Red Hat Bugzilla – Bug 1276252
Access to clusters and volumes created with authentication
Last modified: 2016-11-08 17:25:30 EST
Description of problem: When jwt authentication is enabled for heketi servers, the clients authenticate themselves with the server to create clusters and volumes. If the server is later restarted without authentication enabled, the clients get access to all the clusters and volumes, including the ones created when authentication was enabled.
Version-Release number of selected component (if applicable): heketi-1.0.0-1.el7rhgs.x86_64
How reproducible: Always
That was the intent, and works as designed. Do you see a problem here? The idea is that if the administrator removes the authentication, then access will be provided to the rest of the API functions. This is the same style as OpenStack Swift.