Description of problem: When jwt authentication is enabled for heketi servers, the clients authenticate themselves with the server to create clusters and volumes. If the server is later restarted without authentication enabled, the clients get access to all the clusters and volumes, including the ones created when authentication was enabled. Version-Release number of selected component (if applicable): heketi-1.0.0-1.el7rhgs.x86_64 How reproducible: Always
Hi Anush, That was the intent, and works as designed. Do you see a problem here? The idea is that if the administrator removes the authentication, then access will be provided to the rest of the API functions. This is the same style as OpenStack Swift.