Bug 1276252

Summary: Access to clusters and volumes created with authentication
Product: [Red Hat Storage] Red Hat Gluster Storage Reporter: Anush Shetty <ashetty>
Component: heketiAssignee: Luis Pabón <lpabon>
Status: CLOSED NOTABUG QA Contact: Anush Shetty <ashetty>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: madam
Target Milestone: ---Keywords: ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-10-29 10:12:40 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Anush Shetty 2015-10-29 09:15:19 UTC 
Description of problem: When jwt authentication is enabled for heketi servers, the clients authenticate themselves with the server to create clusters and volumes. If the server is later restarted without authentication enabled, the clients get access to all the clusters and volumes, including the ones created when authentication was enabled. 


Version-Release number of selected component (if applicable): heketi-1.0.0-1.el7rhgs.x86_64


How reproducible: Always
Comment 2 Luis Pabón 2015-10-29 10:12:40 UTC 
Hi Anush,
  That was the intent, and works as designed.  Do you see a problem here?  The idea is that if the administrator removes the authentication, then access will be provided to the rest of the API functions.  This is the same style as OpenStack Swift.