yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1670978] [NEW] most of extended server attributes returned in 2.3 api versions should not require admin role

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Qiming Teng <tengqim@xxxxxxxxxxxxxxxxxx>
Date: Wed, 08 Mar 2017 08:35:57 -0000
Reply-to: Bug 1670978 <1670978@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

Since microverison 2.3, the responses from server creation
(https://developer.openstack.org/api-ref/compute/?expanded=create-
server-detail#id8) contains some extra attributes such as the user_data
specified to the server. These attributes are also returned in a server
GET call. However, only an admin can see these attributes.

It is acceptable that 'OS-EXT-SRV-ATTR:hostname' should be visible to
admins only. But all other attributes should be visible to a non-admin
user, especially the owner of the server.

  OS-EXT-SERV-ATTR:reservation_id
  OS-EXT-SERV-ATTR:launch_index	
  OS-EXT-SERV-ATTR:kernel_id	
  OS-EXT-SERV-ATTR:ramdisk_id	
  OS-EXT-SERV-ATTR:root_device_name	
  OS-EXT-SERV-ATTR:user_data

It is highly desirable for the server's owner to retrieve back the
'user_data' provided when creating the server.

To reproduce this under devstack, compare the raw responses from nova-
api using the following two commands:

  openstack --os-compute-version 2.3 --os-username demo --debug server
show <your_server>

  openstack --os-compute-version 2.3 --os-username admin --debug server
show <your_server

** Affects: nova
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1670978

Title:
  most of extended server attributes returned in 2.3 api versions should
  not require admin role

Status in OpenStack Compute (nova):
  New

Bug description:
  Since microverison 2.3, the responses from server creation
  (https://developer.openstack.org/api-ref/compute/?expanded=create-
  server-detail#id8) contains some extra attributes such as the
  user_data specified to the server. These attributes are also returned
  in a server GET call. However, only an admin can see these attributes.

  It is acceptable that 'OS-EXT-SRV-ATTR:hostname' should be visible to
  admins only. But all other attributes should be visible to a non-admin
  user, especially the owner of the server.

    OS-EXT-SERV-ATTR:reservation_id
    OS-EXT-SERV-ATTR:launch_index	
    OS-EXT-SERV-ATTR:kernel_id	
    OS-EXT-SERV-ATTR:ramdisk_id	
    OS-EXT-SERV-ATTR:root_device_name	
    OS-EXT-SERV-ATTR:user_data

  It is highly desirable for the server's owner to retrieve back the
  'user_data' provided when creating the server.

  To reproduce this under devstack, compare the raw responses from nova-
  api using the following two commands:

    openstack --os-compute-version 2.3 --os-username demo --debug server
  show <your_server>

    openstack --os-compute-version 2.3 --os-username admin --debug
  server show <your_server

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1670978/+subscriptions