Bug 975338
Summary: | "quantum security-group-rule-list" from the "admin" tenant shows the security group rules of all tenants | ||
---|---|---|---|
Product: | Red Hat OpenStack | Reporter: | Rami Vaknin <rvaknin> |
Component: | python-cliff | Assignee: | lpeer <lpeer> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 3.0 | CC: | rkukura, yeylon |
Target Milestone: | --- | ||
Target Release: | 4.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-12-06 22:08:08 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Rami Vaknin
2013-06-18 07:14:20 UTC
I propose to close this as NOTABUG. All operations in neutron invoked with admin credentials return information for all tenants by default. Changing this behaviour (and adding a --all-tenants parameter to override it) just for security-group-rule-list would make this operation inconsistent with the rest of the neutron API, and lead to confusion. Whether the entire neutron API should be modified to require admins to pass --all-tenants to see resources belonging to tenants other than admin can be raised as a separate issue. Such a change would break compatibility with previous versions, and would most likely need to be part of a future major API version upgrade. Finally, its can't be assumed that names (such as 'default') are unique. To see the security_group_id rather than its name in the output, use "neutron security-group-rule-list --no-nameconv". To see only the rules in a specific security group, use "neutron security-group-rule-list --security_group_id=<security_group_id>". |