← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #46211

[Bug 1544989] [NEW] Nova doesn't validate user/project is valid from keystone during admin operations

  Thread PreviousDate PreviousThread Next 
Public bug reported:

For any API call to Nova which takes a tenant_id / user_id as a
parameter, and inserts it into the Nova database, no validation is done
of these values.

This is currently by design, largely because there is no clear way to
check the existence of those users/projects. Nova has no generic
credentials to do that to Keystone. It's unclear if there is a way to do
this from a non admin user.

Many other bugs are related to this fundamental issue for which there is
no infrastructure. This includes updating quotas, adding access to
flavors, etc. This will be a placeholder for all those bugs until there
is some way to actually address this at the root.

** Affects: nova
     Importance: Low
         Status: Confirmed


** Tags: api

** Changed in: nova
       Status: New => Confirmed

** Changed in: nova
   Importance: Undecided => Low

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1544989

Title:
  Nova doesn't validate user/project is valid from keystone during admin
  operations

Status in OpenStack Compute (nova):
  Confirmed

Bug description:
  For any API call to Nova which takes a tenant_id / user_id as a
  parameter, and inserts it into the Nova database, no validation is
  done of these values.

  This is currently by design, largely because there is no clear way to
  check the existence of those users/projects. Nova has no generic
  credentials to do that to Keystone. It's unclear if there is a way to
  do this from a non admin user.

  Many other bugs are related to this fundamental issue for which there
  is no infrastructure. This includes updating quotas, adding access to
  flavors, etc. This will be a placeholder for all those bugs until
  there is some way to actually address this at the root.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1544989/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next