yahoo-eng-team team mailing list archive

[Hirofumi Ichihara <ichihara.hirofumi@xxxxxxxxx>]

This is neutron bug.

** Changed in: neutron
       Status: In Progress => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1742864

Title:
  Non admin user is able to create provider security group

Status in neutron:
  Invalid

Bug description:
  Devstack Master branch

  Create a project.
  Create a user and assign member role to it.
  stack@no:~$ openstack role assignment list --project 55ca3b4de0344e528e9ad8b8a1c57013
  +----------------------------------+----------------------------------+-------+----------------------------------+--------+-----------+
  | Role                             | User                             | Group | Project                          | Domain | Inherited |
  +----------------------------------+----------------------------------+-------+----------------------------------+--------+-----------+
  | 0d19b13c73754d8d84d40bf91267312f | 69d27e6b74234793928bb40203fd84be |       | 55ca3b4de0344e528e9ad8b8a1c57013 |        | False     |
  +----------------------------------+----------------------------------+-------+----------------------------------+--------+-----------+
  stack@no:~$ openstack role list
  +----------------------------------+---------------+
  | ID                               | Name          |
  +----------------------------------+---------------+
  | 0d19b13c73754d8d84d40bf91267312f | Member        |
  | 1b939cfc31114df18d5dd2ba284c1463 | ashish        |
  | 2677a92333724d72b22b4c94362f7bed | admin         |
  | 3155a8688b7a40f7b645cce54959e998 | ResellerAdmin |
  | 5da063b71cb0421ca54c071827fa11c4 | service       |
  | 84f027c26bb2469d82319ffc2524d7e3 | anotherrole   |
  +----------------------------------+---------------+
  stack@no:~$ neutron security-group-create --provider true
  neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
  Created a new security_group:
  +----------------------+--------------------------------------+
  | Field                | Value                                |
  +----------------------+--------------------------------------+
  | created_at           | 2018-01-12T05:38:21Z                 |
  | description          |                                      |
  | id                   | 98d512fb-5628-4ccb-a88b-0e64f0d32839 |
  | logging              | False                                |
  | name                 | true                                 |
  | policy               |                                      |
  | project_id           | e6322320f3a84487a32d4c968aa08a48     |
  | provider             | True                                 |
  | revision_number      | 0                                    |
  | security_group_rules |                                      |
  | tags                 |                                      |
  | tenant_id            | e6322320f3a84487a32d4c968aa08a48     |
  | updated_at           | 2018-01-12T05:38:21Z                 |
  +----------------------+--------------------------------------+
  stack@no:~$ neutron security-group-delete 98d512fb-5628-4ccb-a88b-0e64f0d32839
  neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
  Security group 98d512fb-5628-4ccb-a88b-0e64f0d32839 is a provider security group and requires an admin to delete it.
  Neutron server returns request_ids: ['req-8ab79256-fc31-45ee-96a6-6f22a6fbd2ba']
  stack@no:~$

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1742864/+subscriptions