admin user cannot delete other tenants' volumes by name
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Cinder |
Fix Released
|
Medium
|
Jay Bryant | ||
Bug Description
If a volume is created, with a display-name, via a non- administrator tenant and then the admin attempts to delete the volume using the display-name, the deletion fails.
The following steps were taking to recreate this bug:
1. Create a non-admin user. Create user, role, tenant firsly and then bound them.
[root@localhost ˜]# keystone tenant-create --name zhangg --description testid
+------
| Property | Value |
+------
| description | testid |
| enabled | True |
| id | 0ff45e7f7b944fb
| name | zhangg |
+------
[root@localhost ˜]# keystone user-create --tenant-id 0ff45e7f7b944fb
+------
| Property | Value |
+------
| email | |
| enabled | True |
| id | e021b39742cc430
| name | zhangg |
| tenantId | 0ff45e7f7b944fb
+------
[root@localhost ˜]# keystone role-create --name zhangg
+------
| Property | Value |
+------
| id | 7bdfa3ef15a842e
| name | zhangg |
+------
[root@localhost ˜]# keystone user-role-add --user e021b39742cc430
(no output for this command)
2. Create a file as below and source that file. This will export new id and password.
export OS_USERNAME=zhangg
export OS_TENANT_
export OS_PASSWORD=
export OS_AUTH_URL=http://
export OS_REGION_
3. Then create a volume.
4. Then source the admin user password. In my environment it is as below.
export OS_USERNAME=admin
export OS_TENANT_
export OS_PASSWORD=
export OS_AUTH_URL=http://
export OS_REGION_
5. Use cinder list --all-tenant 1. You can see all of the volumes for all tenant.
6. Try to delete the volume.
7. In this case, I create a volume zhanggvolume and try to delete it by admin.
[root@localhost cinder]# cinder list --all-tenant 1
+------
| ID | Status | Display Name | Size | Volume Type | Bootable | Attached to |
+------
| e59dcd7b-
+------
[root@localhost cinder]# cinder delete zhanggvolume2
/usr/lib/
message = e.message
ERROR: No volume with a name or ID of 'zhanggvolume2' exists.
| Changed in cinder: | |
| assignee: | nobody → Jay Bryant (jsbryant) |
| Jay Bryant (jsbryant) wrote | #1 |
| Changed in cinder: | |
| status: | New → Confirmed |
| importance: | Undecided → Medium |
| Rushi Agrawal (rushiagr) wrote | #2 |
| Jay Bryant (jsbryant) wrote | #3 |
| Changed in cinder: | |
| status: | Confirmed → Fix Committed |
| status: | Fix Committed → Fix Released |
| Thierry Carrez (ttx) wrote | #4 |
| Changed in cinder: | |
| status: | Fix Released → Fix Committed |
| Changed in cinder: | |
| milestone: | none → icehouse-1 |
| status: | Fix Committed → Fix Released |
| Changed in cinder: | |
| milestone: | icehouse-1 → 2014.1 |
Ok, I have tracked down the place where this is happening. When we are in do_delete we call _find_volume which eventually works its way down to findall. It appears to me that findall should be passing 'all_tenants=1' as an option to the the list function for volumes. This way the list of volumes returned is consistent with the access permissions of the user attempting to do the delete.
In the case that you have admin authority you get back your volumes as well as the other volumes on the system and then this bug is not encountered. There is no security hole opened as the non-admin user still only gets a list of volumes that he has access to returned.
I am working on coding up a solution for this.