Ceilometer

  1. Bug #1237632
  2. Comment #2

Comment 2 for bug 1237632

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to ceilometer (master)

Reviewed: https://review.openstack.org/50989
Committed: http://github.com/openstack/ceilometer/commit/a8e93ddc9e0d79c603573a2e0f26cef115579534
Submitter: Jenkins
Branch: master

commit a8e93ddc9e0d79c603573a2e0f26cef115579534
Author: Mehdi Abaakouk <email address hidden>
Date: Thu Oct 10 19:03:15 2013 +0200

    Avoid leaking admin-ness into combination alarms

    Previously when an admin created a combination alarm on
    behalf of an non-admin identity, this had the effect of leaking
    visibility onto alarms that would not normally
    be visible to the non-admin tenant.

    Now we validate all alarm ids with the project ID of the non-admin
    identity that will ultimately own the alarm instead of the project ID
    of the API caller.

    Fixes bug #1237632

    Change-Id: I5d1cf41c9182f09bc37b93deb14dda58f1d6dcd6