Ceilometer

combination alarm created by admin on behalf of non-admin user:tenant may leak visibility on alarms

Bug #1237632 reported by Eoghan Glynn
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ceilometer
Fix Released
Medium
Mehdi Abaakouk
Ceilometer 2013.2 "havana"

Bug Description

When an admin creates a combination alarm on behalf of a non-admin user:tenant, this may have the effect of leaking visibility onto alarms that would not normally be visible to the non-admin user:tenant.

Eoghan Glynn (eglynn)
tags: added: havana-rc-potential
Julien Danjou (jdanjou)
Changed in ceilometer:
status: New → Triaged
importance: Undecided → Medium
Mehdi Abaakouk (sileht)
Changed in ceilometer:
assignee: nobody → Mehdi Abaakouk (sileht)
milestone: none → havana-rc2
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to ceilometer (master)

Fix proposed to branch: master
Review: https://review.openstack.org/50989

Changed in ceilometer:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to ceilometer (master)

Reviewed: https://review.openstack.org/50989
Committed: http://github.com/openstack/ceilometer/commit/a8e93ddc9e0d79c603573a2e0f26cef115579534
Submitter: Jenkins
Branch: master

commit a8e93ddc9e0d79c603573a2e0f26cef115579534
Author: Mehdi Abaakouk <email address hidden>
Date: Thu Oct 10 19:03:15 2013 +0200

    Avoid leaking admin-ness into combination alarms

    Previously when an admin created a combination alarm on
    behalf of an non-admin identity, this had the effect of leaking
    visibility onto alarms that would not normally
    be visible to the non-admin tenant.

    Now we validate all alarm ids with the project ID of the non-admin
    identity that will ultimately own the alarm instead of the project ID
    of the API caller.

    Fixes bug #1237632

    Change-Id: I5d1cf41c9182f09bc37b93deb14dda58f1d6dcd6

Changed in ceilometer:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to ceilometer (milestone-proposed)

Fix proposed to branch: milestone-proposed
Review: https://review.openstack.org/51384

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to ceilometer (milestone-proposed)

Reviewed: https://review.openstack.org/51384
Committed: http://github.com/openstack/ceilometer/commit/3004a0ffefae5b5076dddf6f9531a29d390875be
Submitter: Jenkins
Branch: milestone-proposed

commit 3004a0ffefae5b5076dddf6f9531a29d390875be
Author: Mehdi Abaakouk <email address hidden>
Date: Thu Oct 10 19:03:15 2013 +0200

    Avoid leaking admin-ness into combination alarms

    Previously when an admin created a combination alarm on
    behalf of an non-admin identity, this had the effect of leaking
    visibility onto alarms that would not normally
    be visible to the non-admin tenant.

    Now we validate all alarm ids with the project ID of the non-admin
    identity that will ultimately own the alarm instead of the project ID
    of the API caller.

    Fixes bug #1237632

    Change-Id: I5d1cf41c9182f09bc37b93deb14dda58f1d6dcd6
    (cherry picked from commit a8e93ddc9e0d79c603573a2e0f26cef115579534)

Changed in ceilometer:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in ceilometer:
milestone: havana-rc2 → 2013.2
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.