yahoo-eng-team team mailing list archive

["Dr. Jens Harbott" <1988026@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

When a non-admin user tries to list security groups for project_id
"None", Neutron creates a default security group for that project and
returns an empty list to the caller.

To reproduce:

openstack --os-cloud devstack security group list --project None
openstack --os-cloud devstack-admin security group list

The API call that is made is essentially

GET /networking/v2.0/security-groups?project_id=None

The expected result would be an authorization failure, since normal
users should not be allowed to list security groups for other projects.

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1988026

Title:
  Neutron should not create security group with project==None

Status in neutron:
  New

Bug description:
  When a non-admin user tries to list security groups for project_id
  "None", Neutron creates a default security group for that project and
  returns an empty list to the caller.

  To reproduce:

  openstack --os-cloud devstack security group list --project None
  openstack --os-cloud devstack-admin security group list

  The API call that is made is essentially

  GET /networking/v2.0/security-groups?project_id=None

  The expected result would be an authorization failure, since normal
  users should not be allowed to list security groups for other
  projects.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1988026/+subscriptions