Ceilometer

Ceilometer user in service tenant cannot access EventsController::get_all without admin role.

Bug #1448599 reported by Shunli Zhou on 2015-04-26

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Ceilometer	Fix Released	Undecided	Unassigned	Ceilometer 5.0.0 "liberty"

Bug Description

Without admin role, ceilometer user in service tenant cannot access EventsController::get_all.
This doesn't make sense.

For an openstack service to access other services, such as nova to access ceilometer. It's better to use the ceilometer user without admin role to avoid some pertential security problems, only the service role is enough.

Only ceilometer user in service tenant with admin role can access EventsController::get_all will prevent other service to user service user without admin role to retrieve events.

Revision history for this message

Shunli Zhou (shunliz) wrote on 2015-04-26:

#1

Services interact need assign ceilometer user admin role in service tenant, such as this patch in cookbook https://review.openstack.org/#/c/176663/ to workaround this problem.

information type:

Private Security → Public Security

Revision history for this message

Jeremy Stanley (fungi) wrote on 2015-04-26:

#2

You currently have this open as a security bug, indicating you believe it represents an exploitable vulnerability in the software. Can you elaborate on the circumstances under which this bug might be exploited by a malicious actor, and the risks it implies?

Revision history for this message

Shunli Zhou (shunliz) wrote on 2015-04-27:

#3

Maybe this is just a improper user right problems.

The case I can think of:
A service only need to view the ceilometer event list, but cluster admin has to give the service admin rights. Then the service can get data only admin has right.

I'm not sure this can be tagged as a security bug. I think it's definitely a improper user right setting problem.
If you think this is not a security bug, we can remove the security tag.

Revision history for this message

gordon chung (chungg) wrote on 2015-04-27:

#4

the reason ceilometer requires admin role to access events is to ensure audit events are only visible to admin users. i assume there is a lack of flexibility here and we need some way to tag events.

Revision history for this message

Shunli Zhou (shunliz) wrote on 2015-04-28:

#5

This bug is same reason as https://bugs.launchpad.net/ceilometer/+bug/1346778

Revision history for this message

gordon chung (chungg) wrote on 2015-09-02:

#6

this is addressed by: blueprint events-rbac

Changed in ceilometer:
status:	New → Fix Committed

Thierry Carrez (ttx) on 2015-09-03

Changed in ceilometer:
milestone:	none → liberty-3
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2015-10-15

Changed in ceilometer:
milestone:	liberty-3 → 5.0.0

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.