987437 – cinder: a member of a uer in any tenant can list and use all volume type created by admin user

Bug 987437 - cinder: a member of a uer in any tenant can list and use all volume type created by admin user

Summary: cinder: a member of a uer in any tenant can list and use all volume type crea...

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-cinder
Sub Component:
Version:	unspecified
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Target Release:	4.0
Assignee:	RHOS Maint
QA Contact:	Haim
Docs Contact:
URL:
Whiteboard:	storage
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-07-23 11:34 UTC by Dafna Ron
Modified:	2016-04-26 16:14 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-08-20 09:30:17 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Dafna Ron 2013-07-23 11:34:18 UTC

Description of problem:

I created several types with admin user, created tenants and user which is a member in one of the tenants that I created.
I logged in with the user I created and was able to list and use all types. 

I can think of several reasons why we should not allow this, here are two from the top of my head: 

1. if we simply manage groups in our company it may cause a problem if a volume created by someone in finance is tagged for someone in support. 
2. if I use the type for customers name in a cloud, I may not want every one to see the customer names.

Version-Release number of selected component (if applicable):

openstack-cinder-2013.1.2-3.el6ost.noarch

How reproducible:

100%

Steps to Reproduce:
1. create a type as admin user
2. create a tenant with user which is member
3. log in as the user -> run: cinder type-list

Actual results:

we see all the types and can use them to create a volume 

Expected results:

a user should only see types that are assigned to them

Additional info:

as admin: 

[root@opens-vdsb ~(keystone_admin)]# cinder type-list 
+--------------------------------------+--------+
|                  ID                  |  Name  |
+--------------------------------------+--------+
| 14587c80-c106-42c7-93ed-2ceaa98f8eae |  bla   |
| af06d9d6-23e1-4016-b5f9-ac5df4772c68 | blabla |
| bd842e99-fba0-4fb9-9f04-83ebed28aa59 | dafna  |
| dd4c04ff-d3f5-4bba-92fa-c2d2cdc18660 |  lvm   |
+--------------------------------------+--------+


as user: 

[dron@opens-vdsb ~(keystone_admin)]$ cinder type-list 
+--------------------------------------+--------+
|                  ID                  |  Name  |
+--------------------------------------+--------+
| 14587c80-c106-42c7-93ed-2ceaa98f8eae |  bla   |
| af06d9d6-23e1-4016-b5f9-ac5df4772c68 | blabla |
| bd842e99-fba0-4fb9-9f04-83ebed28aa59 | dafna  |
| dd4c04ff-d3f5-4bba-92fa-c2d2cdc18660 |  lvm   |
+--------------------------------------+--------+


create as user: 

[dron@opens-vdsb ~(keystone_admin)]$ cinder create 10 --volume-type blabla
+---------------------+--------------------------------------+
|       Property      |                Value                 |
+---------------------+--------------------------------------+
|     attachments     |                  []                  |
|  availability_zone  |                 nova                 |
|       bootable      |                false                 |
|      created_at     |      2013-07-23T11:29:18.437476      |
| display_description |                 None                 |
|     display_name    |                 None                 |
|          id         | 5908f5ba-489a-4364-b280-346381cb3c2e |
|       metadata      |                  {}                  |
|         size        |                  10                  |
|     snapshot_id     |                 None                 |
|     source_volid    |                 None                 |
|        status       |               creating               |
|     volume_type     |                blabla                |
+---------------------+--------------------------------------+
[dron@opens-vdsb ~(keystone_admin)]$ cinder list
+--------------------------------------+-----------+--------------+------+-------------+----------+-------------+
|                  ID                  |   Status  | Display Name | Size | Volume Type | Bootable | Attached to |
+--------------------------------------+-----------+--------------+------+-------------+----------+-------------+
| 13603de3-8435-4c37-9283-16a61c7bb4c7 | available |     bla      |  10  |     bla     |  false   |             |
| 5908f5ba-489a-4364-b280-346381cb3c2e | available |     None     |  10  |    blabla   |  false   |             |
| 5c066222-b8a9-4990-9d88-b1190aaf2d14 | available |     None     |  10  |    blabla   |  false   |             |
| 68eca3bb-61d2-4031-bdeb-8eea28232dd8 |   error   |     bbhb     |  10  |    dafna    |  false   |             |
| a597c6c3-3966-4675-94c2-00a335da2114 | available |     bhbh     |  10  |     bla     |  false   |             |
+--------------------------------------+-----------+--------------+------+-------------+----------+-------------+

Comment 1 Ayal Baron 2013-08-20 09:30:17 UTC

Neither Sean nor I see the need for per user volume types.
If you have a use case, feel free to suggest upstream.

Comment 2 Haim 2013-08-21 07:22:14 UTC

opened https://bugs.launchpad.net/cinder/+bug/1214747

Note You need to log in before you can comment on or make changes to this bug.