Bug 1276252 - Access to clusters and volumes created with authentication
Access to clusters and volumes created with authentication
Status: CLOSED NOTABUG
Product: Red Hat Gluster Storage
Classification: Red Hat
Component: heketi (Show other bugs)
unspecified
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Luis Pabón
Anush Shetty
: ZStream
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-10-29 05:15 EDT by Anush Shetty
Modified: 2016-11-08 17:25 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-10-29 06:12:40 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Anush Shetty 2015-10-29 05:15:19 EDT
Description of problem: When jwt authentication is enabled for heketi servers, the clients authenticate themselves with the server to create clusters and volumes. If the server is later restarted without authentication enabled, the clients get access to all the clusters and volumes, including the ones created when authentication was enabled. 


Version-Release number of selected component (if applicable): heketi-1.0.0-1.el7rhgs.x86_64


How reproducible: Always
Comment 2 Luis Pabón 2015-10-29 06:12:40 EDT
Hi Anush,
  That was the intent, and works as designed.  Do you see a problem here?  The idea is that if the administrator removes the authentication, then access will be provided to the rest of the API functions.  This is the same style as OpenStack Swift.

Note You need to log in before you can comment on or make changes to this bug.