yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1482444] [NEW] Abnormal changes of quota usage after instance restored by admin

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: zhengyue <zhengyue@xxxxxxxxxxx>
Date: Fri, 07 Aug 2015 01:21:24 -0000
Reply-to: Bug 1482444 <1482444@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

Nova version, output of 'git log -1':
commit 676ba7bbc788a528b0fe4c87c1c4bf94b4bb6eb1
Author: Dave McCowan <dmccowan@xxxxxxxxx>
Date: Tue Feb 24 21:35:48 2015 -0500

Websocket Proxy should verify Origin header

If the Origin HTTP header passed in the WebSocket handshake does
not match the host, this could indicate an attempt at a
cross-site attack. This commit adds a check to verify
the origin matches the host.

Change-Id: Ica6ec23d6f69a236657d5ba0c3f51b693c633649
Closes-Bug: 1409142
Reproduce steps:
1. Enable soft delete via set reclaim_instance_interval in nova.conf.
2. A normal project: ProjectA create a new instance and then delete it, then it's status change to SOFT_DELETED.
3. Now restore the instance by admin user in project: admin, the instance back to ACTIVE, but the quota usage of project: admin has changed, the flavor of that instance has added on admin project quota usage.

** Affects: nova
Importance: Undecided
Assignee: zhengyue (zhengyue-5)
Status: New

** Tags: nova quotas

** Description changed:

Nova version, output of 'git log -1':
- commit 676ba7bbc788a528b0fe4c87c1c4bf94b4bb6eb1
- Author: Dave McCowan <dmccowan@xxxxxxxxx>
- Date: Tue Feb 24 21:35:48 2015 -0500
+ commit 676ba7bbc788a528b0fe4c87c1c4bf94b4bb6eb1
+ Author: Dave McCowan <dmccowan@xxxxxxxxx>
+ Date: Tue Feb 24 21:35:48 2015 -0500

- Websocket Proxy should verify Origin header
-
- If the Origin HTTP header passed in the WebSocket handshake does
- not match the host, this could indicate an attempt at a
- cross-site attack. This commit adds a check to verify
- the origin matches the host.
-
- Change-Id: Ica6ec23d6f69a236657d5ba0c3f51b693c633649
- Closes-Bug: 1409142
+ Websocket Proxy should verify Origin header
+
+ If the Origin HTTP header passed in the WebSocket handshake does
+ not match the host, this could indicate an attempt at a
+ cross-site attack. This commit adds a check to verify
+ the origin matches the host.
+
+ Change-Id: Ica6ec23d6f69a236657d5ba0c3f51b693c633649
+ Closes-Bug: 1409142
Reproduce steps:
- 1. Enable soft delete via set reclaim_instance_interval in nova.conf.
+ 1. Enable soft delete via set reclaim_instance_interval in nova.conf.
2. A normal project: ProjectA create a new instance and then delete it, then it's status change to SOFT_DELETED.
- 3. Now restore the instance by admin user in project: admin, the instance back to ACTIVE, but the quota usage of project: admin has changed.
+ 3. Now restore the instance by admin user in project: admin, the instance back to ACTIVE, but the quota usage of project: admin has changed, the flavor of that instance has added on admin project quota usage.

** Changed in: nova
Assignee: (unassigned) => zhengyue (zhengyue-5)

** Changed in: nova
Assignee: zhengyue (zhengyue-5) => (unassigned)

** Changed in: nova
Assignee: (unassigned) => zhengyue (zhengyue-5)

--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1482444

Title:
Abnormal changes of quota usage after instance restored by admin

Status in OpenStack Compute (nova):
New

Bug description:
Nova version, output of 'git log -1':
commit 676ba7bbc788a528b0fe4c87c1c4bf94b4bb6eb1
Author: Dave McCowan <dmccowan@xxxxxxxxx>
Date: Tue Feb 24 21:35:48 2015 -0500

Websocket Proxy should verify Origin header

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1482444/+subscriptions

Follow ups

[Bug 1482444] Re: Abnormal changes of quota usage after instance restored by admin
From: Thierry Carrez, 2015-09-24