yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #70339
[Bug 1742864] [NEW] Non admin user is able to create provider security group
Public bug reported:
Devstack Master branch
Create a project.
Create a user and assign member role to it.
stack@no:~$ openstack role assignment list --project 55ca3b4de0344e528e9ad8b8a1c57013
+----------------------------------+----------------------------------+-------+----------------------------------+--------+-----------+
| Role | User | Group | Project | Domain | Inherited |
+----------------------------------+----------------------------------+-------+----------------------------------+--------+-----------+
| 0d19b13c73754d8d84d40bf91267312f | 69d27e6b74234793928bb40203fd84be | | 55ca3b4de0344e528e9ad8b8a1c57013 | | False |
+----------------------------------+----------------------------------+-------+----------------------------------+--------+-----------+
stack@no:~$ openstack role list
+----------------------------------+---------------+
| ID | Name |
+----------------------------------+---------------+
| 0d19b13c73754d8d84d40bf91267312f | Member |
| 1b939cfc31114df18d5dd2ba284c1463 | ashish |
| 2677a92333724d72b22b4c94362f7bed | admin |
| 3155a8688b7a40f7b645cce54959e998 | ResellerAdmin |
| 5da063b71cb0421ca54c071827fa11c4 | service |
| 84f027c26bb2469d82319ffc2524d7e3 | anotherrole |
+----------------------------------+---------------+
stack@no:~$ neutron security-group-create --provider true
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
Created a new security_group:
+----------------------+--------------------------------------+
| Field | Value |
+----------------------+--------------------------------------+
| created_at | 2018-01-12T05:38:21Z |
| description | |
| id | 98d512fb-5628-4ccb-a88b-0e64f0d32839 |
| logging | False |
| name | true |
| policy | |
| project_id | e6322320f3a84487a32d4c968aa08a48 |
| provider | True |
| revision_number | 0 |
| security_group_rules | |
| tags | |
| tenant_id | e6322320f3a84487a32d4c968aa08a48 |
| updated_at | 2018-01-12T05:38:21Z |
+----------------------+--------------------------------------+
stack@no:~$ neutron security-group-delete 98d512fb-5628-4ccb-a88b-0e64f0d32839
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
Security group 98d512fb-5628-4ccb-a88b-0e64f0d32839 is a provider security group and requires an admin to delete it.
Neutron server returns request_ids: ['req-8ab79256-fc31-45ee-96a6-6f22a6fbd2ba']
stack@no:~$
** Affects: neutron
Importance: Undecided
Assignee: Ashish Kumar Gupta (ashish-kumar-gupta)
Status: New
** Changed in: neutron
Assignee: (unassigned) => Ashish Kumar Gupta (ashish-kumar-gupta)
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1742864
Title:
Non admin user is able to create provider security group
Status in neutron:
New
Bug description:
Devstack Master branch
Create a project.
Create a user and assign member role to it.
stack@no:~$ openstack role assignment list --project 55ca3b4de0344e528e9ad8b8a1c57013
+----------------------------------+----------------------------------+-------+----------------------------------+--------+-----------+
| Role | User | Group | Project | Domain | Inherited |
+----------------------------------+----------------------------------+-------+----------------------------------+--------+-----------+
| 0d19b13c73754d8d84d40bf91267312f | 69d27e6b74234793928bb40203fd84be | | 55ca3b4de0344e528e9ad8b8a1c57013 | | False |
+----------------------------------+----------------------------------+-------+----------------------------------+--------+-----------+
stack@no:~$ openstack role list
+----------------------------------+---------------+
| ID | Name |
+----------------------------------+---------------+
| 0d19b13c73754d8d84d40bf91267312f | Member |
| 1b939cfc31114df18d5dd2ba284c1463 | ashish |
| 2677a92333724d72b22b4c94362f7bed | admin |
| 3155a8688b7a40f7b645cce54959e998 | ResellerAdmin |
| 5da063b71cb0421ca54c071827fa11c4 | service |
| 84f027c26bb2469d82319ffc2524d7e3 | anotherrole |
+----------------------------------+---------------+
stack@no:~$ neutron security-group-create --provider true
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
Created a new security_group:
+----------------------+--------------------------------------+
| Field | Value |
+----------------------+--------------------------------------+
| created_at | 2018-01-12T05:38:21Z |
| description | |
| id | 98d512fb-5628-4ccb-a88b-0e64f0d32839 |
| logging | False |
| name | true |
| policy | |
| project_id | e6322320f3a84487a32d4c968aa08a48 |
| provider | True |
| revision_number | 0 |
| security_group_rules | |
| tags | |
| tenant_id | e6322320f3a84487a32d4c968aa08a48 |
| updated_at | 2018-01-12T05:38:21Z |
+----------------------+--------------------------------------+
stack@no:~$ neutron security-group-delete 98d512fb-5628-4ccb-a88b-0e64f0d32839
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
Security group 98d512fb-5628-4ccb-a88b-0e64f0d32839 is a provider security group and requires an admin to delete it.
Neutron server returns request_ids: ['req-8ab79256-fc31-45ee-96a6-6f22a6fbd2ba']
stack@no:~$
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1742864/+subscriptions
Follow ups
