yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #89911
[Bug 1657406] Re: admin users can access resources from other projects
Bug closed due to lack of activity, please feel free to reopen if
needed.
** Changed in: neutron
Status: Confirmed => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1657406
Title:
admin users can access resources from other projects
Status in neutron:
Won't Fix
Bug description:
We're seeing a similar problem like the one described in
https://bugs.launchpad.net/nova/+bug/1046054 for the Neutron endpoint
/v2.0/security-groups in Mitaka.
Making a project-scoped request to this endpoint with an admin user
returns a list of security groups including all security groups of all
projects. Also PUT or POST request do work for security group in
another project. The same applies to endpoint /v2.0/networks/. Note
that this does not apply for e.g. nova's server resource, but might
apply to other resources as well.
OpenStack version: Mitaka
How to reproduce:
1. Create two projects A and B
2. Create a new user 'UserA'
2. Assign 'UserA' to the project A and give her the role admin
3. Use the openstack cli or curl to make a GET request to /v2.0/security-groups with an auth scope for project A
=> The security groups of project B (and potentially all other projects in the OpenStack installation) are part of the response.
Not sure if this is related to bug
https://bugs.launchpad.net/keystone/+bug/968696
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1657406/+subscriptions