yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1649532] [NEW] private flavors globally visible

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Maurice Schreiber <maurice.schreiber@xxxxxxx>
Date: Tue, 13 Dec 2016 10:03:21 -0000
Reply-to: Bug 1649532 <1649532@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

I have project A with user Anna, who has a role representing nova admin assigned (needed to allow creation of private flavors).
I have project B with user Ben, who has a role representing nova admin assigned (needed to allow creation of private flavors).
Anna has no permission on project B.
Ben has no permission on project A.

Anna creates a private flavor 'A_private', gives flavor access to
project A.

Expected behaviour: only Anna (or any other nova admin in project A) can
perform actions on this flavor.

Issue: Ben can perform all sort of actions on the private flavor
'A_private' (read, delete, manage access, manage extra specs).

Observed in Mitaka, but I haven't seen any updates related to this, so
this should be the same in master. Please correct me if I'm wrong.

** Affects: nova
     Importance: Undecided
         Status: New

** Description changed:

  I have project A with user Anna, who has a role representing nova admin assigned (needed to allow creation of private flavors).
  I have project B with user Ben, who has a role representing nova admin assigned (needed to allow creation of private flavors).
  Anna has no permission on project B.
  Ben has no permission on project A.
  
  Anna creates a private flavor 'A_private', gives flavor access to
  project A.
  
  Expected behaviour: only Anna (or any other nova admin in project A) can
  perform actions on this flavor.
  
  Issue: Ben can perform all sort of actions on the private flavor
  'A_private' (read, delete, manage access, manage extra specs).
+ 
+ Observed in Mitaka, but I haven't seen any updates related to this, so
+ this should be the same in master. Please correct me if I'm wrong.

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1649532

Title:
  private flavors globally visible

Status in OpenStack Compute (nova):
  New

Bug description:
  I have project A with user Anna, who has a role representing nova admin assigned (needed to allow creation of private flavors).
  I have project B with user Ben, who has a role representing nova admin assigned (needed to allow creation of private flavors).
  Anna has no permission on project B.
  Ben has no permission on project A.

  Anna creates a private flavor 'A_private', gives flavor access to
  project A.

  Expected behaviour: only Anna (or any other nova admin in project A)
  can perform actions on this flavor.

  Issue: Ben can perform all sort of actions on the private flavor
  'A_private' (read, delete, manage access, manage extra specs).

  Observed in Mitaka, but I haven't seen any updates related to this, so
  this should be the same in master. Please correct me if I'm wrong.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1649532/+subscriptions