Bug 987437 - cinder: a member of a uer in any tenant can list and use all volume type created by admin user
cinder: a member of a uer in any tenant can list and use all volume type crea...
Status: CLOSED WONTFIX
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-cinder (Show other bugs)
unspecified
x86_64 Linux
unspecified Severity medium
: ---
: 4.0
Assigned To: RHOS Maint
Haim
storage
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-07-23 07:34 EDT by Dafna Ron
Modified: 2016-04-26 12:14 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-08-20 05:30:17 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Dafna Ron 2013-07-23 07:34:18 EDT
Description of problem:

I created several types with admin user, created tenants and user which is a member in one of the tenants that I created.
I logged in with the user I created and was able to list and use all types. 

I can think of several reasons why we should not allow this, here are two from the top of my head: 

1. if we simply manage groups in our company it may cause a problem if a volume created by someone in finance is tagged for someone in support. 
2. if I use the type for customers name in a cloud, I may not want every one to see the customer names.

Version-Release number of selected component (if applicable):

openstack-cinder-2013.1.2-3.el6ost.noarch

How reproducible:

100%

Steps to Reproduce:
1. create a type as admin user
2. create a tenant with user which is member
3. log in as the user -> run: cinder type-list

Actual results:

we see all the types and can use them to create a volume 

Expected results:

a user should only see types that are assigned to them

Additional info:

as admin: 

[root@opens-vdsb ~(keystone_admin)]# cinder type-list 
+--------------------------------------+--------+
|                  ID                  |  Name  |
+--------------------------------------+--------+
| 14587c80-c106-42c7-93ed-2ceaa98f8eae |  bla   |
| af06d9d6-23e1-4016-b5f9-ac5df4772c68 | blabla |
| bd842e99-fba0-4fb9-9f04-83ebed28aa59 | dafna  |
| dd4c04ff-d3f5-4bba-92fa-c2d2cdc18660 |  lvm   |
+--------------------------------------+--------+


as user: 

[dron@opens-vdsb ~(keystone_admin)]$ cinder type-list 
+--------------------------------------+--------+
|                  ID                  |  Name  |
+--------------------------------------+--------+
| 14587c80-c106-42c7-93ed-2ceaa98f8eae |  bla   |
| af06d9d6-23e1-4016-b5f9-ac5df4772c68 | blabla |
| bd842e99-fba0-4fb9-9f04-83ebed28aa59 | dafna  |
| dd4c04ff-d3f5-4bba-92fa-c2d2cdc18660 |  lvm   |
+--------------------------------------+--------+


create as user: 

[dron@opens-vdsb ~(keystone_admin)]$ cinder create 10 --volume-type blabla
+---------------------+--------------------------------------+
|       Property      |                Value                 |
+---------------------+--------------------------------------+
|     attachments     |                  []                  |
|  availability_zone  |                 nova                 |
|       bootable      |                false                 |
|      created_at     |      2013-07-23T11:29:18.437476      |
| display_description |                 None                 |
|     display_name    |                 None                 |
|          id         | 5908f5ba-489a-4364-b280-346381cb3c2e |
|       metadata      |                  {}                  |
|         size        |                  10                  |
|     snapshot_id     |                 None                 |
|     source_volid    |                 None                 |
|        status       |               creating               |
|     volume_type     |                blabla                |
+---------------------+--------------------------------------+
[dron@opens-vdsb ~(keystone_admin)]$ cinder list
+--------------------------------------+-----------+--------------+------+-------------+----------+-------------+
|                  ID                  |   Status  | Display Name | Size | Volume Type | Bootable | Attached to |
+--------------------------------------+-----------+--------------+------+-------------+----------+-------------+
| 13603de3-8435-4c37-9283-16a61c7bb4c7 | available |     bla      |  10  |     bla     |  false   |             |
| 5908f5ba-489a-4364-b280-346381cb3c2e | available |     None     |  10  |    blabla   |  false   |             |
| 5c066222-b8a9-4990-9d88-b1190aaf2d14 | available |     None     |  10  |    blabla   |  false   |             |
| 68eca3bb-61d2-4031-bdeb-8eea28232dd8 |   error   |     bbhb     |  10  |    dafna    |  false   |             |
| a597c6c3-3966-4675-94c2-00a335da2114 | available |     bhbh     |  10  |     bla     |  false   |             |
+--------------------------------------+-----------+--------------+------+-------------+----------+-------------+
Comment 1 Ayal Baron 2013-08-20 05:30:17 EDT
Neither Sean nor I see the need for per user volume types.
If you have a use case, feel free to suggest upstream.
Comment 2 Haim 2013-08-21 03:22:14 EDT
opened https://bugs.launchpad.net/cinder/+bug/1214747

Note You need to log in before you can comment on or make changes to this bug.