the demo user can't see the net1, but demo user can delete it by id directly.
alex@hp-pc:~/code/devstack$ source ./openrc demo demo
alex@hp-pc:~/code/devstack$ nova tenant-network-list
+----+-------+------+
| ID | Label | CIDR |
+----+-------+------+
+----+-------+------+
alex@hp-pc:~/code/devstack$ nova tenant-network-delete e6b5a972-be01-4f54-acfb-eae53ae67cec
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1432100/+subscriptions
Follow ups
References
