yahoo-eng-team team mailing list archive

[Sean Dague <sean@xxxxxxxxx>]

If nova cli allows you to do that, it means the REST API allows you to
do that. Permissions should not be done on the client side as they can
be circumvented with curl.

This looks like it's a permissions issue on the server side where you'd
like a different policy?

** Changed in: nova
       Status: New => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1683770

Title:
  "nova volume-attach" should not allow attachment of cinder volume of
  other project to the instance of admin project

Status in OpenStack Compute (nova):
  Won't Fix

Bug description:
  Description of problem:

  The cinder volume created in other project is not visible under admin
  project. Similarly nova CLI should not allow to attach other project
  volume to the admin project instance. Horizon is not permit this kind
  of operation, however nova CLI allow to do so.

  Further at the other project side, the volume status shows 
  "Attached to None on /dev/vdX" which is also a confusing status.

  However "nova volume-attach" command

  Version-Release number of selected component (if applicable):

  
  How reproducible:

  
  Steps to Reproduce:
  1. Create volume demo-vol1(Tenant).
  2. Create VM admin-vm1(Admin).
  3. Source admin credential
  4. Use nova volume-attch command to attached the admin-vm1 to the demo-vol1.
  5. Open horizon -> under Tenant -> volume.
  See that the volume display attach to "None".
  ​

  Actual results:

  
  Expected results:

  The Operation should not be allowed as demo-vol1 should not be visible
  under admin project.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1683770/+subscriptions