When adding an alarm action with the scheme `trust+http:` Aodh does not verify that the user creating the alarm is the trustor or has the same rights as the trustor, not that the trust is for the same project as the alarm.
External References: https://wiki.openstack.org/wiki/OSSN/OSSN-0080
Created openstack-aodh tracking bugs for this issue: Affects: openstack-rdo [bug 1487978]
This issue has been addressed in the following products: Red Hat OpenStack Platform 10.0 (Newton) Via RHSA-2017:3227 https://access.redhat.com/errata/RHSA-2017:3227
Acknowledgments: Name: the OpenStack project Upstream: Zane Bitter (Red Hat)
This issue has been addressed in the following products: Red Hat OpenStack Platform 11.0 (Ocata) Via RHSA-2018:0315 https://access.redhat.com/errata/RHSA-2018:0315