contrail 3.1.0.0-25 - admin can select VNs from other tenants in the contrail policy rule
Bug #1620659 reported by
Robert Rosiak
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Juniper Openstack |
Incomplete
|
High
|
Robert Rosiak |
Bug Description
Version: 3.1.0.0-25~mitaka
Issue: Admin can select VNs from other tenants in the contrail UI on the policies page.
Expected behaviour: Admin should be able to select only those VNs which are allowed by RBAC.
Step to reproduce:
1. Create VNs on at least two projects
2. Go to contrail UI Configure-
3. On the Source and Destination options admin will be able to select ALL contrail VNs, including VNs from other tenants.
This issue is probably related to the bug id 1583360.
information type: | Proprietary → Public |
To post a comment you must log in.
Robert, did you change cloud-admin role in /etc/contrail/ contrail- api.conf to a role other than "admin"? If not, cloud-admin role would still be "admin" with visibility to all objects in the system.