Description of problem: Logging is not restricted to current owner of a project, it dose not prevent users from being able to see the logs of previously created namespaces that have been deleted by creating a project of the same name. Version-Release number of selected component (if applicable): openshift3/logging-deployment 3.2.0 3c4f9330894b openshift3/logging-elasticsearch 3.2.0 f4c2de05eadf openshift3/logging-fluentd 3.2.0 af009c973eaa openshift3/logging-kibana 3.2.0 23bf82ad03f8 openshift3/logging-auth-proxy 3.2.0 363e6ee61a08 How reproducible: always Steps to Reproduce: 1. Start OpenShift server 2. User A creates a project and populates logs 3. User A deletes the project 4. User B creates a new project with the same name 5. Check the logs in the project of User B Actual results: Can see the logs of previously populated from the project in User A Expected results: Should not see the logs of previously populated from the project in User A Additional info:
Duplicate of: https://bugzilla.redhat.com/show_bug.cgi?id=1316216 *** This bug has been marked as a duplicate of bug 1316216 ***
That's disappointing. I thought we ported all that to 3.2. Eric, do you have some time to look into this?
Not a dupe, BTW, the version is different.
Yeah, I'll look into this today
It's fixed. Tested with below 3.2.0 images, logging messages is restricted to the current owner of project, at the same time cluster-admin user is still capable to see logs for deleted namespaces in .all index: openshift3/logging-elasticsearch d8c4c2e5ebda openshift3/logging-deployment 3c4f9330894b openshift3/logging-fluentd af009c973eaa openshift3/logging-kibana 23bf82ad03f8 openshift3/logging-auth-proxy 363e6ee61a08
Thanks! Never shipped, so closing.