commit a8e93ddc9e0d79c603573a2e0f26cef115579534
Author: Mehdi Abaakouk <email address hidden>
Date: Thu Oct 10 19:03:15 2013 +0200
Avoid leaking admin-ness into combination alarms
Previously when an admin created a combination alarm on
behalf of an non-admin identity, this had the effect of leaking
visibility onto alarms that would not normally
be visible to the non-admin tenant.
Now we validate all alarm ids with the project ID of the non-admin
identity that will ultimately own the alarm instead of the project ID
of the API caller.
Reviewed: https:/ /review. openstack. org/50989 github. com/openstack/ ceilometer/ commit/ a8e93ddc9e0d79c 603573a2e0f26ce f115579534
Committed: http://
Submitter: Jenkins
Branch: master
commit a8e93ddc9e0d79c 603573a2e0f26ce f115579534
Author: Mehdi Abaakouk <email address hidden>
Date: Thu Oct 10 19:03:15 2013 +0200
Avoid leaking admin-ness into combination alarms
Previously when an admin created a combination alarm on
behalf of an non-admin identity, this had the effect of leaking
visibility onto alarms that would not normally
be visible to the non-admin tenant.
Now we validate all alarm ids with the project ID of the non-admin
identity that will ultimately own the alarm instead of the project ID
of the API caller.
Fixes bug #1237632
Change-Id: I5d1cf41c9182f0 9bc37b93deb14dd a58f1d6dcd6