Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1326574

Summary:	Logging is not restricted to current owner of a project
Product:	OpenShift Container Platform	Reporter:	chunchen <chunchen>
Component:	Logging	Assignee:	Luke Meyer <lmeyer>
Status:	CLOSED CURRENTRELEASE	QA Contact:	chunchen <chunchen>
Severity:	medium	Docs Contact:
Priority:	high
Version:	3.2.0	CC:	aos-bugs, ewolinet, jcantril, wsun, xiazhao
Target Milestone:	---	Keywords:	Reopened
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2016-04-18 12:40:29 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description chunchen 2016-04-13 06:48:13 UTC

Description of problem:
Logging is not restricted to current owner of a project, it dose not prevent users from being able to see the logs of previously created namespaces that have been deleted by creating a project of the same name.

Version-Release number of selected component (if applicable):
openshift3/logging-deployment    3.2.0   3c4f9330894b
openshift3/logging-elasticsearch 3.2.0   f4c2de05eadf
openshift3/logging-fluentd       3.2.0   af009c973eaa
openshift3/logging-kibana        3.2.0   23bf82ad03f8
openshift3/logging-auth-proxy    3.2.0   363e6ee61a08

How reproducible:
always

Steps to Reproduce:
1. Start OpenShift server

2. User A creates a project and populates logs

3. User A deletes the project

4. User B creates a new project with the same name

5. Check the logs in the project of User B

Actual results:
Can see the logs of previously populated from the project in User A

Expected results:
Should not see the logs of previously populated from the project in User A

Additional info:

Comment 1 Jeff Cantrill 2016-04-14 13:21:26 UTC

Duplicate of: https://bugzilla.redhat.com/show_bug.cgi?id=1316216

*** This bug has been marked as a duplicate of bug 1316216 ***

Comment 2 Luke Meyer 2016-04-14 13:30:13 UTC

That's disappointing. I thought we ported all that to 3.2. Eric, do you have some time to look into this?

Comment 3 Luke Meyer 2016-04-14 13:30:49 UTC

Not a dupe, BTW, the version is different.

Comment 4 ewolinet 2016-04-14 13:47:05 UTC

Yeah, I'll look into this today

Comment 7 Xia Zhao 2016-04-18 09:27:58 UTC

It's fixed. Tested with below 3.2.0 images, logging messages is restricted to the current owner of project, at the same time cluster-admin user is still capable to see logs for deleted namespaces in .all index:

openshift3/logging-elasticsearch    d8c4c2e5ebda
openshift3/logging-deployment    3c4f9330894b
openshift3/logging-fluentd    af009c973eaa
openshift3/logging-kibana    23bf82ad03f8
openshift3/logging-auth-proxy    363e6ee61a08

Comment 8 Luke Meyer 2016-04-18 12:40:29 UTC

Thanks! Never shipped, so closing.