Juniper Openstack

contrail 3.1.0.0-25 - admin can select VNs from other tenants in the contrail policy rule

Bug #1620659 reported by Robert Rosiak on 2016-09-06

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Juniper Openstack	Incomplete	High	Robert Rosiak

Bug Description

Version: 3.1.0.0-25~mitaka

Issue: Admin can select VNs from other tenants in the contrail UI on the policies page.

Expected behaviour: Admin should be able to select only those VNs which are allowed by RBAC.

Step to reproduce:
1. Create VNs on at least two projects
2. Go to contrail UI Configure->Networking->Policies and try to create a new policy
3. On the Source and Destination options admin will be able to select ALL contrail VNs, including VNs from other tenants.

This issue is probably related to the bug id 1583360.

Tags:

Robert Rosiak (robert-rosiak) on 2016-09-06

information type:

Proprietary → Public

Revision history for this message

shajuvk (shajuvk) wrote on 2016-09-06:

Robert, did you change cloud-admin role in /etc/contrail/contrail-api.conf to a role other than "admin"? If not, cloud-admin role would still be "admin" with visibility to all objects in the system.

Revision history for this message

Jeba Paulaiyan (jebap) wrote on 2016-09-13:

Robert, can you pls respond to Comment #1?

Changed in juniperopenstack:
importance:	Undecided → High
status:	New → Incomplete
assignee:	nobody → Robert Rosiak (robert-rosiak)

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.