Aodh

Unprivileged user can't access to its Gnocchi resources created by Ceilometer

Bug #1703824 reported by Mehdi Abaakouk
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Aodh
Fix Released
Undecided
Mehdi Abaakouk

Bug Description

When an unprivileged user want to access to Gnocchi resources
created by Ceilometer, that doesn't work because the filter scope
the Gnocchi query to resource owner to the user.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to aodh (stable/ocata)

Fix proposed to branch: stable/ocata
Review: https://review.openstack.org/482946

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to aodh (stable/newton)

Fix proposed to branch: stable/newton
Review: https://review.openstack.org/482947

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to aodh (stable/ocata)

Reviewed: https://review.openstack.org/482946
Committed: https://git.openstack.org/cgit/openstack/aodh/commit/?id=6aee6e1700276a52553c63b0fee8274f0560514f
Submitter: Jenkins
Branch: stable/ocata

commit 6aee6e1700276a52553c63b0fee8274f0560514f
Author: Mehdi Abaakouk <email address hidden>
Date: Mon Jun 12 10:27:23 2017 +0200

    gnocchi: fix alarms for unpriviledged user

    When an unprivileged user want to access to Gnocchi resources
    created by Ceilometer, that doesn't work because the filter scope
    the Gnocchi query to resource owner to the user. To fix we introduce
    a new configuration option "gnocchi_external_project_owner" set by
    default to "service". The new filter now allow two kind of Gnocchi
    resources:
    * owned by the user project
    * owned by "gnocchi_external_project_owner" and the orignal project_id
      of the resource is the user project.

    Closes-bug: #1703824
    Change-Id: I0c86736a902a21520da18550aea0a7d1549bb24e
    (cherry picked from commit b0bdd43209a47181a8124e28990127620cba03a7)

tags: added: in-stable-ocata
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to aodh (stable/newton)

Reviewed: https://review.openstack.org/482947
Committed: https://git.openstack.org/cgit/openstack/aodh/commit/?id=f87e0d05c4662c14c7a9f49a0a829cf9bf3edbdb
Submitter: Jenkins
Branch: stable/newton

commit f87e0d05c4662c14c7a9f49a0a829cf9bf3edbdb
Author: Mehdi Abaakouk <email address hidden>
Date: Mon Jun 12 10:27:23 2017 +0200

    gnocchi: fix alarms for unpriviledged user

    When an unprivileged user want to access to Gnocchi resources
    created by Ceilometer, that doesn't work because the filter scope
    the Gnocchi query to resource owner to the user. To fix we introduce
    a new configuration option "gnocchi_external_project_owner" set by
    default to "service". The new filter now allow two kind of Gnocchi
    resources:
    * owned by the user project
    * owned by "gnocchi_external_project_owner" and the orignal project_id
      of the resource is the user project.

    Closes-bug: #1703824
    Change-Id: I0c86736a902a21520da18550aea0a7d1549bb24e
    (cherry picked from commit b0bdd43209a47181a8124e28990127620cba03a7)

tags: added: in-stable-newton
gordon chung (chungg)
Changed in aodh:
status: New → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/aodh 4.0.1

This issue was fixed in the openstack/aodh 4.0.1 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/aodh 3.0.3

This issue was fixed in the openstack/aodh 3.0.3 release.

Mehdi Abaakouk (sileht)
Changed in aodh:
assignee: nobody → Mehdi Abaakouk (sileht)
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.